[Zope3-dev] AW: role (contextual) services?l

Roger Ineichen r.ineichen at projekt01.ch
Sat Apr 3 19:47:06 EST 2004 

Philipp von Weitershausen wrote
> 
> Roger,
> 
> > About grant permission, roles, principal
> > 
> > it's just a crazy idea.
> > 
> > What do you think about to let,
> > in a site, for each role, register a (adapter, menu, 
> presentation ...)
> > service?
> > 
> > This role (contextual) services can serv different
> > adaperts, views etc for different roles.
> > 
> > This way we could build role (contextual) sites
> > which look different for each role.
> > 
> > And a nice side effect could be, it could reduce
> > the permission settings, because you know which role
> > is accessing a view which is served from a role (contextual)
> > service.
> 
> While Roles are essential to the Zope2 security system, they are NOT 
> essential in Zope3. Zope3's only "measurement" of security are 
> permissions; roles are nothing more than a concept provided by the 
> default security policy available in zope.app.securitypolicy. 
> Everybody 
> is encouraged to replace this policy with his/her own one. It is 
> therefore not something we want component lookup to depend on. After 
> all, the component architecture itself does not care about 
> security at all.
> 
> I also wonder if you got the concept of roles right. 

Yes you are right, I don't know if I got the concept right.
I was thinking of: you can give(grant) roles permissions. And give
a prinicpal one or more roles. This gives a principal permissions
(which are granted to the roles).  

> Roles are not like 
> groups, but they represent responsibilities. A user can only 
> be in one group, but have more than one assigned role. 
> How would you handle component lookup for a principal that 
> has several roles?

Is this right, a user can only be in one group? In Zope 2 with 
a User Group Folder you could collect users in groups for 
easy to asign roles(local-group-roles) to a the group and not 
only to roles to each user.

Do we get groups in Zope3?
What can groups do? Why can a user not be in two or more groups?

Where are more infos about roles and groups?

Thanks 
Roger

More information about the Zope3-dev mailing list