[Zope3-dev] My take on Zope3 permissions / security.

[Lennart Regebro]

From: "Shane Hathaway" <shane@zope.com>
> This is a decent overview, and I think everyone involved should take a
> little time to read your note.

Thanks.

> There's something missing, though.  It turns out to be very important to
> be able to restrict what people are allowed to do based on the state of
> an object--for example, even though news items know nothing about your
> workflow, it's important to be able to change who is allowed to edit
> news items based on publication status.
>
> So something about security has to be object-specific.  In CMF, we
> change the role to permission mappings.  This works pretty well.  I can
> envision a world, however, where role to permission mappings are global.
>   But then how do you control security based on workflow status?

The only difference when it comes to this is that you don't need to change
the role to permission mappings, you change the principal to role mapping
instead, thereby giving a principal different sets of permissions.
To make that possible Zope3 will need a way to make people have less roles
further down a hierarchy, and it will need to have an Anonymous principal
instead of an Anonymous role. It may be that there is some snag there that I
haven't understood yet...