[Zope3-dev] how to override zope.app.securitypolicy sanely
Hi, For our application the standard securitypolicy was fine. Until today. Now a requirement came up that the object permissions have to depend _also_ on an object state (the object's property). As I checked my friend is the zope.app.securitypolicy.zopepolicy.py. Securitypolicy gets set in the instance/etc/securitypolicy.zcml: securityPolicy component=zope.app.securitypolicy.zopepolicy.ZopeSecurityPolicy / So I'll have to write a custom securitypolicy based on the zopepolicy. Modify the securitypolicy.zcml. But that will override the policy for the whole instance. My concern is how to override the policy just for a sub-folder/site? The _defaultPolicy seems to be very-very global. Any ideas? -- Best regards, Adam mailto:[EMAIL PROTECTED] -- Quote of the day: Many people today don't want honest answers insofar as honest means unpleasant or disturbing. They want a soft answer that turneth away anxiety. - Louis Kronenberger ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] how to override zope.app.securitypolicy sanely
Hi, Adam Groszer wrote: Hi, For our application the standard securitypolicy was fine. Until today. Now a requirement came up that the object permissions have to depend _also_ on an object state (the object's property). As I checked my friend is the zope.app.securitypolicy.zopepolicy.py. Securitypolicy gets set in the instance/etc/securitypolicy.zcml: securityPolicy component=zope.app.securitypolicy.zopepolicy.ZopeSecurityPolicy / So I'll have to write a custom securitypolicy based on the zopepolicy. Modify the securitypolicy.zcml. But that will override the policy for the whole instance. My concern is how to override the policy just for a sub-folder/site? The _defaultPolicy seems to be very-very global. Any ideas? IIRC the policy is global. You'd have to make a 'meta' policy that would defer to 'local' policies. However, this could be considered to be a very complex setup which you should avoid in security context. There might be more technical reasons that would complicate this approach too. IMHO better: write a data-driven policy that includes all rules that are used and have that be a reasonable global policy. Christian -- gocept gmbh co. kg - forsterstraße 29 - 06112 halle/saale - germany www.gocept.com - [EMAIL PROTECTED] - phone +49 345 122 9889 7 - fax +49 345 122 9889 1 - zope and plone consulting and development signature.asc Description: OpenPGP digital signature ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] how to override zope.app.securitypolicy sanely
Adam Groszer wrote: For our application the standard securitypolicy was fine. Until today. Now a requirement came up that the object permissions have to depend _also_ on an object state (the object's property). zc.sharing might be a good fit. You'll have to change the sharing settings on the objects when their state changes, but that's not too onerous. http://svn.zope.org/zc.sharing/trunk/src/zc/sharing/ -- Benji York Senior Software Engineer Zope Corporation ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
