On March 5, Paul Winkler wrote:
> * more coupling
> * performance hit
> * one more detail to pay attention to
> OTOH, doing the magic in user.allowed() would mean
> I'd only need one "special" UserFolder instance at the top of the
> hierarchy, and then everything else Just Works regardless of
> what folderish thing it is and all my LDAP-related code would
> be in this UserFolder class.
> am i overlooking something?
No, I think you've distilled the issue quite concisely.
(/me revisits LDAPUserFolder)
Looks like the work is already done for you anyway: allowed() and
friends check if the context has an attribute acl_satellite, and
queries it for any additional roles, and it even keeps a cache. You
could probably just customise the Folder to automagically place a
satellite object in it. Or otherwise borrow the logic to do what you
Huzzah open-source software!
Adrian van den Dries [EMAIL PROTECTED]
Development team www.dev.flow.com.au
FLOW Communications Pty. Ltd. www.flow.com.au
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -