[Zope-dev] LDAPRoleTwiddler / BasicUserFolder
Jens Vagelpohl
jens@zope.com
Thu, 17 Oct 2002 08:56:40 -0400
being explicit is almost always better. you are relying on internal
magic and it's not apparent from looking at the code you wrote.
the validate implementation in the LDAPRoleExtender is the "most
correct" one. shane worked on it for a while to make sure it does the
most correct thing possible, and if anyone knows about the vagaries of
acquisition/security and all its possible permutations it is him.
jens
On Thursday, Oct 17, 2002, at 08:37 US/Eastern, Dirk Datzert wrote:
> Hi Jens,
>
>> why is that code no longer referring to the real userfolder anymore?
>> it
>> should not make calls to authorize/identify/authorize on "self" but on
>> the LDAPUserFolder it is using as the user source.
>>
>
> self.identify() should be the same as if getLUF().identify() since
> LDAPUserFolder and LDAPRoleTwiddler both inherited this from
> BasicUserFolder.
>
> self.authenticate() does a self.getUser() which refers to
> getLUF().getUser() and does twiddling in one step and return the right
> user-object which the API would expect.
>
> I think that self.authorize(user,...) is better than
> self.getLUF().authorize(user,...)
> because the authorize does the following in 1st line:
>
> def authorize(self, user,... ): (inherited from BasicUserFolder)
> user = getattr(user, 'aq_base', user).__of__(self)
>
> this would be different for self.authorize, where self would be the
> LRT and
> self.getLUF().authorize() where self would be the LUF.
>
> The user is seen in 2 different contexts by .__of__(self) .
>
> Maybe I'm think too complicated, Your opinion ?
>
> Regards,
> Dirk
>
>
>