[Zope-PAS] Authenticated vs Member - was: Authentication and Users

Tom Hallam thallam at ee.uwa.edu.au
Mon Nov 28 00:03:07 EST 2005


I've often wondered about this: Authenticated vs Member.  Member is 
often treated and being equivalent to authenticated: if you can 
authenticate then you are a member.

There are some use cases that I can think of when you may want to use 
member as something more than just authenticated (eg - they've paid 
their membership) but may not want to stop authentication for non 
members (eg the membership renewal requires authentication).

We've got a similar situation for students: we really don't need member 
rights for students but we do need them to authenticate.  We can 
distinguish between students and staff by looking at group membership in 
the LDAP database.  We'd like to be able to assign membership role based 
on group membership

I don't think that you should automatically assign the member role upon 
authentication.  You may want this to be the default behavior but you 
should be able to override it.

Tom

Rocky Burt wrote:
> 
> By default, simple authentication success does not induce the necessary 
> roles on the user (which you'll have to setup with another interface 
> implementation).  You'll want (at a minimum) all users to get the Member 
> role on a plone system.  At that point they should be able to create 
> content where all Member's have permission to create content.
> 
> With regard to their own personal member folder being created, I would 
> have expected that to get auto-created upon first login but to be honest 
> I don't recall how that logic works.
> 
> - Rocky
> 
> 
> Brian Ellin wrote:
> 
>> Tres put me on the right path, and now I've got a working OpenID
>> authentication plugin.  Thanks Tres!
>>
>> The goal of this plugin is to allow OpenID to users to participate in
>> Zope/Plone sites without having to create a separate account on the
>> site, and also have them be identified by their URL.
>>
>> My question is: What is the relationship between a successful
>> authentication and user objects on the server?  Say an OpenID user who
>> has never logged in before logs in with their URL and authentication
>> succeeds.  Is a user object automatically created?  Do i need query
>> the database to see if one exists, and if not then create one
>> manually?  If so, how do i do that?  Where can I read about this
>> stuff?
>>
>> The current state of my plugin is that a user may type in their
>> identity URL and successfully authenticate.  I'm using plone to test
>> the plugin, and once the user has "logged in" there is not much
>> different from being anonymous.   Their user name shows up in the
>> top-left of the screen, but thats pretty much the only difference. I'd 
>> like the user to be able to add content, edit prefs, and leave
>> comments by default just like a normal user, but without having to go
>> through the join procedure.  I realize that this is getting into Plone
>> specific territory, but i'm sure the user-object creation issue
>> applies to any PAS auth plugin.
>>
>> Any help or pointers to documentation would be a delight.
>>
>> Thanks,
>> Brian Ellin
> 
> 
> 



More information about the Zope-PAS mailing list