I have a number of questions. I've split them up over a number of
emails, to keep them 'bite sized', and hopefully make any replies more
useful in the archive. Apologies if this is not considered correct
'etiquette' on this list.
Is there any recommended method for indicating "ownership" of objects
by a user? There is potentially a 'many-many' mapping of objects to
users, so I don't want to use containment to indicate this
Would it be sensible to use Annotations to store a list of principals
that are associated with the object on the object?
I need to be able to call up the objects related to a user, and I'm
intending to use a Catalog to call the list of objects up. Is this
compatible with an annotations-based approach - i.e., would I face any
difficulties getting the Catalog to read data from annotations?
Also, we will need to combine this with our security system - each
user will be able to edit objects that they are registered as the
owner of (probably with workflow constraints...). Is this possible
within the default zope security policy, or will I have to write a new
one (which is a daunting prospect!) There will also be system
administrators who will have the rights to edit any of the objects, so
the concept of roles will work well for them, but I've not been able
to see how/if I would be able to grant a principal permission to edit
only those objects that she is registered as an 'owner' of using the
standard zcml declarations (which, as I understand it, grant
permission on, say, a whole class of objects).
Zope3-users mailing list