[Zope-CMF] Re: [dev] delete members: small proposal

Sam Brauer sam at webslingerz.com
Fri Sep 5 13:05:04 EDT 2003


Yuppie wrote:
> Hi!
> 
> 
> Thanks for the feedback.
> 
> Sam Brauer wrote:
> 
>> I think it would also be good to have an API for the following 
>> operations:
>>
>> - transfer ownership of all objects owned by a specific user to a new 
>> owner
>>
>> - delete all objects owned by a specific user
> 
> 
> I don't like to add any code that supports the concept of executable 
> ownership of content objects. The only place where ownership still 
> matters is 'Creator' of Dublin Core. <http://collector.zope.org/CMF/25>
> 
> If the member did add other items like python scripts, this issue 
> becomes much more complicated. To avoid trojan attacks, there's no 
> method (besides createMemberarea) that allows to assign membership to 
> someone else.
> 
> But in most cases most users can just add content items, so I don't 
> think there is an urgent need to implement methods that handle ownership.

I didn't consider non-content objects (scripts, etc).

It would be nice if that Creator issue was fixed.  It bugs me too :)


> 
>> - delete all local roles for a specific user
> 
> 
> I forgot about this. I guess these should be removed by default.
> 
>> For the first two of these, the owned objects can be found with a 
>> simple catalog query on the Creator index.  For the third item, I 
>> think you have to recurse over the entire CMF site to check each 
>> object for local roles.
> 
> 
> Yes, I'm afraid this is an expensive task. I need to have a closer look 
> at this. Has anybody a good idea how to delete the local roles?

Given that deleting a user isn't a very frequent operation, the expense 
probably isn't that big a deal is it?

As far as how to delete local roles from an object for a specific user, 
you can call:

object.manage_delLocalRoles((userid,))


But maybe you were asking something else...

> 
>> Perhaps the deleteMember method could be like this:
>>
>> def deleteMember(member_id, delete_memberarea=1, new_owner_id=None, 
>> delete_all_owned_objects=1, delete_local_roles=1)
>>
>> I think to avoid orphaned objects you would probably want to raise an 
>> exception if new_owner_id==None and delete_all_owned_objects==0
> 
> 
> In which case are orphaned content objects a problem?
> 

I'm not really sure if they're really a problem... I just didn't like 
viewing them and seeing a by-line with an empty Creator.

I suppose I could have just changed the template to not show a by-line 
in that case, or show some static string like "By Deleted User" or "By 
Unknown".


>> I've written some code (as an External Method) to do this stuff.  I'd 
>> be happy to share it if you're interested.
> 
> 
> If someone convinces me that deleteMember should care about ownership, 
> I'd like to have a look at your code.

I'll just go ahead and attach it.  Feel free to take anything you like 
from it.

I'd love to see user/member management integrated into CMF.

I cobbled my own together with a few templates, scripts and this 
external method since I didn't want my CMF Managers to ever even see the 
ZMI.

> 
> 
> Cheers,
>     Yuppie
> 


-- 
Sam Brauer
Systems Programmer
sam at webslingerZ.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: deleteCMFUser.py
Type: text/x-python
Size: 2664 bytes
Desc: not available
Url : http://lists.zope.org/pipermail/zope-cmf/attachments/20030905/be28e9a1/deleteCMFUser.py


More information about the Zope-CMF mailing list