On Sep 28, 2005, at 7:02 AM, James Allwyn wrote:
Dear list, I have a number of questions. I've split them up over a number of emails, to keep them 'bite sized', and hopefully make any replies more useful in the archive. Apologies if this is not considered correct 'etiquette' on this list.
Sounds good to me.
Is there any recommended method for indicating "ownership" of objects by a user?
Not to my knowledge (but that's just my knowledge :-)
There is potentially a 'many-many' mapping of objects to users, so I don't want to use containment to indicate this relationship. Would it be sensible to use Annotations to store a list of principals that are associated with the object on the object?
Sounds like a reasonable start. To be clear (and this is pertinent to your next question), annotations are typically places in which adapters place their information. That is, code typically adapts an object to an interface that provides the information that they want (e.g. a hypothetical IOwned or something, in your case). The adapter might get and set the information in an annotation, but the client code would have no knowledge of that. The client code just adapts the object and uses the API.
I need to be able to call up the objects related to a user, and I'm intending to use a Catalog to call the list of objects up. Is this compatible with an annotations-based approach - i.e., would I face any difficulties getting the Catalog to read data from annotations?
No, you should not. You can tell a standard index that it indexes a given name of a given interface. The index then attempts to adapt each object it gets to the interface, and get the value from the name. Using the approach I described above, then, this would be just fine.
Also, we will need to combine this with our security system - each user will be able to edit objects that they are registered as the owner of (probably with workflow constraints...). Is this possible within the default zope security policy, or will I have to write a new one (which is a daunting prospect!)
I think you will need to write your own, but won't be terribly surprised to learn I'm wrong. :-)
We have plans to release an alternate security policy that we have. Writing a new policy is not nearly as daunting as in Zope 2, at least from the perspective of someone who has looked at implementations in Zope 2 and Zope 3. That said, I understand the concern.
There will also be system administrators who will have the rights to edit any of the objects, so the concept of roles will work well for them, but I've not been able to see how/if I would be able to grant a principal permission to edit only those objects that she is registered as an 'owner' of using the standard zcml declarations (which, as I understand it, grant permission on, say, a whole class of objects).
Since there is no concept (to my knowledge) of owner in Zope 3 now, there is certainly no zcml for that. To your more general question, though, the current security policy does allow grants on any object that supports annotations.
Gary _______________________________________________ Zope3-users mailing list Zope3email@example.com http://mail.zope.org/mailman/listinfo/zope3-users