On Sep 28, 2005, at 7:02 AM, James Allwyn wrote:
I have a number of questions. I've split them up over a number of
emails, to keep them 'bite sized', and hopefully make any replies more
useful in the archive. Apologies if this is not considered correct
'etiquette' on this list.
Sounds good to me.
Is there any recommended method for indicating "ownership" of objects
by a user?
Not to my knowledge (but that's just my knowledge :-)
There is potentially a 'many-many' mapping of objects to
users, so I don't want to use containment to indicate this
Would it be sensible to use Annotations to store a list of principals
that are associated with the object on the object?
Sounds like a reasonable start. To be clear (and this is pertinent
to your next question), annotations are typically places in which
adapters place their information. That is, code typically adapts an
object to an interface that provides the information that they want
(e.g. a hypothetical IOwned or something, in your case). The adapter
might get and set the information in an annotation, but the client
code would have no knowledge of that. The client code just adapts
the object and uses the API.
I need to be able to call up the objects related to a user, and I'm
intending to use a Catalog to call the list of objects up. Is this
compatible with an annotations-based approach - i.e., would I face any
difficulties getting the Catalog to read data from annotations?
No, you should not. You can tell a standard index that it indexes a
given name of a given interface. The index then attempts to adapt
each object it gets to the interface, and get the value from the
name. Using the approach I described above, then, this would be just
Also, we will need to combine this with our security system - each
user will be able to edit objects that they are registered as the
owner of (probably with workflow constraints...). Is this possible
within the default zope security policy, or will I have to write a new
one (which is a daunting prospect!)
I think you will need to write your own, but won't be terribly
surprised to learn I'm wrong. :-)
We have plans to release an alternate security policy that we have.
Writing a new policy is not nearly as daunting as in Zope 2, at least
from the perspective of someone who has looked at implementations in
Zope 2 and Zope 3. That said, I understand the concern.
There will also be system
administrators who will have the rights to edit any of the objects, so
the concept of roles will work well for them, but I've not been able
to see how/if I would be able to grant a principal permission to edit
only those objects that she is registered as an 'owner' of using the
standard zcml declarations (which, as I understand it, grant
permission on, say, a whole class of objects).
Since there is no concept (to my knowledge) of owner in Zope 3 now,
there is certainly no zcml for that. To your more general question,
though, the current security policy does allow grants on any object
that supports annotations.
Zope3-users mailing list