Change for 2.5 for user local role lists. acl_user folders now support a

maxlistusers property (managed from user folder properties tab) which
limits the number of roles that rolemanager's get_valid_users will return
before raising an OverflowError.  The DTML for listLocalRoles will insert a
text box for user id entry if OverflowError is raised.

lib/python/AccessControl/Role.py

@@ -84,7 +84,7 @@
 ##############################################################################
 """Access control support"""
 
-__version__='$Revision: 1.50 $'[11:-2]
+__version__='$Revision: 1.51 $'[11:-2]
 
 
 from Globals import DTMLFile, MessageDialog, Dictionary
@@ -96,6 +96,8 @@ from App.Common import aq_base
 
 ListType=type([])
 
+DEFAULTMAXLISTUSERS=250
+
 def _isBeingUsedAsAMethod(self):
     return aq_get(self, '_isBeingUsedAsAMethod_', 0)
 
@@ -374,14 +376,24 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
     def get_valid_userids(self):
         item=self
         dict={}
+        _notfound = []
         while 1:
-            if hasattr(aq_base(item), 'acl_users') and \
-               hasattr(item.acl_users, 'user_names'):
-                for name in item.acl_users.user_names():
-                    dict[name]=1
-            if not hasattr(item, 'aq_parent'):
+            aclu = getattr(aq_base(item), 'acl_users', _notfound)
+            if aclu is not _notfound:
+                mlu = getattr(aclu, 'maxlistusers', _notfound)
+                if type(mlu) != type(1): mlu = DEFAULTMAXLISTUSERS
+                if mlu < 0: raise OverflowError
+                un = getattr(aclu, 'user_names', _notfound)
+                if un is not _notfound:
+                    unl = un()
+                    # maxlistusers of 0 is list all
+                    if len(unl) > mlu and mlu != 0:
+                        raise OverflowError
+                    for name in un():
+                        dict[name]=1
+            item = getattr(item, 'aq_parent', _notfound)
+            if item is _notfound:
                 break
-            item=item.aq_parent
         keys=dict.keys()
         keys.sort()
         return tuple(keys)

lib/python/AccessControl/User.py

@@ -84,7 +84,7 @@
 ##############################################################################
 """Access control package"""
 
-__version__='$Revision: 1.157 $'[11:-2]
+__version__='$Revision: 1.158 $'[11:-2]
 
 import Globals, socket, SpecialUsers,re
 import os
@@ -95,7 +95,7 @@ from Acquisition import Implicit
 from OFS.SimpleItem import Item
 from base64 import decodestring
 from App.ImageFile import ImageFile
-from Role import RoleManager
+from Role import RoleManager, DEFAULTMAXLISTUSERS
 from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
 import AuthEncoding
 from AccessControl import getSecurityManager, Unauthorized
@@ -479,6 +479,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
 
     isPrincipiaFolderish=1
     isAUserFolder=1
+    maxlistusers = DEFAULTMAXLISTUSERS
 
     encrypt_passwords = 0
 
@@ -795,11 +796,17 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
             management_view='Properties')
 
     def manage_setUserFolderProperties(self, encrypt_passwords=0,
-                                       update_passwords=0, REQUEST=None):
+                                       update_passwords=0,
+                                       maxlistusers=DEFAULTMAXLISTUSERS,
+                                       REQUEST=None):
         """
         Sets the properties of the user folder.
         """
         self.encrypt_passwords = not not encrypt_passwords
+        try:
+            self.maxlistusers = int(maxlistusers)
+        except ValueError:
+            self.maxlistusers = DEFAULTMAXLISTUSERS
         if encrypt_passwords and update_passwords:
             changed = 0
             for u in self.getUsers():

lib/python/AccessControl/dtml/listLocalRoles.dtml

@@ -74,12 +74,18 @@ roles that should be given to that user from the <em>Roles</em> list.
 <tr>
   <td align="left" valign="top">
   <div class="form-element">
+  <dtml-try>
   <select name="userid" size="5">
   <dtml-in get_valid_userids>
   <option value="<dtml-var sequence-item html_quote>"><dtml-var 
    sequence-item></option>
   </dtml-in>
   </select>
+  <dtml-except OverflowError>
+
+  <input name="userid" size=10>
+  
+  </dtml-try>
   </div>
   </td>
   <td align="left" valign="top">

lib/python/AccessControl/dtml/userFolderProps.dtml

@@ -17,6 +17,14 @@
    </dtml-let>
   </td>
 </tr>
+<tr>
+ <td align="left" valign="center" class="form-label">
+  Role assignment presents search dialog when more users than N (-1 is always, 0 is never).
+ </td>
+ <td align="left" valign="center" class="form-element">
+ <input type=text name="maxlistusers" value="&dtml.missing-maxlistusers;" size=3>
+ </td>
+</tr>
 
 </table>
 

lib/python/AccessControl/tests/testUserFolder.py

+##############################################################################
+# 
+# Zope Public License (ZPL) Version 1.0
+# -------------------------------------
+# 
+# Copyright (c) Digital Creations.  All rights reserved.
+# 
+# This license has been certified as Open Source(tm).
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# 
+# 1. Redistributions in source code must retain the above copyright
+#    notice, this list of conditions, and the following disclaimer.
+# 
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions, and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+# 
+# 3. Digital Creations requests that attribution be given to Zope
+#    in any manner possible. Zope includes a "Powered by Zope"
+#    button that is installed by default. While it is not a license
+#    violation to remove this button, it is requested that the
+#    attribution remain. A significant investment has been put
+#    into Zope, and this effort will continue if the Zope community
+#    continues to grow. This is one way to assure that growth.
+# 
+# 4. All advertising materials and documentation mentioning
+#    features derived from or use of this software must display
+#    the following acknowledgement:
+# 
+#      "This product includes software developed by Digital Creations
+#      for use in the Z Object Publishing Environment
+#      (http://www.zope.org/)."
+# 
+#    In the event that the product being advertised includes an
+#    intact Zope distribution (with copyright and license included)
+#    then this clause is waived.
+# 
+# 5. Names associated with Zope or Digital Creations must not be used to
+#    endorse or promote products derived from this software without
+#    prior written permission from Digital Creations.
+# 
+# 6. Modified redistributions of any form whatsoever must retain
+#    the following acknowledgment:
+# 
+#      "This product includes software developed by Digital Creations
+#      for use in the Z Object Publishing Environment
+#      (http://www.zope.org/)."
+# 
+#    Intact (re-)distributions of any official Zope release do not
+#    require an external acknowledgement.
+# 
+# 7. Modifications are encouraged but must be packaged separately as
+#    patches to official Zope releases.  Distributions that do not
+#    clearly separate the patches from the original work must be clearly
+#    labeled as unofficial distributions.  Modifications which do not
+#    carry the name Zope may be packaged in any form, as long as they
+#    conform to all of the clauses above.
+# 
+# 
+# Disclaimer
+# 
+#   THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
+#   EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+#   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+#   PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
+#   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+#   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+#   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+#   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+#   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+#   SUCH DAMAGE.
+# 
+# 
+# This software consists of contributions made by Digital Creations and
+# many individuals on behalf of Digital Creations.  Specific
+# attributions are listed in the accompanying credits file.
+# 
+##############################################################################
+"""User folder tests
+"""
+
+__rcs_id__='$Id: testUserFolder.py,v 1.2 2001/10/02 16:16:25 matt Exp $'
+__version__='$Revision: 1.2 $'[11:-2]
+
+import os, sys
+execfile(os.path.join(sys.path[0], 'framework.py'))
+
+import ZODB
+from DocumentTemplate import HTML
+from DocumentTemplate.tests.testDTML import DTMLTests
+from Products.PythonScripts.standard import DTML
+from AccessControl import User, Unauthorized
+from AccessControl.User import BasicUserFolder
+from ExtensionClass import Base
+
+class SecurityTests (DTMLTests):
+
+    def testMaxListUsers(self):
+        # create a folder-ish thing which contains a roleManager,
+        # then put an acl_users object into the folde-ish thing
+
+        class Folderish(BasicUserFolder):
+            def __init__(self, size, count):
+                self.maxlistusers = size
+                self.users = []
+                self.acl_users = self
+                for i in xrange(count):
+                    self.users.append("Nobody")
+                   
+            def getUsers(self):
+                return self.users
+
+            def user_names(self):
+                return self.getUsers()
+
+
+        tinyFolderOver = Folderish(15, 20)
+        tinyFolderUnder = Folderish(15, 10)
+
+        assert tinyFolderOver.maxlistusers == 15
+        assert tinyFolderUnder.maxlistusers == 15
+        assert len(tinyFolderOver.user_names()) == 20
+        assert len(tinyFolderUnder.user_names()) == 10
+
+        try:
+            list = tinyFolderOver.get_valid_userids()
+            assert 0, "Did not raise overflow error"
+        except OverflowError:
+            pass
+
+        try:
+            list = tinyFolderUnder.get_valid_userids()
+            pass
+        except OverflowError:
+            assert 0, "Raised overflow error erroneously"
+
+
+
+framework()