On 4/19/07, Tres Seaver <[EMAIL PROTECTED]> wrote:
I doubt you would take my patch, which would just rip the whole thing out.

The tradeoff (that users from the root acl_users get a "weird" or even
broekn experience when browsing in the Plone UI), would be far better
than stomping the root user folder, IMNSHO:  really, that's an "iced tea
spoon" problem.

The problem is not just the Plone UI. It affects anyone that uses a
different challenge scheme at the root than at a more internal level.

And the problem is not just 'broken experience'. You can't login *at
all* with a user from the root user folder on an internal folder,
depending on how you setup your site. That means you can *lock
yourself out*. And not even the emergency user would work IIRC. That's
*as unacceptable* to me as replacing the root user folder.

I've repeated this a thousand times now. It only replaces the root
user folder if it's a standard user folder, in which case PAS provides
the *exact* same functionality of the standard user folder, and all
the existing users are kept. It's essentially replacing six by
half-dozen, and I just can't see anything wrong with that. I haven't
seen any good justification of *why* that's a lame idea so far. 'It's
lame because I said it is' doesn't cut it for me.

I'm 36.842% sure that using a 'Delegating Multi Plugin' or some
similar beast could avoid this. But when I tried to use the
'Delegating Multi Plugin' it was just plain unusable, and I've locked
myself out. No one would mind a patch that implemented something like
that as an alternative to replacing the the root user folder.

Someone with minimal PAS knowledge can certainly come up with a
configuration that allows users from the root user folder to login at
more internal user folders. In fact, that should be the standard
out-of-the-box behaviour for PAS.

Sidnei da Silva
Enfold Systems                http://enfoldsystems.com
Fax +1 832 201 8856     Office +1 713 942 2377 Ext 214
Zope-PAS mailing list

Reply via email to