[Zope-CMF] Member Data Question

seb bacon seb@jamkit.com
Tue, 24 Jul 2001 14:23:27 +0100


Well, if you consider it a security risk for any user to be able to
see all the properties of any other user (e.g. a password, i.e. it is a
security risk :^), you should do something like getRoster does to
filter out sensitive information.

One way of doing this is to subclass the MembershipTool in order to
implement your own getRoster method.  Just extend the existing code.

Another way would probably be to implement it as a python method with
a local role, though I'm not the person to ask here because I tend
always to go for filesystem fixes.

seb

* Tim Fouracre <jhgfjhgfjhgfjhgf@hotmail.com> [010724 13:27]:
> >If you look at the roster form, you'll see that the properties
> >returned are attributes of the getRoster() method.  If you look at the
> >MembershipTool, you'll see that this method only returns a subset of
> >member data tool.
...
> Yay, I have it half working.
...
> I did some searching and found 
> http://cmf.zope.org/design/interfaces/tools/IF_portal_membership
> which seems to imply that there is no function that returns all members 
> details for a user with anonymous permissions, only one that returns their 
> home folder/url.