Hi It seems the big difference between zope2 and bfg acls is the lack of roles.
bfg acls map permissions directly to principals, and doesn't appear to have the concept of a role. The local roles in zope is a extension of system wide roles where additional roles are defined for a principal based on the context. Owner in plone is a role assigned to a principal, and permissions are bound to roles. A user can get a specific role in a particular context, effectively decoupling the declaration of permissions from principals. T On Tue, Feb 16, 2010 at 7:52 AM, Tim Hoffman <zutes...@gmail.com> wrote: > Hi > > I could at the very least evaluate the Owner special principal > into the real owner, when I provide the __acl__ registration via the > property accessor > > Most of the project is defined in a uml model and the code is being > generated. So > declaring the permissions where possible in the model means I need to use > abstractions representing things like Owner in the model > > T > > On Tue, Feb 16, 2010 at 7:49 AM, Tim Hoffman <zutes...@gmail.com> wrote: >> HI Tres >> >> The last thing I would love to be able to do would be to declare the >> permissions >> at the class level >> >> as in >> >> (Allow, Owner, "edit") >> >> And have a Owner a special principal like Everyone, >> that allows me to declare the permission. But only evaluates "owner" >> when the permission is checked >> >> Do you think that could work, I haven't worked out how I could >> implement that though. >> >> T >> >> On Tue, Feb 16, 2010 at 7:24 AM, Tres Seaver <tsea...@palladion.com> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Tim Hoffman wrote: >>> >>>> I was hoping to declare the local role equivalent at the class level, >>>> but following from what you said >>>> >>>> I have a class declaration for "site_manager" and persist >>>> a user/owner declaration on the object at creation time ? >>>> >>>> Then when I retrieve the entity from the app engine datastore >>>> have a __acl__ property accessor which >>>> then merges the class declaration with the persisted addition >>>> definition of ower. >>>> >>>> Does that sound like an appropriate approach? >>> >>> That sounds like it would work, yes. >>> >>> >>> Tres. >>> - -- >>> =================================================================== >>> Tres Seaver +1 540-429-0999 tsea...@palladion.com >>> Palladion Software "Excellence by Design" http://palladion.com >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.9 (GNU/Linux) >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >>> >>> iEYEARECAAYFAkt516wACgkQ+gerLs4ltQ4I6ACfaqLKXOodUYv8GroTYAPN3TwL >>> izQAnA1Y6ojjgLB/LgpHpTFU08LoRI0h >>> =ruoG >>> -----END PGP SIGNATURE----- >>> >> > _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
