[OzZope] Re: [Zope] ownership fun and games.

Andrew Kenneth Milton akm@theinternet.com.au
Tue, 13 May 2003 23:26:11 +1000


+-------[ Ed Leafe ]----------------------
| On Tuesday, May 13, 2003, at 08:23  AM, Stuart Bishop wrote:
| 
| >>It would be much better if the user folder allowed to disable the 
| >>user (something random could be eventually guessed, besides you'd 
| >>have an indication that the user is inactive/old/obsolete/whatever).
| >>
| >>BTW: there are other cases that make removing old users impractical 
| >>besides permission problems (think about workflow history, cmf 
| >>metadata, etc.)
| >
| >And if they are relying on the user object to remain around for ever,
| >they are broken IMHO. Consider the user folder that is populated
| >from an external source such as a company's LDAP server.
| 
| 	Typically, a deleted user is either assigned to the administrator, 
| 	or the admin is given the option of re-assigning those items to a 
| different user. Either way, ownership is not broken, and a log can be 
| preserved of this re-assignment for cases where such archiving is 
| needed.

This can't happen if the users come from some external source and are managed
outside of Zope. If the external source doesn't allow browsing of the user
list, you can be royally screwed, since you can't detect the situation either.

Since Zope allows you to build permission lists that explicitly exclude
'Manager', you can find yourself in a pretty bad state.

There are ways around this even for externally managed user sources.

-- 
Totally Holistic Enterprises Internet|                      | Andrew Milton
The Internet (Aust) Pty Ltd          |  M:+61 416 022 411   |
ACN: 082 081 472 ABN: 83 082 081 472 |akm@theinternet.com.au| Carpe Daemon