User registration now includes a checkbox for sending an e-mail with a token to set their password. Add 'kotti.site_title' configuration variable for setting the site title. I'm planning to add configuration screens to override some of these varialbes.
We'll define site admins to be people that have the 'manage' permission on the site root.
and 'group:managers'. Implementation remains the same. Also, add 'edit' permission to 'role:manager'. Improve 'Authentication and Authorization' docs.
Based on http://docs.pylonsproject.org/projects/pyramid/dev/tutorials/wiki2/authorization.html#wiki2-adding-authorization Squash some bug that surfaced.
This is the first step to building a security where - Users can be added to groups globally or in context. - Groups can be nested, Bobsgroup can be part of Editors group in the context of Bob's folder. - A workflow engine is in charge of the ACL, and __groups__ are what's manipulated through user action. Thus allowing things like "Bob adds Frank to the group of Editors in Bob's folder." Still, Bob and Frank could lose their 'edit' permission when the workflow moves into a hypothetical 'public' state that removes 'edit' permissions from the Editors group.
We set creation and modification dates through events defined in 'kotti.events' now instead of in the constructor. Also, switch from PickleType to a JsonType for storing ACE permissions. Should be nicer to look at in the db.