It seems the big difference between zope2 and bfg acls is the lack of roles.

bfg acls  map permissions directly to principals, and doesn't appear
to have the concept of a

The local roles in zope is a extension of system wide roles where
additional roles are defined for a principal based on the context.

Owner in plone is a role assigned to a principal, and permissions are
bound to roles.

A user can get a specific role in a particular context, effectively
decoupling the declaration of permissions from


On Tue, Feb 16, 2010 at 7:52 AM, Tim Hoffman <zutes...@gmail.com> wrote:
> Hi
> I could at the very least evaluate the Owner special principal
> into the real owner, when I provide the __acl__ registration via the
> property accessor
> Most of the project is defined in a uml model and the code is being
> generated. So
> declaring the permissions where possible in the model means I need to use
> abstractions representing things like Owner in the model
> T
> On Tue, Feb 16, 2010 at 7:49 AM, Tim Hoffman <zutes...@gmail.com> wrote:
>> HI Tres
>> The last thing I would love to be able to do would be to declare the
>> permissions
>> at the class level
>> as in
>> (Allow, Owner, "edit")
>> And have a Owner a special principal like Everyone,
>> that allows me to declare the permission. But only evaluates "owner"
>> when the permission is checked
>> Do you think that could work, I haven't worked out how I could
>> implement that though.
>> T
>> On Tue, Feb 16, 2010 at 7:24 AM, Tres Seaver <tsea...@palladion.com> wrote:
>>> Hash: SHA1
>>> Tim Hoffman wrote:
>>>> I was hoping to declare the local role equivalent at the class level,
>>>> but following from what you said
>>>> I have a class declaration for "site_manager" and persist
>>>> a user/owner declaration on the object at creation time ?
>>>> Then when I retrieve the entity from the app engine datastore
>>>> have a __acl__ property accessor which
>>>> then merges the class declaration with the persisted addition
>>>> definition of ower.
>>>> Does that sound like an appropriate approach?
>>> That sounds like it would work, yes.
>>> Tres.
>>> - --
>>> ===================================================================
>>> Tres Seaver          +1 540-429-0999          tsea...@palladion.com
>>> Palladion Software   "Excellence by Design"    http://palladion.com
>>> Version: GnuPG v1.4.9 (GNU/Linux)
>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>> iEYEARECAAYFAkt516wACgkQ+gerLs4ltQ4I6ACfaqLKXOodUYv8GroTYAPN3TwL
>>> izQAnA1Y6ojjgLB/LgpHpTFU08LoRI0h
>>> =ruoG
>>> -----END PGP SIGNATURE-----
Repoze-dev mailing list

Reply via email to