[Grok-dev] User/Group/Security Management Pain
whit morriss
d.w.morriss at gmail.com
Tue May 13 12:57:52 EDT 2008
so... martijn asked calvin and I to stop whining in the channel about
the state of user management and post our complaints here to attempt to
end the suffering. why the suffering? if all you need is basic user
management, flexibility is just a confusing delay in getting to where
you need to be(this is a huge selling point for django).
that said, I think this could be a real winner for grok, since a clear
user management default would be easy to make a simple solution that
could easily provide a flexible starting point. As Martijn pointed out,
it's the kind of complicated problem grok is good at helping simplify.
And *most* other modern python web frameworks have the issue of no good
ootb user management.
The current problem area: I hit these questions immediately when
approaching this in grok (and found no clear answers)::
* how do I add users and groups?
* how do I do user/group - role - permission mappings ala zope2? are
there any auditing tools?
* how do I add custom plugins to pau (credentials, user/group sources)?
* what do I need to do to be secure?
There are probably more rough edges out there.. those are just the ones
I encountered.
One approach is the following: Martijn suggested doing this as an
extension that provides reasonable defaults and was pointed to in the
documentation. This would definitely strengthen the current holes in
that area (see
http://grok.zope.org/documentation/phc_topic_area?topic=Principals+and+Security),
especially if we answer the question above.
A good start would be to gather what documentation and code is available
out there and see what can be used and where the holes are. For my
effort, I cobbled stuff together from philips book and zope's innards
(w/ some help from the channel).
http://projects.opengeo.org/almanac/browser/siteapp/trunk/opengeo/almanac
Most of the effort is in account.py and auth.py (and it's a bit messy
and the cookie auth is not signed yet), but it covers a basic
signup/login case minus groups and role/permission mechanics (this part
I'm trying to work out now and wish I had some good examples). feedback
welcome of course...
I'm sure others have code too no?
-whit
More information about the Grok-dev
mailing list