[Zope-dev] LoginManager ownership bug!

Ty Sarna tsarna@endicor.com
6 Oct 2000 16:01:01 GMT


In article <20001005104956.B11298@chem.helsinki.fi>,
Jonas Juselius  <jonas@iki.fi> wrote:
> The problem has to do with the ownership of the acl_users. When the
> LoginManager (acl_users) is created it sets the _owner attribute to
> UnownableOwner. This is fine, for if the acl_users folder is owned it results
...
> The problem is that the acl_users folder becomes _owned_ (by whom I don't
> know) every time Zope is restarted, or when any method is edited or added in

I think this is due to Shane's fix for allowing LM's as non-top-level
acl_users. I had it originally so that _owner was a class attribute,
which works fine. With the change, it was added as an instance
attribute. Now, UnownableOwner is just an empty list, []. Zope checks
for UnownableOwner using an identity check, that is in python: "_owner is
UnownableOwner". When the LM is pickled to ZODB and reloaded, _owner is
still an empty list, but it's not *the* empty list. That is, in python
terms: it's still *equal* to UO, but it isn't "is" UO.

We could go back to just having it as a class attribute, but then that
breaks when adding a LM anywhere other than the top folder, because Zope
wants to delete the _owner from it.

> Another thing which I have tried to do, is to add  support for local roles to 
> the LoginManager. At first it looked rather simple, but then I realized that
> it wasn't really _that_ simple, and dropped it because I don't have time... It
> would however be nice to have local roles support in the LoginManager, as it
> would make it more complete.

LM supports local roles fine. Unfortunately, the Zope's treatment of
them doesn't scale (a listview just doesn't work for 1500 users, and
other parts of the machinery want to do things like "Get me a list of
all local roles for all users" just so that it can see if *one* user has a
specific role or set of roles.) We've submitted patches for some things,
but not gotten much interest from DC.