[Zope-PAS] Re: PluggableAuthService and PrincipalDeleted

Miles miles at jamkit.com
Wed May 7 10:02:38 EDT 2008


> I've never been happy with the idea of PAS "supporting" any changes to
> the plugins:  even the IUserAdderPlugin and IUpdatePlugin are out of
> place, in my opinion, because they try to generalize without knowing
> enough:  they exist to support a not-really-a-contract of the "stock"
> Zope user folder ('_doAddUser').
> CRUD on the user objects is really a separate application (*not* a
> framework), which is not even possible in many applications where PAS is
> appropriate.

I always thought that was the *point* of declaring plugins with specific 
interfaces: in those applications where it's not possible, you can just 
turn them off and they then have no effect.  I'm not sure it's sensible 
to ask people to develop a completely separate application to do it just 
because a subset of use-cases don't need it.

>> IIRC, I got a bit confused when it came to password resets, as to 
>> whether a password was considered a user property or as something else - 
>> passwords are passed to the UserManager at creation so should they go to 
>> the PropertyUpdater too?
> Passwords are *not* properties:  plugis implementing IUpdatePlugin
> should not know about them, unless they are also actively registered for
> ICredentialsUpdatePlugin.

Yes, though the interface documentation makes it sound as if it should 
only be used for a user changing their own password (rather than a 
manager changing a user's password).  If that's not the case, I'll 
happily submit a "documentation patch" to clarify.


More information about the Zope-PAS mailing list