History for Zope-2.1.6-Policy
??changed:
-
Example policy: DTML (Zope 2.1.6)
- If an access name begins with 'aq_', then access is always
allowed if the name is 'aq_parent' or 'aq_explicit' and always
disallowed otherwise.
- If an accessed value doesn't have a '__roles__' attribute and
the place it came from doesn't have and can't acquire a
'__roles__' attribute, then access is denied if the
value was acquired and denied otherwise.
MichelP -- I'm not sure if this is clear Jim, or is the double negative a typo?
For brevity, define 'roles' to be the accessed value's
'__roles__', if present or the (possibly acquired) '__roles__'
of the object the accessed value came from.
- If the AUTHENTICATED_USER has any of the roles or the
outermost DTML methods's proxy roles include any of the roles,
then access is granted, otherwise, access is denied.