I've often wondered about this: Authenticated vs Member. Member is
often treated and being equivalent to authenticated: if you can
authenticate then you are a member.
There are some use cases that I can think of when you may want to use
member as something more than just authenticated (eg - they've paid
their membership) but may not want to stop authentication for non
members (eg the membership renewal requires authentication).
We've got a similar situation for students: we really don't need member
rights for students but we do need them to authenticate. We can
distinguish between students and staff by looking at group membership in
the LDAP database. We'd like to be able to assign membership role based
on group membership
I don't think that you should automatically assign the member role upon
authentication. You may want this to be the default behavior but you
should be able to override it.
Rocky Burt wrote:
By default, simple authentication success does not induce the necessary
roles on the user (which you'll have to setup with another interface
implementation). You'll want (at a minimum) all users to get the Member
role on a plone system. At that point they should be able to create
content where all Member's have permission to create content.
With regard to their own personal member folder being created, I would
have expected that to get auto-created upon first login but to be honest
I don't recall how that logic works.
Brian Ellin wrote:
Tres put me on the right path, and now I've got a working OpenID
authentication plugin. Thanks Tres!
The goal of this plugin is to allow OpenID to users to participate in
Zope/Plone sites without having to create a separate account on the
site, and also have them be identified by their URL.
My question is: What is the relationship between a successful
authentication and user objects on the server? Say an OpenID user who
has never logged in before logs in with their URL and authentication
succeeds. Is a user object automatically created? Do i need query
the database to see if one exists, and if not then create one
manually? If so, how do i do that? Where can I read about this
The current state of my plugin is that a user may type in their
identity URL and successfully authenticate. I'm using plone to test
the plugin, and once the user has "logged in" there is not much
different from being anonymous. Their user name shows up in the
top-left of the screen, but thats pretty much the only difference. I'd
like the user to be able to add content, edit prefs, and leave
comments by default just like a normal user, but without having to go
through the join procedure. I realize that this is getting into Plone
specific territory, but i'm sure the user-object creation issue
applies to any PAS auth plugin.
Any help or pointers to documentation would be a delight.
Zope-PAS mailing list