[ Dieter Maurer wrote:] > Jürgen Herrmann wrote at 2005-10-19 15:34 +0200: >>i use the SimpleUserFolder product and derive a MyUser class from it's >>included User class, which in turn inherits from BasicUser. >> >>the SimpleUserFolder's User class does neither reimplement >>getRolesInContext() nor allowed(). i looked at the source of >>BasicUser (lib/python/AccessControl/User.py) and found out that >>allowed() does not use the information provided by getRolesInContext(). >>i found this comment: >> # Still have not found a match, so check local roles. We do >> # this manually rather than call getRolesInContext so that >> # we can incur only the overhead required to find a match. >> >>so if i reimplement getRolesInContext() in MyUser, i'll probably also >>have to reimplement allowed() to reflect the possibly added local roles, >>right? > > Yes. > >> ... >>ps: looking at the code of allowed() i doubt that the "manual" checking >>of local roles will speed this method up a lot: local roles seem to be >>a seldomly used feature, the improvement in speed would only occur if >>the object in question was protected by a local role > > Be careful about terminology! Objects are not protected by roles > (but by permissions). k, i'll take care in the future :) > > You gain something if a near local role grants the necessary > permission. > The "Owner" local role tends to be very near. > > Thus, you may gain, when usually owners try to execute protected > methods. sounds reasonable. > >>(and not a normal >>one). is this enough to justify duplicated code with all of it's >>disadvantages)? > > Nobody prevents you to implement your "allowed" by means > of "getRolesInContext". > > -- > Dieter > ok, it just felt a little wrong to reimplement allowed... but if thats the way, fine by me!
to dig a little deeper into zope's security machinery, does anybody know where to look at (in the source) f.ex. to find the place where the owner role is assigned to a user? best regards, juergen herrmann _______________________________________________________________________ >> XLhost.de - eXperts in Linux hosting << Jürgen Herrmann Bruderwöhrdstraße 15b, DE-93051 Regensburg Fon: +49 (0)700 XLHOSTDE [0700 95467833] Fax: +49 (0)721 151 463027 WEB: http://www.XLhost.de _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )