Chapter 6. Security and Workflow
Security should never be an afterthought when building web applications. Zope and Plone provide a robust and flexible security model that lets us worry about our application logic instead of thinking too much about how to lock it down, so long as we understand a few basics.
In this chapter, we will:
- Explain the building blocks of Zope security: users, roles, and permissions
- Demonstrate the use of workflow, the primary mechanism for managing permissions in Plone
- Build a custom workflow for the Optilux website and add it to the policy package we created in the previous chapter.
- Discuss the differences between protected and trusted Python code in Zope
Security primitives
Zope's security is declarative: views, actions, and attributes on content objects are declared to be protected by permissions. Zope takes care of verifying that the current user has the appropriate access rights for a resource. If not, an AccessControl.Unauthorized exception will be...
