[Zope] Changing Roles

Chris Withers chrisw@nipltd.com
Thu, 23 Mar 2000 14:34:28 +0000


I totally agree, don't worry... no wind taken out of any sails ;-)

After all, Zope is free and there are plenty of (very) expensive alternatives that will have just
the same sort of problems.

Hope I can help at some stage :-)

Chris

Michel Pelletier wrote:
> 
> Your question addresses a fundamental lack in Zope.  Zope was developed
> internally in a closed source fasion for years to address the needs of
> paying customers.  These customers typically did not design applications
> themselves, we did all of that.  Therefore, much of Zope's API is fairly
> oriented toward specific directions and there are big gaping holes.
> 
> Don't let that discourage, you, there are big gaping holes in all
> software.  We are working on a project right now to come up with a solid
> undertanding of interfaces in Zope.  While this may seem like a simple
> task, it is not, but we are working on it and we are making progress.
> Here, you have come upon a hole, there is a method that lets you do a
> number of things in one call but there are no decomposed methods that
> let you do finer grained tasks.  This kind of situation is common, not
> just in Zope, but in lots of software where extensability is very
> important.
> 
> Unfortunatly, this is a gnarly problem.  For example, if we decompose
> manage_users() into a number of smaller methods, it would make sense for
> us to re-implement manage_users() to use those methods.  But this
> involves not only writing a bunch of new methods but also taking solid
> proven code and discarding it for new code, based on even _newer_ code.
> This problem becomes almost nauseatingly dificult when you consider that
> we could turn this process to all objects in Zope, Folders,
> ObjectManagers, ZCatalogs... And while it may seem clear there should be
> so and so methods to decompose to, we need to make sure we think hard
> about issues like, should they be callable via XML-RPC?  Will this new
> method reveal a security exploit?  etc...
> 
> I don't want to take the wind out of your sails, perhaps you could
> suggest some improvments, all the code is there.  For now we are taking
> small steps, document what is there, propose a framework for sensible
> extension, and then fill in some of the gaps, and tear down some of the
> cruft.  I will make a note of your question for when we get to security.
> 
> -Michel
> 
> >
> > Hi,
> >
> > A simple question, but getting a bit irritating...
> >
> > How can I change the roles assigned to a user without knowing their password?
> >
> > The form to do this has password fields which come up blank, and you can't submit the form without
> > filling them in.
> >
> > I don't want to know what the user's password is anyway, I just want to change the assigned roles...
> > ;-)
> >
> > HSCH,
> >
> > Chris
> >
> > PS: Zope 2.1.4 and 2.1.6...
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )