-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim Hoffman wrote: > Hi Chris. > > I have been rereading the ACL's for repoze.bfg and am having trouble > getting my head bits of it. > > I could easily use repoze.bfg for this project, though I really don't > need all of bfg in this instance,so was > seeing if I could get by with just bobo and repoze.what (oh and I was > hoping to leverage of the openid > and various other authent plugins for repoze.who). > > But ignoring authentication for the moment. > > Can you give me hint on the approach I would take becuase in my example > If I wanted an ACL on the persistent model as per my original it would > be declared something like the following. > > (I am ignoring creation for the moment.) The goal is only the owner of > a particular entity > or a user with the site_manager role can edit it. And I won't know > someone is owner until I have the > object. I assuming you would have a sort of transient group "owner" > and someone would only be > in it if they are the owner ? > > The I could declare the owner permssion etc,.. as follows > > from repoze.bfg.security import Allow > > __acl__ = [ > (Allow, Everyone, 'view'), > (Allow, 'group:owner', 'edit'), > (Allow, 'group:site_managers', 'edit'), > ]
Why would the group be called 'owner'? Group memberships are "global", not local. Most likely you wouldn't use a group for the owner[ bits at all, but just have the ACL name the user's with what in Zope you would call the "owner[ local role". E.g.: from repoze.bfg.security import Allow __acl__ = [ (Allow, Everyone, 'view'), (Allow, 'phred', 'edit'), (Allow, 'group:site_managers', 'edit'), ] If more than one user can be the owner ("have the owner local role", in Z2-speak), then just add an ACE for each blessed user. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkt5zJAACgkQ+gerLs4ltQ6qHACgkpl4kqBNTq4TNxZVGj+rBDWH aKAAnAmKuVzkfiZi5s6U10nnNZ6WMLUw =7BtS -----END PGP SIGNATURE----- _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev