[Zope-dev] Questions about BasicUserFolder.authorize
Florent Guillaume
fg@nuxeo.com
Thu, 20 Jun 2002 16:18:04 +0000 (UTC)
Chris Withers <chrisw@nipltd.com> wrote:
> AccessControl.User.BasicUserFolder defines:
>
> def authorize(self, user, accessed, container, name, value, roles):
>
> what is 'roles' in this context?
>
> I'm working on a new release of SUF. I'd like to provide a scriptable method
> which can
> decide what roles a user has at a given location.
>
> Ideally this would look something like:
>
> roles_def= {
> '/folder/object': {'chris':['Manager'],
> 'fred':['Anonymous']}
> }
>
> def getUserDetails(self,name,object):
>
> return {
> 'password':'apassword',
> 'roles':roles_def[object.absolute_url()][name]
> }
>
> Would 'authorize' be the correct place to plug this in?
No, it wouldn't.
You'd have to modify the places where roles are computed for a given
location: 'getRolesInContext' and 'allowed'. This is not completely
factored out for efficiency reasons.
Basically, these are the two places that check __ac_local_roles__, going
up the hierarchy.
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com