I've been researching how to approach this, and I think this problem
stems from confusion about workflow state and active/expiration
state. The path I'm starting to go down is workflow that hooks a Zope
event which is set on changes to an object's expiration. This way I
can use workflow state transitions to change things like group
memberships and permissions on user object fields.
I haven't gotten much further than that, and I'd appreciate any
advice on whether that's a bad idea or how to implement it.
On May 25, 2009, at 7:02 AM, Tim Knapp wrote:
Hello again Rob,
On Thu, 2009-05-21 at 11:35 -0700, Rob Miller wrote:
Ross Patterson wrote:
<snip />
another slightly tricky bit could be handling reactivation after
their account
has been expired. at this point, the user can't log in... which
means you'll
be interacting w/ anonymous users, who of course have no
privileges. this
still isn't that bad, though. it's not like some nefarious
attacker is going
to go around paying subscription fees on expired accounts. it's
similar to a
bank; you don't need to prove who you are to make a deposit to an
account,
only to withdraw. if you really want to be careful, to prevent
people from
accidentally paying for someone else's subscription, you could
require users
to enter their password at some point in the renewal process.
even though the
account is inactive, the password is still there, you should be
able to call
authenticateCredentials directly on the member object to make sure
the entered
password is correct. the main thing to be careful of here is to
make sure you
don't expose any of the member's personal information (email
address, etc.) to
anonymous users.
I've implemented this solution as per your recommendations and I ended
up having to create a browser view that the expired member opens up
(with the memberid supplied via query string) and enters their
password
and selects their subscription period and the authenticateCredentials
method is run against the member object and if this is successful the
user is 'enabled' and redirected off to the payment processor and
subsequently their expiry date is updated. This all works fine and
dandy
but I had to take away the transition guards from the 'enable_private'
transition and I'm unsure what kind of security holes this opens up?
Thanks,
Tim
--
Archive:
http://www.openplans.org/projects/remember/lists/remember/archive/2009/05/1243389890653
To unsubscribe send an email with subject "unsubscribe" to
[email protected]. Please contact [email protected] for
questions.
