[Zope3-dev] Re: Mini-proposal: member-aware group interface
Florent Guillaume
fg at nuxeo.com
Thu Jan 12 19:22:21 EST 2006
Gary Poster wrote:
> Problem:
> We need to be able to iterate over the members of a group, given a
> group id. With the interfaces in zope.security, the only way to do
> this is to iterate over all principals known to the system, check their
> `groups` attribute, and if the group id is in the list then include
> it. This is obviously problematic.
>
> If we constrain ourselves to the pluggable authentication utility in
> zope.app.authentication, we have some help, but it is pretty
> inconvenient and conceivably problematic. The following (untested
> sketch of a) approach is a good try for the common case, but won't
> handle nested authentication utilities, and relies on an interface not
> in an interfaces.py:
>
> from zope import component
> from zope.app.authentication import interfaces
> import zope.app.authentication.groupfolder
>
> group_id = 'foo'
>
> auth = component.getUtility(interfaces.IPluggableAuthentication)
> for name in auth.authenticatorPlugins:
> plugin = component.queryUtility(
> interfaces.IAuthenticatorPlugin, name, context=auth)
> if zope.app.authentication.groupfolder.IGroupFolder.providedBy
> (plugin):
> try:
> principals = plugin.getPrincipalsForGroup(group_id)
> except KeyError:
> pass
> else:
> break
> else:
> raise RuntimeError('Not Found')
>
> Or something like that. As I said, this doesn't even handle some of
> the more complex cases. Whew!
>
> Solution:
> Add a new interface to zope.security.interfaces:
>
> class IMemberAwareGroup(IGroup):
> members = interface.Attribute('an iterable of members of the group')
>
> Then make the groups that the zope.app.authentication.groupfolder
> plugin generates implement the new interface.
I think I'm for it, but in some cases even though groups may be able to
list all their members it may (if they're dynamically computed) turn out
to be a huge list. I guess in that case you could simply not advertise
that the group implements the interface.
Florent
--
Florent Guillaume, Nuxeo (Paris, France) Director of R&D
+33 1 40 33 71 59 http://nuxeo.com fg at nuxeo.com
More information about the Zope3-dev
mailing list