[Zope-dev] Fw: [Exuserfolder-devel] Zope 2.5b1 release

Brian Lloyd brian.lloyd@zope.com
Thu, 29 Nov 2001 11:58:06 -0500 

> I see an intention not to break other user folder products. Given that 
> the fishbowl proposal in question is supposed to make for a very small 
> change, any breakage in existing products is a bug in its implementation.

I've just checked in changes that I believe address all of the 
issues (there were several):

  - Part of the problem is that I picked really poor names for the 
    added APIs (names that had a high likelyhood of, and in fact 
    were used already by custom user folder implementations).

    I've changed them to 'userFolderAddUser', 'userFolderEditUser'
    and 'userFolderDelUsers', making the names somewhat uglier and 
    less likely to clash.

  - They really only need to act as permission-protected aliases to 
    the methods that custom user folders already implement ('_doAddUser',
    '_doChangeUser', '_doDelUsers'). I've done that, and custom user 
    folder authors don't need to take any action (other than have 
    implemented the '_' methods in the first place).

  - Password encryption was being done in the wrong place. It really
    wants to be done in the _doAddUser and _doChangeUser, so that 
    custom user folders can elect to do it or not (since some pw 
    schemes cannot work with a pre-encrypted password).

    I've changed it so that the built-in Zope user folder will do 
    encryption, and custom user folders can support it easily by 
    changing their _doAddUser and _doChangeUser to do it if appropriate.

  - Updated all of the comments to (hopefully) remove confusion about 
    'deprecation'.

So the current status is that:

  - Current user folders should continue to work without any changes, 
    and they don't need to do anything to support the new userFolder*
    convenience APIs.

  - Nothing is really "deprecated" -  I've changed the wording 
    to say that scripts and other web-based code are encouraged to 
    use the new userFolder* APIs to work with users rather than 
    create more code dependent on the crummy 'manage_users' hackery.

I've tested this on a few variations here, but I'd be happy if some 
other folks who have alternate user folders around could give the 
updated lib/python/AccessControl/User.py a whirl and let me know 
about any problems.


Brian Lloyd        brian@zope.com
Software Engineer  540.361.1716       
Zope Corporation   http://www.zope.com