-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
> 
>>We aren't "enforcing" anything:  the plugin can't fulfill its own
>>contract (in this case, to return a list of (id, title) tuples) if the
>>user has screwed up by configuring the other plugins that way.
> 
> 
> If multiple principals share have the same id you will still fulfill the
> contract; the only difference is that with this patch you will see the
> title from the first one and ignore titles from the others. This is ok
> since we still show all ids.
> 
> For some background: I needed this patch to be able to use groups from
> an active directory environment in a site. That gave me two groups
> called 'Administrators': the standard Zope one and the one that comes
> in via active directory.

Within a single PAS, it is an error to have two principals with the same
ID;  otherwise you will end up granting permissions inappropriately.  If
you have plugins which are generating identical IDs, then you need to
have one or both of them use prefixes (that is what they are for).

BTW, there is no "standard" Administrators group in Zope (Zope proper
doesn't know about groups at all).


Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDj0cu+gerLs4ltQ4RAvWXAKCXF/cthIH2FYlYMlcI+RN3R9VTagCgsKgP
m9uly0yFvG3tMHJe7zh3cOs=
=8Hxm
-----END PGP SIGNATURE-----
_______________________________________________
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas

Reply via email to