RE: [Zope] List All users with a given permission
-----Original Message----- From: Stuart 'Zen' Bishop [mailto:zen@cs.rmit.edu.au] Sent: Tuesday, October 19, 1999 7:40 AM To: zope@zope.org Subject: [Zope] List All users with a given permission
I suddenly find myself with a need to populate a list box with all users with a given permission on a particular object. Is there any nifty method hidden away to do this? Or would I be reduced to crawling up the tree looking for userfolders and iterating over the contents (could be a bit sluggish with 3000+ users...)
Uhhhh.... I suspect this can't be done, especially since user's permissions can change from object to object..that's not even the hard part. I could be completly wrong, I'm not the security guru around here.
Perhaps I'll just require tying the username and verifying on form submission :-)
That's probably your best bet. -Michel
On Tue, 19 Oct 1999, Michel Pelletier wrote:
From: Stuart 'Zen' Bishop [mailto:zen@cs.rmit.edu.au]
I suddenly find myself with a need to populate a list box with all users with a given permission on a particular object. Is there any nifty method hidden away to do this? Or would I be reduced to crawling up the tree looking for userfolders and iterating over the contents (could be a bit sluggish with 3000+ users...)
Uhhhh.... I suspect this can't be done, especially since user's permissions can change from object to object..that's not even the hard part. I could be completly wrong, I'm not the security guru around here.
Perhaps I'll just require tying the username and verifying on form submission :-)
It gets worse, and I'd really like to hear peoples ideas on doing this, or alternative designs. The situation: I'm writting a work flow system (well... problem tracking system except I don't want it to be technician specfic). I need to find all people with the 'Change Job' permission for the following reasons: - Populate a selection control to assign someone to a job - When a new job is submitted, email everyone with the 'Change Job' permission I need a method that will retrieve a list of all users with a given permission on a given object. I think I can do it with the following code, but I think it will be painfully slow with over 3000 users unless I cache the results: <dtml-in "object.get_valid_userids()"> <dtml-if "_['sequence-item'].has_permission('Change Job',object)"> Append sequence-item to a list </dtml-if> </dtml-in> Even if I cache the results, someone will get a very slow response if that cache has expired when they make their request (precaching anyone? Or spawning a background task to fill out the new values in a seperate transaction whilst reusing the old values?) All the alternatives I've come up to not need this information are painful: - Shadow the list of users with the required permissions in the area. This is just plain unmaintainable if it has to be done manually (after creating a user, go through the queues and areas adding them to the right lists). It might be possible to shadow the list automatically by crawling up the tree occasionally and calling has_permission for each user object I find (assuming I can retrieve a user lists from all the user folders above me). - Provide a DTML hook for the Zope administrator to rewrite - it would return a list of relevant users. This makes installation and maintenance non-trivial (instead of just point-and-drool granting of a permission to a role, DTML code would have to be written and tested). ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen
Stuart 'Zen' Bishop wrote:
On Tue, 19 Oct 1999, Michel Pelletier wrote:
From: Stuart 'Zen' Bishop [mailto:zen@cs.rmit.edu.au]
I suddenly find myself with a need to populate a list box with all users with a given permission on a particular object. Is there any nifty method hidden away to do this? Or would I be reduced to crawling up the tree looking for userfolders and iterating over the contents (could be a bit sluggish with 3000+ users...)
Uhhhh.... I suspect this can't be done, especially since user's permissions can change from object to object..that's not even the hard part. I could be completly wrong, I'm not the security guru around here.
Perhaps I'll just require tying the username and verifying on form submission :-)
It gets worse, and I'd really like to hear peoples ideas on doing this, or alternative designs.
The situation:
I'm writting a work flow system (well... problem tracking system except I don't want it to be technician specfic). I need to find all people with the 'Change Job' permission for the following reasons: - Populate a selection control to assign someone to a job - When a new job is submitted, email everyone with the 'Change Job' permission
I need a method that will retrieve a list of all users with a given permission on a given object. I think I can do it with the following code, but I think it will be painfully slow with over 3000 users unless I cache the results: <dtml-in "object.get_valid_userids()"> <dtml-if "_['sequence-item'].has_permission('Change Job',object)">
Append sequence-item to a list
</dtml-if> </dtml-in>
I could be off-base here, but maybe what you need is a 'change_job' role? then you can test for all people who have a certain role. HTH, Michael Bernstein.
On Wed, 20 Oct 1999, Michael Bernstein wrote:
I could be off-base here, but maybe what you need is a 'change_job' role? then you can test for all people who have a certain role.
I think I can already retrieve a list of roles with the required permission (rolesOfPermission does this for me). The trick then is obtaining a list of users with a given role which I can't see how to do. ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen
participants (3)
-
Michael Bernstein -
Michel Pelletier -
Stuart 'Zen' Bishop