[Zope-dev] Membership and Local Roles

Michael Bernstein mbernstein@profitscape.com
Mon, 18 Sep 2000 12:07:18 -0500 

Steve Alexander wrote:
> 
> Michael Bernstein wrote:
> 
> > I feel that a barrier to Loginmanager and Membership becoming more
> > generally usable for site builders is it's current lack of support for
> > local roles. Specifically, members do not show up in the local roles
> > screen (manage_listLocalRoles) user list.
> >
> > Through the magic of grep and find, I think I've identified the relevant
> > sections of code in Zope that need to be duplicated in Membership (or
> > maybe in LoginManager).
> 
> I don't know for sure, but I think the API for returning a list of users
> has been omitted intentionally. A LoginManager instance might "contain"
> (or rather, provide authentication to) thousands of users. Listing all
> of these would arguably break the management interface.

I think I saw at least one proposal on a UI change to better accomodate
large numbers of users, and I agree that this is neccessary. But right
now, I need LoginManager to hook into the current management interface
infrastracture to be useful.

In any case, many deployments with that many users will be using LM for
authentication only, and won't be instantiating user objects for them.
This means that you don't have any user objects to list in the Local
Roles UI anyway.

I have less than a hundred users stored persistently (as Members), and
really need to get this working.

> Perhaps what LoginManager (or Membership) needs is a way of stating, for
> each user, whether they should appear in the local-roles list. This
> could be a checkbox for each user, or it could be a method that gets
> called to specify the users that appear, for example, using a regular
> expression, or perhaps based on some quality of the user object.

That sounds like an interesting proposal, and in the absence of a better
one, I'll support it. 

> You should still be able to use local roles, even now, by using an
> external method to add local roles where you need them, and explicitly
> give the user id. You just can't select from the management interface.

Some Products (most notably Tracker) seem to require the same interface
that the local roles UI does, so this approach won't work for them.

IANAC (I Am Not A Coder), except in the most rudimentary sense, and I'm
just trying to get several existing products to integrate smoothly. This
is the last remaining issue (although I'm sure I'll come up with new
ones).

Ideally, I would like a DTML or Python Method that I can drop into the
LM and get this working. Can anybody help with this?

Michael Bernstein.