Jon Prettyman writes:

I'm trying to set up a registered subscription based site with Zope. The powers that be want a cookie based authentication scheme, so I've started by using GenericUserFolder to handle my authentication. I'm keeping my user account info in a /etc/passwd type file. I have some ExternalMethods I use to create user accounts that are accesible from a ``register'' method in my acl_users folder. So far so good.

The PTB want to add more account information such as e-mail address, phone/fax etc. I'm wondering if my best course of action at this point would be to add this info to my account file in the form of additional fields, or should I create some type of User class derived from BasicUser to handle this. If I go the class route, I'm a little confused about what to derive where. Does anybody have any suggestions on what my best course of action would be?

I'm going for a SQL backed approach myself (with postgreSQL), but that's only a good option if you're reasonably well versed with DB admining and SQL hacking. For your approach, it's probably best to have the passwd file just handle the user/password and roles aspects, and make a ZClass to handle the extra user information. Set the property sheet up with all the user information, and build some nice forms to handle adding and editing. Then the rest is a matter of security settings - the user who's information it is should have a local role of owner set so they can always veiw and edit their information. Anonymous users probably shouldn't be able to view other people's information, but some other roles might. And remember to make Zcatalog a base class when you build the Zclass so all the user information is searchable. John.