authentication - how far to go?
so i was asked to write a module/extension for drupal that is to do some basic things (i'm new to Drupal development btw). basically, a user needs to be able to "log in" to the site, and once logged in, drupal needs to contact a server and get user info (user roles, user info) based upon who they are. they need to be able to edit their user info, and that is it!
these people don't need to write any content, blogs, or anything. they just need to be able to edit their user info (that is retrieved through Web Services...). they are just using Drupal because the site has a ton of content (about 300 pages), and they can easily add pages and whatnot with Drupal. personally, i would have just created some custom pages to do what they want, and not have to worry about tying it into Drupal, but whatever...
depending on who the person is, they can have a few different things to edit. some people just have names and addresses and stuff. others need to be able to create users and whatnot. but it is nothing horribly complicated.
for something this simple, I think i have 2 options: create some roles within drupal that match the roles given with Web Services, and create a module that spits out different pages based upon who the person actually is (from their role), or b.) write a module with a bunch of functions and just create a few pages/form within Drupal that do exactly what I need them to do.
these people don't need to be able to create/edit content whatsoever. they just need to be able to log in, look at a few pieces of information, change their address if need be, and that is it.
do i go through the trouble of writing a full on module, or just write a library of functions that can be used with normal page creation? if i write the full module, then i have to worry about the Drupal users database matching whatever the Web Services spits out, and all of that stuff (if someone who is managing the stuff that Web Services is pulling from changes a username for someone, it could invalidate their login name in the Drupal database).
that all being said, what would you do? i have written the wrapper functions for the Web Services, so now I just need to decide if i want to write some forms or write a full on module.
any replies would be great. i will try to make sure and reply quickly if any questions are asked.
thanks
Try one of these
May be http://drupal.org/project/pam_auth could help.
I have no experience with the module though.
and try doing a search in drupal for LDAP, not sure if that solves your problem
thanks for the reply. i
thanks for the reply.
i guess i should say that i have the authentication working; i wrote some wrapper classes on top of nusoap (the people hosting this don't have PHP 5 yet, so I can't use the built-in SOAP stuff).
the main question i have is: if you had a Drupal site, and had to verify users using someone else's Web Services, would you still give these users Drupal accounts even if they never ever needed to create any content whatsoever? basically, would it be worth creating an account for these people in Drupal?
Drupal has built in stuff so that the user can edit their username and some personal info, which is good, and which i am going to need, but i would have to go in and edit the user.module to get it to include a few other things that I need. isn't that against the rules (coding-standard-wise...)?