[Zope] User/Subscriber advice on How-To

Tres Seaver tseaver@palladion.com
Wed, 23 Feb 2000 09:27:31 -0600 

Jon Prettyman <jprettyman@acm.org> wrote: 
> 
> I'm trying to set up a registered subscription based site with Zope.
> The powers that be want a cookie based authentication scheme, so I've
> started by using GenericUserFolder to handle my authentication.  I'm
> keeping my user account info in a /etc/passwd type file.  I have some
> ExternalMethods I use to create user accounts that are accesible from
> a ``register'' method in my acl_users folder.  So far so good.
> 
> The PTB want to add more account information such as e-mail address,
> phone/fax etc.  I'm wondering if my best course of action at this
> point would be to add this info to my account file in the form of
> additional fields, or should I create some type of User class derived
> from BasicUser to handle this.  If I go the class route, I'm a little
> confused about what to derive where.  Does anybody have any
> suggestions on what my best course of action would be?

Depending on your (John's) time frame, the Portal Toolkit
(http://www.zope.org/Products/PTK) is aimed directly at your problem.  It will
have a framework in place for extensible User objects, with your choice of
storage formats (local password file, RDBMS, the ZODB, LDAP, etc).  In
particular, you will be able to associate additional data with each user.  The
PTK already looks good, and is progressing nicely.  The "extensible user"
features should be available very shortly.

John Morton <jwm@plain.co.nz> replied:
> 
> Jon Prettyman writes:
>  > I'm trying to set up a registered subscription based site with Zope.
>  > The powers that be want a cookie based authentication scheme, so I've
>  > started by using GenericUserFolder to handle my authentication.  I'm
>  > keeping my user account info in a /etc/passwd type file.  I have some
>  > ExternalMethods I use to create user accounts that are accesible from
>  > a ``register'' method in my acl_users folder.  So far so good.
>  >
>  > The PTB want to add more account information such as e-mail address,
>  > phone/fax etc.  I'm wondering if my best course of action at this
>  > point would be to add this info to my account file in the form of
>  > additional fields, or should I create some type of User class derived
>  > from BasicUser to handle this.  If I go the class route, I'm a little
>  > confused about what to derive where.  Does anybody have any
>  > suggestions on what my best course of action would be?
> 
> I'm going for a SQL backed approach myself (with postgreSQL), but
> that's only a good option if you're reasonably well versed with DB
> admining and SQL hacking. For your approach, it's probably best to
> have the passwd file just handle the user/password and roles aspects,
> and make a ZClass to handle the extra user information. Set the
> property sheet up with all the user information, and build some nice
> forms to handle adding and editing. Then the rest is a matter of
> security settings - the user who's information it is should have a
> local role of owner set so they can always veiw and edit their
> information. Anonymous users probably shouldn't be able to view other
> people's information, but some other roles might. And remember to make
> Zcatalog a base class when you build the Zclass so all the user
> information is searchable.

Note that I think the base class you want here is "CatalogAware", not ZCatalog.

-- 
=========================================================
Tres Seaver         tseaver@palladion.com    713-523-6582
Palladion Software  http://www.palladion.com