On 4/25/06, Ben Sizer <[EMAIL PROTECTED]> wrote: > > Tim Lesher wrote: > > 1. First principles: the absolute minimum a user table needs is a > > unique string to identify a user. Theoretically, the user table's PK > > suffices, but that's probably not enough to let a user log in, so > > we'll need some string-based representation. > > [...] > > > 3. The majority (but not as many as #2) will probably want a > > "displayable" string that's more friendly than #1. It's a slim enough > > majority that we probably can't assume it, though. > > I would disagree with this. Most web sites I use simply display the > username.
I don't feel strongly about this point. That's why I wanted to make it optional--the TG_User class I proposed simply does what you mention if you never set a displayName. My real preference would just be to use a __str__ method on the class, defaulting to the userId. > In many cases this is likely to be derived > from other fields (eg. capitalize(username), or first + last name) so I > expect it would often be implemented as a method rather than a field. Right. A __str__ method would do nicely, I think. > > 4. It seems to me that most public-facing apps that require an email > > address will use it as the uniquely-identifying string > > I don't see much evidence that this would be the case. Often you enter > a username and then enter an email address later to verify your > account, receive update notifications, etc. Email addresses change, > unique identifiers generally should not. The real, unchanging unique identifier is, of course, the PK of the table (TG_User.id), which doesn't need to be visible. Logging in by email address, while maintaining "real" identity as the table PK, has some real advantages for a user: 1. It's extremely unlikely that, when a user registers, that the user's first choice of ID will be taken by someone else. 2. If the email address changes (which doesn't happen frequently), then the user can change the login email address, since the "real" uniqueness is provided by the user object's id. 3. The big benefit: the user doesn't have to remember 1,001 user names! On different services, I have user names of "timl", "tlesher", "leshert", "timlesher", "tim_lesher", and "timothy_lesher" (and those are just ones I logged into this week!). It's all because when I registered, one or more of them weren't available. As a result, I have to keep a list of "login names by web site" to keep them all straight. I'm just thankful my name isn't "John Smith"... I think that more people are recognizing this, because it seems that more sites are using email address as login. Some examples: 1. Amazon.com 2. Any sites using Microsoft Passport 3. Google AdSense and other features (whether or not you use a Gmail account) 4. Any Bugzilla-based sites (Bugzilla has always worked this way) 5. Any blog site that provides "send me email when new content arrives" features -- Tim Lesher <[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
