[Zope] User/Subscriber advice on How-To

[John Morton]

Jon Prettyman writes:
 > I'm trying to set up a registered subscription based site with Zope.
 > The powers that be want a cookie based authentication scheme, so I've
 > started by using GenericUserFolder to handle my authentication.  I'm
 > keeping my user account info in a /etc/passwd type file.  I have some
 > ExternalMethods I use to create user accounts that are accesible from
 > a ``register'' method in my acl_users folder.  So far so good.
 > 
 > The PTB want to add more account information such as e-mail address,
 > phone/fax etc.  I'm wondering if my best course of action at this
 > point would be to add this info to my account file in the form of
 > additional fields, or should I create some type of User class derived
 > from BasicUser to handle this.  If I go the class route, I'm a little
 > confused about what to derive where.  Does anybody have any
 > suggestions on what my best course of action would be?

I'm going for a SQL backed approach myself (with postgreSQL), but
that's only a good option if you're reasonably well versed with DB
admining and SQL hacking. For your approach, it's probably best to
have the passwd file just handle the user/password and roles aspects,
and make a ZClass to handle the extra user information. Set the
property sheet up with all the user information, and build some nice
forms to handle adding and editing. Then the rest is a matter of
security settings - the user who's information it is should have a
local role of owner set so they can always veiw and edit their
information. Anonymous users probably shouldn't be able to view other
people's information, but some other roles might. And remember to make 
Zcatalog a base class when you build the Zclass so all the user
information is searchable.

John.