[Zope-dev] LDAPRoleTwiddler / BasicUserFolder
Jens Vagelpohl
jens@ZOPE.COM
Thu, 17 Oct 2002 15:17:11 -0400
i was always under the impression that getRolesInContext is not getting
called in all places where it should be called. that was one of the
reasons i went for a "replace all global user roles" approach.
i might be wrong... (which would be nice because using shane's idea
sounds like it could simplify the product)
jens
On Thursday, Oct 17, 2002, at 12:17 US/Eastern, Shane Hathaway wrote:
> Dirk Datzert wrote:
>>> And if you're interested, I know how we can make LDAPRoleExtender
>>> much
>>> safer, based on conversations with Jens.
>>>
>> Sure I'm interessted.
>
> Ok. All User objects have a getRolesInContext() method. All this
> method does right now is scan the acquisition context for
> __ac_local_roles__ attributes. (See AccessControl/User.py)
>
> Since LDAPRoleExtender substitutes the User object with something of a
> class of its choosing, LDAPRoleExtender just needs to override
> getRolesInContext() in its User class. The new getRolesInContext()
> could look for LDAP-provided local roles in addition to the static
> local roles.
>
> This would give you "true" dynamic local roles. It sounds like
> LDAPRoleTwiddler is a substitute for LDAPUserFolder that rolls the
> functionality of LDAPUserFolder + LDAPRoleExtender into one object.
> If that's the case, you could use the same strategy to improve
> LDAPRoleTwiddler.
>
> Shane
>
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )