def isMemberIdAllowed(self, id): if len(id) < 1 or id == 'Anonymous User': return 0 if not self._ALLOWED_MEMBER_ID_PATTERN.match(id): return 0 pas = getToolByName(self, 'acl_users') if IPluggableAuthService.providedBy(pas): results = pas.searchPrincipals(id=id, exact_match=True) if results: return 0 else: for parent in aq_chain(self): if hasattr(aq_base(parent), "acl_users"): parent = parent.acl_users if IPluggableAuthService.providedBy(parent): if parent.searchPrincipals(id=id, exact_match=True): return 0 # When email addresses are used as logins, we need to check # if there are any users with the requested login. props = getToolByName(self, 'portal_properties').site_properties if props.use_email_as_login: results = pas.searchUsers(name=id, exact_match=True) if results: return 0 else: membership = getToolByName(self, 'portal_membership') if membership.getMemberById(id) is not None: return 0 groups = getToolByName(self, 'portal_groups') if groups.getGroupById(id) is not None: return 0 return 1
def isMemberIdAllowed(self, id): if len(id) < 1 or id == 'Anonymous User': return 0 if not self._ALLOWED_MEMBER_ID_PATTERN.match(id): return 0 pas = getToolByName(self, 'acl_users') if IPluggableAuthService.providedBy(pas): results = pas.searchPrincipals(id=id, exact_match=True) if results: return 0 else: for parent in aq_chain(self): if hasattr(aq_base(parent), "acl_users"): parent = parent.acl_users if IPluggableAuthService.providedBy(parent): if parent.searchPrincipals(id=id, exact_match=True): return 0 # When email addresses are used as logins, we need to check # if there are any users with the requested login. props = getToolByName(self, 'portal_properties').site_properties if props.use_email_as_login: results = pas.searchUsers(name=id, exact_match=True) if results: return 0 else: membership = getToolByName(self, 'portal_membership') if membership.getMemberById(id) is not None: return 0 groups = getToolByName(self, 'portal_groups') if groups.getGroupById(id) is not None: return 0 return 1
def canWriteProperty(self, prop_name): """True iff the member/group property named in 'prop_name' can be changed. """ if not IPluggableAuthService.providedBy(self._tool.acl_users): # not PAS; Memberdata is writable return self._memberdataHasProperty(prop_name) else: # it's PAS user = self.getUser() sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)() if not sheets: return self._memberdataHasProperty(prop_name) for sheet in sheets: if not sheet.hasProperty(prop_name): continue if IMutablePropertySheet.providedBy(sheet): # BBB for plugins implementing an older version of # IMutablePropertySheet if hasattr(sheet, 'canWriteProperty'): return sheet.canWriteProperty(user, prop_name) return True else: break # shadowed by read-only return False
def canWriteProperty(self, prop_name): """True iff the member/group property named in 'prop_name' can be changed. """ if not IPluggableAuthService.providedBy(self.acl_users): # not PAS; Memberdata is writable return self._memberdataHasProperty(prop_name) else: # it's PAS user = self.getUser() sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)() if not sheets: return self._memberdataHasProperty(prop_name) for sheet in sheets: if not sheet.hasProperty(prop_name): continue if IMutablePropertySheet.providedBy(sheet): # BBB for plugins implementing an older version of # IMutablePropertySheet if hasattr(sheet, 'canWriteProperty'): return sheet.canWriteProperty(user, prop_name) return True else: break # shadowed by read-only return False
def pas_fixup(self): from Products.PluggableAuthService.PluggableAuthService \ import _PLUGIN_TYPE_INFO pas = getToolByName(self, 'acl_users') if not IPluggableAuthService.providedBy(pas): logger.debug('PAS UF not found, skipping PAS fixup.') return plugins = pas['plugins'] plugin_types = list(set(plugins._plugin_types)) for key, id, title, description in _PLUGIN_TYPE_INFO: if key in plugin_types: logger.debug("Plugin type '%s' already registered." % id) continue logger.debug("Plugin type '%s' was not registered." % id) plugin_types.append(key) plugins._plugin_type_info[key] = { 'id': id, 'title': title, 'description': description, } # Make it ordered plugin_types.sort() # Re-assign because it's a non-persistent property. plugins._plugin_types = plugin_types
def addAutoUserMakerPASPlugin(context): """Find the nearest acl_users and adds and activates an Auto User Maker. Return a 1-tuple with the new Auto User Maker as its only element.""" acl_users = getattr(context, 'acl_users', None) if acl_users is None: raise LookupError("No acl_users can be acquired or otherwise found.") pas = IPluggableAuthService(acl_users, None) if pas is None: raise ValueError( "The nearest acl_users object is not a PluggableAuthService.") pluginId = _firstIdOfClass(acl_users, ApacheAuthPluginHandler) if not pluginId: pluginId = 'AutoUserMakerPASPlugin' setup = acl_users.manage_addProduct[pluginId] setup.manage_addAutoUserMaker(pluginId, 'AutoUserMakerPAS Plugin') plugins = acl_users.plugins for interface in [IAuthenticationPlugin, IExtractionPlugin]: plugins.activatePlugin(interface, pluginId) return pas[pluginId]
def getProperty(self, id, default=_marker): """PAS-specific method to fetch a user's properties. Looks through the ordered property sheets. """ sheets = None if not IPluggableAuthService.providedBy(self.acl_users): return BaseMemberData.getProperty(self, id) else: # It's a PAS! Whee! user = self.getUser() sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)() # we won't always have PlonePAS users, due to acquisition, # nor are guaranteed property sheets if not sheets: return BaseMemberData.getProperty(self, id, default) # If we made this far, we found a PAS and some property sheets. for sheet in sheets: if sheet.hasProperty(id): # Return the first one that has the property. value = sheet.getProperty(id) if isinstance(value, unicode): # XXX Temporarily work around the fact that # property sheets blindly store and return # unicode. This is sub-optimal and should be # dealed with at the property sheets level by # using Zope's converters. return value.encode('utf-8') return value # Couldn't find the property in the property sheets. Try to # delegate back to the base implementation. return BaseMemberData.getProperty(self, id, default)
def login(self): """Set a cookie and redirect to the url that we tried to authenticate against originally. Override standard login method to avoid calling 'return response.redirect(came_from)' as there is additional processing to ignore known bad come_from templates at login_next.cpy script. """ request = self.REQUEST response = request['RESPONSE'] password = request.get('__ac_password', '') user = getSecurityManager().getUser() login = user.getUserName() user_pas = aq_parent(user) if IPluggableAuthService.providedBy(user_pas): # Delegate to the users own PAS if possible user_pas.updateCredentials(request, response, login, password) else: # User does not originate from a PAS user folder, so lets try # to do our own thing. # XXX Perhaps we should do nothing here; test with pure User # Folder! pas_instance = self._getPAS() if pas_instance is not None: pas_instance.updateCredentials(request, response, login, password)
def _get_pas(self, location=None): if location is None: location = self.get_root() pas = getattr(location, 'acl_users') if not IPluggableAuthService.providedBy(pas): return None return pas
def login(self): """Set a cookie and redirect to the url that we tried to authenticate against originally. Override standard login method to avoid calling 'return response.redirect(came_from)' as there is additional processing to ignore known bad come_from templates at login_next.cpy script. Note that this is the version from Plone 3.3.6, which has a fix compared to Plone 3.1.7 that is important to us: it uses getUserName (so the login name) instead of the __ac_name to update the credentials of the user. """ request = self.REQUEST response = request['RESPONSE'] password = request.get('__ac_password', '') user = getSecurityManager().getUser() login = user.getUserName() user_pas = aq_parent(user) if IPluggableAuthService.providedBy(user_pas): # Delegate to the users own PAS if possible user_pas.updateCredentials(request, response, login, password) else: # User does not originate from a PAS user folder, so lets # try to do our own thing. XXX Perhaps we should do # nothing here; test with pure User Folder! pas_instance = self._getPAS() if pas_instance is not None: pas_instance.updateCredentials(request, response, login, password)
def migrate_root_uf(self): # Acquire parent user folder. parent = self.getPhysicalRoot() uf = getToolByName(parent, 'acl_users') if IPluggableAuthService.providedBy(uf): # It's a PAS already, fixup if needed. pas_fixup(parent) # Configure Challenge Chooser plugin if available challenge_chooser_setup(parent) return if not uf.meta_type == 'User Folder': # It's not a standard User Folder at the root. Nothing we can do. return # It's a standard User Folder, replace it. replace_acl_users(parent) # Get the new uf uf = getToolByName(parent, 'acl_users') pas = uf.manage_addProduct['PluggableAuthService'] plone_pas = uf.manage_addProduct['PlonePAS'] # Setup authentication plugins setupAuthPlugins(parent, pas, plone_pas, deactivate_basic_reset=False, deactivate_cookie_challenge=True) # Activate *all* interfaces for user manager. IUserAdder is not # activated for some reason by default. activatePluginInterfaces(parent, 'users') # Configure Challenge Chooser plugin if available challenge_chooser_setup(parent)
def getProperty(self, id, default=_marker): """PAS-specific method to fetch a user's properties. Looks through the ordered property sheets. """ sheets = None if not IPluggableAuthService.providedBy(self.acl_users): return BaseMemberData.getProperty(self, id) else: # It's a PAS! Whee! user = self.getUser() sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)() # we won't always have PlonePAS users, due to acquisition, # nor are guaranteed property sheets if not sheets: return BaseMemberData.getProperty(self, id, default) # If we made this far, we found a PAS and some property sheets. for sheet in sheets: if sheet.hasProperty(id): # Return the first one that has the property. value = sheet.getProperty(id) if isinstance(value, unicode): # XXX Temporarily work around the fact that # property sheets blindly store and return # unicode. This is sub-optimal and should be # dealed with at the property sheets level by # using Zope's converters. return value.encode('utf-8') return value # Couldn't find the property in the property sheets. Try to # delegate back to the base implementation. return BaseMemberData.getProperty(self, id, default)
def _deletePortrait(self, member_id): " remove member_id's portrait " if IPluggableAuthService.providedBy(self.acl_users): plugins = self._getPlugins() portrait_managers = plugins.listPlugins(IPortraitManagementPlugin) for mid, manager in portrait_managers: manager.deletePortrait(member_id)
def _setPortrait(self, portrait, member_id): " store portrait which must be a raw image in _portrais " if IPluggableAuthService.providedBy(self.acl_users): plugins = self._getPlugins() portrait_managers = plugins.listPlugins(IPortraitManagementPlugin) for mid, manager in portrait_managers: manager.setPortrait(portrait, member_id)
def pas_fixup(self): from Products.PluggableAuthService.PluggableAuthService \ import _PLUGIN_TYPE_INFO pas = getToolByName(self, 'acl_users') if not IPluggableAuthService.providedBy(pas): logger.debug('PAS UF not found, skipping PAS fixup.') return plugins = pas['plugins'] plugin_types = list(set(plugins._plugin_types)) for key, id, title, description in _PLUGIN_TYPE_INFO: if key in plugin_types: logger.debug("Plugin type '%s' already registered." % id) continue logger.debug("Plugin type '%s' was not registered." % id) plugin_types.append(key) plugins._plugin_type_info[key] = { 'id': id, 'title': title, 'description': description, } # Make it ordered plugin_types.sort() # Re-assign because it's a non-persistent property. plugins._plugin_types = plugin_types
def login(self): """Set a cookie and redirect to the url that we tried to authenticate against originally. Override standard login method to avoid calling 'return response.redirect(came_from)' as there is additional processing to ignore known bad come_from templates at login_next.cpy script. """ request = self.REQUEST response = request['RESPONSE'] login = request.get('__ac_name', '') password = request.get('__ac_password', '') user = getSecurityManager().getUser() user_pas = user.aq_parent if IPluggableAuthService.providedBy(user_pas): # Delegate to the users own PAS if possible user_pas.updateCredentials(request, response, login, password) else: # User does not originate from a PAS user folder, so lets try # to do our own thing. # XXX Perhaps we should do nothing here; test with pure User Folder! pas_instance = self._getPAS() if pas_instance is not None: pas_instance.updateCredentials(request, response, login, password)
def isMemberIdAllowed(self, id): if len(id) < 1 or id == 'Anonymous User': return 0 if not self._ALLOWED_MEMBER_ID_PATTERN.match(id): return 0 pas = getToolByName(self, 'acl_users') if IPluggableAuthService.providedBy(pas): results = pas.searchPrincipals(id=id, exact_match=True) if results: return 0 else: for parent in aq_chain(self): if hasattr(aq_base(parent), "acl_users"): parent = parent.acl_users if IPluggableAuthService.providedBy(parent): if parent.searchPrincipals(id=id, exact_match=True): return 0 # When email addresses are used as logins, we need to check # if there are any users with the requested login. props = getToolByName(self, 'portal_properties').site_properties if props.use_email_as_login: results = pas.searchUsers(name=id, exact_match=True) if results: # return 0 # ********************* # Check if domain is ok # ********************* from allowed.domains.interfaces import IAllowedDomainsSettings from plone.registry.interfaces import IRegistry registry = getUtility(IRegistry) settings = registry.forInterface(IAllowedDomainsSettings) # Assume validation has ensured there is a @ in the id if id.split('@')[1] in settings.allowed_domains: return 0 # ********************* else: membership = getToolByName(self, 'portal_membership') if membership.getMemberById(id) is not None: return 0 groups = getToolByName(self, 'portal_groups') if groups.getGroupById(id) is not None: return 0 return 1
def __init__(self, context): self.context = context self.tool = getToolByName(self.context, 'portal_membership', None) self.fieldnames = [] # for compatibility with Plone 2.0 (import next only on instance init) from Products.PluggableAuthService.interfaces.authservice import IPluggableAuthService self.compatible = IPluggableAuthService.providedBy(self.context.acl_users) self.is_compatible()
def isMemberIdAllowed(self, id): if len(id) < 1 or id == 'Anonymous User': return 0 if not self._ALLOWED_MEMBER_ID_PATTERN.match(id): return 0 pas = getToolByName(self, 'acl_users') if IPluggableAuthService.providedBy(pas): results = pas.searchPrincipals(id=id, exact_match=True) if results: return 0 else: for parent in aq_chain(self): if hasattr(aq_base(parent), "acl_users"): parent = parent.acl_users if IPluggableAuthService.providedBy(parent): if parent.searchPrincipals(id=id, exact_match=True): return 0 # When email addresses are used as logins, we need to check # if there are any users with the requested login. props = getToolByName(self, 'portal_properties').site_properties if props.use_email_as_login: results = pas.searchUsers(name=id, exact_match=True) if results: # return 0 # ********************* # Check if domain is ok # ********************* from allowed.domains.interfaces import IAllowedDomainsSettings from plone.registry.interfaces import IRegistry registry = getUtility(IRegistry) settings = registry.forInterface(IAllowedDomainsSettings) # Assume validation has ensured there is a @ in the id if id.split('@')[1] in settings.allowed_domains: return 0 # ********************* else: membership = getToolByName(self, 'portal_membership') if membership.getMemberById(id) is not None: return 0 groups = getToolByName(self, 'portal_groups') if groups.getGroupById(id) is not None: return 0 return 1
def _getPortrait(self, member_id): "return member_id's portrait if you can " if IPluggableAuthService.providedBy(self.acl_users): plugins = self._getPlugins() portrait_managers = plugins.listPlugins(IPortraitManagementPlugin) for mid, manager in portrait_managers: result = manager.getPortrait(member_id) if result is not None: return result
def __init__(self, context): self.context = context self.tool = getToolByName(self.context, 'portal_memberdata') self.membrane_tool = getToolByName(self.context, 'membrane_tool', None) self.fieldnames = [] # for compatibility with Plone 2.0 (import next only on instance init) from Products.PluggableAuthService.interfaces.authservice import IPluggableAuthService from Products.remember.interfaces import IRememberMembraneTool self.compatible = IPluggableAuthService.providedBy(self.context.acl_users) and self.membrane_tool and IRememberMembraneTool.providedBy(self.membrane_tool) self.is_compatible()
def install_pas_plugin(context): uf_parent = aq_inner(context) while True: uf = getToolByName(uf_parent, "acl_users") if IPluggableAuthService.providedBy(uf) and "jwt_auth" not in uf: plugin = JWTAuthenticationPlugin("jwt_auth") uf._setObject(plugin.getId(), plugin) plugin = uf["jwt_auth"] plugin.manage_activateInterfaces( ["IAuthenticationPlugin", "IExtractionPlugin"]) if uf_parent is uf_parent.getPhysicalRoot(): break uf_parent = aq_parent(uf_parent)
def setMemberProperties(self, mapping, force_local=0): """PAS-specific method to set the properties of a member. Ignores 'force_local', which is not reliably present. """ sheets = None # We could pay attention to force_local here... if not IPluggableAuthService.providedBy(self.acl_users): # Defer to base impl in absence of PAS, a PAS user, or # property sheets return BaseMemberData.setMemberProperties(self, mapping) else: # It's a PAS! Whee! user = self.getUser() sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)() # We won't always have PlonePAS users, due to acquisition, # nor are guaranteed property sheets if not sheets: # Defer to base impl if we have a PAS but no property # sheets. return BaseMemberData.setMemberProperties(self, mapping) # If we got this far, we have a PAS and some property sheets. # XXX track values set to defer to default impl # property routing? modified = False for k, v in mapping.items(): if v == None: continue for sheet in sheets: if not sheet.hasProperty(k): continue if IMutablePropertySheet.providedBy(sheet): sheet.setProperty(user, k, v) modified = True else: break # raise RuntimeError, ("Mutable property provider " # "shadowed by read only provider") if modified: self.notifyModified() # Genweb: Updated by patch notify(PropertiesUpdated(user, mapping))
def setMemberProperties(self, mapping, force_local=0): """ PAS-specific method to set the properties of a member. Ignores 'force_local', which is not reliably present. """ sheets = None # We could pay attention to force_local here... if not IPluggableAuthService.providedBy(self.acl_users): # Defer to base impl in absence of PAS, a PAS user, or # property sheets return BaseMemberData.setMemberProperties(self, mapping) else: # It's a PAS! Whee! user = self.getUser() sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)() # We won't always have PlonePAS users, due to acquisition, # nor are guaranteed property sheets if not sheets: # Defer to base impl if we have a PAS but no property # sheets. return BaseMemberData.setMemberProperties(self, mapping) # If we got this far, we have a PAS and some property sheets. # XXX track values set to defer to default impl # property routing? modified = False for k, v in mapping.items(): if v is None: continue for sheet in sheets: if not sheet.hasProperty(k): continue if IMutablePropertySheet.providedBy(sheet): sheet.setProperty(user, k, v) modified = True else: break # raise RuntimeError, ("Mutable property provider " # "shadowed by read only provider") if modified: self.notifyModified() # Genweb: Updated by patch notify(PropertiesUpdated(user, mapping))
def setMemberProperties(self, mapping, force_local=0, force_empty=False): """PAS-specific method to set the properties of a member. Ignores 'force_local', which is not reliably present. """ sheets = None # We could pay attention to force_local here... if not IPluggableAuthService.providedBy(self._tool.acl_users): # Defer to base impl in absence of PAS, a PAS user, or # property sheets return BaseMemberAdapter.setMemberProperties(self, mapping) else: # It's a PAS! Whee! user = self.getUser() sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)() # We won't always have PlonePAS users, due to acquisition, # nor are guaranteed property sheets if not sheets: # Defer to base impl if we have a PAS but no property # sheets. return BaseMemberAdapter.setMemberProperties(self, mapping) # If we got this far, we have a PAS and some property sheets. # XXX track values set to defer to default impl # property routing? modified = False for k, v in mapping.items(): if v is None and not force_empty: continue for sheet in sheets: if not sheet.hasProperty(k): continue if IMutablePropertySheet.providedBy(sheet): sheet.setProperty(user, k, v) modified = True else: break if modified: self.notifyModified() # Trigger PropertiesUpdated event when member properties are updated, # excluding user login events if not set(mapping.keys()) & set(('login_time', 'last_login_time')): notify(PropertiesUpdated(self, mapping))
def canWriteProperty(self, prop_name): """True iff the group property named in 'prop_name' can be changed. """ # this looks almost exactly like in memberdata. refactor? if not IPluggableAuthService.providedBy(self.acl_users): # not PAS; Groupdata is writable return self._groupdataHasProperty(prop_name) else: # it's PAS group = self.getGroup() sheets = getattr(group, 'getOrderedPropertySheets', lambda: [])() for sheet in sheets: if not sheet.hasProperty(prop_name): continue if IMutablePropertySheet.providedBy(sheet): return 1 else: break # shadowed by read-only return 0
def isMemberIdAllowed(self, id): if len(id) < 1 or id == 'Anonymous User': return 0 if not self._ALLOWED_MEMBER_ID_PATTERN.match( id ): return 0 pas = getToolByName(self, 'acl_users') if IPluggableAuthService.providedBy(pas): results = pas.searchPrincipals(id=id, exact_match=True) if results: return 0 else: membership = getToolByName(self, 'portal_membership') if membership.getMemberById(id) is not None: return 0 groups = getToolByName(self, 'portal_groups') if groups.getGroupById(id) is not None: return 0 return 1
def canWriteProperty(self, prop_name): """True iff the group property named in 'prop_name' can be changed. """ # this looks almost exactly like in memberdata. refactor? if not IPluggableAuthService.providedBy(self.acl_users): # not PAS; Groupdata is writable return self._groupdataHasProperty(prop_name) else: # it's PAS group = self.getGroup() sheets = getattr(group, 'getOrderedPropertySheets', lambda: [])() for sheet in sheets: if not sheet.hasProperty(prop_name): continue if IMutablePropertySheet.providedBy(sheet): return 1 else: break # shadowed by read-only return 0
def addShibbolethPermissions(context): """Find the nearest acl_users and adds and activates an ShibbolethPermissions. Return a 1-tuple with the new ShibbolethPermissions as its only element.""" acl_users = getattr(context, 'acl_users', None) if acl_users is None: raise LookupError("No acl_users can be acquired or otherwise found.") pas = IPluggableAuthService(acl_users, None) if pas is None: raise ValueError( "The nearest acl_users object is not a PluggableAuthService.") pluginId = _firstIdOfClass(acl_users, ShibbolethPermissionsHandler) if not pluginId: pluginId = 'ShibbolethPermissions' setup = acl_users.manage_addProduct[pluginId] setup.manage_addShibbolethPermissions(pluginId, 'ShibbolethPermissions') return pas[pluginId]
def deleteMemberData(self, member_id, REQUEST=None): """ Delete member data of specified member. """ if IPluggableAuthService.providedBy(self.acl_users): # It's a PAS! Whee! # XXX: can we safely assume that user name == member_id plugins = self._getPlugins() prop_managers = plugins.listPlugins(IPropertiesPlugin) for mid, prop_manager in prop_managers: # Not all PropertiesPlugins support user deletion try: prop_manager.deleteUser(member_id) except AttributeError: pass # we won't always have PlonePAS users, due to acquisition, # nor are guaranteed property sheets members = self._members if member_id in members: del members[member_id] return 1 else: return 0
def pas_fixup(self, out): from Products.PluggableAuthService.PluggableAuthService import _PLUGIN_TYPE_INFO, PluggableAuthService pas = getToolByName(self, "acl_users") if not IPluggableAuthService.providedBy(pas): print >> out, "PAS UF not found, skipping PAS fixup" return plugins = pas["plugins"] plugin_types = list(Set(plugins._plugin_types)) for key, id, title, description in _PLUGIN_TYPE_INFO: if key in plugin_types: print >> out, "Plugin type '%s' already registered." % id continue print >> out, "Plugin type '%s' was not registered." % id plugin_types.append(key) plugins._plugin_type_info[key] = {"id": id, "title": title, "description": description} # Make it ordered plugin_types.sort() # Re-assign because it's a non-persistent property. plugins._plugin_types = plugin_types
def deleteMemberData(self, member_id, REQUEST=None): """ Delete member data of specified member. """ if IPluggableAuthService.providedBy(self.acl_users): # It's a PAS! Whee! # XXX: can we safely assume that user name == member_id plugins = self._getPlugins() prop_managers = plugins.listPlugins(IPropertiesPlugin) for mid, prop_manager in prop_managers: # Not all PropertiesPlugins support user deletion try: prop_manager.deleteUser(member_id) except AttributeError: pass # we won't always have PlonePAS users, due to acquisition, # nor are guaranteed property sheets members = self._members if member_id in members: del members[member_id] return 1 else: return 0
def setGroupProperties(self, mapping): """PAS-specific method to set the properties of a group. """ sheets = None if not IPluggableAuthService.providedBy(self.acl_users): # Defer to base impl in absence of PAS, a PAS group, or # property sheets return self._gruf_setGroupProperties(mapping) else: # It's a PAS! Whee! group = self.getGroup() sheets = getattr(group, 'getOrderedPropertySheets', lambda: [])() # We won't always have PlonePAS groups, due to acquisition, # nor are guaranteed property sheets if not sheets: # Defer to base impl if we have a PAS but no property # sheets. return self._gruf_setGroupProperties(mapping) # If we got this far, we have a PAS and some property sheets. # XXX track values set to defer to default impl # property routing? modified = False for k, v in mapping.items(): for sheet in sheets: if not sheet.hasProperty(k): continue if IMutablePropertySheet.providedBy(sheet): sheet.setProperty(group, k, v) modified = True else: raise RuntimeError, ("Mutable property provider " "shadowed by read only provider") if modified: self.notifyModified()
def migrate_root_uf(self): # Acquire parent user folder. parent = self.getPhysicalRoot() uf = getToolByName(parent, 'acl_users') if IPluggableAuthService.providedBy(uf): # It's a PAS already, fixup if needed. pas_fixup(parent) # Configure Challenge Chooser plugin if available challenge_chooser_setup(parent) return if not uf.meta_type == 'User Folder': # It's not a standard User Folder at the root. Nothing we can do. return # It's a standard User Folder, replace it. replace_acl_users(parent) # Get the new uf uf = getToolByName(parent, 'acl_users') pas = uf.manage_addProduct['PluggableAuthService'] plone_pas = uf.manage_addProduct['PlonePAS'] # Setup authentication plugins setupAuthPlugins(parent, pas, plone_pas, deactivate_basic_reset=False, deactivate_cookie_challenge=True) # Activate *all* interfaces for user manager. IUserAdder is not # activated for some reason by default. activatePluginInterfaces(parent, 'users') # Configure Challenge Chooser plugin if available challenge_chooser_setup(parent)
def setGroupProperties(self, mapping): """PAS-specific method to set the properties of a group. """ sheets = None if not IPluggableAuthService.providedBy(self.acl_users): # Defer to base impl in absence of PAS, a PAS group, or # property sheets return self._gruf_setGroupProperties(mapping) else: # It's a PAS! Whee! group = self.getGroup() sheets = getattr(group, 'getOrderedPropertySheets', lambda: [])() # We won't always have PlonePAS groups, due to acquisition, # nor are guaranteed property sheets if not sheets: # Defer to base impl if we have a PAS but no property # sheets. return self._gruf_setGroupProperties(mapping) # If we got this far, we have a PAS and some property sheets. # XXX track values set to defer to default impl # property routing? modified = False for k, v in list(mapping.items()): for sheet in sheets: if not sheet.hasProperty(k): continue if IMutablePropertySheet.providedBy(sheet): sheet.setProperty(group, k, v) modified = True else: raise RuntimeError("Mutable property provider " "shadowed by read only provider") if modified: self.notifyModified()
def getProperty(self, id, default=_marker): """PAS-specific method to fetch a group's properties. Looks through the ordered property sheets. """ sheets = None if not IPluggableAuthService.providedBy(self.acl_users): return BaseGroupData.getProperty(self, id) else: # It's a PAS! Whee! group = self.getGroup() sheets = getattr(group, 'getOrderedPropertySheets', lambda: None)() # we won't always have PlonePAS groups, due to acquisition, # nor are guaranteed property sheets if not sheets: return BaseGroupData.getProperty(self, id) # If we made this far, we found a PAS and some property sheets. for sheet in sheets: if sheet.hasProperty(id): # Return the first one that has the property. return sheet.getProperty(id) # Couldn't find the property in the property sheets. Try to # delegate back to the base implementation. return BaseGroupData.getProperty(self, id, default)
def test_installed(self): self.failUnless(IPluggableAuthService.providedBy(self.acl_users))
def __init__(self, context): self.context = context self.tool = getToolByName(self.context, 'portal_membership', None) self.fieldnames = [] self.compatible = IPluggableAuthService.providedBy(self.context.acl_users) self.is_compatible()
def install(self): out = StringIO() portal = getToolByName(self, "portal_url").getPortalObject() uf = getToolByName(self, "acl_users") EXISTING_UF = "acl_users" in portal.objectIds() EXISTING_PAS = IPluggableAuthService.providedBy(uf) if EXISTING_PAS: # Fix possible missing PAS plugins registration. pas_fixup(self, out) # Register PAS Plugin Types registerPluginTypes(uf) ldap_ufs, ldap_gf = None, None userdata = groupdata = memberships = () if not EXISTING_UF: userdata = grabUserData(portal, out) addPAS(portal, out) elif not EXISTING_PAS: # We've got a existing user folder, but it's not a PAS # instance. goForMigration(portal, out) userdata = grabUserData(portal, out) groupdata, memberships = grabGroupData(portal, out) ldap_ufs, ldap_gf = grabLDAPFolders(portal, out) if (ldap_ufs or ldap_gf) and not CAN_LDAP: raise Exception, ( "LDAPUserFolders present, but LDAPMultiPlugins " "not present. To successfully auto-migrate, " "the LDAPMultiPlugins product must be installed. " "(%s, %s):%s" % (ldap_ufs, ldap_gf, CAN_LDAP) ) replaceUserFolder(portal, out) # Configure Challenge Chooser plugin if available challenge_chooser_setup(self, out) configurePlonePAS(portal, out) setupTools(portal, out) if EXISTING_UF and CAN_LDAP and ldap_gf is not None and ldap_ufs is not None: restoreLDAP(portal, out, ldap_ufs, ldap_gf) if not EXISTING_PAS: restoreUserData(portal, out, userdata) restoreGroupData(portal, out, groupdata, memberships) # XXX Why do we need to do this? migrate_root_uf(self, out) print >> out, "\nSuccessfully installed %s." % config.PROJECTNAME return out.getvalue()
def test_installed(self): self.assertTrue(IPluggableAuthService.providedBy(self.acl_users))
def test_installed(self): self.assertTrue(IPluggableAuthService.providedBy(self.acl_users))