-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martijn Faassen wrote: > Hey, > > Tim Hoffman wrote: >> can I specify security annotations on objects persisted in the zodb as >> per zope3/zope2 >> which are over and above the class/view decleration. > > I'll just note you can do this in Grok. Grok has per-model security > declarations, just like Zope 3's. It just doesn't have model-level > security *checks* - the only check happens on the view end.
The stock security policy for BFG uses ACLs stored on model objects, and is willing to "acquire" them. The ACLs represent grant's or denials of permissions to principals. The BFG publisher uses the permission associated with the view to verify access to the view by the current principals. All in all, this part is very Zope-like. > I'm not sure whether bfg does use security proxies at all or not (if so, > apparently not zope.security's). Space-suits are only useful if you want to protect specific attributes or methods of model objects. BFG has no concept of untrusted code, and therefore doesn't use them. You *could* build a BFG-based application which used them (e.g., wrapping the root object in a space-suit at the beginning of publishing traversal); none of us need or want that. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ5fyH+gerLs4ltQ4RAhyYAKDTAJNQKd9y4NmT4PuZrCAEQy6CZgCgxFgO WdKQX3XsjmGYrF/LM3idcug= =AADT -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
