[Zope] LDAPUserFolder and local roles throught LDAPUserSatellite

Thierry FLORAC thierry.florac@onf.fr
Wed, 21 May 2003 19:30:35 +0200


On Wednesday 21 May 2003 16:36, Thierry FLORAC wrote:
>   Hi,
>
> I use LDAPUserFolder on my Zope (2.6.1) site.
> I have a context where I give local roles to users, and I have to know if a
> local role is given to a user (without inheritance, so I just use the
> 'get_local_roles_for_userid' function). OK for this !
>
> My problem is that I also want to be able to use LDAPUserSatellite to grant
> a local role to a group of LDAP users. Granting the role is OK in terms of
> Zope permissions, but is there any way to know if a user has a local role
> on an object, given throught this mapping (and only throught this mapping)
> ??


  Hi,

For those of you which could be interested by the answer to this little 
problem, I found a solution : to check if the current user have a given role 
on an object, I use (with user=getSecurityManager().getUser() and 
rolename=name of the requested role) :

 return (rolename in object.get_local_roles_for_userid (user.getUserName())) \
     or (rolename in object.acl_satellite.getAdditionalRoles (user)))


The only (little) problem is that getAdditionalRoles is a private function of 
LDAPUserSatellite, and so can only be used in a Zope python product (at 
least, not in DTML or throught acquisition)

Any other comment will be welcome...

  Thierry

-- 
  Linux every day, keeps Dr Watson away...
  http://gpc.sourceforge.net -- http://www.ulthar.net