Jürgen Herrmann wrote:
i use the SimpleUserFolder product and derive a MyUser class from it's included User class, which in turn inherits from BasicUser.
the SimpleUserFolder's User class does neither reimplement getRolesInContext() nor allowed(). i looked at the source of BasicUser (lib/python/AccessControl/User.py) and found out that allowed() does not use the information provided by getRolesInContext(). i found this comment: # Still have not found a match, so check local roles. We do # this manually rather than call getRolesInContext so that # we can incur only the overhead required to find a match.
so if i reimplement getRolesInContext() in MyUser, i'll probably also have to reimplement allowed() to reflect the possibly added local roles, right?
regards, jürgen herrmann
ps: looking at the code of allowed() i doubt that the "manual" checking of local roles will speed this method up a lot: local roles seem to be a seldomly used feature, the improvement in speed would only occur if the object in question was protected by a local role (and not a normal one). is this enough to justify duplicated code with all of it's disadvantages)?
Actually all third-party userfolders I know of reimplement allowed() in terms of calling getRolesInContext(). Florent -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D +33 1 40 33 71 59 http://nuxeo.com fg@nuxeo.com