On 2/16/10 8:46 AM, Tim Hoffman wrote:
> Hi Chris
>
> Yeah , after Tres repose, and thinking further on the abstractions I
> thinking along simliar lines, sort of collapsing the notion of a role
> and permission together.
Even in Zope, roles are effectively just collections of permissions. If it
Hi Chris
Yeah , after Tres repose, and thinking further on the abstractions I
thinking along simliar lines, sort of collapsing the notion of a role
and permission together.
Thanks for the input. I am pretty sure this is the path I will take.
It seems to play nicer with what I am trying to achie
You might choose to not have a special owner principal if you're already
generating the __acl__ via a property. Instead, you might just think of
"owner" as a set of permission names, and generate "the right" ACL.
For instance, if you store a set of owner names as the "owners" attribute of a
mo
Hi
It seems the big difference between zope2 and bfg acls is the lack of roles.
bfg acls map permissions directly to principals, and doesn't appear
to have the concept of a
role.
The local roles in zope is a extension of system wide roles where
additional roles are defined for a principal based
Hi
I could at the very least evaluate the Owner special principal
into the real owner, when I provide the __acl__ registration via the
property accessor
Most of the project is defined in a uml model and the code is being
generated. So
declaring the permissions where possible in the model means I
HI Tres
The last thing I would love to be able to do would be to declare the
permissions
at the class level
as in
(Allow, Owner, "edit")
And have a Owner a special principal like Everyone,
that allows me to declare the permission. But only evaluates "owner"
when the permission is checked
Do yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim Hoffman wrote:
> I was hoping to declare the local role equivalent at the class level,
> but following from what you said
>
> I have a class declaration for "site_manager" and persist
> a user/owner declaration on the object at creation time ?
>
Hello, Tim.
On 15/02/10 22:06, Tim Hoffman wrote:
> Hi Gustavo
>
> Yeah I have thought about writing custom Predicates.
>
> The main problem I saw with it was it appears I would have to pass in
> the object to be checked at
> predicate instantiation time, rather than at evaluation time.
>
> evalua
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim Hoffman wrote:
> Hi Chris.
>
> I have been rereading the ACL's for repoze.bfg and am having trouble
> getting my head bits of it.
>
> I could easily use repoze.bfg for this project, though I really don't
> need all of bfg in this instance,so was
>
Hi Chris.
I have been rereading the ACL's for repoze.bfg and am having trouble
getting my head bits of it.
I could easily use repoze.bfg for this project, though I really don't
need all of bfg in this instance,so was
seeing if I could get by with just bobo and repoze.what (oh and I was
hoping to
Hi Gustavo
Yeah I have thought about writing custom Predicates.
The main problem I saw with it was it appears I would have to pass in the
object to be checked at
predicate instantiation time, rather than at evaluation time.
evaluate only takes environ and credentials.
Which means I would have to
Hello, Tim.
The groups/permissions functionality is just something basic and
optional, to help people get started, although for some smaller projects
it may be good enough. For finer-grained control, you may want to check
this:
http://what.repoze.org/docs/1.0/Manual/Predicates/Writing.html#creatin
I don't know if things have changed, but the last time I talked to Gustavo,
this was an intrinsic limitation in repoze.what v1. It doesn't handle
context-sensitive authorization.
- C
On 2/15/10 10:19 AM, Tim Hoffman wrote:
> Hi
>
> I am trying to work out how I could protect a specific resour
13 matches
Mail list logo
