Steve Alexander wrote:
In Launchpad, request.principal is not used by the application
programmers. It is used only by the authentication, authorization and
publication machinery. The machinery looks up a Person (an application
domain object) for the current principal (the participant, if you will)
and makes this available to application code. So, application code
deals with an application-level object, not some security system construct.
It sounds like you're saying only the security machinery should know
about principals, and that everything else deals with users. If so, it
should not be necessary for any Zope 3 developer to learn about
principals unless they are writing security machinery. Is that right?
Zope3-dev mailing list