On March  5, Paul Winkler wrote:
> * more coupling


> * performance hit


> * one more detail to pay attention to


> OTOH, doing the magic in user.allowed() would mean 
> I'd only need one "special" UserFolder instance at the top of the
> hierarchy, and then everything else Just Works regardless of
> what folderish thing it is and all my LDAP-related code would
> be in this UserFolder class.
> am i overlooking something?

No, I think you've distilled the issue quite concisely.

(/me revisits LDAPUserFolder)

Looks like the work is already done for you anyway: allowed() and
friends check if the context has an attribute acl_satellite, and
queries it for any additional roles, and it even keeps a cache.  You
could probably just customise the Folder to automagically place a
satellite object in it.  Or otherwise borrow the logic to do what you

Huzzah open-source software!


 Adrian van den Dries                           [EMAIL PROTECTED]
 Development team                               www.dev.flow.com.au
 FLOW Communications Pty. Ltd.                  www.flow.com.au

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to