[Zope3-dev] Initial thoughts on the Zope3 security framework
Jim Fulton
jim@zope.com
Mon, 17 Dec 2001 14:40:20 -0500
"Barry A. Warsaw" wrote:
>
> [Barely catching up on all the traffic on this list... -BAW]
>
> >>>>> "JF" == Jim Fulton <jim@zope.com> writes:
>
> JF> Any setting can be made in multiple places, however, role and
> JF> permission *definition* tends to be done centrally, where
> JF> "central" in this sense is a bit relative. In most cases, as
> JF> site will have one set of role definitions and once set of
> JF> permission definitions. Some sites might include "sub-sites",
> JF> where sub-sites have their own "global" definitions, that
> JF> build on the site global definitions.
>
> This is actually a very interesting issue, and something that I
> suspect a lot of systems need/want to address. E.g. in Mailman, we
> have several cascading levels of permissions where (ideally) we'd like
> to set up option defaults site-wide, and then be able to choose which
> options we will delegate to sub-groups (i.e. virtual domains). The
> owners of those sub-groups can then choose to delegate some or all of
> their options to smaller groups (i.e. to list owners).
>
> Acquisition /seems/ like a natural fit here, and it's the one place
> where I can see that feature actually making the problem easier to
> solve.
There are lots of problems that Acquisition makes easier to solve,
that's why so many systems use acquisition, usually without the authors
realizing that they are using a general pattern.
> I wonder whether there's something here we can generalize into
> a generic Python library?
I would offer up the Acquisition extension is it wasn't going to be rewritten
for Python 2.2. ;)
Jim
--
Jim Fulton mailto:jim@zope.com Python Powered!
CTO (888) 344-4332 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org