-----BEGIN PGP SIGNED MESSAGE-----
Martijn Faassen wrote:
> Roger Ineichen wrote:
> [Martijn goes into why this might be slow]
>> Yes you are right. Do you have another idea?
> A fairly drastic one, unfortunately -- catalog all role and permission
> assignments and run a query as soon a user is removed.
CMF does this for local roles, and Jim is already on record as disliking
I am pleased with the *result*, which also allows the catalog to filter
"normal" content results efficiently based on the user's roles (the
original eason for the index). OTOH, the *implementation* is grotty.
> Hm, perhaps another idea would involve the timestamp of creation in the
> userid somewhere, to make the ids unique. Unfortunately I don't see how
> that would work with external authentication systems such as LDAP, as we
> don't know when userids are created and removed there.
The actual ID used by LDAP is a DSN. Perhaps the authorization system
could map the DSNs to internally-generated integer ID, which would be
the only value actually stored in grant records.
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope3-dev mailing list