On 21 Jan 2006, at 15:37, Wichert Akkerman wrote:
Previously Jens Vagelpohl wrote:
Roles are "global". User objects get them assigned upon creation.
Upon creation of what?
The user object.
If ZODBRoleManager does not "see" global roles added after its
instantiation then that's a bug.
ZODBRoleManager only adds and updates roles in itself and never in the
RoleManager, which suggests that it is meant to take over global role
management completely. So I'm thinking that it should either indeed
that role and implement an interface for it, or not and always use
__ac_roles__ from the closest containing RoleManager instead of using
its internal data structure.
The ZODBRoleManager (or anything implementing the requisite PAS
plugin interfaces) is a bit removed from the normal RoleManager bit.
There is no automatic synchronization between what the
ZODBRoleManager shows in its Role tab and what shows up in the
Security tab on RoleManagers.
Basically, what's shown in the ZODBRoleManager Roles tab tells you
"these are the roles that this role manager can hand out to users". I
personally would consider it too much magic if adding a role here
would automatically add it to the Security tab on either the
enclosing container or the root. If you have a need to make a
RoleManager role available to the ZODBRoleManager and vice versa you
will need to do this with an explicit gesture at this point, meaning
manually. So in essence the ZODBRoleManager has nothing to do with
managing the standard RoleManager roles.
Zope-PAS mailing list