[Zope-PAS] role management
Wichert Akkerman
wichert at wiggy.net
Thu Jan 19 17:55:21 EST 2006
Previously Jens Vagelpohl wrote:
> Zope user folders don't manage roles, containers do. Or basically any
> RoleManager (see AccessControl/Role.py if I remember correctly).
I am having some difficulty in understanding the logic here, or possibly
I am too tainted by my use of Plone.
My current understanding of roles is this:
- there are two different types of roles: roles and local roles. Both
are managed through RoleManager and seem to do pretty much the same
thing there, but there are different methods to retrieve one or the
other. OFS.Folder inherig RoleManager and has both roles and local
roles, which makes me think the term 'local' is possible a misnomer
and should be something else, but I don't quite get what.
- PAS has role interfaces which allow one to manage (global) roles for
principals and get a list of roles.
- PlonePAS adds the same for local roles
Currently adding roles through a RoleManager breaks ZODBRoleManager:
it reads a list of all roles when it created and assumes they do not
change after that. If you add a new role you can do that through
a RoleManager directly, but ZODBRoleManager will not notice and will not
enumerate it.
Can someone enlighten me as to how roles and local roles really differ,
and why every folder has both?
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Zope-PAS
mailing list