Am Donnerstag 04 September 2008 12:49:17 schrieb Martijn Faassen:
> Hermann Himmelbauer wrote:
> > - The real reason I need the interfaces is that I have to include them in
> > my configure.zcml in order to make the underlying objects read/writeable.
> > But this is in my case only annoying, but not helpful at all.
> Ah, interesting! This is a problem that doesn't exist in Grok, as we
> turn off model-based security checks. (views still make them, and
> permissions can still be model based. just no automatic checks when you
> access a method or attribute)
Yes, the problem is that for a ZODB I'd say that an owner of an object may
alter it's data. For instance, a user has a "person" object and may alter his
name, address but he must not alter other person objects.
When using a RDB, all persons are in a table and I have a Person object, which
represents a row of this table, however, I cannot outline who owns the
person, therefore I have to allow access to person objects for all users.
Therefore I have to do security at another level, e.g. the view and not at
Nevertheless I assume there will somehow be a magic command that I can issue
for the RDB-based classes (probably there's some counterpart to the
ZCML "class" directive).
GPG key ID: 299893C7 (on keyservers)
FP: 0124 2584 8809 EF2A DBF9 4902 64B4 D16B 2998 93C7
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -