Previously Tres Seaver wrote: > The installer for a 'Plone Site' replaces the root acl_users with a PAS: > I've argued that this is poor practice (inexcusably rude, actually), > but they seem determined to continue it.
Rewriting the PlonePAS install code and checking if we can remove the root acl_users changing logic is on my todo list. The whole PlonePAS install code is somewhat nasty unfortunately. > > Now I can only add users from the ZODB User Manager under > > /acl_users/users, > > there is nowhere to add a user from an Add buttion as in the older version > > of > > Zope. > > Correct. In PAS, there are actually potentially muttiple user sources > (e.g,, SQL, LDAP, NTLM, etc.). Adding them to the 'ZODB users' plugin > is the "cognate" of the od "Add" button. I started writing some PAS documentation recently that may give some useful background information. You can find it at http://plone.org/documentation/manual/pas-reference-manual > > I can add roles from ZODB Role Manager in /acl_users/roles but these > > roles > > don't show up under the Security tab on any page. I can add local roles > > under the Security tab and they don't show up in /acl_users/roles. > > Correct. The roles in the PAS plugin are used to control "global" > grants to the users; the roles you set on a folder (even the root), are > about "local" grants. The is (imho) a buglet here: creating new roles now involves creating both in the PAS roles manager and in the ZMI security tab. ZODBRoleManager takes a snapshot of all existing roles in its manage_afterAdd method, but never updates that list later. Following your logic it would make more sense if the ZODBRoleManager did not make a snapshot of existing roles to make the distinction between global and local roles more obvious. The whole local vs global roles thing always seems to get me confused though. > > Am still searching the WEB and archives in the meantime. > > The better list for this would be [EMAIL PROTECTED] (CC'ed), which > deals with PAS specifics. How do [email protected] and [EMAIL PROTECTED] related to each-other? I've always wondered that. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Zope-PAS mailing list [email protected] http://mail.zope.org/mailman/listinfo/zope-pas
