[Zope-CMF] Re: [dev] delete members: small proposal
Sam Brauer
sam at webslingerz.com
Fri Sep 5 13:05:04 EDT 2003
Yuppie wrote:
> Hi!
>
>
> Thanks for the feedback.
>
> Sam Brauer wrote:
>
>> I think it would also be good to have an API for the following
>> operations:
>>
>> - transfer ownership of all objects owned by a specific user to a new
>> owner
>>
>> - delete all objects owned by a specific user
>
>
> I don't like to add any code that supports the concept of executable
> ownership of content objects. The only place where ownership still
> matters is 'Creator' of Dublin Core. <http://collector.zope.org/CMF/25>
>
> If the member did add other items like python scripts, this issue
> becomes much more complicated. To avoid trojan attacks, there's no
> method (besides createMemberarea) that allows to assign membership to
> someone else.
>
> But in most cases most users can just add content items, so I don't
> think there is an urgent need to implement methods that handle ownership.
I didn't consider non-content objects (scripts, etc).
It would be nice if that Creator issue was fixed. It bugs me too :)
>
>> - delete all local roles for a specific user
>
>
> I forgot about this. I guess these should be removed by default.
>
>> For the first two of these, the owned objects can be found with a
>> simple catalog query on the Creator index. For the third item, I
>> think you have to recurse over the entire CMF site to check each
>> object for local roles.
>
>
> Yes, I'm afraid this is an expensive task. I need to have a closer look
> at this. Has anybody a good idea how to delete the local roles?
Given that deleting a user isn't a very frequent operation, the expense
probably isn't that big a deal is it?
As far as how to delete local roles from an object for a specific user,
you can call:
object.manage_delLocalRoles((userid,))
But maybe you were asking something else...
>
>> Perhaps the deleteMember method could be like this:
>>
>> def deleteMember(member_id, delete_memberarea=1, new_owner_id=None,
>> delete_all_owned_objects=1, delete_local_roles=1)
>>
>> I think to avoid orphaned objects you would probably want to raise an
>> exception if new_owner_id==None and delete_all_owned_objects==0
>
>
> In which case are orphaned content objects a problem?
>
I'm not really sure if they're really a problem... I just didn't like
viewing them and seeing a by-line with an empty Creator.
I suppose I could have just changed the template to not show a by-line
in that case, or show some static string like "By Deleted User" or "By
Unknown".
>> I've written some code (as an External Method) to do this stuff. I'd
>> be happy to share it if you're interested.
>
>
> If someone convinces me that deleteMember should care about ownership,
> I'd like to have a look at your code.
I'll just go ahead and attach it. Feel free to take anything you like
from it.
I'd love to see user/member management integrated into CMF.
I cobbled my own together with a few templates, scripts and this
external method since I didn't want my CMF Managers to ever even see the
ZMI.
>
>
> Cheers,
> Yuppie
>
--
Sam Brauer
Systems Programmer
sam at webslingerZ.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: deleteCMFUser.py
Type: text/x-python
Size: 2664 bytes
Desc: not available
Url : http://lists.zope.org/pipermail/zope-cmf/attachments/20030905/be28e9a1/deleteCMFUser.py
More information about the Zope-CMF
mailing list