On Wed, Jul 02, 2008 at 08:33:12PM +0200, Mattia Belletti wrote: > Hi all, > I'm a newbie to Zope 3, but I immediatly had very "good vibes" about > it. I started developing a test application. Where I immediatly got some > problems was when I had to deal with the security model. > > I illustrate my point. In the system I'm writing, users can register > and create objects inside the system. The security system should be > quite simple: a user can access the view page of every object, but not > the edit page, unless he/she is the author. Well, things are more > complex, but this already is proving me problems.
You've chosen an intuitively obvious task for a test app, however one that is not at all trivial in Zope. Authentication with dynamic principals is pretty much as hardcore as it gets. You'll need to to sort out the authentication part either by writing a PAU plugin to authenticate your users who have corresponding domain objects, or even by writing your own local authentication utility. The authorization part can be done in different ways, but I think the simplest one is to set up a role 'owner' and then provide a zope.app.securitypolicy.interfaces.IPrincipalRoleMap adapter for your content objects that grants the owner role to the owners. > I think it's pretty evident that the default security policy isn't > enough for me. The above should let you solve your problems with the default security policy. However, you might want to take a look at zc.sharing. It's an alternative security policy which could be more intuitive for the content management domain you seem to be working on. Albertas _______________________________________________ Zope3-users mailing list Zope3email@example.com http://mail.zope.org/mailman/listinfo/zope3-users