[Zope] inheriting from SimpleUserFolder's User
Jürgen Herrmann
Juergen.Herrmann at XLhost.de
Thu Oct 20 08:10:28 EDT 2005
[ Dieter Maurer wrote:]
> Jürgen Herrmann wrote at 2005-10-19 15:34 +0200:
>>i use the SimpleUserFolder product and derive a MyUser class from it's
>>included User class, which in turn inherits from BasicUser.
>>
>>the SimpleUserFolder's User class does neither reimplement
>>getRolesInContext() nor allowed(). i looked at the source of
>>BasicUser (lib/python/AccessControl/User.py) and found out that
>>allowed() does not use the information provided by getRolesInContext().
>>i found this comment:
>> # Still have not found a match, so check local roles. We do
>> # this manually rather than call getRolesInContext so that
>> # we can incur only the overhead required to find a match.
>>
>>so if i reimplement getRolesInContext() in MyUser, i'll probably also
>>have to reimplement allowed() to reflect the possibly added local roles,
>>right?
>
> Yes.
>
>> ...
>>ps: looking at the code of allowed() i doubt that the "manual" checking
>>of local roles will speed this method up a lot: local roles seem to be
>>a seldomly used feature, the improvement in speed would only occur if
>>the object in question was protected by a local role
>
> Be careful about terminology! Objects are not protected by roles
> (but by permissions).
k, i'll take care in the future :)
>
> You gain something if a near local role grants the necessary
> permission.
> The "Owner" local role tends to be very near.
>
> Thus, you may gain, when usually owners try to execute protected
> methods.
sounds reasonable.
>
>>(and not a normal
>>one). is this enough to justify duplicated code with all of it's
>>disadvantages)?
>
> Nobody prevents you to implement your "allowed" by means
> of "getRolesInContext".
>
> --
> Dieter
>
ok, it just felt a little wrong to reimplement allowed... but if thats
the way, fine by me!
to dig a little deeper into zope's security machinery, does anybody
know where to look at (in the source) f.ex. to find the place where
the owner role is assigned to a user?
best regards, juergen herrmann
_______________________________________________________________________
>> XLhost.de - eXperts in Linux hosting <<
Jürgen Herrmann
Bruderwöhrdstraße 15b, DE-93051 Regensburg
Fon: +49 (0)700 XLHOSTDE [0700 95467833]
Fax: +49 (0)721 151 463027
WEB: http://www.XLhost.de
More information about the Zope
mailing list