[Zope3-dev] how to override zope.app.securitypolicy sanely
Christian Theune
ct at gocept.com
Wed Oct 11 08:46:27 EDT 2006
Hi,
Adam Groszer wrote:
> Hi,
>
> For our application the standard securitypolicy was fine.
> Until today. Now a requirement came up that the object permissions
> have to depend _also_ on an object state (the object's property).
> As I checked my friend is the zope.app.securitypolicy.zopepolicy.py.
> Securitypolicy gets set in the instance/etc/securitypolicy.zcml:
> <securityPolicy
> component="zope.app.securitypolicy.zopepolicy.ZopeSecurityPolicy" />
>
> So I'll have to write a custom securitypolicy based on the zopepolicy.
> Modify the securitypolicy.zcml.
> But that will override the policy for the whole instance.
>
> My concern is how to override the policy just for a sub-folder/site?
> The _defaultPolicy seems to be very-very global.
> Any ideas?
IIRC the policy is global. You'd have to make a 'meta' policy that would
defer to 'local' policies.
However, this could be considered to be a very complex setup which you
should avoid in security context. There might be more technical reasons
that would complicate this approach too.
IMHO better: write a data-driven policy that includes all rules that are
used and have that be a reasonable global policy.
Christian
--
gocept gmbh & co. kg - forsterstraße 29 - 06112 halle/saale - germany
www.gocept.com - ct at gocept.com - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://mail.zope.org/pipermail/zope3-dev/attachments/20061011/ee558a58/signature.bin
More information about the Zope3-dev
mailing list