[Zope-dev] LDAPRoleTwiddler / BasicUserFolder

[Shane Hathaway]

Dirk Datzert wrote:
>>And if you're interested, I know how we can make LDAPRoleExtender much
>>safer, based on conversations with Jens.
>>
> 
> Sure I'm interessted.

Ok.  All User objects have a getRolesInContext() method.  All this 
method does right now is scan the acquisition context for 
__ac_local_roles__ attributes.  (See AccessControl/User.py)

Since LDAPRoleExtender substitutes the User object with something of a 
class of its choosing, LDAPRoleExtender just needs to override 
getRolesInContext() in its User class.  The new getRolesInContext() 
could look for LDAP-provided local roles in addition to the static local 
roles.

This would give you "true" dynamic local roles.  It sounds like 
LDAPRoleTwiddler is a substitute for LDAPUserFolder that rolls the 
functionality of LDAPUserFolder + LDAPRoleExtender into one object.  If 
that's the case, you could use the same strategy to improve 
LDAPRoleTwiddler.

Shane