Hi,

Adam Groszer wrote:
> Hi,
> 
> For our application the standard securitypolicy was fine.
> Until today. Now a requirement came up that the object permissions
> have to depend _also_ on an object state (the object's property).
> As I checked my friend is the zope.app.securitypolicy.zopepolicy.py.
> Securitypolicy gets set in the instance/etc/securitypolicy.zcml:
> <securityPolicy
>     component="zope.app.securitypolicy.zopepolicy.ZopeSecurityPolicy" />
> 
> So I'll have to write a custom securitypolicy based on the zopepolicy.
> Modify the securitypolicy.zcml.
> But that will override the policy for the whole instance.
> 
> My concern is how to override the policy just for a sub-folder/site?
> The _defaultPolicy seems to be very-very global.
> Any ideas?

IIRC the policy is global. You'd have to make a 'meta' policy that would
defer to 'local' policies.

However, this could be considered to be a very complex setup which you
should avoid in security context. There might be more technical reasons
that would complicate this approach too.

IMHO better: write a data-driven policy that includes all rules that are
used and have that be a reasonable global policy.

Christian

-- 
gocept gmbh & co. kg - forsterstra├če 29 - 06112 halle/saale - germany
www.gocept.com - [EMAIL PROTECTED] - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to