On Tue, Feb 25, 2003 at 06:33:16PM +0000, Florent Guillaume wrote:
> Leonardo Rochael Almeida  <[EMAIL PROTECTED]> wrote:
> > So I think you need dynamically calculated local roles. This can be
> > achieved by a user folder that returns a user object that overrides
> > ".getRolesInContext(object)" to take the location (or any other
> > attribute, such as an acquired "site") of "object" and check it against
> > your central authorization source (eg. LDAP).
> 
> Note that you'll also want to change validate() if you go that route.
> It has a short-circuited version of getRolesInContext in it.

I'm now looking into doing this...
and i haven't found what you mean.
there are a bunch of validates() in various modules in AccessControl,
which are you talking about?

]$ grep "def validate(" * 2> /dev/null
AuthEncoding.py:    def validate(reference, attempt):
AuthEncoding.py:    def validate(self, reference, attempt):
AuthEncoding.py:    def validate(self, reference, attempt):
AuthEncoding.py:        def validate(self, reference, attempt):
SecurityManager.py:    def validate(self, accessed=None, container=None, name=None, 
value=None,
User.py:    def validate(self, request, auth='', roles=_noroles):
User.py:        def validate(self, request, auth='', roles=_noroles):
ZopeSecurityPolicy.py:        def validate(self, accessed, container, name, value, 
context,
cAccessControl.c:       /*| def validate(self, accessed, container, name, value, 
context


are you sure it's not BasicUser.allowed() that you mean?
there's a comment in there about checking roles manaully
rather than with getRolesInContext...

-- 

Paul Winkler
http://www.slinkp.com


_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to