[Zope-dev] Object ownership

Ross Boylan RossBoylan@stanfordalumni.org
Mon, 13 Dec 1999 09:51:02 -0800


> -----Original Message-----
> From: Michel Pelletier [mailto:michel@digicool.com]
> Sent: Monday, December 13, 1999 8:09 AM
> To: 'Ross Boylan'; zope-dev@zope.org
> Subject: RE: [Zope-dev] Object ownership
>
>
> > -----Original Message-----
> > From: Ross Boylan [mailto:RossBoylan@stanfordalumni.org]
> > Sent: Sunday, December 12, 1999 9:22 PM
> > To: zope-dev@zope.org
> > Subject: [Zope-dev] Object ownership
> >
> >
> > I've been making some assumptions about how ownership works, and I'd
> > appreciate it if anyone could tell me if they are right.
> >
> > 1) The owner of an object is the authenticated user when the
> > script that
> > creates it runs.
>
> Correct.
>
> > 2) So User objects have an owner of superuser, not themselves.
>
> huh?
My thinking here is that a user doesn't exist until after the User object
(in acl_users) is created.  Ordinarily, one needs to be a manager to do so.
So the question is, does the manager own the User object, or does the newly
created user own that object.

I realize now superuser is not necessary for this, but manager is.

The setup I have is that one comes in anonymously and fills in a form.  This
invokes a method which has a raised privileged level (I can't now recall the
exact lingo--like local roles, but I think that's for users, not methods).
The method then calls the code to add the user.

So there are actually 3 possible owners: the original AUTHENTICATED USER
(anonymous); the heightened privilege (which might be a
group--Manager--rather than a user, in which case things seem sticky); or
the user which gets created.

The question is which of these is the owner of the User object.

Thanks for the info.