[Zope3-Users] Granting roles automatically ?

Dominique Lederer dominique.lederer at inode.at
Wed Nov 1 10:18:50 EST 2006

Stephan Richter schrieb:
> On Friday 27 October 2006 06:57, Thierry Florac wrote:
>> What I'd like to do is to be able to grant a set of roles automatically
>> to my internal principals authenticated via LDAP. Is it possible ?
> Yes, create some groups and grant them permissions and roles. You then listen 
> to the IPrincipalCreated event and attach the group(s), if they are coming 
> from LDAP.
> Regards,
> Stephan

hi, my questions are similar to this:

i would like to implement my own permissions on my package.
as far as i unterstood, i would to the following steps:

- first i create some custom permissions and roles
- then i grant the permissions to roles.
- after that i create some global principals, which i assign my roles.
These principals are my groups.

This is all done by ZCML configuration stuff in my package, the groups
are defined as principals in /etc/principals.zcml

is this right so far?

next steps:
-users are located outside of ZODB (lets say a simple mysql table with
login, password, group as attributes), so i would write a PAU
Authenticator Plugin.
-This plugin i would register in my sites PAU. if everything goes right,
i can now login with users from the external database.
- then i have to listen to IPrincipalCreated event and attach the
group(s), depending on the "group" entry in my mysql table. (Do i have
to make a second query here or is it possible to retrieve the group
information via the auth plugin?)

im i thinking right here? i just want to make sure i unterstood this,
before work begins.


More information about the Zope3-users mailing list