On Tue, Feb 25, 2003 at 06:33:16PM +0000, Florent Guillaume wrote:
Leonardo Rochael Almeida <leo@hiper.com.br> wrote:
So I think you need dynamically calculated local roles. This can be achieved by a user folder that returns a user object that overrides ".getRolesInContext(object)" to take the location (or any other attribute, such as an acquired "site") of "object" and check it against your central authorization source (eg. LDAP).
Note that you'll also want to change validate() if you go that route. It has a short-circuited version of getRolesInContext in it.
I'm now looking into doing this... and i haven't found what you mean. there are a bunch of validates() in various modules in AccessControl, which are you talking about? ]$ grep "def validate(" * 2> /dev/null AuthEncoding.py: def validate(reference, attempt): AuthEncoding.py: def validate(self, reference, attempt): AuthEncoding.py: def validate(self, reference, attempt): AuthEncoding.py: def validate(self, reference, attempt): SecurityManager.py: def validate(self, accessed=None, container=None, name=None, value=None, User.py: def validate(self, request, auth='', roles=_noroles): User.py: def validate(self, request, auth='', roles=_noroles): ZopeSecurityPolicy.py: def validate(self, accessed, container, name, value, context, cAccessControl.c: /*| def validate(self, accessed, container, name, value, context are you sure it's not BasicUser.allowed() that you mean? there's a comment in there about checking roles manaully rather than with getRolesInContext... -- Paul Winkler http://www.slinkp.com