[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Users and Security

nobody@nowhere.com nobody@nowhere.com
Wed, 14 Aug 2002 13:52:13 -0400 

From: nobody@nowhere.com
To: zdp@zope.org

A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#2-4

---------------

    A Zope *User* defines a user account. A Zope user has a name,
    a password, and optionally additional data about someone who uses
    Zope. To log into Zope, you must have a user account. Let's
    examine how to create and manage user accounts.

      % kaleissin - May 16, 2002 3:03 pm:
       There's no obvious way to *move* or *copy* a user-account from one User Folder to another, which can be a bit
       annoying if the same user has different powers in different parts of the site, or you made the user in the
       wrong folder... "Sorry boss, but you have to enter a password here also... and here, and here... change
       password? Uhh, you'll have to do that for each folder separately, eh-heh."

      % Anonymous User - May 24, 2002 8:28 am:
       I think you have to create all users in the "acl_users" directory located in the Zope root. THEN you can edit
       folders' access rules by setting folder's "local roles" found under the "Security" tab. Here you can add or
       remove users with roles you already made.
       (I'm still looking a way to let my users change their OWN password only)

      % Anonymous User - May 24, 2002 8:50 am:
       ...I couldn't find any builtin feature to let users change their own password only so it seems you have to
       write your own managing form to solve this problem. (Why?)

      % Anonymous User - June 10, 2002 6:55 pm:
       It's pretty easy to write a custom form and method for changing a user's password. I did this a few years ago
       as part of a content management system I wrote on Zope. You can give the form handler method a proxy role so
       that it can change the user's password. I think the "manage users" permission is required.

      % Anonymous User - June 11, 2002 5:21 pm:
       You can't copy and paste user folders and accounts for security purposes. Also there is a "how to" on <a
       href="http://www.zope.org/Members/msx/ChangeOwnPassword-mini-howto">how to let users change their own
       passwords</a>.

      % Anonymous User - Aug. 14, 2002 1:52 pm:
       The paragraph above mentions that a User can have additional data. How can this additional data be
       created/edited?