On March 5, Paul Winkler wrote: > * more coupling Yes.
> * performance hit Yes. > * one more detail to pay attention to Yes. > OTOH, doing the magic in user.allowed() would mean > I'd only need one "special" UserFolder instance at the top of the > hierarchy, and then everything else Just Works regardless of > what folderish thing it is and all my LDAP-related code would > be in this UserFolder class. > > am i overlooking something? No, I think you've distilled the issue quite concisely. (/me revisits LDAPUserFolder) Looks like the work is already done for you anyway: allowed() and friends check if the context has an attribute acl_satellite, and queries it for any additional roles, and it even keeps a cache. You could probably just customise the Folder to automagically place a satellite object in it. Or otherwise borrow the logic to do what you need. Huzzah open-source software! a. -- Adrian van den Dries [EMAIL PROTECTED] Development team www.dev.flow.com.au FLOW Communications Pty. Ltd. www.flow.com.au _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )