[Zope3-dev] Re: role (contextual) services?l
Philipp von Weitershausen
philipp at weitershausen.de
Sat Apr 3 16:40:16 EST 2004
Roger,
> About grant permission, roles, principal
>
> it's just a crazy idea.
>
> What do you think about to let,
> in a site, for each role, register a (adapter, menu, presentation ...)
> service?
>
> This role (contextual) services can serv different
> adaperts, views etc for different roles.
>
> This way we could build role (contextual) sites
> which look different for each role.
>
> And a nice side effect could be, it could reduce
> the permission settings, because you know which role
> is accessing a view which is served from a role (contextual)
> service.
While Roles are essential to the Zope2 security system, they are NOT
essential in Zope3. Zope3's only "measurement" of security are
permissions; roles are nothing more than a concept provided by the
default security policy available in zope.app.securitypolicy. Everybody
is encouraged to replace this policy with his/her own one. It is
therefore not something we want component lookup to depend on. After
all, the component architecture itself does not care about security at all.
I also wonder if you got the concept of roles right. Roles are not like
groups, but they represent responsibilities. A user can only be in one
group, but have more than one assigned role. How would you handle
component lookup for a principal that has several roles?
Philipp
More information about the Zope3-dev
mailing list