Dirk Datzert wrote:
And if you're interested, I know how we can make LDAPRoleExtender much
safer, based on conversations with Jens.

Sure I'm interessted.
Ok. All User objects have a getRolesInContext() method. All this method does right now is scan the acquisition context for __ac_local_roles__ attributes. (See AccessControl/User.py)

Since LDAPRoleExtender substitutes the User object with something of a class of its choosing, LDAPRoleExtender just needs to override getRolesInContext() in its User class. The new getRolesInContext() could look for LDAP-provided local roles in addition to the static local roles.

This would give you "true" dynamic local roles. It sounds like LDAPRoleTwiddler is a substitute for LDAPUserFolder that rolls the functionality of LDAPUserFolder + LDAPRoleExtender into one object. If that's the case, you could use the same strategy to improve LDAPRoleTwiddler.


Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )

Reply via email to