undocumented ZODBRoleManager.listAssignedPrincipals() is broken

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Florian Friesdorf wrote:
> Public bug reported:
>
> undocumented ZODBRoleManager.listAssignedPrincipals() might be broken
>
> ZODBRoleManager.listAssignedPrincipals() is undocumented and is broken
> or Plone is doing something wrong.
>
> Plone (PlonePAS) uses a properties plugin that implements
> IPropertiesPlugin and IUserEnumerationPlugin. Every normal users
> therefore is returned twice by PluggableAuthService.searchUsers() once
> for the properties plugin named mutable_properties and once for the real
> user plugin named source_users.
>
> Is this a valid use case?

I don't think so: why is the properties plugin enumerating users? In
any case, there is a strong requirement that enumerating plugins return
non-conflicting IDs for users / groups / roles.

In any case, this issue should be discussed on the PAS list, and not in
the tracker (unless the consensus on the list is that this is a bug in
PAS, and not in Plone's plugin).

> If yes, listAssignedPrincipals() is broken as it expects
> searchPrincipals() to return only one entry for an exact principal id.
>
> As listAssignedPrincipals() is undocumented, is there an official way to
> get all principals that have a certain global role?

 status invalid

Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 <email address hidden>
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkrOOv4ACgkQ+gerLs4ltQ6E/gCgg399uu1g7zqz0Bv+owwFifLX
UtgAoNnQwxsLoi0qzzmcNqaS8zJdC65m
=tK6w
-----END PGP SIGNATURE-----