[Zope-dev] acl_users

Phillip J. Eby pje@telecommunity.com
Wed, 20 Sep 2000 21:54:24 -0500


At 07:55 PM 9/20/00 -0600, Bill Anderson wrote:
>
>Potentially silly question:
>
>Any reason why a 'user folder' object has to be named 'acl_users'.
>

Interesting.  A quick search of the Zope source turns up only 9 references
to 'acl_users', found in only 4 source files.

In OFS/Application.py, acl_users is the name of the default user folder.
No change would be needed here to allow differently named user folders.

In AccessControl/User.py, acl_users is used as the name of user folder
objects in their classes, and in the constructor, code checks for an
existing "acl_users" object to prevent dual-adding user folders.  This
could be changed to check whether __allow_groups__ has an id, and then
checking whether that 'id' exists.  

In AccessControl/Role.py, acl_users is assumed to be the name of a user
folder to be used for retrieving user names.  However, there is no reason
this code couldn't check for __allow_groups__ instead.

In AccessControl/access.dtml, certain security options (creating
user-defined roles) are suppressed if the managed object has an id of
'acl_users'.  I'm not sure how to patch this one.  It would probably make
sense to have a class attribute for user folders which overrode a default
in AccessControl.Role.RoleManager.  e.g. "allowSettingUserDefinedRoles" or
some such.

With these straightforward (but not necessarily simple) changes, Zope could
be made to support the presence of user folders with other names.  If it
was desired to have it support adding or renaming of user folders with
other names, additional changes would be required.  For example, the add
form for a user folder.

Personally, I think it's an intriguing idea, as I have had more than one
application where I would rather have called a LoginManager by some name
other than 'acl_users'.  But I'm not sure it would be worth the work.