New submission from Will Seaver <will.sea...@gmail.com>: p. 172: "...in applications such as "CMS" systems where fine-graned access is required on an object-by-object basis." What is CMS?
p. 173: "For example, the authentication.RepozeWho1AuthenticationPolicy enabled by the repozewho1authenticationpolicy ZCML directive respects group information if you configure it with a callback." What is a callback? p. 174: "The ALL_PERMISSIONS object is actually a stand-in object that has a __contains__ method that always returns True, which, for all known authorization policies, has the effect of indicating that a given principal "has" any permission asked for by the system." This seems to be useful for creating an "admin" class of user(s). Am I getting this right? 175: Under the ACL following: __acl__ = [ (Allow, 'fred', 'view'), DENY_ALL ] Does this mean that only one person is allowed to view the application, and that all others are forbidden? p. 177: in the sample authtktauthenticationpolicy given: 3. callback=".somemodule.somefunc" Is this module representative of a security.py, or perhaps a login.py? or is it representative of another kind of security-related module? p. 178: How does the mere presence of <aclauthorizationpolicy/> in a ZCML config file enable an authorization policy? p. 179: "An authentication policy the policy that allows or denies..." should be "is the policy that allows or denies..." p. 179: "For example, it might be desirable to construct an alternate authorization policy which allows the application to use an authorization mechanism that does not involve ACL objects." What are the circumstances under which such a policy would be desirable? ---------- messages: 360 nosy: kwseaver priority: wish status: unread title: chapter 15 topic: bfg book __________________________________ Repoze Bugs <b...@bugs.repoze.org> <http://bugs.repoze.org/issue128> __________________________________ _______________________________________________ Repoze-dev mailing list Repozefirstname.lastname@example.org http://lists.repoze.org/listinfo/repoze-dev