[Zope-dev] Loginmanager/guf the right way to go?

Kevin Dangoor kid@kendermedia.com
Wed, 17 May 2000 11:12:21 -0400


----- Original Message -----
From: "Alexander Schonfeld" <alex@garage.co.jp>
To: <zope-dev@zope.org>
Sent: Tuesday, May 16, 2000 11:43 PM
Subject: [Zope-dev] Loginmanager/guf the right way to go?


> Wouldn't it be better to improve Zope's built in authentication system to
> support more generalized membership systems?  Rather than building these
> separate loginmanager/user folder things?

Since Zope is really a very flexible framework, there isn't much of a "built
in vs. separate" dichotomy. LoginManager is designed to be the generalized
membership system. And it's *very* generalized... users can be stored in the
ZODB, SQL database, an LDAP database, /etc/passwd (or any combination!), and
can have propertysheets and attributes pulled from ZODB, SQL, filesystem, or
whatever. As I understand it, that functionality is there right now, but
some of the user-friendly management interfaces aren't there yet, and no one
has yet implemented SQL UserSources with it.

> That way roles and permissions could be integrated easily.  And
auto-account
> generation could be possible:
> 0. let anonymous people fill in the account gen form..
> 1. send out the email with pre-generated password
> 2. build default folder/prefs/whatever
> 3. let the user login and see whatever the role supports...
> plus their personal stuff.

A bit of this exists today in the PTK (which uses an older version of
LoginManager).

> I guess the main problem is the "plus their personal stuff" thing.  How
> hard would it be to make a new private vs. public layer.  It seems this
> would start to sound like unix permissions... 'doomed to repeat' et all.

Zope's permissions are quite flexible. If there is something that only the
user should see, you can just grant permissions for that object only for the
Owner role.

> As I understand it, currently there isn't any private stuff for people
> in the same role?  This seems like it might be useful for major sites...
> and yes... one day... when zope rules the world... there will be 'major
> sites' and people will have their own folders and all will be good.

Since the creation of the Owner role, you can have private stuff for people.
The user creates the object and is given the "local role" of "Owner" for the
object. If the Owner is the only one with permission to view the object,
then that object is private.

Membership is not yet to the point where you just plug it in and it works,
but things are moving along a path that will give Zope a very, very flexible
membership system. Which is a great thing at this stage, because everyone
will have different requirements.

Kevin