[Zope-Checkins] CVS: Zope/lib/python/AccessControl - Role.py:1.56

[Chris McDonough]

Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv21623

Modified Files:
	Role.py 
Log Message:
Instead of referring to user folder by its ZMI-visible username (acl_users)
when attempting to get a list of users, use the __allow_groups__ alias.
This doesn't break anything as it is one of the (unwritten) contracts
of a user folder to install itself as __allow_groups__ in its container
(it is canonized in the manage_beforeDelete and manage_afterAdd methods
of BasicUserFolder, and the traversal machinery refers to a user folder
by its __allow_groups__ alias exclusively).

It's actually likely that all code in Zope's security machinery that directly
refers to a user folder by its 'acl_users' alias in this way is wrong.

Referring to the user folder by its __allow_groups__ alias in the security
machinery exclusively gives us the ability to insert a "proxy" object as 
can act as an intermediary for a "real" UserFolder object, allowing us to
massage the output from its interface methods as necessary to allow for
grouping and other tricks.




=== Zope/lib/python/AccessControl/Role.py 1.55 => 1.56 ===
--- Zope/lib/python/AccessControl/Role.py:1.55	Wed Aug 14 17:29:07 2002
+++ Zope/lib/python/AccessControl/Role.py	Sat Jan 18 21:07:33 2003
@@ -307,7 +307,7 @@
         dict={}
         _notfound = []
         while 1:
-            aclu = getattr(aq_base(item), 'acl_users', _notfound)
+            aclu = getattr(aq_base(item), '__allow_groups__', _notfound)
             if aclu is not _notfound:
                 mlu = getattr(aclu, 'maxlistusers', _notfound)
                 if type(mlu) != type(1): mlu = DEFAULTMAXLISTUSERS