On Jan 12, 2006, at 8:35 PM, Gary Poster wrote:
On Jan 12, 2006, at 7:16 PM, Florent Guillaume wrote:
Do you think your interfaces fit the need of "computed" groups?
The current IPrincipal interface has a bit of a problem for
computed groups but is pretty close, I'd say. Right now, the core
principal interface in zope.security says that `groups` is a list.
A list that has an unremovable member--a calculated group--is a bit
hacky to model, so you might want to have a different API for
mutating the groups--or maybe it's *all* calculated and imutable.
If this core interface were restricted to say that `groups` is a
readonly iterable (which would be sufficient for the security
policies I know, AFAIK), and then another interface extended it to
match the current interface (a list), then the core interface would
allow other principal implementations to determine the `groups`
value in other ways.
It turns out I'll be doing this as well as part of my changes.
Gary
_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
