home BusinessClasses full/simple/minimal subscribe edit

last edited 3 years ago

NEVER MIND

It turns out that as of Zope 2.8, it is possible for Zope 2 to protect instance variables. That means I can get rid of propertysheets in ZClasses, and otherwise they do everything I need them to do. Zo I am back to using Zope 2.

Now the only problem with Zope 2, is that its security model is not quite what I want. I will go ahead and figure out the security model I want, and create an automatic way to correctly set the Zope 2 security permissions to match what I need.

HISTORY

I have been using Zope 2 for the last 7 years, it is a wonderful development environment. I was very fortunate that my application was built upon a hierarchy, so it was a good fit, but there are some things that Zope2 does not do, that I would like it to do. I have been poking around ZClasses and Zope 3 to figure out what to do next. ZClasses are being dropped, because nobody understands the source code, and if you try to read it, that makes sense to me. Zope 3 offers "Schemas" but they are really focussed on the individual objects, and not on the network of objects representing the business.

THIS PROJECT

So this is my project to build a business model on top of the ZODB. I am going to start running two ZODB servers. One will be a traditional zope server. The other will run my business model. It will have a few interfaces, and these can be called from the Zope servers. Right now I am evaluating Python products to see what other software I can use to accomplish my objectives. My expectation is that everything I need will be available, I just have to take the time to find it.

OBJECT MODEL

I want it to be really easy to define an object model. I am as concerned about the relationships between objects as I am by the attributes of objects. I deeply believe that most of the complexity in the application can be addressed by correctly defining the network of objects. I believe that the object model is not just the business model, but extends out to my model of the interface elements.

BUSINESS SECURITY MODEL

Security is very important. I don't want end users executing every method on my website, and testing for security. I want them to only see certain published views. I want their permission to see that view to be calculated based on my business model. Once they have been granted that permission, all called code should happily execute until such time as they attempt to read or write an instance variable, at which point security checks should again happen, according to the business model. I may also want to put security checks in place elsewhere in the code, such as in a sub-view.

That is it. That is the security model I want on my website.

ALTERNATIVES

I could do what I need to do in Zope 3, but I fear that it adds too much overhead. I do not need all that component architecture stuff. What I need is simple platform that allows me define my business and security models, and add some nice looking interfaces around it.




subject:
  ( ${nb} subscribers )