[Zope-Coders] please review LocalRolesRevamp
Chris Withers
chrisw@nipltd.com
Wed, 10 Oct 2001 10:51:48 +0100
Shane Hathaway wrote:
>
> I would like to move all local role storage and management to the user
> folders. It would make it easier to administrate a system and would
> make CMF more scalable.
Can I throw out a summary in a different fashion?
1. Store the information about who has what roles and local roles in the user
folder
2. Store information about what roles have what permissions in the object,
3. Cache which roles have certain permissions (currently just 'View'?) in a
Catalog
I think that's roughly a summary of what Martijn and Shane have been discussing.
Martijn could compute his local roles in 1. The site manager can set the
security policy in 2. A security-aware search would use a combination of 3 and
1.
Have I got this right? If so, it sounds great :-)
Some things I'm still not clear on:
How would the information in 1. be used to search for objects where a user
_only_ has local roles to view an object?
If I change a role to permission mapping further up the object tree, how will I
know to re-catalog objects further down the tree where the change in role to
permission mapping will also have had an effect if that permission's mapping is
set to be acquired?
cheers,
Chris