[Zope3-dev] Permission granularity/permission groups
Jim Fulton
jim at zope.com
Fri Feb 11 10:31:47 EST 2005
Chris Withers wrote:
> Jim Fulton wrote:
>
>>> Does Zope 3 offer a way to override the component author's security
>>> declarations without patching the component itself?
>>
>>
>> Of course. You simply provide your own declarations for the class
>> in question, typically in (or in a file included by) your
>> overrides.zcml.
>
>
> Cool, as long as I can change the permission->method/attribute mapping
> without touching the origincal component's code (and I include it's zcml
> as part of that!) then I'm happy :-)
>
> BTW, also related:
>
> - is deny-by-default really the case now in Zope 3?
Yes
> (rather than
> supposedly being the case in Zope 2, but hey, everything subclasses
> SimpleItem, and SimpleItem says "all your base are belong to us" ;-)
I've never seen a claim that Zope 2 was "deny by default".
> - can you protect both simple attributes, objects-as-attribues and
> methods now?
Yes, *and* that will be the case in Zope 2.8 as well.
>>> Is that related to anything Garret was asking about?
>>
>>
>> Yup.
>
>
> I'm tempted to ask "in what way?", but I'm not sure I want to know the
> answer ;-)
Obviously, your question was about mapping permissions onto
object attributes. His questions was about mapping permissions
to higher-level abstractions such as the previously-proposed
aggregate permissions, roles, etc.
Both questions have to do with the mapping of low-level operations to
high-level concepts users use for grants.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list