[ Dieter Maurer wrote:]
> Jürgen Herrmann wrote at 2005-10-19 15:34 +0200:
>>i use the SimpleUserFolder product and derive a MyUser class from it's
>>included User class, which in turn inherits from BasicUser.
>>the SimpleUserFolder's User class does neither reimplement
>>getRolesInContext() nor allowed(). i looked at the source of
>>BasicUser (lib/python/AccessControl/User.py) and found out that
>>allowed() does not use the information provided by getRolesInContext().
>>i found this comment:
>>        # Still have not found a match, so check local roles. We do
>>        # this manually rather than call getRolesInContext so that
>>        # we can incur only the overhead required to find a match.
>>so if i reimplement getRolesInContext() in MyUser, i'll probably also
>>have to reimplement allowed() to reflect the possibly added local roles,
> Yes.
>> ...
>>ps: looking at the code of allowed() i doubt that the "manual" checking
>>of local roles will speed this method up a lot: local roles seem to be
>>a seldomly used feature, the improvement in speed would only occur if
>>the object in question was protected by a local role
> Be careful about terminology! Objects are not protected by roles
> (but by permissions).
k, i'll take care in the future :)
> You gain something if a near local role grants the necessary
> permission.
> The "Owner" local role tends to be very near.
> Thus, you may gain, when usually owners try to execute protected
> methods.
sounds reasonable.
>>(and not a normal
>>one). is this enough to justify duplicated code with all of it's
> Nobody prevents you to implement your "allowed" by means
> of "getRolesInContext".
> --
> Dieter
ok, it just felt a little wrong to reimplement allowed... but if thats
the way, fine by me!

to dig a little deeper into zope's security machinery, does anybody
know where to look at (in the source) f.ex. to find the place where
the owner role is assigned to a user?

best regards, juergen herrmann

>> XLhost.de - eXperts in Linux hosting <<

Jürgen Herrmann
Bruderwöhrdstraße 15b, DE-93051 Regensburg

Fon:  +49 (0)700 XLHOSTDE [0700 95467833]
Fax:  +49 (0)721 151 463027
WEB:  http://www.XLhost.de
Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to