Hi, I have to write an Authenticator Plugin for my application. My login/pass data is stored in a relational database, which I access via zsqlalchemy.
I have several objects, which are secured by certain permissions. Moreover I granted permissions to several roles, which I also defined. My problem is how to give users, which are stored in my database, the correct role (and therefore permission). If I understand it right, an Authenticator Plugin returns a principal, which represents a user in the database, but how can I map the principal to a specific role? Are principals mapped one to one from users to principals? Or should I perhaps map many users to one principal? What I further don't understand is if and why authenticator plugins are called when credentials are correctly retrieved via e.g. the SessionCredentialsPlugin or how I can prevent it: When the user logs in, there are no credentials and he has to supply them via the login form. Then he is authenticated by the AuthenticatorPlugin (e.g. the database is queried for user/pass), and the credentials are stored in the session. However, for subsequent requests, I think it makes no sense to query the database again, as the user has already authenticated - or am I getting something wrong? Best Regards, Hermann -- [EMAIL PROTECTED] GPG key ID: 299893C7 (on keyservers) FP: 0124 2584 8809 EF2A DBF9 4902 64B4 D16B 2998 93C7 _______________________________________________ Zope3-users mailing list Zope3firstname.lastname@example.org http://mail.zope.org/mailman/listinfo/zope3-users