On 8/12/09 22:12 , Wichert Akkerman wrote:
> Hi Stefan,
> On 2009-8-11 17:59, Stefan H. Holek wrote:
>> Short version:
>> PAS cannot be entirely ignorant of masquerading, because plugins are
>> allowed to call back to "their" PAS (via _getPAS()) and may pass login
>> names containing masquerading information.
> I'm already lost at this point. If your intention is to fully masquerade
> as another user why would there be masquerading information in the login
> name? The login name and userid should both be set for the assumsed user.
> This should be doable by setting a separate cookie to set the assumed
> identity along with a special form which can be used by helpdesk
> personel (I'm assuming that is the main use case) to switch identities.
> As long as you put the authentication plugin for your user-masquerading
> cookie first this should work transparaently. You could even add a role
> plugin which detects the masquerading cookie and adds a special role
> which you can use in the UI to add a switch-back-to-real-user option.
> As far as I can see to implement user masquerading you will need:
> - a special user-switch form to setup a masquerading cookie
> - a PAS extraction and authentication plugin which handles that cookie.
> this might even just be another instance of plone.session.
> - optionally a role plugin to add a special role when masquerading is
> This should be doable without any changes in PAS itself.
Point in case: there are now at least two plugins in the collective
which implement this feature.
Zope-PAS mailing list