Re: [Zope-dev] dynamic permissions in zope

2001-01-03 Thread Dieter Maurer

Heinz-Josef Claes writes:
   dynamic permissions 
It is not Zope's normal behaviour.

Of cause, you could plug in a new UserFolder that
implements the features you require (someone else
recommended "LoginManager").

On the other hand, Zope is flexible enough to let you
approximate the desired behaviour - at the expense
of a bit extra work:

  You create a folder like ZClass for your documents.
  Each document goes into its own ZInstance.
  You ensure, that the document is not accessible directly.

  You give your ZClass a method "index_html".
  It performs your application specific security
  checking. If the check succeeds, it renders
  the document.

  You may need to set a proxy role for your
  "index_html" be able to render the document.

  This approach is only an approximation.
  It looses the fine grained permission checking
  during the rendering of your document.

Dieter

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )




Re: [Zope-dev] dynamic permissions in zope

2001-01-02 Thread Steve Alexander

Steve Alexander wrote:


 I believe the latest LoginManager allows you to specify what roles a 
 user has, and compute these each request, based on the details of the 
 request.
 
 This is probably more useful than having dynamically computed 
 permissions; While I can see how a user's roles will vary according to 
 where they are, what they are doing and when they are doing it, I cannot 
 see why permissions need to change in that way.
 
 However, you mention that you are new to Zope. ZPatterns can be 
 difficult to understand and get into. Other than the creators of 
 ZPatterns, I haven't heard of anyone using this computed permissions 
 system.

What I forgot to mention: LoginManager is a Zope product that is built 
using ZPatterns, another Zope product.

When you are doing advanced things with LoginManager, you need to know 
how ZPatterns works.

There are a couple of HOWTO documents on using LoginManager. It will be 
only a small change to alter the "userRoles" method that returns the 
roles a user should have to calculate these roles based on other criteria.

See these documents for information about how to set up LoginManager.

   http://www.zope.org/Members/dlpierson/sqlLogin
   http://www.zope.org/Members/jok/SQL_based_LoginManager

-- 
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )




Re: [Zope-dev] dynamic permissions in zope

2001-01-02 Thread Tres Seaver

Steve Alexander [EMAIL PROTECTED] wrote:

 Steve Alexander wrote:
 
 
  I believe the latest LoginManager allows you to specify what roles a
  user has, and compute these each request, based on the details of the
  request.
 
  This is probably more useful than having dynamically computed
  permissions; While I can see how a user's roles will vary according to
  where they are, what they are doing and when they are doing it, I cannot
  see why permissions need to change in that way.
 
  However, you mention that you are new to Zope. ZPatterns can be
  difficult to understand and get into. Other than the creators of
  ZPatterns, I haven't heard of anyone using this computed permissions
  system.
 
 What I forgot to mention: LoginManager is a Zope product that is built
 using ZPatterns, another Zope product.
 
 When you are doing advanced things with LoginManager, you need to know
 how ZPatterns works.
 
 There are a couple of HOWTO documents on using LoginManager. It will be
 only a small change to alter the "userRoles" method that returns the
 roles a user should have to calculate these roles based on other criteria.
 
 See these documents for information about how to set up LoginManager.
 
http://www.zope.org/Members/dlpierson/sqlLogin
http://www.zope.org/Members/jok/SQL_based_LoginManager


The workflow-as-finite-state-machine implementation I am working on
for the PTK has similar requirements:  the permission associated with
a particular method (e.g., 'edit'), depends on the workflow status of
the object (e.g., you need more privileges to edit the object once it
has been "published").

My temporary workaround is to have each method assert the appropriate
permission, as part of creating its audit trail entry.  I plan to
arrange
for the permission-role mapping computation to be handled by the
workflow
tool, as well.

Tres.
-- 
===
Tres Seaver[EMAIL PROTECTED]
Digital Creations "Zope Dealers"   http://www.zope.org

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )