[Zope3-dev] Re: Certification: Supporting"Residual
InformationProtection" in Zope 3
Florent Guillaume
fg at nuxeo.com
Sun Dec 18 12:50:52 EST 2005
Tres Seaver wrote:
>>A fairly drastic one, unfortunately -- catalog all role and permission
>>assignments and run a query as soon a user is removed.
>
>
> CMF does this for local roles, and Jim is already on record as disliking
> it.
>
> I am pleased with the *result*, which also allows the catalog to filter
> "normal" content results efficiently based on the user's roles (the
> original eason for the index). OTOH, the *implementation* is grotty.
FYI in addition to the CMF 'allowedRolesAndUsers' index that Tres is
alluding to her, in CPS we added an index 'localUsersWithRoles' exactly
for the use case of being able to find quickly where someone (or some
group) has a local role, to be able to remove it.
Florent
--
Florent Guillaume, Nuxeo (Paris, France) Director of R&D
+33 1 40 33 71 59 http://nuxeo.com fg at nuxeo.com
More information about the Zope3-dev
mailing list