[Zope-PTK] Adding LoginManager at the root

Tres Seaver tseaver@palladion.com
Tue, 16 May 2000 11:25:52 -0400


Kevin Dangoor wrote:
> 
> I just did this. The trouble is that LoginManager comes with default
> DTML methods for logging in and failed logins which can't be created
> by superuser If I try to add SheetProviders or anything to the
> LoginManager, it fails  with that error mentioned above.
> 
> Trying to replace the root acl_users is a unique case... because only
> the superuser can do so... a UserFolder doesn't have anything
> complicated to setup, but LoginManager does. Perhaps changes need to
> be made to LoginManager to make it easier to add to the root. (It
> could possibly create an initial user with Manager role that can own
> the DTML methods and sheetproviders...)

Hmm, LoginManager might be able to exploit the "revert to unowned"
behavior of objects belonging to former users:

 * Create a temporary user temporarily;

 * Assign it to REQUEST.AUTHENTICATED_USER;

 * Construct the DTML Methods;

 * Delete the user.

Oops, nope, this still won't work, because then the superuser won't be
able to call those DTML Methods to add users (I think).  Maybe leaving
the "cruft" user in place is sensible, except that (for instance) it
presents the same kind of problem as the recent piranha mess (default
passwords).  We could pass in the id and password of the new manager
in the constructor form, I guess.

Tres.
-- 
=========================================================
Tres Seaver  tseaver@digicool.com   tseaver@palladion.com
Digital Creations  "Makers of Zope"  http://www.zope.org