def addPrincipal(self, id, login, title, description, password, roles):
"""Add a principal to the PAU.
"""
if not self.writeable:
self.msg = (u'Could not add principal: '
u'the authenticator holding the principals '
u'seems not to be writeable.')
return
if id is None:
id = login
principals = self.getPrincipals()
if login in [x.login for x in principals]:
self.msg = (u'Login `%s` already exists.' % (login, ))
return
for key in [id, login, title]:
if key is None or key == '':
self.msg = (u'To add a principal you must give valid id, '
u'login and title.')
return
principal = InternalPrincipal(login, password, title, description)
self.userfolder[id] = principal
role_manager = IPrincipalRoleManager(self.context)
role_manager = removeSecurityProxy(role_manager)
id = "%s%s" % (self.userfolder.prefix, id)
for role in roles:
role_manager.assignRoleToPrincipal(role, id)
self.msg = u'Successfully added new principal `%s`.' % (title, )
def signUp(self, login, title, password, confirmation):
if confirmation != password:
raise UserError(_(u"Password and confirmation didn't match"))
folder = self._signupfolder()
if login in folder:
raise UserError(_(u"This login has already been chosen."))
principal_id = folder.signUp(login, password, title)
role_manager = IPrincipalRoleManager(self.context)
role_manager = removeSecurityProxy(role_manager)
for role in folder.signup_roles:
role_manager.assignRoleToPrincipal(role, principal_id)
self.request.response.redirect("@@welcome.html")
def updatePrincipal(self, id, login, title, description, passwd, roles):
if not self.writeable:
self.msg = (u'Principal could not be updated: '
u'the authenticator holding the principals '
u'seems not to be writeable.')
return
if id is None:
id = login
principals = self.getPrincipals()
if login not in [x.login for x in principals]:
self.msg = (u'Login `%s` does not exist.' % (login, ))
return
for key in [login, title]:
if key is None or key == '':
self.msg = (u'Login and title must not be empty.')
return
# Update generic data...
principal = self.userfolder[id[len(self.userfolder.prefix):]]
principal.title = title
principal.description = description
principal.password = passwd and passwd or principal.password
# Update roles...
role_manager = IPrincipalRoleManager(self.context)
role_manager = removeSecurityProxy(role_manager)
for role in self.roles:
if role in roles:
role_manager.assignRoleToPrincipal(role, id)
else:
role_manager.unsetRoleForPrincipal(role, id)
self.msg = u'Principal `%s` successfully updated.' % (title, )
def grantRoleToQuizEditor(event):
""""""
pau = event.authentication
sm = pau.__parent__
site = sm.__parent__
print "this is a site"
print site
if IQreatureSite.providedBy(site):
quiz_folder_name = unicode((event.info.id).split('qreature').pop())
print "this is a folder name"
print quiz_folder_name
editor_role = getUtility(IRole, quiz_folder_name, site[quiz_folder_name])
print "this is a role"
print editor_role
princ_role_manager = IPrincipalRoleManager(site[quiz_folder_name])
princ_role_manager.assignRoleToPrincipal(editor_role.id, event.info.id)
princ_perm = IPrincipalPermissionManager(site)
princ_perm.grantPermissionToPrincipal('qreature.idle_perm', event.principal.id)
print "this is a princ_role_manager"
print princ_role_manager
print "princ_perm"
print princ_perm
def setUp(test):
root = getRootFolder()
# add and register PAU
sm = root.getSiteManager()
pau = sm['pau'] = PluggableAuthentication()
sm.registerUtility(pau, IAuthentication)
# add, configure and register cookie credentials plug-in
cookies = pau['cookies'] = CookieCredentialsPlugin()
cookies.loginpagename = 'wclogin.html'
pau.credentialsPlugins = ('cookies',)
# add, configure and register sign-up authenticator plug-in
signups = pau['signups'] = SignupPrincipalFolder('worldcookery.signup.')
signups.signup_roles = ['worldcookery.Visitor', 'worldcookery.Member']
pau.authenticatorPlugins = ('signups',)
# give anonymous user the visitor role
role_manager = IPrincipalRoleManager(root)
role_manager.assignRoleToPrincipal('worldcookery.Visitor', 'zope.anybody')
transaction.commit()
def setupSessionAuthentication(root_folder=None,
principal_credentials=[{
u'id': u'zope.manager',
u'login': u'grok',
u'password': u'grok',
u'title': u'Manager'
}],
auth_foldername=u'authentication',
userfolder_name=u'Users',
userfolder_prefix=u'grokadmin'):
"""Add session authentication PAU to root_folder.
Add a PluggableAuthentication in site manager of
root_folder. ``auth_foldername`` gives the name of the PAU to
install, userfolder_prefix the prefix of the authenticator plugin
(a simple ``PrincipalFolder``), which will be created in the PAU
and gets name ``userfolder_name``. ``principal_credentials`` is a
list of dicts with, well, principal_credentials. The keys ``id``,
``login``, ``password`` and ``title`` are required for each
element of this list.
"""
from zope.component import getUtilitiesFor
from zope.security.proxy import removeSecurityProxy
from zope.app.security.interfaces import IAuthentication
from zope.app.securitypolicy.interfaces import IPrincipalRoleManager
from zope.app.securitypolicy.interfaces import IRole
from zope.app.authentication import PluggableAuthentication
from zope.app.authentication.interfaces import IAuthenticatorPlugin
from zope.app.authentication.principalfolder import PrincipalFolder
from zope.app.authentication.principalfolder import InternalPrincipal
sm = root_folder.getSiteManager()
if auth_foldername in sm.keys():
# There is already a folder of this name.
return
pau = PluggableAuthentication()
users = PrincipalFolder(userfolder_prefix)
# Add users into principals folder to enable login...
for user in principal_credentials:
# XXX make sure, the keys exist...
user['id'] = user['id'].rsplit('.', 1)[-1]
user_title = user['title']
principal = InternalPrincipal(user['login'], user['password'],
user['title'])
users[user['id']] = principal
# Configure the PAU...
pau.authenticatorPlugins = (userfolder_name, )
pau.credentialsPlugins = ("No Challenge if Authenticated",
"Session Credentials")
# Add the pau and its plugin to the root_folder...
sm[auth_foldername] = pau
sm[auth_foldername][userfolder_name] = users
pau.authenticatorPlugins = (users.__name__, )
# Register the PAU with the site...
sm.registerUtility(pau, IAuthentication)
sm.registerUtility(users, IAuthenticatorPlugin, name=userfolder_name)
# Add manager roles to new users...
# XXX the real roles could be obtained from site.zcml.
role_ids = [name for name, util in getUtilitiesFor(IRole, root_folder)]
user_ids = [users.prefix + p['id'] for p in principal_credentials]
role_manager = IPrincipalRoleManager(root_folder)
role_manager = removeSecurityProxy(role_manager)
for role in role_ids:
for user_id in user_ids:
role_manager.assignRoleToPrincipal(role, user_id)
