lib · ca33bdd358b3d78e476ac604bb60e93caa605ef0 · Kirill Smelkov / Zope

Instead of referring to user folder by its ZMI-visible username (acl_users)

Chris McDonough authored 22 years ago

when attempting to get a list of users, use the __allow_groups__ alias.
This doesn't break anything as it is one of the (unwritten) contracts
of a user folder to install itself as __allow_groups__ in its container
(it is canonized in the manage_beforeDelete and manage_afterAdd methods
of BasicUserFolder, and the traversal machinery refers to a user folder
by its __allow_groups__ alias exclusively).

It's actually likely that all code in Zope's security machinery that directly
refers to a user folder by its 'acl_users' alias in this way is wrong.

Referring to the user folder by its __allow_groups__ alias in the security
machinery exclusively gives us the ability to insert a "proxy" object as
can act as an intermediary for a "real" UserFolder object, allowing us to
massage the output from its interface methods as necessary to allow for
grouping and other tricks.

ca33bdd3

Name	Last commit	Last update
..
Components	Collector #686: intSets no longer loose their values.	22 years ago
python	Instead of referring to user folder by its ZMI-visible username (acl_users)	22 years ago

Download source code

Download this directory