[Zope3-Users] PAU - how to give a principal a role
Hermann Himmelbauer
dusty at qwer.tk
Tue May 15 12:02:52 EDT 2007
Hi,
I have to write an Authenticator Plugin for my application. My login/pass data
is stored in a relational database, which I access via zsqlalchemy.
I have several objects, which are secured by certain permissions. Moreover I
granted permissions to several roles, which I also defined.
My problem is how to give users, which are stored in my database, the correct
role (and therefore permission). If I understand it right, an Authenticator
Plugin returns a principal, which represents a user in the database, but how
can I map the principal to a specific role?
Are principals mapped one to one from users to principals? Or should I perhaps
map many users to one principal?
What I further don't understand is if and why authenticator plugins are called
when credentials are correctly retrieved via e.g. the
SessionCredentialsPlugin or how I can prevent it:
When the user logs in, there are no credentials and he has to supply them via
the login form. Then he is authenticated by the AuthenticatorPlugin (e.g. the
database is queried for user/pass), and the credentials are stored in the
session.
However, for subsequent requests, I think it makes no sense to query the
database again, as the user has already authenticated - or am I getting
something wrong?
Best Regards,
Hermann
--
x1 at aon.at
GPG key ID: 299893C7 (on keyservers)
FP: 0124 2584 8809 EF2A DBF9 4902 64B4 D16B 2998 93C7
More information about the Zope3-users
mailing list