[Zope3-dev] Re: security frustrations
Florent Guillaume
fg at nuxeo.com
Tue Aug 9 11:31:19 EDT 2005
Does it work to just set __parent__ to the container? Or does the
zopesecuritypolicy require more accurate context?
Florent
Martijn Faassen wrote:
> Hi there,
>
> In working with Zope 3 to build an application, I repeatedly run into
> the following situation:
>
> * user gets a local role on a container
>
> * object is created
>
> * after object creation but before the object is added,
> various things are done to the object.
>
> * authorization error: user cannot access various attributes.
>
> Now, the user would've had access to this after the object is added to
> the container, as then the role would've been acquired. In this latest
> the container the object is added to is actually *dependent* on the
> state of the object, though. Besides, sometimes one wants to mess with
> object attributes *before* adding it and thus getting it, say, cataloged.
>
> Now in Zope 2 this is:
>
> * normal as everything needs to be acquisition wrapped
>
> * not a problem as filesystem code is trusted
>
> In Zope 3, filesystem code is not trusted, and now this actually bites
> me more than it ever did in Zope 2.
>
> This is frustrating. I can hack around it by sprinkling
> removeSecuritProxy throughout the codebase, but that's certainly not
> pretty. Zope 3 is usually very nice about context not being dependent on
> location (I see now why getSite() is very nice), but the security case
> is an exception.
>
> I don't have a concrete proposal about what should be done. I guess the
> paradox is that on the one hand I *want* acquisition of role information
> from the container (as the security model this application has is quite
> involved), and on the other hand I keep getting bitten by it.
>
> My problem is only with zopesecuritypolicy. At first I thought about
> implementing my own security policy for this application, but this got
> quickly very hairy, so I decided to stick to Zope's.
>
> I guess this also ties in to Steve Alexander's ongoing campaign against
> location (as opposed to site) dependence in Zope 3. Maybe he has a
> better idea how to resolve this...
>
> Regards,
>
> Martijn
--
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com fg at nuxeo.com
More information about the Zope3-dev
mailing list