On Sat, Apr 22, 2006 at 05:06:15PM -0500, Jachin Rupe wrote:
> hi there
> Is there a good example out there of setting up security based on some
> sort of ownership system?
> I'm working my way though the Zope book.  What I would like to be able to
> do is allow the User who created a message to edit only "their" messages
> (the messages they created).  I think I've read all the relevant chapters
> of the Zope book and I can't find a place where it explains that.  Did I
> miss is somewhere?

I'm going to implement "object ownership", too. My idea is to assign a role
membership to the user (e.g. 'mysite.Owner') using annotated
per-object-security information (see

I might need a special permission ('mysite.OwnerAccess') which is
ZCML-<grant>ed to the 'mysite.Owner' role and used in all the views
I want' to be owner-only.

The role will be assigned on object creation - I'm not sure, if I can use
an event to do so because the request object will be needed to know the
creating principal. In any case it should be possible to assign the role
in the content object's __init__() method.



Zope3-users mailing list

Reply via email to