-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jordan Baker wrote:

> I'm having problems setting member properties from a PAS plugin.  I'm 
> looking for feedback on my approach to solving this use case, and help 
> on resolving the problem.
> 
> The use case
> ------------
> 
> Implement simple password expiry in Plone. There are other solutions but
> those I've looked at so far have had to override many of the standard
> plone_login templates thus making the implementation future-brittle.
> 
> Potential Solution
> ------------------
> 
> Use an IUpdateCredentialPlugin so that when a member logs the password 
> age is examined.

Those plugins are only called when a user is manually changing their
password, which is pretty much the opposite of what you need (if they
are changing it, then expiration is moot, no?)

> If it is now expired then set the standard property must_change_password
> to True.

You want to hook into the 'IPropertiesPlugin' chain, and get a chance to
set the property on the newly-minted user object there.  You might also
add custom 'IRolesPlugin' / 'IGroupsPlugin' plugin which granted
acccess, or group membership, only if that property was not present.

> After which Plone's regular must_change_password mechanism in 
> plone_login skins takes over.
> 
> I suppose one of the downsides is that this means that it will be
> examined on each user REQUEST? This could be optimized away I suppose 
> somehow...

The performance hit is going to be pretty negligible here, compared to
the cost of rendering Plone's main_template.

> Major Roadblock
> ---------------
> 
> When I update member properties from an updateCredentials() method
> they revert back by the time the REQUEST is finished.

Your plugin isn't even being *called* in t normal request.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHGjh9+gerLs4ltQ4RAor9AJ9cMXYL1nJg8JXE79bGs/lNFuNQZwCeL+L3
wwu/syEOBcc2bcUWsniYfy4=
=k4Zs
-----END PGP SIGNATURE-----

_______________________________________________
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas

Reply via email to