> Sure, however I believe the issue I was raising is orthogonal to this
> one.

Yep, I was just commenting on the benefits of disconnecting form schema form

> Let's make an example. You have a web application for sharing drawings,
> you can upload drawings and for each drawing decide which other users
> you want to share that drawing with. If you share a drawing with another
> person, that other person can perform the same operations as you on it,
> like tagging it or removing it.
> Now let's say that you have views that act on collections of drawings,
> like you could have a view for handling an HTTP request for tagging a
> certain group of drawings or deleting them. The HTTP request for those
> views would typically have a parameter holding a list for drawing IDs to
> act on. How do you define the permission on those views? With a
> model-based permissions system, you would simply make the view public
> and let the model raise Unauthorized if you attempt to do something on a
> drawing you don't have access too. However with a view-based permission
> system you need to use some other pattern, and I'm not sure what would
> be best.
I am currently finishing the first phase of of a project that uses bobo,
and zope.component (oh and a bfg based simple cms).  I have defined groups
have general permissions on entity types (ie StaffMember has view and edit
on the Apprentice objects) but the specific object being accessed must fall
into the
specific lecturers (instance of StaffMember) scope.  ie lecturers can only
view apprentices
who are enrolled in a course supervised by the lecturer.

In my application the i apply additional predicates on the actual instances
check scope, but in the main the user could not actually get to an entity
outside of their scope
as entities are fetched via model methods, For instance the lecturer can
only find apprentices
via the lecturers  supervised_apprentices() method. I don't blindly accept
entity keys as
url's get/post values.

So I have found the zope[2/3] model level security not necesary (in this
case) though I am emulating
some of the capabilities (isOwner ... at the model level.)

Not saying this is what you should do, but it is working for me.

See ya


> Cheers,
> Free
Repoze-dev mailing list

Reply via email to