[Zope] Assigning roles in context from groups

John K. Hohm jhohm@acm.org
Wed, 18 Sep 2002 18:41:22 -0500


Dieter writes:
> John K. Hohm writes:
>  > I am using LDAPUserFolder with Zope 2.5.1 to authenticate users.  I have users 
>  > in groups (which show up as roles in Zope) such that the group names are part 
>  > of some folder names, and I want to put the users in roles in the context of a 
>  > folder based on whether they are in a group that matches the folder name and a 
>  > certain role name.  This should allow me to assign permissions to those roles 
>  > in a containing folder and have them apply only to the folders that a user is 
>  > in a group for.
> A non-trivial request...
> 
> Look at NuxUserGroups. It goes some way into this direction. Probably, it still
> does not give you everything you want.

Thanks for the pointer, Dieter.  I took a cue from NuxUserGroups and added a
module to my product that overrides the BasicUser.getRolesInContext and
BasicUser.allowed methods to also add the result of
__ac_local_roles_for_user__(self) to the local roles.  I'd rather not be
modifying standard Zope objects, but I don't see another way to give a user
roles depending on a relationship between its other roles and the folder's name;
__ac_local_roles__ when called doesn't get passed the user.