Re: [Zope-dev] Username/userid separation
On 4 Aug 2005, at 01:01, Leonardo Rochael Almeida wrote: Hi, I've started the lra-userid_username_separation-branch (from Zope-2_8-branch to start from a stable point) in order to implement proper userid/username separation in Zope. Chris McDonough did most of that for Zope 2.7 already a long long time ago. There might be cleanups needed here and there, but for all practical purposes the separation exists and works. The standard user folder implementation doesn't support it AFAIK. Where specifically do you see it not work? I've been using it for the LDAPUserFolder for ages where you can specify different attributes for the ID and the login, and change the login value at will. And, like Tino mentioned, PAS uses it as well. jens ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Commercial: looking for Zope/Plone developer
We are looking for a developer with atleast 3 years of development experience with knowledge of Zope and Plone to work in our Dallas Texas Office. We use Zope Plone for product development in managed care, workers comp and have an install base of 500,000 lives. We can consider telecommuters after atleast 6 months of onsite work. Please forward resumes to [EMAIL PROTECTED] Best Regards Sathya ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Make objectValues return a generator?
Am I right in assuming that calls to objectValues etc. still return a real sequence of objects loaded in memory from ZODB? How about making object* calls return a generator instead? Has this been discussed somewhere already? I tried a bit of googling list-searching but could not find much anything on this. Thanks, Petri ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Make objectValues return a generator?
Petri Savolainen wrote: Am I right in assuming that calls to objectValues etc. still return a real sequence of objects loaded in memory from ZODB? How about making object* calls return a generator instead? Has this been discussed somewhere already? I tried a bit of googling list-searching but could not find much anything on this. Funny you should ask, I played with something similar the other day. I wanted superValues-like functionality for CMF portal_types. Take a look at http://svn.plone.org/view/collective/PloneboardPluggableDiscussion/trunk/utils.py?rev=10024view=markup for some rather inelegant looking code the implements this as an iterator. It's a bit different from what you're after as the gain isn't in the contentValues call (which is the equivalent of your objectValues), but rather in the fact that only the smallest number of those calls that are needed is made. Tim ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Username/userid separation
Em Qui, 2005-08-04 às 08:39 +0100, Jens Vagelpohl escreveu:
On 4 Aug 2005, at 01:01, Leonardo Rochael Almeida wrote:
Hi,
I've started the lra-userid_username_separation-branch (from
Zope-2_8-branch to start from a stable point) in order to implement
proper userid/username separation in Zope.
Chris McDonough did most of that for Zope 2.7 already a long long
time ago. There might be cleanups needed here and there, but for all
practical purposes the separation exists and works. The standard user
folder implementation doesn't support it AFAIK. Where specifically do
you see it not work?
AFAICS, in AccessControl/dtml/owner.dtml, the owner string that is
rendered to the browser comes from Owned.owner_info() in
AccessControl/Owned.py, which comes, untranslated, from
Owned.getOwnerTuple(), which retrieves that value that is set from
Owned.changeOwnership(), which calls ownerInfo() which gets the path to
the user folder and user.getId(), as it should since we are assuming
that .getId() is the immutable and potentially not-displayable
identifier for the user that comes from the user source.
What I'm proposing is to change owner.dtml (with the eventual help of
owner_info()) to get the username equivalent to that userid and display
that instead.
Also, in AccessControl/listLocalRoles.dtml and editLocalRoles.dtml, the
usernames that are rendered from users that already have local roles are
the keys from the RoleManager.__ac_local_roles__ attribute from
AccessControl/Role.py.
These keys eventually come from RoleManager.get_valid_userids(), which
calls acl_users.user_names() for all acl_users in it's acquisition path.
In the default Zope user folder implementation, .user_names() call
getUserNames() which is supposed to list usernames, not userids, which
means we've been storing usernames in __ac_local_roles__ all this time.
This could break if the username for a certain acl_users implementation
changes, specially since User.getRolesInContext() looks up
__ac_local_roles__ with self.getId() and not self.getUserName() in
AccesControl/User.py.
(Actually, isn't it odd that the local roles management is not using the
same approach of owner tuples like Owned.py does?)
I propose that we look up the userid for the username in
RoleManager.manage_{add,set,del}LocalRoles() and change the signature of
these methods to mention username instead of userid.
This might leave us with a slight window for mismatches if the username
for a userid changes between selecting the user in the listLocalRoles
screen and actually setting it after the editLocalRoles screen, but at
least we avoid having to make sure binary userids are correctly quoted
thru all the HTML and URL roundtrips.
What do you guys think?
I've been using it for the LDAPUserFolder for ages where you can
specify different attributes for the ID and the login, and change the
login value at will. And, like Tino mentioned, PAS uses it as well.
Yes, Enfold is aware of PAS, we've been doing the Plone integration for
it and we intend to use it for this particular project for which I need
the changes I mentioned above.
Cheers, Leo
--
Leonardo Rochael Almeida [EMAIL PROTECTED]
Enfold Systems - http://www.enfoldsystems.com/
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Username/userid separation
Em Qui, 2005-08-04 às 16:20 -0300, Leonardo Rochael Almeida escreveu:
I propose that we look up the userid for the username in
RoleManager.manage_{add,set,del}LocalRoles() and change the signature of
these methods to mention username instead of userid.
And we also need to change RoleManager.get_local_roles() to lookup
usernames for the stored userids.
But this leaves us with another interesting problem: in what user folder
should we be looking up these ids? Theoretically, in all of them,
like .list_valid_usernames() does, but this might bring some different
interactions between local roles set for a username that exists in 2 or
more user folders in the current acquisition path.
The definitive fix for this would involve storing the (userid, acl_users
path) tuple in the local roles information after all, and changing
User.localRolesInContext() accordingly, but this brings a host of
backward compatibility issues which my suggestions above make some
effort to avoid, I believe.
Cheers,
--
Leonardo Rochael Almeida [EMAIL PROTECTED]
Enfold Systems - http://www.enfoldsystems.com/
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
