On Wednesday 01 November 2006 10:18, Dominique Lederer wrote:
i would like to implement my own permissions on my package.
as far as i unterstood, i would to the following steps:
- first i create some custom permissions and roles
- then i grant the permissions to roles.
- after that i create some global principals, which i assign my roles.
These principals are my groups.
This is all done by ZCML configuration stuff in my package, the groups
are defined as principals in /etc/principals.zcml
is this right so far?
That's one way to do it, yes. We do almost the same, except that our groups
live in the ZODB and are created when we create a site using the
configurator. However, we have an ASP solution, so we need to make sure that
if User U is in Group G in Site 1, then he is not in Group G in Site 2. You
might not have this requirement, so doing global declarations is fine.
Having the groups in the ZODB allows you also to just set the members on the
group. The framework does the rest. Again, this might not be desirable for
external users.
next steps:
-users are located outside of ZODB (lets say a simple mysql table with
login, password, group as attributes), so i would write a PAU
Authenticator Plugin.
Correct.
-This plugin i would register in my sites PAU. if everything goes right,
i can now login with users from the external database.
Yes.
- then i have to listen to IPrincipalCreated event and attach the
group(s), depending on the group entry in my mysql table.
Correct.
(Do i have
to make a second query here or is it possible to retrieve the group
information via the auth plugin?)
You can have that info in the principal info of the auth plugin.
im i thinking right here? i just want to make sure i unterstood this,
before work begins.
Yep, looks all good.
Regards,
Stephan
--
Stephan Richter
CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
