Wichert's good work has kicked my butt into gear. :) On trunk for both membrane and remember I've removed the workflow state category set mapper stuff that was deprecated in the last release. So those of you out there that are making use of that functionality, be warned that the next major release will remove it.
I'd like to summarize some discussion that's gone on off-list about how to replace the functionality. My main concern is making the process of building member content types use the same concepts as content type developers are used to using. It seems to me that expressing "when can a member log in" is most similar to saying "when can an author edit their content" and that the way we do this in CMF is workflow state permisison maps. To that end, I've introduced a new 'membrane: Can authenticate' permission which will be checked during authentication against the membrane content object for the user authentication. The global default roles for this permission are ['Manager', 'Authenticated'] meaning that by default this permission check always passes leaving the rest of authentication to the credentials. If however, the permissions are changed, such as by workflow, such that the membrane user does not have that permission on the membrane object, then authentication will fail. To restrict authentication based on workflow state, use workflow state permission mapings to remove the 'membrane: Can authenticate' permission from the membrane object for the membrane user. Note that this will most often require that the membrane user have a role in the context of their own membrane object, such as Owner. Membrane does not provide any such role, but remember does and can be used as an example. The remember approval workflow have been updated to control this new permission and block authentication before the registration has been approved. If you can, I'd very much appreciate any testing against trunk before I roll up a release. This is a significant enough change that I'd like to get some eyes on it before cutting a release just to make my life easier. :) Ross -- Archive: http://www.coactivate.org/projects/remember/lists/remember/archive/2009/06/1245745225187 To unsubscribe send an email with subject "unsubscribe" to [email protected]. Please contact [email protected] for questions.
