[Zope-dev] Zope 2.5: User limit for Local Security Role assignment list

[Matthew T. Kromer]

One of the things Zope 2.5 is going to do is limit the answers that are 
available from a user folder when presenting the local role dialog; this 
will prevent humongous lists from displaying and instead show a simple 
text box where a user ID can be typed.

However, for existing user folders, this poses a question of:  what's 
the reasonable number of users to list without having to go adjust a 
property on the folder?

The revised implementation will let you tune how many users to display 
before putting up an input box; but currently I've just defaulted it to 
'old behavior' -- ie show all the possible users.  Maybe a better thing 
to do would be to define a  default of 250 or so.  This would probably 
be large enough to not impact most sites, yet small enough to make it 
meaningful for those sites that do have enormous user folders.

It is also worth pointing out that local role assignment code doesn't 
enforce that the users for whom it has local roles exist in any current 
database; it is possible to grant rights to nonexistent users.  Before 
the ability to enter a name in directly was available, you would have 
had to explicitly change the form values manually -- but this exposes 
the problem.  I dont think it poses a problem (ie I dont believe Zope 
has ever tried to define a mechanism whereby objects are notified that a 
user for whom they have permissions has been deleted.)