-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martijn Faassen wrote:
> Hey,
> 
> Tim Hoffman wrote:
>> can I specify security annotations on objects persisted in the zodb as
>> per zope3/zope2
>> which are over and above the class/view decleration.
> 
> I'll just note you can do this in Grok. Grok has per-model security 
> declarations, just like Zope 3's. It just doesn't have model-level 
> security *checks* - the only check happens on the view end.

The stock security policy for BFG uses ACLs stored on model objects, and
is willing to "acquire" them.  The ACLs represent grant's or denials of
permissions to principals.  The BFG publisher uses the permission
associated with the view to verify access to the view by the current
principals.  All in all, this part is very Zope-like.

> I'm not sure whether bfg does use security proxies at all or not (if so, 
> apparently not zope.security's).

Space-suits are only useful if you want to protect specific attributes
or methods of model objects.  BFG has no concept of untrusted code, and
therefore doesn't use them.

You *could* build a BFG-based application which used them (e.g.,
wrapping the root object in a space-suit at the beginning of publishing
traversal);  none of us need or want that.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tsea...@palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ5fyH+gerLs4ltQ4RAhyYAKDTAJNQKd9y4NmT4PuZrCAEQy6CZgCgxFgO
WdKQX3XsjmGYrF/LM3idcug=
=AADT
-----END PGP SIGNATURE-----

_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to