[Zope3-dev] RFC: Aggregate Permissions and Principal Groups
Florent Guillaume
fg at nuxeo.com
Thu Jul 29 11:44:21 EDT 2004
In article <41002A9B.80906 at zope.com> you write:
> http://dev.zope.org/Zope3/AggregatePermissionsAndPrincipalGroups
>
> to replace roles with aggregated permissions and add principal groups
> after Zope X3.0.
Also, is there somewhere a list of use cases for the grant/deny stuff ?
I'd like to be sure that all the ones we have are modeled in a natural
manner. Also it would be nice if it was pluggable as I'm sure there will
be needs to extend the model at some point. For instance is there a way
to say
grant View here to group_secretary but not bob (even if he's in the group)
and also be able to say
deny View here to group_secretary but still allow bob
?
Finally I'm not sure I completely understand the algorithm for
grant/deny you outline. Examples would be nice. I'll expand on my use
cases and the current algorithm we use in CPS in Zope 2 (which however
has explicit distinction between users and groups of users) early next
week.
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87 http://nuxeo.com mailto:fg at nuxeo.com
More information about the Zope3-dev
mailing list