[Zope3-dev] a note on groups and roles
Martijn Faassen
faassen at infrae.com
Wed Nov 19 05:47:33 EST 2003
Sidnei da Silva wrote:
> We have a PluggableAuthenticationService on Zope3 (someone help me to
> find the docs), and its a snap to write a PrincipalSource. I don't
> think that we have the concept of Groups in Zope3 though, but I guess
> either SteveA or faassen can give us a clue.
I don't think groups exist yet, but who knows what's in there. :)
If a design is fleshed out for Zope 3 groups then I definitely want to
be aware of what is going on. Infrae has a quite pluggable groups product
(without much user interface or documentation..) which we use inside Silva.
Group membership information can come from the ZODB but can also be configured
to come from, say, LDAP or even based on the user's IP address.
Infrae groups are global (well, to the groups service, that is; they can't be
defined outside a groups service), but can be *managed* locally (through the
Silva UI). Role assignments to groups are local, just like local roles for
users. The groups are 'real'; they're not some kind of funky hack on top
of the permission/role system. They're a different funky hack involving
a single monkey patch. :)
http://www.zope.org/Members/infrae/Groups
I imagine a Zope 3 version would be doable without too much difficulty.
A service that determines group membership for a principal (in
particular requests) seems to be a reasonable approach that in my experience
is pretty pluggable, but perhaps there's something better..
Regards,
Martijn
More information about the Zope3-dev
mailing list