I found an issue with zope.app.undo's ZODBUndoManager wherein it only could undo principal transactions if the principal in the request came from the global principal registry. I tried patching our copy by changing it to look up the principal of a transaction record from zapi.principals() (gets the nearest IAuthentication utility).
When it tries to do the undo, it compares request.principal against transaction['principal'] with identity comparison (' is '). That doesn't work for pluggable auth principal folder based principals, even if by my own assumptions and simple application setup they are the same. With all of the other principal / group mini-proposals going on, does there need to be a way to strongly (if that's the right word) compare a principal looked up from an id that came out of... well, somewhere (a transaction log record, a string stored in the 'creators' dublin core sequence, etc), or even against each other? >>> b3_1 = zapi.principals().getPrincipal('brcms.user.3') >>> b3_2 = zapi.principals().getPrincipal('brcms.user.3') >>> b3_1 is b3_2 False >>> b3_1 == b3_2 False Comparing the id attribute works. Is it reasonable to assume that zapi.principals().getPrincipal(request.principal.id) should return the same principal as request.principal? And thus if somerecord['creator_id'] == request.principal.id, that's considered a good match? -- Jeff Shell _______________________________________________ Zope3-dev mailing list Zope3firstname.lastname@example.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com