[Zope3-dev] My take on Zope3 permissions / security.

[Shane Hathaway]

Lennart Regebro wrote:

> From: "Shane Hathaway" <shane@zope.com>
>>So something about security has to be object-specific.  In CMF, we
>>change the role to permission mappings.  This works pretty well.  I can
>>envision a world, however, where role to permission mappings are global.
>>  But then how do you control security based on workflow status?
>>
> 
> The only difference when it comes to this is that you don't need to change
> the role to permission mappings, you change the principal to role mapping
> instead, thereby giving a principal different sets of permissions.
> To make that possible Zope3 will need a way to make people have less roles
> further down a hierarchy, and it will need to have an Anonymous principal
> instead of an Anonymous role. It may be that there is some snag there that I
> haven't understood yet...

Maybe so.  You just have to be sure you never store the principal IDs in 
the content objects, but instead compute the principal to role mappings 
on the fly.  (Also known as computed local roles.)  You may have been 
thinking along these lines anyway, but here's an example:

Let's say I'm in a new company and I want to allow all employees to 
comment on documents in the company intranet, but only when the 
documents have been published.  My company grows and lots of document 
are added all the time.  Unfortunately, newer employees can't comment on 
older documents because their principal IDs didn't exist when the 
documents were published.  Hmm, not good.  The problem gets worse in 
larger organizations.

Shane