Chris Withers <chrisw@nipltd.com> wrote:
AccessControl.User.BasicUserFolder defines:
def authorize(self, user, accessed, container, name, value, roles):
what is 'roles' in this context?
I'm working on a new release of SUF. I'd like to provide a scriptable method which can decide what roles a user has at a given location.
Ideally this would look something like:
roles_def= { '/folder/object': {'chris':['Manager'], 'fred':['Anonymous']} }
def getUserDetails(self,name,object):
return { 'password':'apassword', 'roles':roles_def[object.absolute_url()][name] }
Would 'authorize' be the correct place to plug this in?
No, it wouldn't. You'd have to modify the places where roles are computed for a given location: 'getRolesInContext' and 'allowed'. This is not completely factored out for efficiency reasons. Basically, these are the two places that check __ac_local_roles__, going up the hierarchy. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com