[Zope3-dev] My take on Zope3 permissions / security.
Shane Hathaway
shane@zope.com
Tue, 18 Dec 2001 10:54:13 -0500
Lennart Regebro wrote:
> This text attempts to outline how I think a security system for Zope3 should
> look like. Some parts are very general and not even Zope specific; some
> parts are extremely Zope specific. I hope you don't mind that I mix these
> things up completely.
This is a decent overview, and I think everyone involved should take a
little time to read your note.
> With this setup of roles, together with the anonymous principal, there will
> actually not be necessary to give one role different permissions in
> different locations. Instead you give each role the exact permissions that
> role should have, and you assign roles to users and containers differently
> in different contexts instead. This would be a vast simplification of the
> permission system in Zope.
There's something missing, though. It turns out to be very important to
be able to restrict what people are allowed to do based on the state of
an object--for example, even though news items know nothing about your
workflow, it's important to be able to change who is allowed to edit
news items based on publication status.
So something about security has to be object-specific. In CMF, we
change the role to permission mappings. This works pretty well. I can
envision a world, however, where role to permission mappings are global.
But then how do you control security based on workflow status?
Shane