the validate implementation in the LDAPRoleExtender is the "most correct" one. shane worked on it for a while to make sure it does the most correct thing possible, and if anyone knows about the vagaries of acquisition/security and all its possible permutations it is him.
jens
On Thursday, Oct 17, 2002, at 08:37 US/Eastern, Dirk Datzert wrote:
Hi Jens,why is that code no longer referring to the real userfolder anymore? itself.identify() should be the same as if getLUF().identify() since LDAPUserFolder and LDAPRoleTwiddler both inherited this from BasicUserFolder.
should not make calls to authorize/identify/authorize on "self" but on
the LDAPUserFolder it is using as the user source.
self.authenticate() does a self.getUser() which refers to getLUF().getUser() and does twiddling in one step and return the right user-object which the API would expect.
I think that self.authorize(user,...) is better than self.getLUF().authorize(user,...)
because the authorize does the following in 1st line:
def authorize(self, user,... ): (inherited from BasicUserFolder)
user = getattr(user, 'aq_base', user).__of__(self)
this would be different for self.authorize, where self would be the LRT and
self.getLUF().authorize() where self would be the LUF.
The user is seen in 2 different contexts by .__of__(self) .
Maybe I'm think too complicated, Your opinion ?
Regards,
Dirk
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
