Shane Hathaway schrieb: > > Dirk Datzert wrote: > >>And if you're interested, I know how we can make LDAPRoleExtender much > >>safer, based on conversations with Jens. > >> > > > > Sure I'm interessted. > > Ok. All User objects have a getRolesInContext() method. All this > method does right now is scan the acquisition context for > __ac_local_roles__ attributes. (See AccessControl/User.py) >
ok, LDAPUser from LDAPUserFolder inherits getRolesInContext from BasicUser, right ? LDAPRoleTwiddler caches LDAPUser entries with changed 'local' roles. What user object will be used if you talk about 'user objects' ? user objects out of LDAPUserFolder, or user object out of LDAPRoleTwiddler, or the user object in the context of the object needs the getRolesInContext() Method of LDAPUser go to the next LDAPRoleTwiddler look for the twiddled user object and take out the local roles ? rather complicated to describe something I not really understand, sorry about confusing questions :-) my strategy for getRolesInContext() would something like this: def getRolesInContext(self, obj): lrt = obj.acl_users # get nearest acl_users for obj (not really sure if this works ?) user = lrt.getUser ( self.getId(), self._getPassword() ) return user.getRoles() _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
