On 19 Jan 2006, at 22:55, Wichert Akkerman wrote:
Currently adding roles through a RoleManager breaks ZODBRoleManager:
it reads a list of all roles when it created and assumes they do not
change after that. If you add a new role you can do that through
a RoleManager directly, but ZODBRoleManager will not notice and
will not
enumerate it.
Can someone enlighten me as to how roles and local roles really
differ,
and why every folder has both?
Roles are "global". User objects get them assigned upon creation.
Local roles are only used within the context they are defined in. So
if user "A" has role "Member" after authenticating at the root in /
acl_users, and he has a local role "Manager" in /members/A, then
security validation will recognize him as Member and Manager for all
items accessed in or underneath /members/A, but only as Member
everywhere else.
If ZODBRoleManager does not "see" global roles added after its
instantiation then that's a bug.
jens
_______________________________________________
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas
