Am Donnerstag 04 September 2008 12:49:17 schrieb Martijn Faassen:
> Hermann Himmelbauer wrote:
> [snip]
>
> > - The real reason I need the interfaces is that I have to include them in
> > my configure.zcml in order to make the underlying objects read/writeable.
> > But this is in my case only annoying, but not helpful at all.
>
> Ah, interesting! This is a problem that doesn't exist in Grok, as we
> turn off model-based security checks. (views still make them, and
> permissions can still be model based. just no automatic checks when you
> access a method or attribute)

Yes, the problem is that for a ZODB I'd say that an owner of an object may 
alter it's data. For instance, a user has a "person" object and may alter his 
name, address but he must not alter other person objects.

When using a RDB, all persons are in a table and I have a Person object, which 
represents a row of this table, however, I cannot outline who owns the 
person, therefore I have to allow access to person objects for all users. 
Therefore I have to do security at another level, e.g. the view and not at 
the model.

Nevertheless I assume there will somehow be a magic command that I can issue 
for the RDB-based classes (probably there's some counterpart to the 
ZCML "class" directive).

Best Regards,
Hermann

-- 
[EMAIL PROTECTED]
GPG key ID: 299893C7 (on keyservers)
FP: 0124 2584 8809 EF2A DBF9  4902 64B4 D16B 2998 93C7
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to