Shane Hathaway wrote:
Steve Alexander wrote:
In Launchpad, request.principal is not used by the application
programmers. It is used only by the authentication, authorization and
publication machinery. The machinery looks up a Person (an application
domain object) for the current principal (the participant, if you will)
and makes this available to application code. So, application code
deals with an application-level object, not some security system
It sounds like you're saying only the security machinery should know
about principals, and that everything else deals with users. If so, it
should not be necessary for any Zope 3 developer to learn about
principals unless they are writing security machinery. Is that right?
If not that, we can at least make the weaker case that no Zope 3 *UI*
user (whether it's the ZMI or something built on top of it) ordinarily
should have to know about 'principals'.
Zope3-dev mailing list