Re: [Zope-dev] Username/userid separation
Am Mittwoch, den 03.08.2005, 21:01 -0300 schrieb Leonardo Rochael Almeida: > Hi, > > I've started the lra-userid_username_separation-branch (from > Zope-2_8-branch to start from a stable point) in order to implement > proper userid/username separation in Zope. > > I don't intend to change the default user folder implementation, just > the ZMI interface for owner and local roles so that they keep using > userid for storage like they currently do but use usernames for display > (specifically acl_users.getUserById(id).getUserName()). The intent is to > never leak the userid to the ZMI (except for url query strings and > such), and to never store the username persistently. > > The motivating usecase is an LDAP (eDirectory) authenticated system > where the username for a user can change, but not the internal ID (a > string). > > This will also help ActiveDirectory integration, which also has an > internal ID to reference users. > > I remember there being a discussion about this in the list archives, but > a Google search didn't help much. > > Are there any other projects in this area that I should colaborate with > instead of duplicating efforts? > > Are there any considerations I should be aware of? Are you aware of the PAS (Pluggable Auth Service) project? http://cvs.zope.org/Products/PluggableAuthService/ They already have a separation of uid and login. What this product could use is just some polishing and a lot of documentation for the users. All the other things you mention (including a LDAP plugin) are already done. ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Username/userid separation
Hi, I've started the lra-userid_username_separation-branch (from Zope-2_8-branch to start from a stable point) in order to implement proper userid/username separation in Zope. I don't intend to change the default user folder implementation, just the ZMI interface for owner and local roles so that they keep using userid for storage like they currently do but use usernames for display (specifically acl_users.getUserById(id).getUserName()). The intent is to never leak the userid to the ZMI (except for url query strings and such), and to never store the username persistently. The motivating usecase is an LDAP (eDirectory) authenticated system where the username for a user can change, but not the internal ID (a string). This will also help ActiveDirectory integration, which also has an internal ID to reference users. I remember there being a discussion about this in the list archives, but a Google search didn't help much. Are there any other projects in this area that I should colaborate with instead of duplicating efforts? Are there any considerations I should be aware of? Is the "Proposals" wiki pages still used for this kind of change? Cheers, Leo -- Leonardo Rochael Almeida <[EMAIL PROTECTED]> Enfold Systems ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: File System Directory Files Permission Setting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evrim Ozcelik wrote: > Is there a way to set zope permissions for files that are linked to zope > with file system directory view. For example, i have a zope python script > which must only be executed by users that have manager role. In order to do > this i think i have 2 alternatives: > > 1- I can control the permission in the zope python script script > > user = getAuthenticatedUser() > if(user has manager role): > > else: > go to login > > 2- I can put a special file like .metadata file and set the python script > zope permissions. (I don't know how can i do this) First, FSPythonScript, DirectoryView, etc. are from CMFCore -- the more appropriate list for this question would be [EMAIL PROTECTED] (CC'ed). Second: the .metadata file allows you to change a number of settings for filesystem-based objects, including title, cache manager, proxy roles, and the role permission map. In your case, the map is the important setting: you want to restrict the "View" permission to the "Manager" role, e.g: [security] View = 0:Manager Where the '0:' bit turns off the "Acquire?" flag. Tres. - -- === Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC8OVK+gerLs4ltQ4RAkLyAJ0V3MGg0Vq5wd5Dsz6v7LpRIdFhgACfQihx BAJF8cTx890GdYKxvFgrc+Q= =BYMu -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] File System Directory Files Permission Setting
Is there a way to set zope permissions for files that are linked to zope with file system directory view. For example, i have a zope python script which must only be executed by users that have manager role. In order to do this i think i have 2 alternatives: 1- I can control the permission in the zope python script script user = getAuthenticatedUser() if(user has manager role): else: go to login 2- I can put a special file like .metadata file and set the python script zope permissions. (I don't know how can i do this) Thanks, ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )