[Zope3-dev] Re: Certification: Supporting"Residual InformationProtection" in Zope 3

Florent Guillaume fg at nuxeo.com
Sun Dec 18 12:50:52 EST 2005


Tres Seaver wrote:
>>A fairly drastic one, unfortunately -- catalog all role and permission
>>assignments and run a query as soon a user is removed.
> 
> 
> CMF does this for local roles, and Jim is already on record as disliking
> it.
> 
> I am pleased with the *result*, which also allows the catalog to filter
> "normal" content results efficiently based on the user's roles (the
> original eason for the index).  OTOH, the *implementation* is grotty.

FYI in addition to the CMF 'allowedRolesAndUsers' index that Tres is 
alluding to her, in CPS we added an index 'localUsersWithRoles' exactly 
for the use case of being able to find quickly where someone (or some 
group) has a local role, to be able to remove it.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)   Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   fg at nuxeo.com


More information about the Zope3-dev mailing list