Example #1
0
    def __call__(self, object_id):
        from Products.PluginRegistry.PluginRegistry import PluginRegistry

        registry = PluginRegistry(())
        registry._setId(object_id)
        self.context._setObject(object_id, registry)
        return registry
    def _makePlugins(self, plugin_type_info=None):

        from Products.PluggableAuthService.PluggableAuthService \
            import _PLUGIN_TYPE_INFO
        from Products.PluginRegistry.PluginRegistry import PluginRegistry

        if plugin_type_info is None:
            plugin_type_info = _PLUGIN_TYPE_INFO

        reg = PluginRegistry(plugin_type_info=plugin_type_info)
        reg._setId('plugins')
        reg._plugins = {}

        return reg
Example #3
0
def addPluggableAuthService( dispatcher, REQUEST=None ):

    """ Add a PluggableAuthService to 'self.
    """
    pas = PluggableAuthService()
    preg = PluginRegistry( _PLUGIN_TYPE_INFO )
    preg._setId( 'plugins' )
    pas._setObject( 'plugins', preg )
    dispatcher._setObject( pas.getId(), pas )


    if REQUEST is not None:
        REQUEST['RESPONSE'].redirect(
                                '%s/manage_workspace'
                                '?manage_tabs_message='
                                'PluggableAuthService+added.'
                              % dispatcher.absolute_url() )
Example #4
0
        def _initRegistry(self, plugin_type_info=(), plugins={}):
            from OFS.Folder import Folder
            from OFS.SimpleItem import SimpleItem
            from Products.PluginRegistry.PluginRegistry import PluginRegistry

            app = Folder()
            app.getPhysicalPath = lambda: ()
            app.getPhysicalRoot = lambda: app

            app._setObject('foo_plugin_1', SimpleItem())
            app._setObject('foo_plugin_2', SimpleItem())

            registry = PluginRegistry(plugin_type_info)
            registry._plugins = {} # it is usually lazy

            for plugin_type, registered in plugins.items():
                registry._plugins[plugin_type] = registered

            app._setObject('plugin_registry', registry)
            registry = app._getOb('plugin_registry')
            return app, registry
Example #5
0
def addConfiguredPAS( dispatcher
                    , base_profile
                    , extension_profiles=()
                    , create_snapshot=True
                    , setup_tool_id='setup_tool'
                    , REQUEST=None
                    ):
    """ Add a PluggableAuthService to 'self.
    """
    from Products.GenericSetup.tool import SetupTool

    pas = PluggableAuthService()
    preg = PluginRegistry( _PLUGIN_TYPE_INFO )
    preg._setId( 'plugins' )
    pas._setObject( 'plugins', preg )
    dispatcher._setObject( pas.getId(), pas )

    pas = dispatcher._getOb( pas.getId() )    # wrapped
    tool = SetupTool( setup_tool_id )
    pas._setObject( tool.getId(), tool )

    tool = pas._getOb( tool.getId() )       # wrapped
    tool.setImportContext( 'profile-%s' % base_profile )
    tool.runAllImportSteps()

    for extension_profile in extension_profiles:
        tool.setImportContext( 'profile-%s' % extension_profile )
        tool.runAllImportSteps()

    tool.setImportContext( 'profile-%s' % base_profile )

    if create_snapshot:
        tool.createSnapshot( 'initial_configuration' )

    if REQUEST is not None:
        REQUEST['RESPONSE'].redirect(
                                '%s/manage_workspace'
                                '?manage_tabs_message='
                                'PluggableAuthService+added.'
                              % dispatcher.absolute_url() )
Example #6
0
def addPluggableAuthService( dispatcher
                           , base_profile=None
                           , extension_profiles=()
                           , create_snapshot=True
                           , setup_tool_id='setup_tool'
                           , REQUEST=None
                           ):
    """ Add a PluggableAuthService to 'dispatcher'.

    o BBB for non-GenericSetup use.
    """
    pas = PluggableAuthService()
    preg = PluginRegistry( _PLUGIN_TYPE_INFO )
    preg._setId( 'plugins' )
    pas._setObject( 'plugins', preg )
    dispatcher._setObject( pas.getId(), pas )

    if REQUEST is not None:
        REQUEST['RESPONSE'].redirect(
                                '%s/manage_workspace'
                                '?manage_tabs_message='
                                'PluggableAuthService+added.'
                              % dispatcher.absolute_url() )
    def test_roles_for_control_panel(self):
        """There's a special case, the users control panel for which
        we should never grant to users the roles they have got through
        the groups they belong.
        In that intent, the control panels view pushes
        '__ignore_group_roles__' = True
        in the request.
        """
        root = FauxPAS()

        # Add a minimal PluginRegistry with a mock IGroupsPlugin, because the
        # roles plugin depends on it:
        root._setObject('plugins', PluginRegistry(_PLUGIN_TYPE_INFO))
        root._setObject('groups', FauxGroupsPlugin())
        root['plugins'].activatePlugin(IGroupsPlugin, 'groups')

        garm = self._makeOne('garm').__of__(root)

        # 2 roles
        garm.addRole('foo_role')
        garm.addRole('bar_role')

        # Group 'somegroup' has 'bar_role'
        garm.assignRoleToPrincipal('bar_role', 'somegroup')

        # 'johndoe' has 'foo_role'
        johndoe = DummyUser('johndoe', ('somegroup', ))
        garm.assignRoleToPrincipal('foo_role', 'johndoe')

        # 'johndoe' should have 'foo_role' and 'bar_roles'
        got = garm.getRolesForPrincipal(johndoe)
        expected = ['foo_role', 'bar_role']
        self.assertEqual(set(got), set(expected))

        # For the users control panel, johndoe has only the 'foo_role'
        garm.REQUEST.set('__ignore_group_roles__', True)
        got = garm.getRolesForPrincipal(johndoe)
        self.assertEqual(got, ('foo_role', ))

        # Confirm we can get only the inherited roles
        garm.REQUEST.set('__ignore_group_roles__', False)
        garm.REQUEST.set('__ignore_direct_roles__', True)
        got = garm.getRolesForPrincipal(johndoe)
        self.assertEqual(got, ('bar_role', ))

        return
 def __call__(self, object_id):
     from Products.PluginRegistry.PluginRegistry import PluginRegistry
     registry = PluginRegistry(())
     registry._setId(object_id)
     self.context._setObject(object_id, registry)
     return registry
Example #9
0
def _replaceUserFolder(self, RESPONSE=None):
    """replaces the old acl_users folder with a PluggableAuthService,
    preserving users and passwords, if possible
    """
    from Acquisition import aq_base
    from Products.PluggableAuthService.PluggableAuthService \
        import PluggableAuthService, _PLUGIN_TYPE_INFO
    from Products.PluginRegistry.PluginRegistry import PluginRegistry
    from Products.PluggableAuthService.plugins.ZODBUserManager \
        import ZODBUserManager
    from Products.PluggableAuthService.plugins.ZODBRoleManager \
        import ZODBRoleManager
    from Products.PluggableAuthService.interfaces.plugins \
         import IAuthenticationPlugin, IUserEnumerationPlugin
    from Products.PluggableAuthService.interfaces.plugins \
        import IRolesPlugin, IRoleEnumerationPlugin, IRoleAssignerPlugin

    if getattr( aq_base(self), '__allow_groups__', None ):
        if self.__allow_groups__.__class__ is PluggableAuthService:
            _write( RESPONSE
                  , 'replaceUserFolder'
                  , 'Already replaced this user folder\n' )
            return
        old_acl = self.__allow_groups__
        new_acl = PluggableAuthService()
        preg = PluginRegistry( _PLUGIN_TYPE_INFO )
        preg._setId( 'plugins' )
        new_acl._setObject( 'plugins', preg )
        self._setObject( 'new_acl_users', new_acl )
        new_acl = getattr( self, 'new_acl_users' )

        user_folder = ZODBUserManager( 'users' )
        new_acl._setObject( 'users', user_folder )
        role_manager = ZODBRoleManager( 'roles' )
        new_acl._setObject( 'roles', role_manager )

        plugins = getattr( new_acl, 'plugins' )
        plugins.activatePlugin( IAuthenticationPlugin, 'users' )
        plugins.activatePlugin( IUserEnumerationPlugin, 'users' )
        plugins.activatePlugin( IRolesPlugin, 'roles' )
        plugins.activatePlugin( IRoleEnumerationPlugin, 'roles' )
        plugins.activatePlugin( IRoleAssignerPlugin, 'roles' )
        for user_name in old_acl.getUserNames():
            old_user = old_acl.getUser( user_name )
            _write( RESPONSE
                  , 'replaceRootUserFolder'
                  , 'Translating user %s\n' % user_name )
            _migrate_user( new_acl.users, user_name, old_user._getPassword() )
            new_user = new_acl.getUser( user_name )
            for role_id in old_user.getRoles():
                if role_id not in ['Authenticated', 'Anonymous']:
                    new_acl.roles.assignRoleToPrincipal( role_id,
                                                         new_user.getId() )
        self._delObject( 'acl_users' )
        self._setObject( 'acl_users', aq_base( new_acl ) )
        self._delObject( 'new_acl_users' )
        self.__allow_groups__ = aq_base( new_acl )
        _write( RESPONSE
              , 'replaceRootUserFolder'
              , 'Replaced root acl_users with PluggableAuthService\n' )

    get_transaction().commit()