I've often wondered about this: Authenticated vs Member. Member is often treated and being equivalent to authenticated: if you can authenticate then you are a member.

There are some use cases that I can think of when you may want to use member as something more than just authenticated (eg - they've paid their membership) but may not want to stop authentication for non members (eg the membership renewal requires authentication).

We've got a similar situation for students: we really don't need member rights for students but we do need them to authenticate. We can distinguish between students and staff by looking at group membership in the LDAP database. We'd like to be able to assign membership role based on group membership

I don't think that you should automatically assign the member role upon authentication. You may want this to be the default behavior but you should be able to override it.


Rocky Burt wrote:

By default, simple authentication success does not induce the necessary roles on the user (which you'll have to setup with another interface implementation). You'll want (at a minimum) all users to get the Member role on a plone system. At that point they should be able to create content where all Member's have permission to create content.

With regard to their own personal member folder being created, I would have expected that to get auto-created upon first login but to be honest I don't recall how that logic works.

- Rocky

Brian Ellin wrote:

Tres put me on the right path, and now I've got a working OpenID
authentication plugin.  Thanks Tres!

The goal of this plugin is to allow OpenID to users to participate in
Zope/Plone sites without having to create a separate account on the
site, and also have them be identified by their URL.

My question is: What is the relationship between a successful
authentication and user objects on the server?  Say an OpenID user who
has never logged in before logs in with their URL and authentication
succeeds.  Is a user object automatically created?  Do i need query
the database to see if one exists, and if not then create one
manually?  If so, how do i do that?  Where can I read about this

The current state of my plugin is that a user may type in their
identity URL and successfully authenticate.  I'm using plone to test
the plugin, and once the user has "logged in" there is not much
different from being anonymous.   Their user name shows up in the
top-left of the screen, but thats pretty much the only difference. I'd like the user to be able to add content, edit prefs, and leave
comments by default just like a normal user, but without having to go
through the join procedure.  I realize that this is getting into Plone
specific territory, but i'm sure the user-object creation issue
applies to any PAS auth plugin.

Any help or pointers to documentation would be a delight.

Brian Ellin

Zope-PAS mailing list

Reply via email to