[Zope] hierarchical roles
Stuart 'Zen' Bishop
zen@cs.rmit.edu.au
Tue, 21 Dec 1999 12:06:51 +1100 (EST)
On Mon, 20 Dec 1999, Oliver Frommel wrote:
> <dtml-if "AUTHENTICATED_USER.has_role(item.id,this())">
> X
> </dtml-if>
id is sometimes a string, and sometimes a method that returns a string.
Not consistant, but we are probably stuck with it.
Try using item.id() (I can't remember if this is the correct way of doing
this...)
> Another question is how to clone an existing role into a new one with just
> a different ID..
The problem here is that role membership is stored in the individual users,
rather than in some sort of 'role' object. Thus, to do this, you will
need to create a new role (which has no membership), and then crawl up
your Zope tree, searching for acl_users folders, iterating over
each user object looking for users who are members of the given role, and
adding them to the new role.
I need to do a similar thing - I need to populate a SELECT control
with usernames who have a given permission on an object (I need to
assign ownership of a task to someone who has permissions to modify the
task). However, this approach won't work on my site where I have
3000 users and still havn't come up with a valid workaround that isn't
site specific (which means my problem tracking system won't be released
to the public).
Looking at what you are trying todo, it might be best to try another
aproach. For example, if you have access to a SQL backend, you could
use GUF to store your users and roles in the backend database. You can
then trivially clone roles, check role membership, retrieve lists
of users with a given role etc. using ZSQL methods (and a small bit
of DTML to clone a role - you still need to 'register' the role with Zope).
--
___
// Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au
// E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au
//__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen