[Zope-dev] LOTS of roles?
Paul Winkler
pw_lists@slinkp.com
Tue, 4 Mar 2003 14:28:17 -0500
On Tue, Feb 25, 2003 at 06:33:16PM +0000, Florent Guillaume wrote:
> Leonardo Rochael Almeida <leo@hiper.com.br> wrote:
> > So I think you need dynamically calculated local roles. This can be
> > achieved by a user folder that returns a user object that overrides
> > ".getRolesInContext(object)" to take the location (or any other
> > attribute, such as an acquired "site") of "object" and check it against
> > your central authorization source (eg. LDAP).
>
> Note that you'll also want to change validate() if you go that route.
> It has a short-circuited version of getRolesInContext in it.
I'm now looking into doing this...
and i haven't found what you mean.
there are a bunch of validates() in various modules in AccessControl,
which are you talking about?
]$ grep "def validate(" * 2> /dev/null
AuthEncoding.py: def validate(reference, attempt):
AuthEncoding.py: def validate(self, reference, attempt):
AuthEncoding.py: def validate(self, reference, attempt):
AuthEncoding.py: def validate(self, reference, attempt):
SecurityManager.py: def validate(self, accessed=None, container=None, name=None, value=None,
User.py: def validate(self, request, auth='', roles=_noroles):
User.py: def validate(self, request, auth='', roles=_noroles):
ZopeSecurityPolicy.py: def validate(self, accessed, container, name, value, context,
cAccessControl.c: /*| def validate(self, accessed, container, name, value, context
are you sure it's not BasicUser.allowed() that you mean?
there's a comment in there about checking roles manaully
rather than with getRolesInContext...
--
Paul Winkler
http://www.slinkp.com