[Zope3-Users] Pluggable Authentication with stock user/manager principals?

Hermann Himmelbauer dusty at qwer.tk
Thu Jan 8 03:36:04 EST 2009


Am Donnerstag 08 Januar 2009 01:46:04 schrieb Sebastian Bartos:
> Hello there Zope3 folks,
>
> I'm kind of new to Zope 3. Was playing around with Zope 2 and Plone for
> a while before I settled with Zope 3 a few months ago. Starting to get
> the hang out of it (well, slowly).
>
> Anyway, still have some issues. Right now I'm working on the user
> registration and authentication system for a community site project.
> Managed to get the PAU with sessions and the form authenticator into the
> system, but got a bit stuck on how to combine it with the stock
> principals like the admin user and the zcml files. The security and
> authentication system of Zope 3 still makes me wonder. Anybody got some
> good reference and/or tutorial I may have missed with google there? (Was
> already searching quite a bit, turning in circles now).

For learning Zope3, I'd recommend Phillip von Weitershausens book "Web 
Component Development with Zope 3". Moreover, I find the doctests of the 
various packages (especially that one of the PAU) very enlightening.

> --- NOTE: My view of Zope 3 after only a very few month of experience
> with it is following. More philosophical, stop reading if not
> interested! ---

It is, and it should be, as Zope3 introduces something which is new to many 
programmers: The component architecture.

> Anyway, just to cheer up the mood on the list. Now that I start to
> understand Zope 3 I really love it. I basically did the crash course
> coming from C/C++ to Zope 3 without the general Python part. Now I try
> to do some other projects in Python not related to Zope and they are
> just somehow painful. Miss the schema based data structures, the object
> database and a bunch of other things.

You can use the object database outside of Zope 3. ZODB is available as an 
extra package - even more: Most packages are available as seperate eggs, 
meaning, that you can integrate them into your Python programs.

> Side question: is there an easy way to take small parts of Zope 3, like
> for example the schema system to another project without taking the
> whole Zope server?

Yep, just install zope.interfaces, zope.schema etc.

> What also quite annoyed me with the 'normal' python crowd is that they
> just mean to use .INI based configuration (which I don't like coming
> from a Linux based environment). Of course the zcml system does a lot of
> magic that is quite hard to gasp, but I understood it's purpose
> (refactoring) and it's quite nice.

That comes, I think, from the multi platform compatibility. I like the 
Linux-style config files more, too, but I don't see that much of a 
difference.

> Also read the book of Philipp von Weisenhausen. It has some nice
> sections (especially the first 2/3-rd of the book), but somehow I get
> the feeling that he lost the thread in the last section. I mean, most of
> the things there are just hinted with a "the rest is up to you" and it
> has some inconsistencies too. Also the examples in the last part (with
> the login form for example) are broken on my system. Maybe that is just
> local to me. Still for a book of this magnitude (especially if it is one
> of only two books) would do much better with a support forum (just a
> place for people to meet and throw in ideas, discuss questions that may
> arise). Now doing a some searching on the web it seems that Weisenhausen
> is not into the topic too much since more than a year.

My personal critic on the book is that it often does not explain what's 
happening under the hood, or, more specific, Philipp does it between the 
lines. Moreover, he concentrates on Zope 3 plus the Rotterdam skin, which I 
find very limiting and painful. For that reason, I abandoned Rotterdam and 
now concentrate on the z3c - packages (z3c.pagelet / z3c.form etc.), which 
are not covered at all in the book, so you don't really know how to do things 
without Rotterdam, e.g. registering objects, indexing, setting up PAU etc. 
For that reason, I recommend the doctests of the various packages.

> I know Zope 3 is alive and well, but it really seems to me that most of
> the communication is going on the source level and it is really hard for
> newcomers to get the entry to this wonderful system.

True. My impression is, that a lot of excellent people are working on and with 
Zope3, but most are deeply involved in their projects and have thus limited 
time to contribute. And people, who do have time, seem to concentrate on 
other related projects, such as Grok.

> Maybe things can be done better. I may also be able to contribute to the
> documentation having a little experience on writing if there were a few
> people interested in a bit of this kind of activity maybe as a group.

I think, the most urgent need is the Web page. AFAIK, there are efforts to set 
up something new, but it's still not ready. Moreover, I read various posts 
like yours, and quite some documentation fragments over time, but it seems to 
be hard to unify these efforts. Maybe some central Web page with a Wiki etc., 
as most projects have, will help.

Best Regards,
Hermann

-- 
hermann at qwer.tk
GPG key ID: 299893C7 (on keyservers)
FP: 0124 2584 8809 EF2A DBF9  4902 64B4 D16B 2998 93C7


More information about the Zope3-users mailing list