Thanks for the reply, hope you had a good trip!
I went back to read my post in light of this information and I can see
why you are confused! I had to get out my notes to remember exactly
what the deal is.
You are correct, repoze.what-quickstart does not override mdproviders.
What happens is this:
Those two lines assign a value directly to the repoze.what.credentials
dictionary, even if it already exists. If it doesn't exist they create
a blank dictionary, but if it does it assigns directly instead of
using, say, update.
After all the source diving I did I am amazed that I managed to, at
the last minute, mix up two different packages! I apologize for this
As for setup_sql_auth, I'll have to look at it again. It gets defined
in a chain of calls that are out of my direct control (unless I want
to edit libraries!), but I'm not sure when it actually gets executed -
my Python knowledge is a little thin still here. It looked like a
function I didn't want to call twice, and after tracing all the calls
backwards I found no simple way to insert an mdprovider into
load_environment such that it would be included in this chain of
Anyway, it's a moot point because repoze.what overrides the groups and
permissions dictionaries in the environment, and since mdproviders is
a dictionary there is no real guarantee of the order the mdproviders
are run in. If my mdprovider runs first, it adds to the environment
and then repoze.what writes over my data. If my mdprovider runs last,
there's no issue. I considered exploiting hashes to make this happen
but in the end decided I wanted a clean solution ;)
I apologize for misspeaking last message, it had been a while and I
needed to refamiliarize myself with the situation. Also it appears
that I have addressed the subject incorrectly :)
Repoze-dev mailing list