[Zope3-dev] a note on groups and roles
Martijn Faassen
faassen at infrae.com
Wed Nov 19 12:42:15 EST 2003
Lennart Regebro wrote:
> Martijn Faassen wrote:
> >I imagine a Zope 3 version would be doable without too much difficulty.
> >A service that determines group membership for a principal (in
> >particular requests) seems to be a reasonable approach that in my
> >experience is pretty pluggable, but perhaps there's something better..
>
> No, that's good. But even more funkily, you need a different service to
> determine what that group membership means when it comes to roles. :)
> This, however, is easily made in the service you need for munging roles,
> so that you can make local roles blacklists, and similar stuff.
I'm not sure what you mean here. Roles should be assigned to groups just like
to any other principal like a user, so why is a separate service needed?
The local role mapping in Zope 2 is stored on the objects; I don't know
what it is like in Zope 3 (annotation?).
The 'service you need for munging roles' bit I'm not sure I comprehend
either -- what does it do?
Regards,
Martijn
More information about the Zope3-dev
mailing list