Noah Kantrowitz kirjoitti:
>
> On Jun 30, 2008, at 4:32 AM, Jani Tiainen wrote:
>
>> As I promised, I've given some thoughts about this user system and I
>> have some visions how it could work. Note that this is now written
>> based
>> on external experience without looking how Trac internals now work.
>>
>> First at all, user handling would be divided to three different
>> modules
>> by functionality:
>>
>> 'authentication', 'authorization' and 'profile'.
>
> So your idea of a "profile" already exists in the guise of session
> variables. This isn't the problem. There are two major issues with the
> current user/session system. 1) We have no good way to enumerate valid
> users. 2) It isn't possible to pull session keys from anywhere other
> than the database. Both are relatively minor fixes, just need to get
> around to doing it.
Kind of a yes...
I'm still trying to formalize this all to more comprehensive
documentation but basically I'm trying to achieve common backend store
to store and retrieve authentication, authorization and user data from
virtually anywhere.
First two are in usable shape (IAuthenticator, IPermissionStorage) last
one needs some loving.
Basically flow should go like this:
When user points to Trac instance:
- open session and store it to non persistent cookie. Cleanup expired
sessions.
- Authenticate, either by external means (current default Trac
implementation) or by login form and some other method of authentication.
Note: there must be way to provide multiple authentication backends and
propably set order for them. Because requirement of username being
unique across system user could be tied to be authenticated only from
certain resources. This would require that Trac knows which
authentication methods to try for particular user.
- Authorize, get user permissions from one or more authorization
sources. This needs also order of permissions applied so it's very easy
to apply credentials.
- Interact with user data (profile) while working in Trac. (One example
being that ticket watching). User data should be (per field?) able to be
retrieved and stored from one or more sources.
- Logout - close session (if possible, in case of external auth this is
not so simple).
One of the real world usages would be to have global user permission
storage which is always read first. Then you would apply local
permissions on top of that.
Currently Trac provides means to read all that data but create, delete
or manipulate data is not possible through generic.
It should be simple as "crete_user(userdomain, username)" and
"set_user_attribute("name", "John Doe")" or "set_user_permission("jdoe",
"WIKI_MODIFY")
So hopefully this clears a bit what I'm looking after. But as stated in
my other thread post, this is something happening post 0.12, if it's
happening at all.
--
Jani Tiainen
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
