On 8/12/09 22:12 , Wichert Akkerman wrote: > Hi Stefan, > > On 2009-8-11 17:59, Stefan H. Holek wrote: >> Short version: >> PAS cannot be entirely ignorant of masquerading, because plugins are >> allowed to call back to "their" PAS (via _getPAS()) and may pass login >> names containing masquerading information. > > I'm already lost at this point. If your intention is to fully masquerade > as another user why would there be masquerading information in the login > name? The login name and userid should both be set for the assumsed user. > > This should be doable by setting a separate cookie to set the assumed > identity along with a special form which can be used by helpdesk > personel (I'm assuming that is the main use case) to switch identities. > As long as you put the authentication plugin for your user-masquerading > cookie first this should work transparaently. You could even add a role > plugin which detects the masquerading cookie and adds a special role > which you can use in the UI to add a switch-back-to-real-user option. > > As far as I can see to implement user masquerading you will need: > > - a special user-switch form to setup a masquerading cookie > - a PAS extraction and authentication plugin which handles that cookie. > this might even just be another instance of plone.session. > - optionally a role plugin to add a special role when masquerading is > active > > This should be doable without any changes in PAS itself.
Point in case: there are now at least two plugins in the collective which implement this feature. Wichert. _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org https://mail.zope.org/mailman/listinfo/zope-pas