On Tue, Feb 25, 2003 at 06:33:16PM +0000, Florent Guillaume wrote: > Leonardo Rochael Almeida <[EMAIL PROTECTED]> wrote: > > So I think you need dynamically calculated local roles. This can be > > achieved by a user folder that returns a user object that overrides > > ".getRolesInContext(object)" to take the location (or any other > > attribute, such as an acquired "site") of "object" and check it against > > your central authorization source (eg. LDAP). > > Note that you'll also want to change validate() if you go that route. > It has a short-circuited version of getRolesInContext in it.
I'm now looking into doing this... and i haven't found what you mean. there are a bunch of validates() in various modules in AccessControl, which are you talking about? ]$ grep "def validate(" * 2> /dev/null AuthEncoding.py: def validate(reference, attempt): AuthEncoding.py: def validate(self, reference, attempt): AuthEncoding.py: def validate(self, reference, attempt): AuthEncoding.py: def validate(self, reference, attempt): SecurityManager.py: def validate(self, accessed=None, container=None, name=None, value=None, User.py: def validate(self, request, auth='', roles=_noroles): User.py: def validate(self, request, auth='', roles=_noroles): ZopeSecurityPolicy.py: def validate(self, accessed, container, name, value, context, cAccessControl.c: /*| def validate(self, accessed, container, name, value, context are you sure it's not BasicUser.allowed() that you mean? there's a comment in there about checking roles manaully rather than with getRolesInContext... -- Paul Winkler http://www.slinkp.com _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )