[Zope] User-private folderish object
Dieter Maurer
dieter at handshake.de
Sat Jan 29 15:30:00 EST 2005
Richard Jennings wrote at 2005-1-29 06:55 +0100:
>A python product I am developing needs a 'user-private' folderish
>object...
> ...
>If I have to do this, my first strategy would be to as follows:
>Use a __before_publishing_traverse__ hook on my root object to create
>a session data object.
>
>Use its onAdd method to create the user-private object in the root object.
Seems to be a very indirect way.
Why do you not create the object when you create the user?
Or use the session object directly?
>Use its onDelete method to destroy the user-private object.
Note that this is highly unreliable.
Your session may go away without the "onDelete" method
being called (e.g. when you shut down your Zope server).
>I am assuming that this will cause the owner of the 'user-private'
>object to be the person who logged in and that setting its
>__ac_roles__ as 'Owner' will limit access to the object to just the
>session owner. (seems a bit complicated, though!)
"__ac_roles__" has a different purpose (it defines new roles
created at this object).
You must change the permission role mapping.
You can use the "manage_permission" method for this
(source somewhere in the "AccessControl" package).
>My question to the Zope cognoscenti is:
>Is this a viable strategy?
will not work.
>Is there a better solution?
Apparently, you want the lifetime of the "user-private object"
be bound to the lifetime of the session.
In this case, I would simply put it into the session.
This is as safe (and private) as the session itself (which
is not completely but rather safe).
--
Dieter
More information about the Zope
mailing list