Em Qui, 2005-08-04 às 08:39 +0100, Jens Vagelpohl escreveu:
On 4 Aug 2005, at 01:01, Leonardo Rochael Almeida wrote:
Hi,
I've started the lra-userid_username_separation-branch (from Zope-2_8-branch to start from a stable point) in order to implement proper userid/username separation in Zope.
Chris McDonough did most of that for Zope 2.7 already a long long time ago. There might be cleanups needed here and there, but for all practical purposes the separation exists and works. The standard user folder implementation doesn't support it AFAIK. Where specifically do you see it not work?
AFAICS, in AccessControl/dtml/owner.dtml, the owner string that is rendered to the browser comes from Owned.owner_info() in AccessControl/Owned.py, which comes, untranslated, from Owned.getOwnerTuple(), which retrieves that value that is set from Owned.changeOwnership(), which calls ownerInfo() which gets the path to the user folder and user.getId(), as it should since we are assuming that .getId() is the immutable and potentially not-displayable identifier for the user that comes from the user source. What I'm proposing is to change owner.dtml (with the eventual help of owner_info()) to get the username equivalent to that userid and display that instead. Also, in AccessControl/listLocalRoles.dtml and editLocalRoles.dtml, the usernames that are rendered from users that already have local roles are the keys from the RoleManager.__ac_local_roles__ attribute from AccessControl/Role.py. These keys eventually come from RoleManager.get_valid_userids(), which calls acl_users.user_names() for all acl_users in it's acquisition path. In the default Zope user folder implementation, .user_names() call getUserNames() which is supposed to list usernames, not userids, which means we've been storing usernames in __ac_local_roles__ all this time. This could break if the username for a certain acl_users implementation changes, specially since User.getRolesInContext() looks up __ac_local_roles__ with self.getId() and not self.getUserName() in AccesControl/User.py. (Actually, isn't it odd that the local roles management is not using the same approach of owner tuples like Owned.py does?) I propose that we look up the userid for the username in RoleManager.manage_{add,set,del}LocalRoles() and change the signature of these methods to mention username instead of userid. This might leave us with a slight window for mismatches if the username for a userid changes between selecting the user in the listLocalRoles screen and actually setting it after the editLocalRoles screen, but at least we avoid having to make sure binary userids are correctly quoted thru all the HTML and URL roundtrips. What do you guys think?
I've been using it for the LDAPUserFolder for ages where you can specify different attributes for the ID and the login, and change the login value at will. And, like Tino mentioned, PAS uses it as well.
Yes, Enfold is aware of PAS, we've been doing the Plone integration for it and we intend to use it for this particular project for which I need the changes I mentioned above. Cheers, Leo -- Leonardo Rochael Almeida <leo@enfoldsystems.com> Enfold Systems - http://www.enfoldsystems.com/