def credentialsChanged(self, password, REQUEST=None):
'''
Notifies the authentication mechanism that this user has changed
passwords. This can be used to update the authentication cookie.
Note that this call should *not* cause any change at all to user
databases.
'''
# XXX: this method violates the rules for tools/utilities:
# it depends on self.REQUEST
if REQUEST is None:
REQUEST = self.REQUEST
warn("credentialsChanged should be called with 'REQUEST' as "
"second argument. The BBB code will be removed in CMF 2.3.",
DeprecationWarning, stacklevel=2)
if not self.isAnonymousUser():
acl_users = self.acl_users
user = _getAuthenticatedUser(self)
name = user.getUserName()
# this really does need to be the user name, and not the user id,
# because we're dealing with authentication credentials
if hasattr(acl_users.aq_base, 'credentialsChanged'):
# Use an interface provided by LoginManager.
acl_users.credentialsChanged(user, name, password)
else:
p = getattr(REQUEST, '_credentials_changed_path', None)
if p is not None:
# Use an interface provided by CookieCrumbler.
change = self.restrictedTraverse(p)
change(user, name, password)
def listUndoableTransactionsFor(self, object,
first_transaction=None,
last_transaction=None,
PrincipiaUndoBatchSize=None):
'''Lists all transaction IDs the user is allowed to undo.
'''
# arg list for undoable_transactions() changed in Zope 2.2.
portal = queryUtility(ISiteRoot)
if site is None:
# fallback
portal = self.aq_inner.aq_parent
transactions = portal.undoable_transactions(
first_transaction=first_transaction,
last_transaction=last_transaction,
PrincipiaUndoBatchSize=PrincipiaUndoBatchSize)
for t in transactions:
# Ensure transaction ids don't have embedded LF.
t['id'] = t['id'].replace('\n', '')
if not _checkPermission(ManagePortal, portal):
# Filter out transactions done by other members of the portal.
user_id = _getAuthenticatedUser(self).getId()
transactions = filter(
lambda record, user_id=user_id:
record['user_name'].split()[-1] == user_id,
transactions
)
return transactions
def credentialsChanged(self, password, REQUEST=None):
'''
Notifies the authentication mechanism that this user has changed
passwords. This can be used to update the authentication cookie.
Note that this call should *not* cause any change at all to user
databases.
'''
# XXX: this method violates the rules for tools/utilities:
# it depends on self.REQUEST
if REQUEST is None:
REQUEST = self.REQUEST
warn(
"credentialsChanged should be called with 'REQUEST' as "
"second argument. The BBB code will be removed in CMF 2.3.",
DeprecationWarning,
stacklevel=2)
if not self.isAnonymousUser():
acl_users = self.acl_users
user = _getAuthenticatedUser(self)
name = user.getUserName()
# this really does need to be the user name, and not the user id,
# because we're dealing with authentication credentials
if hasattr(acl_users.aq_base, 'credentialsChanged'):
# Use an interface provided by LoginManager.
acl_users.credentialsChanged(user, name, password)
else:
p = getattr(REQUEST, '_credentials_changed_path', None)
if p is not None:
# Use an interface provided by CookieCrumbler.
change = self.restrictedTraverse(p)
change(user, name, password)
def listUndoableTransactionsFor(self,
object,
first_transaction=None,
last_transaction=None,
PrincipiaUndoBatchSize=None):
'''Lists all transaction IDs the user is allowed to undo.
'''
# arg list for undoable_transactions() changed in Zope 2.2.
portal = queryUtility(ISiteRoot)
if site is None:
# fallback
portal = self.aq_inner.aq_parent
transactions = portal.undoable_transactions(
first_transaction=first_transaction,
last_transaction=last_transaction,
PrincipiaUndoBatchSize=PrincipiaUndoBatchSize)
for t in transactions:
# Ensure transaction ids don't have embedded LF.
t['id'] = t['id'].replace('\n', '')
if not _checkPermission(ManagePortal, portal):
# Filter out transactions done by other members of the portal.
user_id = _getAuthenticatedUser(self).getId()
transactions = filter(lambda record, user_id=user_id: record[
'user_name'].split()[-1] == user_id,
transactions)
return transactions
def isAnonymousUser(self):
"""
Returns 1 if the user is not logged in.
"""
u = _getAuthenticatedUser(self)
if u is None or u.getUserName() == "Anonymous User":
return 1
return 0
def _clearLocalRolesAfterClone(self):
# Make sure owner local role is set after pasting
# The standard Zope mechanisms take care of executable ownership
current_user = _getAuthenticatedUser(self)
if current_user is not None:
local_role_holders = [x[0] for x in self.get_local_roles()]
self.manage_delLocalRoles(local_role_holders)
self.manage_setLocalRoles(current_user.getId(), ['Owner'])
def isAnonymousUser(self):
'''
Returns 1 if the user is not logged in.
'''
u = _getAuthenticatedUser(self)
if u is None or u.getUserName() == 'Anonymous User':
return 1
return 0
def _clearLocalRolesAfterClone(self):
# Make sure owner local role is set after pasting
# The standard Zope mechanisms take care of executable ownership
current_user = _getAuthenticatedUser(self)
if current_user is not None:
local_role_holders = [x[0] for x in self.get_local_roles()]
self.manage_delLocalRoles(local_role_holders)
self.manage_setLocalRoles(current_user.getId(), ['Owner'])
def isAnonymousUser(self):
'''
Returns 1 if the user is not logged in.
'''
u = _getAuthenticatedUser(self)
if u is None or u.getUserName() == 'Anonymous User':
return 1
return 0
def getAuthenticatedMember(self):
'''
Returns the currently authenticated member object
or the Anonymous User. Never returns None.
'''
u = _getAuthenticatedUser(self)
if u is None:
u = nobody
return self.wrapUser(u)
def getAuthenticatedMember(self):
'''
Returns the currently authenticated member object
or the Anonymous User. Never returns None.
'''
u = _getAuthenticatedUser(self)
if u is None:
u = nobody
return self.wrapUser(u)
def searchResults(self, REQUEST=None, **kw):
"""
Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see.
"""
user = _getAuthenticatedUser(self)
kw['allowedRolesAndUsers'] = self._listAllowedRolesAndUsers(user)
if not _checkPermission(AccessInactivePortalContent, self):
base = aq_base(self)
now = DateTime()
self._convertQuery(kw)
# Intersect query restrictions with those implicit to the tool
for k in 'effective', 'expires':
if kw.has_key(k):
range = kw[k]['range'] or ''
query = kw[k]['query']
if (not isinstance(query, TupleType)
and not isinstance(query, ListType)):
query = (query, )
else:
range = ''
query = None
if range.find('min') > -1:
lo = min(query)
else:
lo = None
if range.find('max') > -1:
hi = max(query)
else:
hi = None
if k == 'effective':
if hi is None or hi > now:
hi = now
if lo is not None and hi < lo:
return ()
else: # 'expires':
if lo is None or lo < now:
lo = now
if hi is not None and hi < lo:
return ()
# Rebuild a query
if lo is None:
query = hi
range = 'max'
elif hi is None:
query = lo
range = 'min'
else:
query = (lo, hi)
range = 'min:max'
kw[k] = {'query': query, 'range': range}
return ZCatalog.searchResults(self, REQUEST, **kw)
def searchResults(self, REQUEST=None, **kw):
"""
Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see.
"""
user = _getAuthenticatedUser(self)
kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )
if not _checkPermission( AccessInactivePortalContent, self ):
base = aq_base( self )
now = DateTime()
self._convertQuery(kw)
# Intersect query restrictions with those implicit to the tool
for k in 'effective', 'expires':
if kw.has_key(k):
range = kw[k]['range'] or ''
query = kw[k]['query']
if (not isinstance(query, TupleType) and
not isinstance(query, ListType)):
query = (query,)
else:
range = ''
query = None
if range.find('min') > -1:
lo = min(query)
else:
lo = None
if range.find('max') > -1:
hi = max(query)
else:
hi = None
if k == 'effective':
if hi is None or hi > now:
hi = now
if lo is not None and hi < lo:
return ()
else: # 'expires':
if lo is None or lo < now:
lo = now
if hi is not None and hi < lo:
return ()
# Rebuild a query
if lo is None:
query = hi
range = 'max'
elif hi is None:
query = lo
range = 'min'
else:
query = (lo, hi)
range = 'min:max'
kw[k] = {'query': query, 'range': range}
return ZCatalog.searchResults(self, REQUEST, **kw)
def searchResults(self, REQUEST=None, **kw):
"""
Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see.
"""
user = _getAuthenticatedUser(self)
kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )
if not _checkPermission( AccessInactivePortalContent, self ):
now = DateTime()
kw['effective'] = {'query': now, 'range': 'max'}
kw['expires'] = {'query': now, 'range': 'min'}
return ZCatalog.searchResults(self, REQUEST, **kw)
def handleDynamicTypeCopiedEvent(ob, event):
""" Event subscriber for (IDynamicType, IObjectCopiedEvent) events.
"""
# Make sure owner local role is set after pasting
# The standard Zope mechanisms take care of executable ownership
current_user = _getAuthenticatedUser(ob)
if current_user is None:
return
current_user_id = current_user.getId()
if current_user_id is not None:
local_role_holders = [x[0] for x in ob.get_local_roles()]
ob.manage_delLocalRoles(local_role_holders)
ob.manage_setLocalRoles(current_user_id, ['Owner'])
def handleDynamicTypeCopiedEvent(ob, event):
""" Event subscriber for (IDynamicType, IObjectCopiedEvent) events.
"""
# Make sure owner local role is set after pasting
# The standard Zope mechanisms take care of executable ownership
current_user = _getAuthenticatedUser(ob)
if current_user is None:
return
current_user_id = current_user.getId()
if current_user_id is not None:
local_role_holders = [ x[0] for x in ob.get_local_roles() ]
ob.manage_delLocalRoles(local_role_holders)
ob.manage_setLocalRoles(current_user_id, ['Owner'])
def searchResults(self, REQUEST=None, **kw):
"""
Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see.
"""
user = _getAuthenticatedUser(self)
kw['allowedRolesAndUsers'] = self._listAllowedRolesAndUsers(user)
if not _checkPermission(AccessInactivePortalContent, self):
now = DateTime()
kw['effective'] = {'query': now, 'range': 'max'}
kw['expires'] = {'query': now, 'range': 'min'}
return ZCatalog.searchResults(self, REQUEST, **kw)
def manage_afterClone(self, item):
"""
Add self to the workflow.
(Called when the object is cloned.)
"""
self.notifyWorkflowCreated()
self.__recurse('manage_afterClone', item)
# Make sure owner local role is set after pasting
# The standard Zope mechanisms take care of executable ownership
current_user = _getAuthenticatedUser(self)
if current_user is not None:
local_role_holders = [x[0] for x in self.get_local_roles()]
self.manage_delLocalRoles(local_role_holders)
self.manage_setLocalRoles(current_user.getId(), ['Owner'])
def manage_afterClone(self, item):
"""
Add self to the workflow.
(Called when the object is cloned.)
"""
self.notifyWorkflowCreated()
self.__recurse('manage_afterClone', item)
# Make sure owner local role is set after pasting
# The standard Zope mechanisms take care of executable ownership
current_user = _getAuthenticatedUser(self)
if current_user is not None:
local_role_holders = [x[0] for x in self.get_local_roles()]
self.manage_delLocalRoles(local_role_holders)
self.manage_setLocalRoles(current_user.getId(), ['Owner'])
def createMemberArea(self, member_id=''):
""" Create a member area for 'member_id' or authenticated user.
"""
if not self.getMemberareaCreationFlag():
return None
members = self.getMembersFolder()
if not members:
return None
if self.isAnonymousUser():
return None
# Note: We can't use getAuthenticatedMember() and getMemberById()
# because they might be wrapped by MemberDataTool.
user = _getAuthenticatedUser(self)
user_id = user.getId()
if member_id in ('', user_id):
member = user
member_id = user_id
else:
if _checkPermission(ManageUsers, self):
member = self.acl_users.getUserById(member_id, None)
if member:
member = member.__of__(self.acl_users)
else:
raise ValueError('Member %s does not exist' % member_id)
else:
return None
if hasattr( aq_base(members), member_id ):
return None
else:
f_title = "%s's Home" % member_id
members.manage_addPortalFolder( id=member_id, title=f_title )
f=getattr(members, member_id)
f.manage_permission(View,
['Owner','Manager','Reviewer'], 0)
f.manage_permission(AccessContentsInformation,
['Owner','Manager','Reviewer'], 0)
# Grant Ownership and Owner role to Member
f.changeOwnership(member)
f.__ac_local_roles__ = None
f.manage_setLocalRoles(member_id, ['Owner'])
return f
def createMemberArea(self, member_id=''):
""" Create a member area for 'member_id' or authenticated user.
"""
if not self.getMemberareaCreationFlag():
return None
members = self.getMembersFolder()
if not members:
return None
if self.isAnonymousUser():
return None
# Note: We can't use getAuthenticatedMember() and getMemberById()
# because they might be wrapped by MemberDataTool.
user = _getAuthenticatedUser(self)
user_id = user.getId()
if member_id in ('', user_id):
member = user
member_id = user_id
else:
if _checkPermission(ManageUsers, self):
member = self.acl_users.getUserById(member_id, None)
if member:
member = member.__of__(self.acl_users)
else:
raise ValueError('Member %s does not exist' % member_id)
else:
return None
if hasattr( aq_base(members), member_id ):
return None
else:
f_title = "%s's Home" % member_id
members.manage_addPortalFolder( id=member_id, title=f_title )
f=getattr(members, member_id)
f.manage_permission(View,
['Owner','Manager','Reviewer'], 0)
f.manage_permission(AccessContentsInformation,
['Owner','Manager','Reviewer'], 0)
# Grant Ownership and Owner role to Member
f.changeOwnership(member)
f.__ac_local_roles__ = None
f.manage_setLocalRoles(member_id, ['Owner'])
return f
def listUndoableTransactionsFor(self,
object,
first_transaction=None,
last_transaction=None,
PrincipiaUndoBatchSize=None):
'''Lists all transaction IDs the user is allowed to undo.
'''
# arg list for undoable_transactions() changed in Zope 2.2.
portal = self.aq_inner.aq_parent
transactions = portal.undoable_transactions(
first_transaction=first_transaction,
last_transaction=last_transaction,
PrincipiaUndoBatchSize=PrincipiaUndoBatchSize)
if not _checkPermission('Manage portal', portal):
# Filter out transactions done by other members of the portal.
user_name = _getAuthenticatedUser(self).getUserName()
transactions = filter(lambda record, user_name=user_name: split(
record['user_name'])[-1] == user_name,
transactions)
return transactions
def searchResults(self, REQUEST=None, **kw):
"""
Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see.
"""
user = _getAuthenticatedUser(self)
kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )
if not _checkPermission( AccessInactivePortalContent, self ):
base = aq_base( self )
now = DateTime()
if hasattr( base, 'addIndex' ): # Zope 2.4 and above
kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
kw[ 'expires' ] = { 'query' : now, 'range' : 'min' }
else: # Zope 2.3
kw[ 'effective' ] = kw[ 'expires' ] = now
kw[ 'effective_usage'] = 'range:max'
kw[ 'expires_usage' ] = 'range:min'
return apply(ZCatalog.searchResults, (self, REQUEST), kw)
def searchResults(self, REQUEST=None, **kw):
"""
Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see.
"""
user = _getAuthenticatedUser(self)
kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )
if not _checkPermission( AccessInactivePortalContent, self ):
base = aq_base( self )
now = DateTime()
if hasattr( base, 'addIndex' ): # Zope 2.4 and above
kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
kw[ 'expires' ] = { 'query' : now, 'range' : 'min' }
else: # Zope 2.3
kw[ 'effective' ] = kw[ 'expires' ] = now
kw[ 'effective_usage'] = 'range:max'
kw[ 'expires_usage' ] = 'range:min'
return apply(ZCatalog.searchResults, (self, REQUEST), kw)
def listUndoableTransactionsFor(self, object,
first_transaction=None,
last_transaction=None,
PrincipiaUndoBatchSize=None):
'''Lists all transaction IDs the user is allowed to undo.
'''
# arg list for undoable_transactions() changed in Zope 2.2.
portal = self.aq_inner.aq_parent
transactions = portal.undoable_transactions(
first_transaction=first_transaction,
last_transaction=last_transaction,
PrincipiaUndoBatchSize=PrincipiaUndoBatchSize)
if not _checkPermission('Manage portal', portal):
# Filter out transactions done by other members of the portal.
user_name = _getAuthenticatedUser(self).getUserName()
transactions = filter(
lambda record, user_name=user_name:
split(record['user_name'])[-1] == user_name,
transactions
)
return transactions
def credentialsChanged(self, password):
'''
Notifies the authentication mechanism that this user has changed
passwords. This can be used to update the authentication cookie.
Note that this call should *not* cause any change at all to user
databases.
'''
if not self.isAnonymousUser():
acl_users = self.acl_users
user = _getAuthenticatedUser(self)
id = user.getUserName()
if hasattr(acl_users.aq_base, 'credentialsChanged'):
# Use an interface provided by LoginManager.
acl_users.credentialsChanged(user, id, password)
else:
req = self.REQUEST
p = getattr(req, '_credentials_changed_path', None)
if p is not None:
# Use an interface provided by CookieCrumbler.
change = self.restrictedTraverse(p)
change(user, id, password)
def listUndoableTransactionsFor(self,
object,
first_transaction=None,
last_transaction=None,
PrincipiaUndoBatchSize=None):
""" List all transaction IDs the user is allowed to undo on 'object'.
"""
transactions = object.undoable_transactions(
first_transaction=first_transaction,
last_transaction=last_transaction,
PrincipiaUndoBatchSize=PrincipiaUndoBatchSize)
for t in transactions:
# Ensure transaction ids don't have embedded LF.
t['id'] = t['id'].replace('\n', '')
if not _checkPermission(ManagePortal, object):
# Filter out transactions done by other members of the portal.
user_id = _getAuthenticatedUser(self).getId()
transactions = filter(lambda record, user_id=user_id: record[
'user_name'].split()[-1] == user_id,
transactions)
return transactions
def credentialsChanged(self, password):
'''
Notifies the authentication mechanism that this user has changed
passwords. This can be used to update the authentication cookie.
Note that this call should *not* cause any change at all to user
databases.
'''
if not self.isAnonymousUser():
acl_users = self.acl_users
user = _getAuthenticatedUser(self)
id = user.getUserName()
if hasattr(acl_users.aq_base, 'credentialsChanged'):
# Use an interface provided by LoginManager.
acl_users.credentialsChanged(user, id, password)
else:
req = self.REQUEST
p = getattr(req, '_credentials_changed_path', None)
if p is not None:
# Use an interface provided by CookieCrumbler.
change = self.restrictedTraverse(p)
change(user, id, password)
def listUndoableTransactionsFor(self, object,
first_transaction=None,
last_transaction=None,
PrincipiaUndoBatchSize=None):
""" List all transaction IDs the user is allowed to undo on 'object'.
"""
transactions = object.undoable_transactions(
first_transaction=first_transaction,
last_transaction=last_transaction,
PrincipiaUndoBatchSize=PrincipiaUndoBatchSize)
for t in transactions:
# Ensure transaction ids don't have embedded LF.
t['id'] = t['id'].replace('\n', '')
if not _checkPermission(ManagePortal, object):
# Filter out transactions done by other members of the portal.
user_id = _getAuthenticatedUser(self).getId()
transactions = filter(
lambda record, user_id=user_id:
record['user_name'].split()[-1] == user_id,
transactions
)
return transactions
def searchResults(self, REQUEST=None, **kw):
'''Calls SiteIndex.searchResults() with extra arguments that
limit the results to what the user is allowed to see.
'''
if REQUEST is None:
REQUEST = self.REQUEST
user = _getAuthenticatedUser(self)
kw['allowedRolesAndUsers'] = list(user.getRoles()) + \
['Anonymous',
'user:'******'Date') and None:
if kw.has_key('Date_usage'):
kw['Date'] = min(kw['Date'])
kw['Date'] = [kw['Date'], DateTime()]
kw['Date_usage'] = 'range:min:max'
else:
kw[ 'effective' ] = kw[ 'expires' ] = DateTime()
kw['effective_usage'] = 'range:max'
kw['expires_usage'] = 'range:min'
return apply(ZCatalog.searchResults, (self, REQUEST), kw)
def credentialsChanged(self, password):
"""
Notifies the authentication mechanism that this user has changed
passwords. This can be used to update the authentication cookie.
Note that this call should *not* cause any change at all to user
databases.
"""
if not self.isAnonymousUser():
acl_users = self.acl_users
user = _getAuthenticatedUser(self)
name = user.getUserName()
# this really does need to be the user name, and not the user id,
# because we're dealing with authentication credentials
if hasattr(acl_users.aq_base, "credentialsChanged"):
# Use an interface provided by LoginManager.
acl_users.credentialsChanged(user, name, password)
else:
req = self.REQUEST
p = getattr(req, "_credentials_changed_path", None)
if p is not None:
# Use an interface provided by CookieCrumbler.
change = self.restrictedTraverse(p)
change(user, name, password)
def searchResults(self, REQUEST=None, **kw):
'''Calls SiteIndex.searchResults() with extra arguments that
limit the results to what the user is allowed to see.
'''
if REQUEST is None:
REQUEST = self.REQUEST
user = _getAuthenticatedUser(self)
kw['allowedRolesAndUsers'] = list(user.getRoles()) + \
['Anonymous',
'user:'******'Date') and None:
if kw.has_key('Date_usage'):
kw['Date'] = min(kw['Date'])
kw['Date'] = [kw['Date'], DateTime()]
kw['Date_usage'] = 'range:min:max'
else:
kw['effective'] = kw['expires'] = DateTime()
kw['effective_usage'] = 'range:max'
kw['expires_usage'] = 'range:min'
return apply(ZCatalog.searchResults, (self, REQUEST), kw)
