Here is my _opinion_ on this issue: Most of our users will use the DB security service. It should be as painless as possible for as many people as possible. I know that the security service can easily be changed to allow a simple user.save() to update the username for the DB version.
On LDAP, if the PK can not be changed to a surrogate key, the method used to save the user inside of the LDAP UserManager implementation should do a remove and add if the username has changed. If this is not possible, throw an exception. I think this way would be the simplest to understand for anyone using Turbine. For this approach: +1 > -----Original Message----- > From: Humberto Hernandez Torres [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 13, 2003 4:10 PM > To: Turbine Developers List > Subject: RE: Changing the username in SecurityService > > > The purpose of my mail was to discuss what should be done > about this. I was making > the case that even in DBSecurityService we should use a > different method. I could make > the change but I don't think we have an agreement. What do > you guys suggest? > > I should have commented the issue in directly in scarab but I > am only an observer and I cannot request a role. What can I do? > > > -----Original Message----- > > From: Quinton McCombs [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 13, 2003 9:31 AM > > To: Turbine Developers List > > Subject: RE: Changing the username in SecurityService > > > > > > I think that generally when people use the security service > > they regard > > the limitation of not being able to change the user name as a > > defect. > > I understand. > > > I > > think that we should allow the users to simply update the > username and > > call the save() method. If this can not be implemented in the LDAP > > model, then I suppose that we really don't have much of a choice. > > However, if LDAP can use a surrogate key instead of > username, then I > > think it should be changed. > > Yeah, one possibility may be to use a user_id. But still, I > don't like the idea of changing a primary_key. > > > > > > -----Original Message----- > > > From: Humberto Hernandez Torres [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, February 12, 2003 5:11 PM > > > To: Turbine Developers List > > > Subject: RE: Changing the username in SecurityService > > > > > > > > > > > > Just some more thoughts on this subject. > > > > > > In the DBSecurityService there are two primary keys. The user > > > id and the username (login name). The user id is the primary > > > key for all database purposes but the username is the primary > > > for the SecurityService interface since all methods use this > > > field to identify users. For this reason I think that > > > username should be treated as a primary key and if it needs > > > to be changed it has to be done using an explicit method > > > like 'void renameUser(Usert user, String name)'. Within > > > DBSecurityService would be very easy to change that field. In > > > LDAPSecurityService a new entry con be created with all the > > > same values and the old entry can be deleted. > > > > > > Any thoughts? > > > > > > -- > > > Humberto > > > > > > > > > > -----Original Message----- > > > > From: Humberto Hernandez Torres > > > > Sent: Tuesday, February 11, 2003 6:28 PM > > > > To: 'Turbine Developers List' > > > > Subject: Changing the username in SecurityService > > > > > > > > > > > > Hey guys, In regards of this defect: > > > > http://scarab.werken.com/scarab/issues/id/TTWS44 > > > > > > > > The username cannot be changed in the LDAPSecurityService > > > because it > > > > is the primary_key for the Users. Neither I think it is a > > > good idea to > > > > change it in DBSecurirtyService using the > > > DBSecurityService:store(User > > > > user) method. However, I understand the need to change the > > > username, > > > > but I would suggest to have a different method 'void > > > renameUser(Usert > > > > user, String name)'. This is consistent with the way many > > Web pages > > > > operate, they let you change your information in one page > > > but if you > > > > want to change your account name you have to go to a > > > diffferent page. > > > > > > > > The alternative is to restructure the LDAPSecurityService > > to use a > > > > unique integer id. At this moment I don't know what the > > > implications > > > > would be. I will think about it tonight. > > > > > > > > -- > > > > Humberto > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
