AW: AW: [Zope3-dev] Re: role (contextual) services?l
Roger ineichen
dev at projekt01.ch
Sun Apr 4 11:43:39 EDT 2004
> Stephan Richter wrote:
> On Sunday 04 April 2004 11:11, Roger ineichen wrote:
> > This let you give the permission "DoAll" to the Role "Master"? This
> > whould mean we can simplify and map a lot of permissions from
> > different packages together in a useable way. Like "Edit
> Wiki" "Edit
> > Document" can be mapped to "Edit". This whould sometimes
> make the live
> > easier. ;-)
>
> That's exactely the idea. For total security flexibility, we
> eventually will
> have to create a permission for each action possible (or
> almost). It would be
> insane to ask developers to map all these permissions to
> roles or principals.
>
> That is where permission categories come into play, since
> they group some
> permissions and pretend to be just another permission. Note
> though that we
> have an equivalent mechanism for global categories in ZCML
> already, called
> "redefinePermission".
>
> <redefinePermission
> from="zwiki.EditWiki"
> to="zope.Edit"
> />
>
> Note that this does not cover all of the permission category
> use case, since
> permissions get always completely overridden. But it is good
> enough for now.
Are the restriction;
You don't have a permission "zwiki.EditWiki" after redifinePermission
to "zope.Edit"
and you can't give the permission "zwiki.EditWiki" to a prinicpal?
and;
You can do this just global and can not "redifinePermission" in a
local Permission service in a site?
> Regards,
> Stephan
> --
> Stephan Richter
> CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D.
> student) Web2k - Web Software Design, Development and Training
>
More information about the Zope3-dev
mailing list