On Jan 12, 2006, at 8:35 PM, Gary Poster wrote:

On Jan 12, 2006, at 7:16 PM, Florent Guillaume wrote:

Do you think your interfaces fit the need of "computed" groups?

The current IPrincipal interface has a bit of a problem for computed groups but is pretty close, I'd say. Right now, the core principal interface in zope.security says that `groups` is a list. A list that has an unremovable member--a calculated group--is a bit hacky to model, so you might want to have a different API for mutating the groups--or maybe it's *all* calculated and imutable. If this core interface were restricted to say that `groups` is a readonly iterable (which would be sufficient for the security policies I know, AFAIK), and then another interface extended it to match the current interface (a list), then the core interface would allow other principal implementations to determine the `groups` value in other ways.

It turns out I'll be doing this as well as part of my changes.

Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to