[Zope-CMF] Re: [dev] delete members: small proposal

[Yuppie]

Hi!


Thanks for the feedback.

Sam Brauer wrote:

> I think it would also be good to have an API for the following operations:
> 
> - transfer ownership of all objects owned by a specific user to a new owner
> 
> - delete all objects owned by a specific user

I don't like to add any code that supports the concept of executable 
ownership of content objects. The only place where ownership still 
matters is 'Creator' of Dublin Core. <http://collector.zope.org/CMF/25>

If the member did add other items like python scripts, this issue 
becomes much more complicated. To avoid trojan attacks, there's no 
method (besides createMemberarea) that allows to assign membership to 
someone else.

But in most cases most users can just add content items, so I don't 
think there is an urgent need to implement methods that handle ownership.

> - delete all local roles for a specific user

I forgot about this. I guess these should be removed by default.

> For the first two of these, the owned objects can be found with a simple 
> catalog query on the Creator index.  For the third item, I think you 
> have to recurse over the entire CMF site to check each object for local 
> roles.

Yes, I'm afraid this is an expensive task. I need to have a closer look 
at this. Has anybody a good idea how to delete the local roles?

> Perhaps the deleteMember method could be like this:
> 
> def deleteMember(member_id, delete_memberarea=1, new_owner_id=None, 
> delete_all_owned_objects=1, delete_local_roles=1)
> 
> I think to avoid orphaned objects you would probably want to raise an 
> exception if new_owner_id==None and delete_all_owned_objects==0

In which case are orphaned content objects a problem?

> I've written some code (as an External Method) to do this stuff.  I'd be 
> happy to share it if you're interested.

If someone convinces me that deleteMember should care about ownership, 
I'd like to have a look at your code.


Cheers,
	Yuppie