AW: [Zope3-dev] Re: role (contextual) services?l
Stephan Richter
srichter at cosmos.phy.tufts.edu
Sun Apr 4 11:35:21 EDT 2004
On Sunday 04 April 2004 11:11, Roger ineichen wrote:
> This let you give the permission "DoAll" to the Role "Master"?
> This whould mean we can simplify and map a lot of permissions
> from different packages together in a useable way.
> Like "Edit Wiki" "Edit Document" can be mapped to "Edit".
> This whould sometimes make the live easier. ;-)
That's exactely the idea. For total security flexibility, we eventually will
have to create a permission for each action possible (or almost). It would be
insane to ask developers to map all these permissions to roles or principals.
That is where permission categories come into play, since they group some
permissions and pretend to be just another permission. Note though that we
have an equivalent mechanism for global categories in ZCML already, called
"redefinePermission".
<redefinePermission
from="zwiki.EditWiki"
to="zope.Edit"
/>
Note that this does not cover all of the permission category use case, since
permissions get always completely overridden. But it is good enough for now.
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope3-dev
mailing list