def credentialsChanged(self, password, REQUEST=None): ''' Notifies the authentication mechanism that this user has changed passwords. This can be used to update the authentication cookie. Note that this call should *not* cause any change at all to user databases. ''' # XXX: this method violates the rules for tools/utilities: # it depends on self.REQUEST if REQUEST is None: REQUEST = self.REQUEST warn("credentialsChanged should be called with 'REQUEST' as " "second argument. The BBB code will be removed in CMF 2.3.", DeprecationWarning, stacklevel=2) if not self.isAnonymousUser(): acl_users = self.acl_users user = _getAuthenticatedUser(self) name = user.getUserName() # this really does need to be the user name, and not the user id, # because we're dealing with authentication credentials if hasattr(acl_users.aq_base, 'credentialsChanged'): # Use an interface provided by LoginManager. acl_users.credentialsChanged(user, name, password) else: p = getattr(REQUEST, '_credentials_changed_path', None) if p is not None: # Use an interface provided by CookieCrumbler. change = self.restrictedTraverse(p) change(user, name, password)
def listUndoableTransactionsFor(self, object, first_transaction=None, last_transaction=None, PrincipiaUndoBatchSize=None): '''Lists all transaction IDs the user is allowed to undo. ''' # arg list for undoable_transactions() changed in Zope 2.2. portal = queryUtility(ISiteRoot) if site is None: # fallback portal = self.aq_inner.aq_parent transactions = portal.undoable_transactions( first_transaction=first_transaction, last_transaction=last_transaction, PrincipiaUndoBatchSize=PrincipiaUndoBatchSize) for t in transactions: # Ensure transaction ids don't have embedded LF. t['id'] = t['id'].replace('\n', '') if not _checkPermission(ManagePortal, portal): # Filter out transactions done by other members of the portal. user_id = _getAuthenticatedUser(self).getId() transactions = filter( lambda record, user_id=user_id: record['user_name'].split()[-1] == user_id, transactions ) return transactions
def credentialsChanged(self, password, REQUEST=None): ''' Notifies the authentication mechanism that this user has changed passwords. This can be used to update the authentication cookie. Note that this call should *not* cause any change at all to user databases. ''' # XXX: this method violates the rules for tools/utilities: # it depends on self.REQUEST if REQUEST is None: REQUEST = self.REQUEST warn( "credentialsChanged should be called with 'REQUEST' as " "second argument. The BBB code will be removed in CMF 2.3.", DeprecationWarning, stacklevel=2) if not self.isAnonymousUser(): acl_users = self.acl_users user = _getAuthenticatedUser(self) name = user.getUserName() # this really does need to be the user name, and not the user id, # because we're dealing with authentication credentials if hasattr(acl_users.aq_base, 'credentialsChanged'): # Use an interface provided by LoginManager. acl_users.credentialsChanged(user, name, password) else: p = getattr(REQUEST, '_credentials_changed_path', None) if p is not None: # Use an interface provided by CookieCrumbler. change = self.restrictedTraverse(p) change(user, name, password)
def listUndoableTransactionsFor(self, object, first_transaction=None, last_transaction=None, PrincipiaUndoBatchSize=None): '''Lists all transaction IDs the user is allowed to undo. ''' # arg list for undoable_transactions() changed in Zope 2.2. portal = queryUtility(ISiteRoot) if site is None: # fallback portal = self.aq_inner.aq_parent transactions = portal.undoable_transactions( first_transaction=first_transaction, last_transaction=last_transaction, PrincipiaUndoBatchSize=PrincipiaUndoBatchSize) for t in transactions: # Ensure transaction ids don't have embedded LF. t['id'] = t['id'].replace('\n', '') if not _checkPermission(ManagePortal, portal): # Filter out transactions done by other members of the portal. user_id = _getAuthenticatedUser(self).getId() transactions = filter(lambda record, user_id=user_id: record[ 'user_name'].split()[-1] == user_id, transactions) return transactions
def isAnonymousUser(self): """ Returns 1 if the user is not logged in. """ u = _getAuthenticatedUser(self) if u is None or u.getUserName() == "Anonymous User": return 1 return 0
def _clearLocalRolesAfterClone(self): # Make sure owner local role is set after pasting # The standard Zope mechanisms take care of executable ownership current_user = _getAuthenticatedUser(self) if current_user is not None: local_role_holders = [x[0] for x in self.get_local_roles()] self.manage_delLocalRoles(local_role_holders) self.manage_setLocalRoles(current_user.getId(), ['Owner'])
def isAnonymousUser(self): ''' Returns 1 if the user is not logged in. ''' u = _getAuthenticatedUser(self) if u is None or u.getUserName() == 'Anonymous User': return 1 return 0
def getAuthenticatedMember(self): ''' Returns the currently authenticated member object or the Anonymous User. Never returns None. ''' u = _getAuthenticatedUser(self) if u is None: u = nobody return self.wrapUser(u)
def searchResults(self, REQUEST=None, **kw): """ Calls ZCatalog.searchResults with extra arguments that limit the results to what the user is allowed to see. """ user = _getAuthenticatedUser(self) kw['allowedRolesAndUsers'] = self._listAllowedRolesAndUsers(user) if not _checkPermission(AccessInactivePortalContent, self): base = aq_base(self) now = DateTime() self._convertQuery(kw) # Intersect query restrictions with those implicit to the tool for k in 'effective', 'expires': if kw.has_key(k): range = kw[k]['range'] or '' query = kw[k]['query'] if (not isinstance(query, TupleType) and not isinstance(query, ListType)): query = (query, ) else: range = '' query = None if range.find('min') > -1: lo = min(query) else: lo = None if range.find('max') > -1: hi = max(query) else: hi = None if k == 'effective': if hi is None or hi > now: hi = now if lo is not None and hi < lo: return () else: # 'expires': if lo is None or lo < now: lo = now if hi is not None and hi < lo: return () # Rebuild a query if lo is None: query = hi range = 'max' elif hi is None: query = lo range = 'min' else: query = (lo, hi) range = 'min:max' kw[k] = {'query': query, 'range': range} return ZCatalog.searchResults(self, REQUEST, **kw)
def searchResults(self, REQUEST=None, **kw): """ Calls ZCatalog.searchResults with extra arguments that limit the results to what the user is allowed to see. """ user = _getAuthenticatedUser(self) kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user ) if not _checkPermission( AccessInactivePortalContent, self ): base = aq_base( self ) now = DateTime() self._convertQuery(kw) # Intersect query restrictions with those implicit to the tool for k in 'effective', 'expires': if kw.has_key(k): range = kw[k]['range'] or '' query = kw[k]['query'] if (not isinstance(query, TupleType) and not isinstance(query, ListType)): query = (query,) else: range = '' query = None if range.find('min') > -1: lo = min(query) else: lo = None if range.find('max') > -1: hi = max(query) else: hi = None if k == 'effective': if hi is None or hi > now: hi = now if lo is not None and hi < lo: return () else: # 'expires': if lo is None or lo < now: lo = now if hi is not None and hi < lo: return () # Rebuild a query if lo is None: query = hi range = 'max' elif hi is None: query = lo range = 'min' else: query = (lo, hi) range = 'min:max' kw[k] = {'query': query, 'range': range} return ZCatalog.searchResults(self, REQUEST, **kw)
def searchResults(self, REQUEST=None, **kw): """ Calls ZCatalog.searchResults with extra arguments that limit the results to what the user is allowed to see. """ user = _getAuthenticatedUser(self) kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user ) if not _checkPermission( AccessInactivePortalContent, self ): now = DateTime() kw['effective'] = {'query': now, 'range': 'max'} kw['expires'] = {'query': now, 'range': 'min'} return ZCatalog.searchResults(self, REQUEST, **kw)
def handleDynamicTypeCopiedEvent(ob, event): """ Event subscriber for (IDynamicType, IObjectCopiedEvent) events. """ # Make sure owner local role is set after pasting # The standard Zope mechanisms take care of executable ownership current_user = _getAuthenticatedUser(ob) if current_user is None: return current_user_id = current_user.getId() if current_user_id is not None: local_role_holders = [x[0] for x in ob.get_local_roles()] ob.manage_delLocalRoles(local_role_holders) ob.manage_setLocalRoles(current_user_id, ['Owner'])
def handleDynamicTypeCopiedEvent(ob, event): """ Event subscriber for (IDynamicType, IObjectCopiedEvent) events. """ # Make sure owner local role is set after pasting # The standard Zope mechanisms take care of executable ownership current_user = _getAuthenticatedUser(ob) if current_user is None: return current_user_id = current_user.getId() if current_user_id is not None: local_role_holders = [ x[0] for x in ob.get_local_roles() ] ob.manage_delLocalRoles(local_role_holders) ob.manage_setLocalRoles(current_user_id, ['Owner'])
def searchResults(self, REQUEST=None, **kw): """ Calls ZCatalog.searchResults with extra arguments that limit the results to what the user is allowed to see. """ user = _getAuthenticatedUser(self) kw['allowedRolesAndUsers'] = self._listAllowedRolesAndUsers(user) if not _checkPermission(AccessInactivePortalContent, self): now = DateTime() kw['effective'] = {'query': now, 'range': 'max'} kw['expires'] = {'query': now, 'range': 'min'} return ZCatalog.searchResults(self, REQUEST, **kw)
def manage_afterClone(self, item): """ Add self to the workflow. (Called when the object is cloned.) """ self.notifyWorkflowCreated() self.__recurse('manage_afterClone', item) # Make sure owner local role is set after pasting # The standard Zope mechanisms take care of executable ownership current_user = _getAuthenticatedUser(self) if current_user is not None: local_role_holders = [x[0] for x in self.get_local_roles()] self.manage_delLocalRoles(local_role_holders) self.manage_setLocalRoles(current_user.getId(), ['Owner'])
def createMemberArea(self, member_id=''): """ Create a member area for 'member_id' or authenticated user. """ if not self.getMemberareaCreationFlag(): return None members = self.getMembersFolder() if not members: return None if self.isAnonymousUser(): return None # Note: We can't use getAuthenticatedMember() and getMemberById() # because they might be wrapped by MemberDataTool. user = _getAuthenticatedUser(self) user_id = user.getId() if member_id in ('', user_id): member = user member_id = user_id else: if _checkPermission(ManageUsers, self): member = self.acl_users.getUserById(member_id, None) if member: member = member.__of__(self.acl_users) else: raise ValueError('Member %s does not exist' % member_id) else: return None if hasattr( aq_base(members), member_id ): return None else: f_title = "%s's Home" % member_id members.manage_addPortalFolder( id=member_id, title=f_title ) f=getattr(members, member_id) f.manage_permission(View, ['Owner','Manager','Reviewer'], 0) f.manage_permission(AccessContentsInformation, ['Owner','Manager','Reviewer'], 0) # Grant Ownership and Owner role to Member f.changeOwnership(member) f.__ac_local_roles__ = None f.manage_setLocalRoles(member_id, ['Owner']) return f
def listUndoableTransactionsFor(self, object, first_transaction=None, last_transaction=None, PrincipiaUndoBatchSize=None): '''Lists all transaction IDs the user is allowed to undo. ''' # arg list for undoable_transactions() changed in Zope 2.2. portal = self.aq_inner.aq_parent transactions = portal.undoable_transactions( first_transaction=first_transaction, last_transaction=last_transaction, PrincipiaUndoBatchSize=PrincipiaUndoBatchSize) if not _checkPermission('Manage portal', portal): # Filter out transactions done by other members of the portal. user_name = _getAuthenticatedUser(self).getUserName() transactions = filter(lambda record, user_name=user_name: split( record['user_name'])[-1] == user_name, transactions) return transactions
def searchResults(self, REQUEST=None, **kw): """ Calls ZCatalog.searchResults with extra arguments that limit the results to what the user is allowed to see. """ user = _getAuthenticatedUser(self) kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user ) if not _checkPermission( AccessInactivePortalContent, self ): base = aq_base( self ) now = DateTime() if hasattr( base, 'addIndex' ): # Zope 2.4 and above kw[ 'effective' ] = { 'query' : now, 'range' : 'max' } kw[ 'expires' ] = { 'query' : now, 'range' : 'min' } else: # Zope 2.3 kw[ 'effective' ] = kw[ 'expires' ] = now kw[ 'effective_usage'] = 'range:max' kw[ 'expires_usage' ] = 'range:min' return apply(ZCatalog.searchResults, (self, REQUEST), kw)
def listUndoableTransactionsFor(self, object, first_transaction=None, last_transaction=None, PrincipiaUndoBatchSize=None): '''Lists all transaction IDs the user is allowed to undo. ''' # arg list for undoable_transactions() changed in Zope 2.2. portal = self.aq_inner.aq_parent transactions = portal.undoable_transactions( first_transaction=first_transaction, last_transaction=last_transaction, PrincipiaUndoBatchSize=PrincipiaUndoBatchSize) if not _checkPermission('Manage portal', portal): # Filter out transactions done by other members of the portal. user_name = _getAuthenticatedUser(self).getUserName() transactions = filter( lambda record, user_name=user_name: split(record['user_name'])[-1] == user_name, transactions ) return transactions
def credentialsChanged(self, password): ''' Notifies the authentication mechanism that this user has changed passwords. This can be used to update the authentication cookie. Note that this call should *not* cause any change at all to user databases. ''' if not self.isAnonymousUser(): acl_users = self.acl_users user = _getAuthenticatedUser(self) id = user.getUserName() if hasattr(acl_users.aq_base, 'credentialsChanged'): # Use an interface provided by LoginManager. acl_users.credentialsChanged(user, id, password) else: req = self.REQUEST p = getattr(req, '_credentials_changed_path', None) if p is not None: # Use an interface provided by CookieCrumbler. change = self.restrictedTraverse(p) change(user, id, password)
def listUndoableTransactionsFor(self, object, first_transaction=None, last_transaction=None, PrincipiaUndoBatchSize=None): """ List all transaction IDs the user is allowed to undo on 'object'. """ transactions = object.undoable_transactions( first_transaction=first_transaction, last_transaction=last_transaction, PrincipiaUndoBatchSize=PrincipiaUndoBatchSize) for t in transactions: # Ensure transaction ids don't have embedded LF. t['id'] = t['id'].replace('\n', '') if not _checkPermission(ManagePortal, object): # Filter out transactions done by other members of the portal. user_id = _getAuthenticatedUser(self).getId() transactions = filter(lambda record, user_id=user_id: record[ 'user_name'].split()[-1] == user_id, transactions) return transactions
def listUndoableTransactionsFor(self, object, first_transaction=None, last_transaction=None, PrincipiaUndoBatchSize=None): """ List all transaction IDs the user is allowed to undo on 'object'. """ transactions = object.undoable_transactions( first_transaction=first_transaction, last_transaction=last_transaction, PrincipiaUndoBatchSize=PrincipiaUndoBatchSize) for t in transactions: # Ensure transaction ids don't have embedded LF. t['id'] = t['id'].replace('\n', '') if not _checkPermission(ManagePortal, object): # Filter out transactions done by other members of the portal. user_id = _getAuthenticatedUser(self).getId() transactions = filter( lambda record, user_id=user_id: record['user_name'].split()[-1] == user_id, transactions ) return transactions
def searchResults(self, REQUEST=None, **kw): '''Calls SiteIndex.searchResults() with extra arguments that limit the results to what the user is allowed to see. ''' if REQUEST is None: REQUEST = self.REQUEST user = _getAuthenticatedUser(self) kw['allowedRolesAndUsers'] = list(user.getRoles()) + \ ['Anonymous', 'user:'******'Date') and None: if kw.has_key('Date_usage'): kw['Date'] = min(kw['Date']) kw['Date'] = [kw['Date'], DateTime()] kw['Date_usage'] = 'range:min:max' else: kw[ 'effective' ] = kw[ 'expires' ] = DateTime() kw['effective_usage'] = 'range:max' kw['expires_usage'] = 'range:min' return apply(ZCatalog.searchResults, (self, REQUEST), kw)
def credentialsChanged(self, password): """ Notifies the authentication mechanism that this user has changed passwords. This can be used to update the authentication cookie. Note that this call should *not* cause any change at all to user databases. """ if not self.isAnonymousUser(): acl_users = self.acl_users user = _getAuthenticatedUser(self) name = user.getUserName() # this really does need to be the user name, and not the user id, # because we're dealing with authentication credentials if hasattr(acl_users.aq_base, "credentialsChanged"): # Use an interface provided by LoginManager. acl_users.credentialsChanged(user, name, password) else: req = self.REQUEST p = getattr(req, "_credentials_changed_path", None) if p is not None: # Use an interface provided by CookieCrumbler. change = self.restrictedTraverse(p) change(user, name, password)
def searchResults(self, REQUEST=None, **kw): '''Calls SiteIndex.searchResults() with extra arguments that limit the results to what the user is allowed to see. ''' if REQUEST is None: REQUEST = self.REQUEST user = _getAuthenticatedUser(self) kw['allowedRolesAndUsers'] = list(user.getRoles()) + \ ['Anonymous', 'user:'******'Date') and None: if kw.has_key('Date_usage'): kw['Date'] = min(kw['Date']) kw['Date'] = [kw['Date'], DateTime()] kw['Date_usage'] = 'range:min:max' else: kw['effective'] = kw['expires'] = DateTime() kw['effective_usage'] = 'range:max' kw['expires_usage'] = 'range:min' return apply(ZCatalog.searchResults, (self, REQUEST), kw)