[Zope-dev] LDAPRoleTwiddler / BasicUserFolder

Dirk Datzert dirk.datzert@tks-rasselstein.thyssenkrupp.com
Thu, 17 Oct 2002 21:11:30 +0200


Shane Hathaway schrieb:
> 
> Dirk Datzert wrote:
> >>And if you're interested, I know how we can make LDAPRoleExtender much
> >>safer, based on conversations with Jens.
> >>
> >
> > Sure I'm interessted.
> 
> Ok.  All User objects have a getRolesInContext() method.  All this
> method does right now is scan the acquisition context for
> __ac_local_roles__ attributes.  (See AccessControl/User.py)
> 

ok,

LDAPUser from LDAPUserFolder inherits getRolesInContext from BasicUser,
right ?

LDAPRoleTwiddler caches LDAPUser entries with changed 'local' roles.
What user object will be used if you talk about 'user objects' ? 
user objects out of LDAPUserFolder,
or user object out of LDAPRoleTwiddler,

or the user object in the context of the object 
needs the getRolesInContext() Method of LDAPUser go to the next
LDAPRoleTwiddler look for the twiddled user object and take out the
local roles ?

rather complicated to describe something I not really understand, sorry
about confusing questions :-)

my strategy for getRolesInContext() would something like this:

def getRolesInContext(self, obj):
   lrt = obj.acl_users # get nearest acl_users for obj (not really sure
if this works ?)
   user = lrt.getUser ( self.getId(), self._getPassword() )
   return user.getRoles()