AW: [Zope3-dev] Pluggableauth / IPrincipalSource interface proposal
Roger ineichen
dev at projekt01.ch
Sat Jul 10 20:46:43 EDT 2004
Phillip J. Eby wrote:
> >
> >I think there are some methods in the interface IPrincipalSource
> >missing.
>
> Yes. They were left out on purpose. A principal *source* is just a
> source. It is not a principal management service.
>
>
> >If so should we add a IWritePrincipalSource interface as
> another base
> >interface?
>
> If you need a management interface for Principals, perhaps
> there should be
> an IPrincipalManager. However, such an interface doesn't
> necessarily have
> anything to do with being an IPrincipalSource.
>
> Note that there are many reasons why one might have a
> principal source that
> cannot be written to. For example, a principal source might access a
> corporate LDAP server or ActiveDirectory in order to validate
> access, but
> the application may not have any rights to update it.
>
> This is why IPrincipalSource doesn't deal in management of
> principals: the
> framework should not be written so as to assume that a Zope-based
> application is allowed to manage its own principals, or even
> to *list* all
> of them.
I see, that's right and I agree.
Ok, I will add a IPrincipalManager interface.
But how should we provide a managed or unmanaged
LDAP server (PrincipalSource)?
Should we inject a IPrincipalManager interface
on the fly for to add this support? Or is it
better to have to different PrincipalSource.
One "managed" and one just readeable?
Thanks for pointing me to this.
Regards
Roger
More information about the Zope3-dev
mailing list