Ok so pretty much the same as the traditional Zope 3 model.

Are you still using the 'c' based zope.security or built your own.

On a side note I have got a big chunk of zope3 running on gae (had to
gut zope.security and zope.proxy) and plan on revisiting the whole
effort looking at bfg, but I would need to revert
to zpt because cheetah is dependant on lxml and its no 'c' for me,
any suggestions or ideas
on the effort involved.  (I have zpt running with similiar
functionality  to zope.app.pagetemplate level rather thatn
zope.pagetemplate) with full macro lookups etc....

Thanks for the info

T

On Sun, Apr 12, 2009 at 11:23 AM, Chris McDonough <chr...@plope.com> wrote:
> On 4/11/09 10:20 PM, Tim Hoffman wrote:
>> Hi Chris
>>
>> can I specify security annotations on objects persisted in the zodb as
>> per zope3/zope2
>> which are over and above the class/view decleration.
>
> Yes, for instance, in some code that manipulates a persistent object, you can 
> do
> something like:
>
> from repoze.bfg.security import Authenticated
> from repoze.bfg.security import Allow
> blogentry.__acl__ = [(Allow, 'fred', 'edit'), (Allow, Authenticated, 'view')]
>
> When that object (or one of its children) becomes the "context" of a view 
> (maybe
> when you traverse to a URL which represents the blog entry object's default
> view), the combination of the view's permission and the principals attached to
> the request is compared against the object's ACL.  Access is allowed or 
> denied.
>  For example:
>
> from repoze.bfg.view import bfg_view
> from mypackage.interfaces import IBlogEntry
>
> @bfg_view(for_=IBlogEntry, permission='edit')
> def blogentry_edit_view(context, request):
>     ...
>
> ... only a principal named 'fred' would be allowed to invoke this view if
> 'context' was the blogentry you attached the above ACL to.
>
> There is an "acquisition" model for ACLs which looks at the parents of the
> context in the model graph (often up a tree of persistent objects) to find an
> ACL if one is not defined on the context.
>
> - C
> _______________________________________________
> Zope-Dev maillist  -  zope-...@zope.org
> http://mail.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope )
>
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to