Hi, On Sat, Apr 22, 2006 at 05:06:15PM -0500, Jachin Rupe wrote: > hi there > > Is there a good example out there of setting up security based on some > sort of ownership system? > > I'm working my way though the Zope book. What I would like to be able to > do is allow the User who created a message to edit only "their" messages > (the messages they created). I think I've read all the relevant chapters > of the Zope book and I can't find a place where it explains that. Did I > miss is somewhere?
I'm going to implement "object ownership", too. My idea is to assign a role membership to the user (e.g. 'mysite.Owner') using annotated per-object-security information (see zope.app.securitypolicy.interfaces.IPrincipalRoleManager). I might need a special permission ('mysite.OwnerAccess') which is ZCML-<grant>ed to the 'mysite.Owner' role and used in all the views I want' to be owner-only. The role will be assigned on object creation - I'm not sure, if I can use an event to do so because the request object will be needed to know the creating principal. In any case it should be possible to assign the role in the content object's __init__() method. hth Regards, Frank _______________________________________________ Zope3-users mailing list Zope3email@example.com http://mail.zope.org/mailman/listinfo/zope3-users