[Zope-DB] connecting with user passwords

Dieter Maurer dieter at handshake.de
Thu Dec 4 15:53:18 EST 2003

Tom Deprez wrote at 2003-12-4 11:09 +0100:
>>Remember the user for which the connection has been opened in
>>an attribute.
>>When a new user tries to use the connection, close the existing one,
>>open a new one for this user and remember the user in the variable.
>>When the same user comes, just use the connection.
>But if the first user had less access as the second one, the first one in 
>this case will be allowed to do more than normal.
>Or, if the second one accesses with a lower access, the first one will not 
>be able to perform some actions as he normally can.

What ???

Maybe a piece of code is clearer than plain English:

   class DB(...):
      user = None

      def ensureConnected(self):
        '''ensure that we have a connection for the current user.'''
	from AccessControl import getSecurityManager

	currentUser = getSecurityManager().getUser().getUserName()
	if self.user != currentUser:
	  # must reopen the connection
	  self._connection = connect(... currentUser ...)
	  self.user = currentUser

As you (hopefully) see, a user can only use his connection (up to
different users with the same user name - this can be handled
by comparing the authenticating user folder as well) provided
that "ensureConnected" is called before "self._connection" is accessed.


More information about the Zope-DB mailing list