Frank Burkhardt wrote:
Do I understand it right, that I do not grant a permission to a principal on a certain
object instance? I only grant a permission to use a certain interface!?
You can either grant permissions to principals (or groups/roles) globally.
Those permissions
can be used in multiple ways:
* To protect Views. You can only access views you have permissions for (e.g.
<browser:page ...> )
* To protect attributes/methods of classes (*not objects*) (<class
...><required interface=...>)
* To define, who is allowed to modify certain attributes (<class ...><required
set_schema=...> )
I can follow to this point. That's how I understand Zope security until now.
Additionally you may grant permissions (and role memberships) on a per object
(*not per class*)
basis ( using e.g. the grant.html-View) which effects only a single object.
That's what I was looking for, but don't know how to do. For I example:
I want to let a user create an object (i.e. a message in a message
board). All users with a certain role (i.e. Admins) should be able to
edit the new object, but the creating user should also be able to edit
it. So I have to give him the persmission to edit.
How can I do something like that?
regards,
Achim
_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users