[Zope-PAS] Re: PluggableAuthService and PrincipalDeleted

Miles miles at jamkit.com
Tue May 6 07:42:47 EDT 2008


Hi,

It would be great if PAS supported deleting users, with the same 
event-based system for notifying other plugins to tidy up.

IMHO, adding a new interface for deletion rather than renaming the 
existing one is better - there's no guarantee existing plugins implement 
the new interface, so it could break things.

On the point of mutable users and groups, I've looked into that in the 
past for some applications here, in order to make PAS-based user 
implement the CMF IMember interface.  Happy to share code or collaborate 
if it's of interest.

IIRC, I got a bit confused when it came to password resets, as to 
whether a password was considered a user property or as something else - 
passwords are passed to the UserManager at creation so should they go to 
the PropertyUpdater too?

Miles


Tarek Ziadé wrote:
> Hi,
> 
> The IPrincipalDeleted event is never notified. As a matter of fact,
> this would be useful to be able to trigger some cleanup in various
> plugins, when user data has to be cleaned up.
> 
> (FYI the PrincipalCreated event has a nice high level API _doAddUser
> that triggers IPrincipalCreated but no high level API for deletion)
> 
> PAS also provides an  IUserAdderPlugin interface for plugins that adds users.
> 
> For deletion, I would like to do some changes into PAS:
> 
> - add a IUserRemoverPlugin interface that adds a removeUser *or*
>   rename IUserAdderPlugin to IUserManagerPlugin, but the latter
>   would involve a lot of trouble i think
> - make ZODBUserManager implements it
> - add a notify(PrincipalDeleted(user_id))   in ZODBUserManager
> 
> This would be helpfull to catch the event in various plugins
> 
> My final goal is to make sure user properties are cleaned up in
> PlonePAS when a user is removed.
> 
> 
> Opinions ?
> 
> Wichert's feedback on this:
> 
>   I'ld also define a new interface for acl_users which supports mutable
>   users and groups. The current one (which PAS implements) is read-only by
>   design. That is also why _addUser is not defined in an interface
>   anywhere and starts with an underscore.
> 
> 
> Tarek
> 
> 



More information about the Zope-PAS mailing list