-----BEGIN PGP SIGNED MESSAGE-----
Jordan Baker wrote:
> I'm having problems setting member properties from a PAS plugin. I'm
> looking for feedback on my approach to solving this use case, and help
> on resolving the problem.
> The use case
> Implement simple password expiry in Plone. There are other solutions but
> those I've looked at so far have had to override many of the standard
> plone_login templates thus making the implementation future-brittle.
> Potential Solution
> Use an IUpdateCredentialPlugin so that when a member logs the password
> age is examined.
Those plugins are only called when a user is manually changing their
password, which is pretty much the opposite of what you need (if they
are changing it, then expiration is moot, no?)
> If it is now expired then set the standard property must_change_password
> to True.
You want to hook into the 'IPropertiesPlugin' chain, and get a chance to
set the property on the newly-minted user object there. You might also
add custom 'IRolesPlugin' / 'IGroupsPlugin' plugin which granted
acccess, or group membership, only if that property was not present.
> After which Plone's regular must_change_password mechanism in
> plone_login skins takes over.
> I suppose one of the downsides is that this means that it will be
> examined on each user REQUEST? This could be optimized away I suppose
The performance hit is going to be pretty negligible here, compared to
the cost of rendering Plone's main_template.
> Major Roadblock
> When I update member properties from an updateCredentials() method
> they revert back by the time the REQUEST is finished.
Your plugin isn't even being *called* in t normal request.
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope-PAS mailing list