[Zope3-dev] AW: role (contextual) services?l
Roger Ineichen
r.ineichen at projekt01.ch
Sat Apr 3 19:47:06 EST 2004
Philipp von Weitershausen wrote
>
> Roger,
>
> > About grant permission, roles, principal
> >
> > it's just a crazy idea.
> >
> > What do you think about to let,
> > in a site, for each role, register a (adapter, menu,
> presentation ...)
> > service?
> >
> > This role (contextual) services can serv different
> > adaperts, views etc for different roles.
> >
> > This way we could build role (contextual) sites
> > which look different for each role.
> >
> > And a nice side effect could be, it could reduce
> > the permission settings, because you know which role
> > is accessing a view which is served from a role (contextual)
> > service.
>
> While Roles are essential to the Zope2 security system, they are NOT
> essential in Zope3. Zope3's only "measurement" of security are
> permissions; roles are nothing more than a concept provided by the
> default security policy available in zope.app.securitypolicy.
> Everybody
> is encouraged to replace this policy with his/her own one. It is
> therefore not something we want component lookup to depend on. After
> all, the component architecture itself does not care about
> security at all.
>
> I also wonder if you got the concept of roles right.
Yes you are right, I don't know if I got the concept right.
I was thinking of: you can give(grant) roles permissions. And give
a prinicpal one or more roles. This gives a principal permissions
(which are granted to the roles).
> Roles are not like
> groups, but they represent responsibilities. A user can only
> be in one group, but have more than one assigned role.
> How would you handle component lookup for a principal that
> has several roles?
Is this right, a user can only be in one group? In Zope 2 with
a User Group Folder you could collect users in groups for
easy to asign roles(local-group-roles) to a the group and not
only to roles to each user.
Do we get groups in Zope3?
What can groups do? Why can a user not be in two or more groups?
Where are more infos about roles and groups?
Thanks
Roger
More information about the Zope3-dev
mailing list