Menu
▾
▴
Re: [Exist-development] Questions about users under 1.5dev
|
From: Joe W. <jo...@gm...> - 2011-03-07 23:47:59
|
Hi Dmitriy,
> PS Joe, thanks for testing ...
Sure, happy to help, and thanks for your reply!
>> 1. xmldb:delete-user() moves a user's record from
>> /db/system/security/exist/accounts/ into
>> /db/system/security/exist/accounts/removed -- and the user file is
>> apparently unchanged. Shouldn't the "expired" or "enabled" tags be
>> updated to reflect that the user was "deleted"? One side effect of
>> the current behavior is that now, any scripts that rely on
>> collection('/db/system/security/exist/accounts) to get a list of all
>> current users need to check each record's parent-collection to make
>> sure it is not in the "removed" folder.
>
> I do plan to add policy for passwords, 'expired' will be used to flag
> change password only possible action for account.
> 'enabled' is simples way to disallow to access db by this account. (to be
> implemented)
> to solve 'deleted' issue I can add attribute to highlight this.
I see, that all makes good sense.
> Yes, this is a bug ... (non-existent collection)
> Question: Should '/db/group1' renamed to '/db/group2'? or create new?
I think /db/group2 should be created. There might be other users who
still belong to /db/group1.
> digestPassword is artifact ... it used previously and trying to run away
> from it...
Ah, ok!
>> Note also that "group1" is still not created or applied to the user.
>> To create a group, I have to explicitly call xmldb:create-group().
>> I'm guessing this is because xmldb:create-group() now requires a group
>> manager. If I'm correct, then we need to remove the text "Note:
>> non-existing groups will be created automatically" from users.xqm.
>
> Well, I prefer to remove this text...
Sounds good. Whoever gets to this first (you or me)!
> Personally, I do believe that web panel must be primary tool. So, if you
> can help to improve this, you are welcome! :-)
> Authentication issues will be solved soon or later ...
Great, I will begin working on this - carving out a little time here
and there. I'll consult with you all where any of the discussed
changes may be involved.
>> 4. There is now a "securitymanager" module. The function
>> documentation for this module
>> (http://localhost:8080/exist/functions/sm) describes things like
>> user's names (in addition to username) and account metadata. I look
>> forward to learning more about this module and the new security design
>> as it relates to users and groups.
>
> This module will have some more function soon ...
Great!
Thanks,
Joe
|
