On 19 Jan 2006, at 22:55, Wichert Akkerman wrote:
Currently adding roles through a RoleManager breaks ZODBRoleManager:
it reads a list of all roles when it created and assumes they do not
change after that. If you add a new role you can do that through
a RoleManager directly, but ZODBRoleManager will not notice and will not
enumerate it.

Can someone enlighten me as to how roles and local roles really differ,
and why every folder has both?

Roles are "global". User objects get them assigned upon creation. Local roles are only used within the context they are defined in. So if user "A" has role "Member" after authenticating at the root in / acl_users, and he has a local role "Manager" in /members/A, then security validation will recognize him as Member and Manager for all items accessed in or underneath /members/A, but only as Member everywhere else.

If ZODBRoleManager does not "see" global roles added after its instantiation then that's a bug.


Zope-PAS mailing list

Reply via email to