Steve Alexander wrote:
In Launchpad, request.principal is not used by the application programmers. It is used only by the authentication, authorization and publication machinery. The machinery looks up a Person (an application domain object) for the current principal (the participant, if you will) and makes this available to application code. So, application code deals with an application-level object, not some security system construct.
It sounds like you're saying only the security machinery should know about principals, and that everything else deals with users. If so, it should not be necessary for any Zope 3 developer to learn about principals unless they are writing security machinery. Is that right?
Shane _______________________________________________ Zope3-dev mailing list [email protected] Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
