Edward Hartfield wrote:
Johan Carlsson wrote: Why do you need different authentication logic?
My client wants to do form-based authentication and have user data stored in a database so they can manage users without having to know anything about Zope. My idea is to create a folder object that can be given a method (AuthenticateMethod) to call when someone tries to traverse the folder's contents. AuthenticateMethod returns true or false. The folder itself knows nothing of the authentication scheme. That's AuthenticateMethod's concern.
My partner and I agree that it doesn't make sense to throw away Zope's built-in security. But we don't like the hack required to logout a user with basic authentication. Also, we need to implement a record-level authorization scheme. The easiest, most cost-effective way to do this seems to be using a database to define user permissions just the way we want.
I'd welcome any thoughts you or anyone else might have.
It sounds like Paul gave you a set of good advice. My initial feeling was that you were trying to solve a problem that is already solve in Zope. You can accutally to pretty much you can do with Zope's security system, specially the local_roles support, if you take a deeper look. It will save you hours of work in the long run. As we say: "Use the source Luke". Zope source is easy too read and worth the while. (IMHO it much better that the Zope Book ;-) -- Johan Carlsson Tel: + 46 8 31 24 94 Colliberty Mob: + 46 70 558 25 24 Torsgatan 72 Email: johanc@easypublisher.com SE-113 37 STOCKHOLM