[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Users and Security
Wed, 14 Aug 2002 13:52:13 -0400
A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#2-4
A Zope *User* defines a user account. A Zope user has a name,
a password, and optionally additional data about someone who uses
Zope. To log into Zope, you must have a user account. Let's
examine how to create and manage user accounts.
% kaleissin - May 16, 2002 3:03 pm:
There's no obvious way to *move* or *copy* a user-account from one User Folder to another, which can be a bit
annoying if the same user has different powers in different parts of the site, or you made the user in the
wrong folder... "Sorry boss, but you have to enter a password here also... and here, and here... change
password? Uhh, you'll have to do that for each folder separately, eh-heh."
% Anonymous User - May 24, 2002 8:28 am:
I think you have to create all users in the "acl_users" directory located in the Zope root. THEN you can edit
folders' access rules by setting folder's "local roles" found under the "Security" tab. Here you can add or
remove users with roles you already made.
(I'm still looking a way to let my users change their OWN password only)
% Anonymous User - May 24, 2002 8:50 am:
...I couldn't find any builtin feature to let users change their own password only so it seems you have to
write your own managing form to solve this problem. (Why?)
% Anonymous User - June 10, 2002 6:55 pm:
It's pretty easy to write a custom form and method for changing a user's password. I did this a few years ago
as part of a content management system I wrote on Zope. You can give the form handler method a proxy role so
that it can change the user's password. I think the "manage users" permission is required.
% Anonymous User - June 11, 2002 5:21 pm:
You can't copy and paste user folders and accounts for security purposes. Also there is a "how to" on <a
href="http://www.zope.org/Members/msx/ChangeOwnPassword-mini-howto">how to let users change their own
% Anonymous User - Aug. 14, 2002 1:52 pm:
The paragraph above mentions that a User can have additional data. How can this additional data be