*** yotaff has quit IRC | 00:22 | |
*** hazmat has quit IRC | 00:32 | |
*** hazmat has joined #zope3-dev | 00:32 | |
*** hazmat has quit IRC | 00:33 | |
*** hazmat has joined #zope3-dev | 00:34 | |
*** timte has quit IRC | 00:35 | |
*** Alef has joined #zope3-dev | 00:41 | |
*** bradb is now known as bradb-away | 00:42 | |
*** tvon has quit IRC | 00:43 | |
*** alga has joined #zope3-dev | 00:44 | |
*** MJ has quit IRC | 00:46 | |
*** MJ has joined #zope3-dev | 00:48 | |
*** benji_york has quit IRC | 00:51 | |
*** hazmat has quit IRC | 01:00 | |
*** RaFromBR1 has joined #zope3-dev | 01:04 | |
*** tvon has joined #zope3-dev | 01:06 | |
*** RaFromBRC has quit IRC | 01:06 | |
*** FarcePest has quit IRC | 01:16 | |
*** lunarosity has joined #zope3-dev | 01:16 | |
*** Alef has quit IRC | 01:17 | |
lunarosity | hello | 01:18 |
---|---|---|
lunarosity | I think I read somewhere that someone did some work on an LDAP adaptor, or LDAP principal source of some sort | 01:18 |
lunarosity | Anyone happen to have any links? | 01:18 |
*** fdrake has joined #zope3-dev | 01:19 | |
fdrake | srichter, you there? | 01:19 |
projekt01 | See in the zope3 repository, there are some top level ldap packages | 01:20 |
lunarosity | ok | 01:21 |
projekt01 | fdrake, are you looking for the Release Manager ;-) | 01:21 |
srichter | fdrake: here | 01:23 |
fdrake | ya | 01:23 |
fdrake | i'm giong to start merging the TAL changes from the trunk now | 01:23 |
fdrake | i'm not planning on any more changes on the trunk right now :-) | 01:24 |
*** REdOG has left #zope3-dev | 01:24 | |
srichter | ok, don't forget the branch :-) | 01:24 |
fdrake | that's where I'm merging them :-) | 01:25 |
srichter | ok | 01:25 |
projekt01 | Is the IQueriableAuthenticator the only one API to a IAuthentication, for principal lookup? | 01:27 |
srichter | I think so | 01:27 |
projekt01 | Does it mean that every IAuthentication has to implement this interface for participation on lookups for 3rd party apps | 01:28 |
projekt01 | ? | 01:28 |
projekt01 | implement/provide | 01:29 |
*** roym`` has quit IRC | 01:30 | |
srichter | I think they have to adapt to it yes | 01:32 |
projekt01 | Ok thanks, then this is the API where I can search for principals | 01:32 |
srichter | yes | 01:33 |
fdrake | running tests on the branch... | 01:48 |
fdrake | passed ... committing... | 01:51 |
*** RaFromBR1 has quit IRC | 01:56 | |
fdrake | srichter, it'd probably be good if you release before we find any more problems :-) | 01:56 |
fdrake | i'm outta here... | 01:57 |
*** fdrake has quit IRC | 01:57 | |
lunarosity | For User and Group Principals, can a User and a Group both have the same id (like '27' for instance)? | 01:58 |
*** yota has quit IRC | 02:01 | |
*** tvon has quit IRC | 02:05 | |
*** RaFromBRC has joined #zope3-dev | 02:17 | |
*** deo has quit IRC | 02:45 | |
projekt01 | lunarosity, Yes principal and group folder have a prefix where you can set if you add them | 03:05 |
*** RaFromBRC has quit IRC | 03:19 | |
*** tanghus has quit IRC | 03:49 | |
*** hwo4 has joined #zope3-dev | 04:06 | |
hwo4 | I'm having a bit of trouble getting a handle precisely on how User Principals and Group Principals work together | 04:13 |
hwo4 | first, is there a group principal in zope? i saw an IGroupAwarePrincipal, but not GroupPrincipal | 04:14 |
hwo4 | second, assuming there is a Group Principal, it never authenticates, right? No one would log in AS a Group | 04:14 |
hwo4 | third, If a group has been assigned a local role on an object, then presumably the users of that group also gain the permission associated with that role. Whats the mechanism for this. | 04:15 |
hwo4 | fourth, This might make a little more sense if I understood rather or not a user can be authenticated as multiple principals at the same time. | 04:21 |
hwo4 | which begs the question of how group principals are related to user principals at all. From my (very limited) understanding, they do two different things | 04:21 |
*** projekt01 has quit IRC | 04:27 | |
hwo4 | Also, is there any infrastructure for heirarchical permissions. I.e. this function requires permission level 5, so users with permission level 7 could access it, but level 4 couldn't. | 04:39 |
srichter | hwo4: the default security does not have a level model, but you could easily implement your own security policy thst does this | 04:49 |
hwo4 | well right | 05:00 |
hwo4 | I was just making sure I didn't reinvent anything | 05:00 |
hwo4 | you don't happen to have any insight on the group vs. user principal questions? | 05:01 |
*** alga has quit IRC | 05:17 | |
*** tanghus has joined #zope3-dev | 05:55 | |
*** sashav has quit IRC | 08:56 | |
*** gintas has joined #zope3-dev | 09:12 | |
*** sashav has joined #zope3-dev | 11:36 | |
*** _drzoltron has joined #zope3-dev | 11:36 | |
*** drzoltron_ has joined #zope3-dev | 11:38 | |
drzoltron_ | hi, is there a view implemented for IOrderedFolder ? | 11:38 |
drzoltron_ | you know one with up&down arrows ? | 11:39 |
drzoltron_ | OrderedContainer, that is | 11:39 |
*** sashav has quit IRC | 11:55 | |
*** timte has joined #zope3-dev | 12:03 | |
*** projekt01 has joined #zope3-dev | 12:28 | |
projekt01 | morning | 12:29 |
drzoltron_ | guten morgen | 12:41 |
drzoltron_ | projekt01: do you know of an implementation of orderedcontainer where I get a view with up/down arrows ? | 12:44 |
projekt01 | drzoltron, Yes, there is one, but I'm not sure if the buttons are implemented | 12:45 |
*** loreto has joined #zope3-dev | 12:46 | |
drzoltron_ | projekt01: cool, can you remember where it is ? | 12:46 |
projekt01 | See, zope.app.container.ordered.OrderedContainer | 12:47 |
drzoltron_ | yeah, I am implementing this one, but something is missing ... | 12:48 |
projekt01 | grep the source for OrderedContainer and see if this container is used somewhere, | 12:48 |
drzoltron_ | ok | 12:48 |
drzoltron_ | thanx | 12:48 |
projekt01 | then this implementation isn't registred as a content type | 12:48 |
drzoltron_ | I am mixing into one of my content types | 12:48 |
projekt01 | Ah, cool | 12:49 |
drzoltron_ | do you know where I can find the contents.html view ? | 12:49 |
drzoltron_ | zope3 is a little like a maze for a newbeginner like me ;) | 12:49 |
projekt01 | zope.app.container.browser.contents.py and content.html | 12:49 |
drzoltron_ | nice, thanx ! ;) | 12:49 |
drzoltron_ | sounds like swiss precision ;) | 12:50 |
projekt01 | ;-) | 12:50 |
projekt01 | Where are you from? | 12:50 |
drzoltron_ | vienna | 12:53 |
projekt01 | Bernie? | 12:53 |
drzoltron_ | yes | 12:53 |
projekt01 | Are you moving the Archetypes to z3? | 12:54 |
drzoltron_ | not at all :) | 12:54 |
projekt01 | Perhaps there are some interesting patterns in our Tiks repository for you. | 12:55 |
projekt01 | Hm, why is there no event less IContainer implementation in z3 like a pure IWriteMapping? | 13:00 |
drzoltron_ | hmmm, no idea | 13:00 |
*** kidnic has joined #zope3-dev | 13:02 | |
*** kidnic has left #zope3-dev | 13:04 | |
drzoltron_ | projekt01: is the Tiks rep. publicly accessible ? | 13:08 |
projekt01 | Yes, at: svn://svn.tiks.org/repos/Tiks/trunk | 13:10 |
projekt01 | the trunk is the location of the z3 root, you can find the tiks package at trunk/src/tiks | 13:11 |
projekt01 | Checkout the trunk and symlink all folders under the trunk to the zope install root except the package-includes folder | 13:12 |
projekt01 | this folder contains the configure where you can place into the original package-includes folder. | 13:13 |
drzoltron_ | sorry, alittle on and off here, girlfriend has poured water in her PB | 13:13 |
drzoltron_ | thanx | 13:13 |
projekt01 | Don't include the json configure.zcml in package-includes if jsonserver isn't installed. | 13:14 |
drzoltron_ | ok | 13:15 |
drzoltron_ | got tiks now, what does it do ? | 13:23 |
projekt01 | It's a library based on z3, it contains different more or less useful components ;-) | 13:24 |
drzoltron_ | hehe | 13:25 |
projekt01 | The Tiks packages itself does not this much, they can be used for build system. | 13:25 |
drzoltron_ | ok | 13:25 |
projekt01 | A good starting point is tiks.system | 13:25 |
projekt01 | Tiks systems are a generic implementation for z3 objects (content types). | 13:26 |
projekt01 | All additional methods and attributes of such a system are adapted, nothing is implemented directly in class | 13:26 |
projekt01 | not even a class itself is used for build new content types! | 13:27 |
projekt01 | All is done with marker interfaces! | 13:27 |
projekt01 | There are also some demos in tiks.demo where you can start | 13:27 |
drzoltron_ | nice, thanx ! | 13:28 |
projekt01 | Or I started adding our new tiks.org portal in tiks.org which is accessible under ++skin++TiksORG if you add the content type "Tiks site (tiks.org)" | 13:28 |
projekt01 | There is also a skin /++etc++Tiks/ out of the box which is a replacement for the Rotterdam ZMI | 13:29 |
drzoltron_ | nice | 13:31 |
projekt01 | Is it running? | 13:31 |
drzoltron_ | haven't tried yet, I think I use it for grepping first ;) | 13:35 |
drzoltron_ | still in emergency mode trying to get the water out of the powerbook | 13:36 |
projekt01 | ;-) | 13:37 |
projekt01 | I recommend the packages in this order tiks.initializer, tiks.typing, tiks.system for a good introduction | 13:38 |
projekt01 | That's our base concepts, initialize a content type, mark a content type with a type marker and build system domains | 13:39 |
drzoltron_ | ok | 13:42 |
*** jinty has joined #zope3-dev | 14:17 | |
*** yota has joined #zope3-dev | 14:19 | |
*** gintas has quit IRC | 14:25 | |
*** alga has joined #zope3-dev | 14:29 | |
srichter | hwo4: yes, there are groups in the default security policy | 14:32 |
srichter | hwo4: IGroupAwarePrincipals are simply principals that know about the groups they are in and thus inherit their permissions/roles | 14:32 |
srichter | hwo4: Group principals are simply known as groups; see zope.app.authentication.groupfolder; also read all the TXT files in this package | 14:34 |
srichter | hwo4: of course noone would ever log in as a group; not all principals in a security system must support login/logout | 14:35 |
srichter | hwo4: yes, user principals inherit their group principals' permissions/roles; that is implemented in the default security policy | 14:36 |
srichter | hwo4: to the forth question, principals are really only aggregate objects (like roles) of permissions. They are granted permissions; the user is a bit special since it also supports login/logout (iow Authentication), whereby roles and groups only provide authorization | 14:39 |
srichter | hwo4: btw, you can also simulate your levels using groups; every group could be a security level | 14:46 |
*** drzoltron_ has quit IRC | 15:02 | |
projekt01 | srichter, ayt? | 15:04 |
srichter | yes | 15:10 |
projekt01 | I miss some important adapter tests in zope3! | 15:10 |
projekt01 | Was there not a adapter.txt test file? | 15:10 |
projekt01 | in the zope.app.security | 15:11 |
srichter | aehm, I don't know | 15:11 |
srichter | not that I remember | 15:11 |
srichter | you can check the repository | 15:11 |
projekt01 | There a re no tests for the trusted adapter factories | 15:11 |
projekt01 | e.g. LocatingTrustedAdapterFactory | 15:11 |
projekt01 | Are you remember, wasn't there tests for this factories? | 15:12 |
srichter | I can't remember | 15:13 |
srichter | I have never been involved in any of this | 15:13 |
*** roym has joined #zope3-dev | 15:14 | |
projekt01 | Ok, will take a look at this, perhaps I'm wrong and this part wasn't tested directly | 15:15 |
projekt01 | Ah, found the file adapter.txt in the zope.interface | 15:22 |
projekt01 | srichter, Ok, found what I'm need ;-) | 15:25 |
srichter | :-) | 15:25 |
roym | I have a path stored as a string (eg: A/B/C); how would I in ZPT, | 15:25 |
roym | convert that to a physical path? All I can think of is | 15:25 |
roym | python:context['A']['B']['C'] - seems like there ought to be a better | 15:25 |
roym | way. | 15:25 |
projekt01 | romy, Use a view class for the template and use a method which calls traverse(obj, path) | 15:27 |
*** jinty has quit IRC | 15:28 | |
roym | projekt01: thanks. | 15:29 |
*** drzoltron_ has joined #zope3-dev | 15:39 | |
projekt01 | argh, I guess all PAU events are not locatable with the subcribers directive locate=True | 15:39 |
projekt01 | because this are not object events. | 15:39 |
projekt01 | srichter, why are the events used in the PAU's principal folder are not object events? | 15:40 |
projekt01 | if FoundPrincipalCreated whould be a object event, then I could locate from where the principal was created | 15:42 |
srichter | I think you can make it an object event; I don't see a problem there | 15:49 |
projekt01 | I guess this would break existing custom subscribers? right? | 15:51 |
srichter | how so? | 15:52 |
srichter | just inherit IObjectEvent in IFounfPrincipalCreated | 15:52 |
drzoltron_ | how do i get the order of contents of IOrderedContainers | 15:53 |
projekt01 | srichter, is the registration in ZCML for such a subscriber not different after this changes? | 15:53 |
srichter | drzoltron_: I would assume that container.keys() gives you the right order | 15:53 |
srichter | projekt01: no | 15:54 |
projekt01 | Ah, just optional | 15:54 |
srichter | it is still an IFoundPrincipalCreated event | 15:54 |
srichter | it is justa feature add, not replace | 15:54 |
drzoltron_ | srichter: yeah, you are right :) | 15:55 |
projekt01 | srichter, and the subsciber can be regsitred like for="IFoundPrincipalCreated" or for="ILocation IFoundPrincipalCreated" | 15:56 |
srichter | yep | 15:56 |
projekt01 | Ok, should I change it in the trunk? | 15:57 |
projekt01 | I guess not in the in the branch because it's a feature. right? | 15:57 |
srichter | no, this cannot go into the branch | 15:58 |
projekt01 | Ok, I will change it in the trunk | 15:59 |
projekt01 | Argh, this doesn't work, because we don't have the location from the principal in the principal factory because we just use attributes in the constructor | 16:03 |
*** jinty has joined #zope3-dev | 16:03 | |
*** jinty has quit IRC | 16:03 | |
projekt01 | ...and not the principal itself where we like to use the location | 16:04 |
drzoltron_ | funny, @@contents.html always show the contents in the created order not in the actual | 16:05 |
srichter | projekt01: I guess once you have the pricnipal id you can always look up the principal | 16:06 |
srichter | and this principal might have a location | 16:06 |
srichter | drzoltron_: are you sure @@contents.html is written for the ordered container? | 16:06 |
projekt01 | drzoltron, the ordered container should return the right order, this is the order the items get added | 16:09 |
projekt01 | Did you try to order the container keys with orderedContianer.updateOrder(keysInAOrderYouLike) | 16:11 |
*** drzoltron_ has quit IRC | 16:15 | |
*** drzoltron_ has joined #zope3-dev | 16:17 | |
drzoltron_ | projekt01: sorry, still no lifesign from the powerbook | 16:18 |
drzoltron_ | i added the items | 16:18 |
drzoltron_ | did a updateOrder() | 16:19 |
drzoltron_ | container.keys() now gives me the updated order but @@contents does not | 16:19 |
drzoltron_ | anyway, have to write a new @@contents with some nice arrows | 16:19 |
projekt01 | Hm, the methods keys, values and items are ordered by the order stored in OrderedContainer | 16:22 |
projekt01 | This should work | 16:22 |
projekt01 | Can you check if the method items() and values() also return the items in the right order like the method keys() does? | 16:24 |
*** drzoltron_ has quit IRC | 16:25 | |
*** drzoltron_ has joined #zope3-dev | 16:25 | |
drzoltron_ | irclogs is nice ;) | 16:26 |
*** jinty has joined #zope3-dev | 16:26 | |
*** jinty_ has joined #zope3-dev | 16:40 | |
*** jinty_ has quit IRC | 16:41 | |
*** drzoltron_ has quit IRC | 16:47 | |
*** mikecrowe has joined #zope3-dev | 16:51 | |
mikecrowe | Hi folks, can I ask some n00b questions without getting flamed? | 16:53 |
mikecrowe | I'm getting this error on a new instance I just created. Had it working, but don't know what went wrong: | 16:54 |
mikecrowe | zope.configuration.xmlconfig.ZopeXMLConfigurationError: File "c:\mus\etc\site.zcml", line 14.2-14.36 | 16:54 |
mikecrowe | ZopeXMLConfigurationError: File "c:\mus\etc\principals.zcml", line 33.2 | 16:54 |
mikecrowe | ConfigurationError: ('Unknown directive', u'http://namespaces.zope.org/zope', u'grant')zope.configuration.xmlconfig.ZopeXMLConfigurationError: File "c:\mus\etc\site.zcml", line 14.2-14.36 | 16:54 |
mikecrowe | ZopeXMLConfigurationError: File "c:\mus\etc\principals.zcml", line 33.2 | 16:54 |
mikecrowe | ConfigurationError: ('Unknown directive', u'http://namespaces.zope.org/zope', u'grant') | 16:54 |
mikecrowe | I don't see anything wrong with site or principals. Is there something basic I am missing here? | 16:55 |
*** tvon has joined #zope3-dev | 16:55 | |
mikecrowe | Zope 3.1.0c1/Python 2.4 | 16:55 |
*** drzoltron_ has joined #zope3-dev | 16:58 | |
*** Alef has joined #zope3-dev | 17:04 | |
*** mikecrowe has left #zope3-dev | 17:06 | |
*** mikecrowe has joined #zope3-dev | 17:08 | |
*** loreto has quit IRC | 17:10 | |
*** gintas has joined #zope3-dev | 17:16 | |
srichter | that is very strange; did you modify your site.zcml? | 17:16 |
srichter | it seems that the security meta configuration is not loaded | 17:17 |
mikecrowe | ahhh! when you run a make-instance, it doesn't create a security.zcml | 17:17 |
mikecrowe | sorry, securitypolicy.zcml | 17:18 |
mikecrowe | i renamed -testing and just used it, since i didn't know how to create. i bet that was wrong, huh? | 17:18 |
srichter | yep | 17:18 |
srichter | probably | 17:18 |
mikecrowe | is there a template for security? i didn't see in zopeskel | 17:19 |
srichter | best would be to go online and get the origianl site.zcml back | 17:19 |
srichter | http://svn.zope.org/Zope3/branches/Zope-3.1 | 17:19 |
mikecrowe | hmm, are you sure? should makeinstance create a securitypolicy.zcml in your etc/ directory? | 17:21 |
mikecrowe | my clean install (from 2 days ago) didn't. I'm thinking that i am expected to create with the parameters I need. | 17:21 |
mikecrowe | problem is, I'm so new i don't know what i need! :) | 17:21 |
mikecrowe | just looked, there is only securitypolicy-ftesting.zcml in cvs. | 17:22 |
srichter | I am not sure what mkzopeinstance is supposed to do, since I never use it ;-) | 17:23 |
srichter | mkzopeinstance -u user:passwd -d path/to/instance/dir | 17:24 |
srichter | should work | 17:24 |
srichter | we constantly test this combination | 17:24 |
srichter | projekt01: have you tried the Windows release already? | 17:24 |
mikecrowe | srichter: found an example in cvs z3/modzope/trunk/demosite/securitypolicy.zcml (thanks, google) | 17:35 |
projekt01 | srichter, no where is it located? | 17:36 |
projekt01 | I guess at the z3 release download page at www.zope.org? | 17:37 |
projekt01 | No there is only a release from 2005-07-27 20:55:06 | 17:38 |
srichter | that's it | 17:42 |
srichter | projekt01: mikecrowe has troubles with the Win release | 17:42 |
projekt01 | I'll try it | 17:43 |
projekt01 | Why can I install the release only with a python 2.3 installed? | 17:46 |
projekt01 | I only have python 2.4 installed right now | 17:46 |
projekt01 | Is there a reason why or can we change the script that it will check for a minimal version of python and not just one version? | 17:47 |
srichter | because 3.1 targets 2.3 | 17:50 |
srichter | I don't know enough about Windows installaers to say how to fix this problem | 17:51 |
srichter | we have to ask tim | 17:51 |
projekt01 | Ok | 17:52 |
*** tvon has left #zope3-dev | 18:02 | |
*** srichter has quit IRC | 18:06 | |
projekt01 | mikecrowe, I installed z3 from the download it's up and running, seems that all is Ok from a fresh installation. | 18:08 |
*** srichter has joined #zope3-dev | 18:12 | |
projekt01 | srichter, I installed z3 from the download it's up and running, seems that all is Ok from a fresh installation. | 18:12 |
srichter | projekt01: thanks | 18:13 |
srichter | mikecrowe: you messed up your installation somehow | 18:13 |
srichter | I'd suggest reinstalling | 18:13 |
*** srichter has quit IRC | 18:14 | |
*** srichter has joined #zope3-dev | 18:15 | |
*** srichter has quit IRC | 18:17 | |
*** tvon has joined #zope3-dev | 18:17 | |
*** srichter has joined #zope3-dev | 18:17 | |
*** jinty has quit IRC | 18:18 | |
*** projekt01 is now known as _projekt01 | 18:24 | |
*** _projekt01 is now known as _projekt01_away | 18:27 | |
*** ChanServ sets mode: +o srichter | 18:29 | |
*** loreto has joined #zope3-dev | 19:27 | |
*** RaFromBRC has joined #zope3-dev | 19:33 | |
*** Alef has quit IRC | 19:36 | |
*** loreto has quit IRC | 19:37 | |
*** loreto has joined #zope3-dev | 19:40 | |
*** loreto has quit IRC | 19:42 | |
*** drzoltron_ has quit IRC | 19:48 | |
hwo4 | I'm a bit confused on the concept of a Principal | 20:04 |
hwo4 | its a persistant object stored in a principal source, or at least an instance of a Principal is returned by the source? | 20:05 |
srichter | no a principal is not persistent | 20:41 |
srichter | it is created when the principal is looked up | 20:41 |
srichter | the info about the principal is persistently stored | 20:42 |
*** alga has quit IRC | 20:58 | |
*** jinty has joined #zope3-dev | 21:05 | |
*** RaFromBRC is now known as RaAtBRC | 21:24 | |
*** RaAtBRC has quit IRC | 21:49 | |
*** wiggy has joined #zope3-dev | 22:15 | |
hwo4 | How do Participations work? If a user authenticates and a Principal is created, then is a participation created then as well? whats the lifetime of a participation. Also, if there is only one participation per principal, why does an interaction hold multiple participations? | 22:36 |
srichter | no the participation is set by the request | 22:36 |
srichter | the lifetime of the participation is equal to the life time of the request (basically) | 22:37 |
wiggy | how do you define a reference in a scheme? | 22:37 |
srichter | reference to other objects? | 22:41 |
srichter | you can use vocabularies | 22:41 |
wiggy | heh, philikons book says 'vocabularies have been deprecated' at the beginning of the vocabulary chapter :) | 22:43 |
*** jinty has quit IRC | 22:44 | |
srichter | well, they are replaced by sources, but sources are still not used widely | 22:45 |
hwo4 | so then how does a principal get more than one participation? | 23:04 |
srichter | currently there is only one participation ever | 23:09 |
srichter | at a given point in time | 23:09 |
srichter | (per thread and request) | 23:09 |
hwo4 | so then why are interactions able to add and remove participations? and when you say one participation ever, per thread per request, i'm not sure how the 'per thread' part impacts it. | 23:18 |
srichter | when Jim rewrote the security stuff he had use cases in mind that have multiple participations; it's just a feature that's not used | 23:20 |
srichter | well, participations are stored in a thread global; it should not matter I just mentioned it | 23:21 |
hwo4 | ok | 23:22 |
hwo4 | I have a security system in mind in which users can be members of groups | 23:23 |
hwo4 | and if you give a group a set of permissions (local role) on an object, then the members of the group should have those permissions as well | 23:24 |
hwo4 | I wasn't entirely sure if i should implement the checking of permissions in a Checker by looking in each group the user is a member of, or somehow having an authenticated user have multiple participations or some such thing | 23:25 |
hwo4 | So I assume, since there is only one participation per request, the checker should look for permissions associated with the user, and also with their groups | 23:26 |
hwo4 | With this sort of setup in mind, | 23:26 |
hwo4 | would groups even need to be prinicipals? | 23:26 |
*** Theuni has quit IRC | 23:27 | |
srichter | the default security policy provides all those features for you | 23:27 |
srichter | just use the code in zope.app.authentication | 23:27 |
*** RaFromBRC has joined #zope3-dev | 23:28 | |
hwo4 | ok | 23:28 |
*** jinty has joined #zope3-dev | 23:32 | |
*** mikecrowe has left #zope3-dev | 23:35 | |
hwo4 | I see in zope.app.authentication there is a Principal class that implements GroupAwarePrincipal, and there are group principals, and group principal folders, as well as user principal folders | 23:36 |
hwo4 | It seems to me though that the determination of a users permissions depending on what groups they were a member of, would be carried out in zope.app.security | 23:37 |
srichter | yes, of course; it all hangs together | 23:39 |
hwo4 | right. I'm just having trouble locating the part of the security implementation which does that checking | 23:39 |
hwo4 | I guess it would be in the interaction, right? | 23:40 |
srichter | yeah, as far I remember, the interaction is just an instance of the security policy | 23:43 |
srichter | why are you digging in all this so deep? | 23:43 |
hwo4 | Hmm. I was under the impression that it was necessary to understand this stuff to start developing | 23:47 |
hwo4 | I went through Phillips book and your book, and things seemed to make a lot of sense, | 23:48 |
hwo4 | but it left me a little confused on how to deal with groups | 23:49 |
hwo4 | and I still can't understand why a group is a principal | 23:50 |
srichter | because you can only grant permissions and roles to principals | 23:51 |
hwo4 | ok | 23:52 |
srichter | the reason our books don't cover that is that it is new in 3.1 | 23:52 |
hwo4 | right | 23:52 |
srichter | but you really don't need to understand all this | 23:52 |
srichter | all you need to know is that you can grant permission and roles to users and groups | 23:52 |
srichter | and you can put principals into several groups | 23:53 |
hwo4 | ok, thats pretty straightforward | 23:53 |
wiggy | groups in groups | 23:55 |
hwo4 | then if i had a content object such as userprofile, then i'd just grant the user some sort of managerial local role on the userprofile object and give his groups a local viewing role. | 23:55 |
srichter | yep | 23:56 |
hwo4 | so i guess i only have one more question for now | 23:57 |
hwo4 | are groups, group aware? | 23:57 |
hwo4 | can i put groups in groups? | 23:57 |
hwo4 | and if i can, does a member of group a (which is a member of group b) get the roles of group b? | 23:57 |
srichter | of course | 23:57 |
srichter | groups are principals | 23:57 |
srichter | of course | 23:58 |
hwo4 | great | 23:58 |
hwo4 | thanks a lot | 23:58 |
Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!