Security internals, was Re: [Zope-dev] LOTS of roles?

[Dario Lopez-Kästen]

Caveat:
    a) I haven't followed the discussion closely and I haven't used this in
Zopes
       better than 2.4.x and (I think) 2.5.0, so I am not aware of any API
Changes
       in 2.6x

    b) The way I did it is more or less crude. You may want to add to Zope's
own
       local Roles rather than just crudely replace them.

Using XUF as an intermediary, what I did was to hi-jack the User-objects
getRoles method and feeding it with the results of a query. Similarely for
getRolesInContext, which is what believe feeds the particular Object's local
roles.

I have just had a quick looked at the source for Zope 2.5 (cvs) and the API
seems to be the same
You ought to be able to do the same for SUF's User Object (either it is
possible OOTB with SUF otu you can just modify SUF for this).

The validate method you want is the one from the User object I believe, if
you keep it user-centric - I haven't used the other validates that you list.

In Zope the Userclass that is actually used is User User.py in
lib/python/AcessControl/User.py

It subclasses all other User-classes (SimpleUser and indirectly thru it
BasicUser).

XUF replaces User with it's own User class.

anyway , I hope this helps you somewhat.

Sincerly,

/dario

----- Original Message -----
From: "Paul Winkler" <pw_lists@slinkp.com>
To: <zope-dev@zope.org>
Cc: "Paul Winkler" <pw_lists@slinkp.com>
Sent: Thursday, March 06, 2003 1:09 AM
Subject: Re: Security internals, was Re: [Zope-dev] LOTS of roles?


> On Thu, Mar 06, 2003 at 09:19:37AM +1100, Adrian van den Dries wrote:
> > On March  5, Paul Winkler wrote:
> > > I've been trying to understand how to implement dynamic local roles,