[Zope3-Users] Re: Security in Zope 3

Philipp von Weitershausen philipp at weitershausen.de
Tue Sep 19 06:10:29 EDT 2006

Martijn Pieters wrote:
> On 9/19/06, Chris Withers 
> <chris at simplistix.co.uk> wrote:
>> ...because z has two containment paths:
>> x.z
>> x.y.z
>> ...which might have different security constraints.
>> How does Zope 3 handle the same kind of setup?
> In Zope2 containment is looked up through acquisition, that is,
> implicitly.

And it depends on the acquisition chain.

> In Zope3 it is explicit, through the ILocation interface.
> That interface specifies the __parent__ attribute, which normaly
> specifies only one parent, as the current implementations of that
> interface in Zope3 persist this or use a wrapper.
> I a currently running application I store references to objects in
> multiple places without problems just fine. Just be careful to clean
> up when the object gets deleted from it's canonical location (the
> __parent__ object).

Right, objects are suppoed to only have one __parent__ in Zope 3. 
Whether or not that __parent__ is actually used to look up security 
settings is entirely the decision of the securitypolicy you're using. 
YOu can always plug in a different policy that acquires security 
declarations in a different way than wlaking up the __parent__ hierarchy.

More information about the Zope3-users mailing list