i was always under the impression that getRolesInContext is not getting called in all places where it should be called. that was one of the reasons i went for a "replace all global user roles" approach. i might be wrong... (which would be nice because using shane's idea sounds like it could simplify the product) jens On Thursday, Oct 17, 2002, at 12:17 US/Eastern, Shane Hathaway wrote:
Dirk Datzert wrote:
And if you're interested, I know how we can make LDAPRoleExtender much safer, based on conversations with Jens.
Sure I'm interessted.
Ok. All User objects have a getRolesInContext() method. All this method does right now is scan the acquisition context for __ac_local_roles__ attributes. (See AccessControl/User.py)
Since LDAPRoleExtender substitutes the User object with something of a class of its choosing, LDAPRoleExtender just needs to override getRolesInContext() in its User class. The new getRolesInContext() could look for LDAP-provided local roles in addition to the static local roles.
This would give you "true" dynamic local roles. It sounds like LDAPRoleTwiddler is a substitute for LDAPUserFolder that rolls the functionality of LDAPUserFolder + LDAPRoleExtender into one object. If that's the case, you could use the same strategy to improve LDAPRoleTwiddler.
Shane
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )