Note: I have to split this report into parts, since community.plone.org has a limit of 10 mentions in one post.
After five long days of talking, coding, poking into the depth of Zope2 and also after 5 days of fun, wine, beer and delicious food, great views on and from our mountains, some culture, lots of WTF and opening of pandoras boxes we have to report a lot on what was titled with "Plone - dig deep, tidy up".
But first a big thanks also to all the sprinters who were here and to our sponsor of the lunch-break, the Flying Circus. Also thanks a lot to my wife and business partner @chrimba who did all the organization of the sprint.
@thet and @pbauer worked (with partial help of the whole group) on the task of levering Plone to the so called Zope4. Zope4 is about updating Plone's framework dependencies (ZCA, ZTK and Zope) to the latest possible versions. Lots of this latest versions are already Python 3 compatible. In order to make Plone Python 3 compatible this step is essential.
This was hard work with some nuts to crack. It is not all finished, but the majority of problems are solved and the remaining are identified.
For a more details best read the PLIP 1351: Zope 4 / Update Dependencies
Jens Vagelpohl (@dataflake) and I worked on the PAS. Jens Vagelpohl is one of the authors of Products.PluggableAuthService and so his input was (not only here) very valuable.
I must say that touching user-authentication-story is like opening pandoras box. The whole code is influenced by backward compatibility to GRUF (Group-User-Folder, was kicked out with Plone 3 release) and the 4 tools (portal_groupdata, portal_groups, portal_memberdata and portal_membership). This started all as an add-on: PlonePAS. Now this code does lots of patches to PAS itself. It also provides PAS-plugins which then use the tools, while the tools are using PAS/PlonePAS. The problem is, that PAS itself has no convenient API and so the BBB code for GRUF is used as convenience API everywhere. And much more.
First we picked the low hanging fruits and moved plugins, some patches and the events down to a forked Products.PluggableAuthenticationService. The tools were moved up to Products.CMFPlone. Interfaces were moved as well. So since this are often persistent elements in ZODB we provided deprecated BBB imports at the old places.
This is still work in progress. I think we also need to move forward in iterative steps.
- The first step is to cleanup everything that does not break using the GRUF API.
- The second step is to write a PAS API providing the convinience needed to work with users, groups, (local)roles.
- The third step is then to use the PAS API everywhere in Plone core and provided still deprecated calls at the old places. Provide migration steps for moved persistent information. At this step also solve the portrait-image problem.
- With a major Plone release remove the deprecated API and the 4 tools.
This is a lot of work, but if we can do this step by step its doable.
We also created a PLIP (that will be adjusted soon to only cover step one) PLIP 1334: Cleanup PlonePAS patches and tools
Read further in the next comment