[ Dieter Maurer wrote:]
> Jürgen Herrmann wrote at 2005-10-19 15:34 +0200:
>>i use the SimpleUserFolder product and derive a MyUser class from it's
>>included User class, which in turn inherits from BasicUser.
>>the SimpleUserFolder's User class does neither reimplement
>>getRolesInContext() nor allowed(). i looked at the source of
>>BasicUser (lib/python/AccessControl/User.py) and found out that
>>allowed() does not use the information provided by getRolesInContext().
>>i found this comment:
>> # Still have not found a match, so check local roles. We do
>> # this manually rather than call getRolesInContext so that
>> # we can incur only the overhead required to find a match.
>>so if i reimplement getRolesInContext() in MyUser, i'll probably also
>>have to reimplement allowed() to reflect the possibly added local roles,
>>ps: looking at the code of allowed() i doubt that the "manual" checking
>>of local roles will speed this method up a lot: local roles seem to be
>>a seldomly used feature, the improvement in speed would only occur if
>>the object in question was protected by a local role
> Be careful about terminology! Objects are not protected by roles
> (but by permissions).
k, i'll take care in the future :)
> You gain something if a near local role grants the necessary
> The "Owner" local role tends to be very near.
> Thus, you may gain, when usually owners try to execute protected
>>(and not a normal
>>one). is this enough to justify duplicated code with all of it's
> Nobody prevents you to implement your "allowed" by means
> of "getRolesInContext".
ok, it just felt a little wrong to reimplement allowed... but if thats
the way, fine by me!
to dig a little deeper into zope's security machinery, does anybody
know where to look at (in the source) f.ex. to find the place where
the owner role is assigned to a user?
best regards, juergen herrmann
>> XLhost.de - eXperts in Linux hosting <<
Bruderwöhrdstraße 15b, DE-93051 Regensburg
Fon: +49 (0)700 XLHOSTDE [0700 95467833]
Fax: +49 (0)721 151 463027
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -