Albertas Agejevas ha scritto:
On Wed, Jul 02, 2008 at 08:33:12PM +0200, Mattia Belletti wrote:
Hi all,
 I'm a newbie to Zope 3, but I immediatly had very "good vibes" about
it. I started developing a test application. Where I immediatly got some
problems was when I had to deal with the security model.

 I illustrate my point. In the system I'm writing, users can register
and create objects inside the system. The security system should be
quite simple: a user can access the view page of every object, but not
the edit page, unless he/she is the author. Well, things are more
complex, but this already is proving me problems.

You've chosen an intuitively obvious task for a test app, however one
that is not at all trivial in Zope.  Authentication with dynamic
principals is pretty much as hardcore as it gets.

You'll need to to sort out the authentication part either by writing a
PAU plugin to authenticate your users who have corresponding domain
objects, or even by writing your own local authentication utility.

The authorization part can be done in different ways, but I think the
simplest one is to set up a role 'owner' and then provide a
zope.app.securitypolicy.interfaces.IPrincipalRoleMap adapter for your
content objects that grants the owner role to the owners.
Thank you for your prompt reply!
I think I've understood a little better the problem. The PAU part is quite clear to me, whereas I still have a little confusion about the IPrincipalRoleMap interface. If I understood well, its instances serve the purpose of relating roles and principals to a certain content object, but it also talks about 'settings': what are they?

--
Mattia "RedGlow" Belletti
http://thick.foschia.info - http://anacrusi.splinder.com

_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users

Reply via email to