[Zope-PAS] Re: PluggableAuthService and PrincipalDeleted
Miles
miles at jamkit.com
Wed May 7 10:02:38 EDT 2008
Hi,
> I've never been happy with the idea of PAS "supporting" any changes to
> the plugins: even the IUserAdderPlugin and IUpdatePlugin are out of
> place, in my opinion, because they try to generalize without knowing
> enough: they exist to support a not-really-a-contract of the "stock"
> Zope user folder ('_doAddUser').
>
> CRUD on the user objects is really a separate application (*not* a
> framework), which is not even possible in many applications where PAS is
> appropriate.
I always thought that was the *point* of declaring plugins with specific
interfaces: in those applications where it's not possible, you can just
turn them off and they then have no effect. I'm not sure it's sensible
to ask people to develop a completely separate application to do it just
because a subset of use-cases don't need it.
<snip>
>> IIRC, I got a bit confused when it came to password resets, as to
>> whether a password was considered a user property or as something else -
>> passwords are passed to the UserManager at creation so should they go to
>> the PropertyUpdater too?
>
> Passwords are *not* properties: plugis implementing IUpdatePlugin
> should not know about them, unless they are also actively registered for
> ICredentialsUpdatePlugin.
Yes, though the interface documentation makes it sound as if it should
only be used for a user changing their own password (rather than a
manager changing a user's password). If that's not the case, I'll
happily submit a "documentation patch" to clarify.
Miles
More information about the Zope-PAS
mailing list