def assignRoleToPrincipal( self, role_id, principal_id, REQUEST=None ):
try:
return ZODBRoleManager.assignRoleToPrincipal( self, role_id,
principal_id, REQUEST)
except KeyError:
# Lazily update our roles list and try again
self.updateRolesList()
return ZODBRoleManager.assignRoleToPrincipal( self, role_id,
principal_id, REQUEST)
def assignRoleToPrincipal(self, role_id, principal_id, REQUEST=None):
try:
return ZODBRoleManager.assignRoleToPrincipal(
self, role_id, principal_id)
except KeyError:
# Lazily update our roles list and try again
self.updateRolesList()
return ZODBRoleManager.assignRoleToPrincipal(
self, role_id, principal_id)
def _replaceUserFolder(self, RESPONSE=None):
"""replaces the old acl_users folder with a PluggableAuthService,
preserving users and passwords, if possible
"""
from Acquisition import aq_base
from Products.PluggableAuthService.PluggableAuthService \
import PluggableAuthService, _PLUGIN_TYPE_INFO
from Products.PluginRegistry.PluginRegistry import PluginRegistry
from Products.PluggableAuthService.plugins.ZODBUserManager \
import ZODBUserManager
from Products.PluggableAuthService.plugins.ZODBRoleManager \
import ZODBRoleManager
from Products.PluggableAuthService.interfaces.plugins \
import IAuthenticationPlugin, IUserEnumerationPlugin
from Products.PluggableAuthService.interfaces.plugins \
import IRolesPlugin, IRoleEnumerationPlugin, IRoleAssignerPlugin
if getattr(aq_base(self), '__allow_groups__', None):
if self.__allow_groups__.__class__ is PluggableAuthService:
_write(RESPONSE, 'replaceUserFolder',
'Already replaced this user folder\n')
return
# Capture all the user info from the previous user folder,
# then delete it.
old_acl = self.__allow_groups__
user_map = []
for user_name in old_acl.getUserNames():
old_user = old_acl.getUser(user_name)
_write(RESPONSE, 'replaceRootUserFolder',
'Capturing user info for %s\n' % user_name)
user_map.append({
'login': user_name,
'password': old_user._getPassword(),
'roles': old_user.getRoles()
})
self._delObject('acl_users')
# Create the new PluggableAuthService, and re-populate from
# the captured data
_pas = self.manage_addProduct['PluggableAuthService']
new_pas = _pas.addPluggableAuthService()
new_acl = self.acl_users
user_folder = ZODBUserManager('users')
new_acl._setObject('users', user_folder)
role_manager = ZODBRoleManager('roles')
new_acl._setObject('roles', role_manager)
plugins = getattr(new_acl, 'plugins')
plugins.activatePlugin(IAuthenticationPlugin, 'users')
plugins.activatePlugin(IUserEnumerationPlugin, 'users')
plugins.activatePlugin(IRolesPlugin, 'roles')
plugins.activatePlugin(IRoleEnumerationPlugin, 'roles')
plugins.activatePlugin(IRoleAssignerPlugin, 'roles')
for user_dict in user_map:
_write(RESPONSE, 'replaceRootUserFolder',
'Translating user %s\n' % user_name)
login = user_dict['login']
password = user_dict['password']
roles = user_dict['roles']
_migrate_user(new_acl, login, password, roles)
_write(RESPONSE, 'replaceRootUserFolder',
'Replaced root acl_users with PluggableAuthService\n')
transaction.savepoint(True)
def getRoleInfo(self, role_id):
if role_id not in self._roles:
self.updateRolesList()
return ZODBRoleManager.getRoleInfo(self, role_id)
def listRoleInfo(self):
self.updateRolesList()
return ZODBRoleManager.listRoleInfo(self)
def _replaceUserFolder(self, RESPONSE=None):
"""replaces the old acl_users folder with a PluggableAuthService,
preserving users and passwords, if possible
"""
from Acquisition import aq_base
from Products.PluggableAuthService.PluggableAuthService \
import PluggableAuthService, _PLUGIN_TYPE_INFO
from Products.PluginRegistry.PluginRegistry import PluginRegistry
from Products.PluggableAuthService.plugins.ZODBUserManager \
import ZODBUserManager
from Products.PluggableAuthService.plugins.ZODBRoleManager \
import ZODBRoleManager
from Products.PluggableAuthService.interfaces.plugins \
import IAuthenticationPlugin, IUserEnumerationPlugin
from Products.PluggableAuthService.interfaces.plugins \
import IRolesPlugin, IRoleEnumerationPlugin, IRoleAssignerPlugin
if getattr( aq_base(self), '__allow_groups__', None ):
if self.__allow_groups__.__class__ is PluggableAuthService:
_write( RESPONSE
, 'replaceUserFolder'
, 'Already replaced this user folder\n' )
return
old_acl = self.__allow_groups__
new_acl = PluggableAuthService()
preg = PluginRegistry( _PLUGIN_TYPE_INFO )
preg._setId( 'plugins' )
new_acl._setObject( 'plugins', preg )
self._setObject( 'new_acl_users', new_acl )
new_acl = getattr( self, 'new_acl_users' )
user_folder = ZODBUserManager( 'users' )
new_acl._setObject( 'users', user_folder )
role_manager = ZODBRoleManager( 'roles' )
new_acl._setObject( 'roles', role_manager )
plugins = getattr( new_acl, 'plugins' )
plugins.activatePlugin( IAuthenticationPlugin, 'users' )
plugins.activatePlugin( IUserEnumerationPlugin, 'users' )
plugins.activatePlugin( IRolesPlugin, 'roles' )
plugins.activatePlugin( IRoleEnumerationPlugin, 'roles' )
plugins.activatePlugin( IRoleAssignerPlugin, 'roles' )
for user_name in old_acl.getUserNames():
old_user = old_acl.getUser( user_name )
_write( RESPONSE
, 'replaceRootUserFolder'
, 'Translating user %s\n' % user_name )
_migrate_user( new_acl.users, user_name, old_user._getPassword() )
new_user = new_acl.getUser( user_name )
for role_id in old_user.getRoles():
if role_id not in ['Authenticated', 'Anonymous']:
new_acl.roles.assignRoleToPrincipal( role_id,
new_user.getId() )
self._delObject( 'acl_users' )
self._setObject( 'acl_users', aq_base( new_acl ) )
self._delObject( 'new_acl_users' )
self.__allow_groups__ = aq_base( new_acl )
_write( RESPONSE
, 'replaceRootUserFolder'
, 'Replaced root acl_users with PluggableAuthService\n' )
get_transaction().commit()
