[Zope3-Users] Granting roles automatically ?
Dominique Lederer
dominique.lederer at inode.at
Wed Nov 1 10:18:50 EST 2006
Stephan Richter schrieb:
> On Friday 27 October 2006 06:57, Thierry Florac wrote:
>> What I'd like to do is to be able to grant a set of roles automatically
>> to my internal principals authenticated via LDAP. Is it possible ?
>
> Yes, create some groups and grant them permissions and roles. You then listen
> to the IPrincipalCreated event and attach the group(s), if they are coming
> from LDAP.
>
> Regards,
> Stephan
hi, my questions are similar to this:
i would like to implement my own permissions on my package.
as far as i unterstood, i would to the following steps:
- first i create some custom permissions and roles
- then i grant the permissions to roles.
- after that i create some global principals, which i assign my roles.
These principals are my groups.
This is all done by ZCML configuration stuff in my package, the groups
are defined as principals in /etc/principals.zcml
is this right so far?
next steps:
-users are located outside of ZODB (lets say a simple mysql table with
login, password, group as attributes), so i would write a PAU
Authenticator Plugin.
-This plugin i would register in my sites PAU. if everything goes right,
i can now login with users from the external database.
- then i have to listen to IPrincipalCreated event and attach the
group(s), depending on the "group" entry in my mysql table. (Do i have
to make a second query here or is it possible to retrieve the group
information via the auth plugin?)
im i thinking right here? i just want to make sure i unterstood this,
before work begins.
thanks!
Dom
More information about the Zope3-users
mailing list