Hi, Adam Groszer wrote: > Hi, > > For our application the standard securitypolicy was fine. > Until today. Now a requirement came up that the object permissions > have to depend _also_ on an object state (the object's property). > As I checked my friend is the zope.app.securitypolicy.zopepolicy.py. > Securitypolicy gets set in the instance/etc/securitypolicy.zcml: > <securityPolicy > component="zope.app.securitypolicy.zopepolicy.ZopeSecurityPolicy" /> > > So I'll have to write a custom securitypolicy based on the zopepolicy. > Modify the securitypolicy.zcml. > But that will override the policy for the whole instance. > > My concern is how to override the policy just for a sub-folder/site? > The _defaultPolicy seems to be very-very global. > Any ideas?
IIRC the policy is global. You'd have to make a 'meta' policy that would defer to 'local' policies. However, this could be considered to be a very complex setup which you should avoid in security context. There might be more technical reasons that would complicate this approach too. IMHO better: write a data-driven policy that includes all rules that are used and have that be a reasonable global policy. Christian -- gocept gmbh & co. kg - forsterstraße 29 - 06112 halle/saale - germany www.gocept.com - [EMAIL PROTECTED] - phone +49 345 122 9889 7 - fax +49 345 122 9889 1 - zope and plone consulting and development
Description: OpenPGP digital signature
_______________________________________________ Zope3-dev mailing list Zope3email@example.com Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com