On 21 Jan 2006, at 15:37, Wichert Akkerman wrote:

Previously Jens Vagelpohl wrote:
Roles are "global". User objects get them assigned upon creation.

Upon creation of what?

The user object.

If ZODBRoleManager does not "see" global roles added after its
instantiation then that's a bug.

ZODBRoleManager only adds and updates roles in itself and never in the
RoleManager, which suggests that it is meant to take over global role
management completely. So I'm thinking that it should either indeed take
that role and implement an interface for it, or not and always use
__ac_roles__ from the closest containing RoleManager instead of using
its internal data structure.

The ZODBRoleManager (or anything implementing the requisite PAS plugin interfaces) is a bit removed from the normal RoleManager bit. There is no automatic synchronization between what the ZODBRoleManager shows in its Role tab and what shows up in the Security tab on RoleManagers.

Basically, what's shown in the ZODBRoleManager Roles tab tells you "these are the roles that this role manager can hand out to users". I personally would consider it too much magic if adding a role here would automatically add it to the Security tab on either the enclosing container or the root. If you have a need to make a RoleManager role available to the ZODBRoleManager and vice versa you will need to do this with an explicit gesture at this point, meaning manually. So in essence the ZODBRoleManager has nothing to do with managing the standard RoleManager roles.


Zope-PAS mailing list

Reply via email to