Chapter 13. Users and their Permissions
So far, we have focused on building functionality. Although we have introduced new permissions where appropriate, we have not yet considered user and role management in detail. It is now time to define exactly who can do what, when, and where in the site.
In this chapter, we will cover:
- Defining a security policy for our application
- Attaching additional metadata to a user
- Reading and changing user metadata
- Customizing Plone's security infrastructure using the Pluggable Authentication Service API
- Integrating Plone with Facebook's authentication service
Defining a membership policy
Let us take a look at the requirements from Chapter 2, Introduction to the Case Study, which relate to user management.
|
Requirement |
Importance |
|---|---|
|
Customers should not need to log in to use the site, but a username and password should be required when they wish to reserve tickets. |
Medium |
|
Logged-in customers should have easy access to their preferred cinema or... |
