-----BEGIN PGP SIGNED MESSAGE-----
Tim Hoffman wrote:
> Hi Chris.
> I have been rereading the ACL's for repoze.bfg and am having trouble
> getting my head bits of it.
> I could easily use repoze.bfg for this project, though I really don't
> need all of bfg in this instance,so was
> seeing if I could get by with just bobo and repoze.what (oh and I was
> hoping to leverage of the openid
> and various other authent plugins for repoze.who).
> But ignoring authentication for the moment.
> Can you give me hint on the approach I would take becuase in my example
> If I wanted an ACL on the persistent model as per my original it would
> be declared something like the following.
> (I am ignoring creation for the moment.) The goal is only the owner of
> a particular entity
> or a user with the site_manager role can edit it. And I won't know
> someone is owner until I have the
> object. I assuming you would have a sort of transient group "owner"
> and someone would only be
> in it if they are the owner ?
> The I could declare the owner permssion etc,.. as follows
> from repoze.bfg.security import Allow
> __acl__ = [
> (Allow, Everyone, 'view'),
> (Allow, 'group:owner', 'edit'),
> (Allow, 'group:site_managers', 'edit'),
Why would the group be called 'owner'? Group memberships are "global",
not local. Most likely you wouldn't use a group for the owner[ bits at
all, but just have the ACL name the user's with what in Zope you would
call the "owner[ local role". E.g.:
from repoze.bfg.security import Allow
__acl__ = [
(Allow, Everyone, 'view'),
(Allow, 'phred', 'edit'),
(Allow, 'group:site_managers', 'edit'),
If more than one user can be the owner ("have the owner local role", in
Z2-speak), then just add an ACE for each blessed user.
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Repoze-dev mailing list