[Zope-PAS] Re: Multiple principals with the same ID

Tres Seaver tseaver at palladion.com
Thu Dec 1 13:55:42 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
> 
>>We aren't "enforcing" anything:  the plugin can't fulfill its own
>>contract (in this case, to return a list of (id, title) tuples) if the
>>user has screwed up by configuring the other plugins that way.
> 
> 
> If multiple principals share have the same id you will still fulfill the
> contract; the only difference is that with this patch you will see the
> title from the first one and ignore titles from the others. This is ok
> since we still show all ids.
> 
> For some background: I needed this patch to be able to use groups from
> an active directory environment in a site. That gave me two groups
> called 'Administrators': the standard Zope one and the one that comes
> in via active directory.

Within a single PAS, it is an error to have two principals with the same
ID;  otherwise you will end up granting permissions inappropriately.  If
you have plugins which are generating identical IDs, then you need to
have one or both of them use prefixes (that is what they are for).

BTW, there is no "standard" Administrators group in Zope (Zope proper
doesn't know about groups at all).


Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDj0cu+gerLs4ltQ4RAvWXAKCXF/cthIH2FYlYMlcI+RN3R9VTagCgsKgP
m9uly0yFvG3tMHJe7zh3cOs=
=8Hxm
-----END PGP SIGNATURE-----


More information about the Zope-PAS mailing list