[Zope-PTK] Membership Design

Phillip J. Eby pje@telecommunity.com
Thu, 03 Aug 2000 09:33:11 -0500


At 07:04 PM 8/2/00 -0600, Bill Anderson wrote:
>OK, after futzing around for a few weeks on the user management stuff, I
have decided that
>a redesign may be in order.
>
>
>
>So, out of  curiousity, and as a proof of concept. I re-implemented the
member mix-in, and
>persistenusersource provided in the membership product.
>
>I put roles, domains, listed, and password onto a propertysheet (of the
DataSkin variety).
>The password is stored encrypted. There is a 'downside' to this, in that
you can't just
>send someone their password. On the other hand, that means the password
isn't in
>cleartext.
>
>The aspect of this that concerns me, is the roles being in a
propertysheet. Just how
>accessible to the user are these? IIUC, they can only change the
properties if they have
>permission. But this would theoretically mean they can change their own
roles. This would
>be bad. I'm not conerned about them accessing them through the management
interfaces,
>since those will have a seperate permission/role requirement. My concern
is that they
>could write DTML that changes these properties, giving themselves the
manager role, for
>instance.

Roles should be on a different sheet than the others; you don't want
somebody able to change their roles on account of having permission to
change their password.  Other than that, there shouldn't be any issues.
Just divide the items into sheets based on permissions and you'll be fine.