[Zope-DB] connecting with user passwords
Dieter Maurer
dieter at handshake.de
Thu Dec 4 15:53:18 EST 2003
Tom Deprez wrote at 2003-12-4 11:09 +0100:
>
>>Remember the user for which the connection has been opened in
>>an attribute.
>>
>>When a new user tries to use the connection, close the existing one,
>>open a new one for this user and remember the user in the variable.
>
>>When the same user comes, just use the connection.
>
>But if the first user had less access as the second one, the first one in
>this case will be allowed to do more than normal.
>Or, if the second one accesses with a lower access, the first one will not
>be able to perform some actions as he normally can.
What ???
Maybe a piece of code is clearer than plain English:
class DB(...):
...
user = None
def ensureConnected(self):
'''ensure that we have a connection for the current user.'''
from AccessControl import getSecurityManager
currentUser = getSecurityManager().getUser().getUserName()
if self.user != currentUser:
# must reopen the connection
self._connection = connect(... currentUser ...)
self.user = currentUser
As you (hopefully) see, a user can only use his connection (up to
different users with the same user name - this can be handled
by comparing the authenticating user folder as well) provided
that "ensureConnected" is called before "self._connection" is accessed.
--
Dieter
More information about the Zope-DB
mailing list