def setGroupsForPrincipal(event): """Set local group information when a principal is created. Note: IUnauthenticatedPrincipal does not provide IGroupAwarePrincipal which is just wrong and makes the conditions a little bit complicated. """ principal = event.principal # set only groups for group aware principals or unauthenticated which are # group aware too. This allows us to apply local roles to unautenticated # principals which allows to apply permissions/roles via local groups which # the application does not provide at global level. if not (IGroupAwarePrincipal.providedBy(principal) or IUnauthenticatedPrincipal.providedBy(principal)): return authentication = event.authentication for name, plugin in authentication.getAuthenticatorPlugins(): if not interfaces.IGroupContainer.providedBy(plugin): continue # set groups for principals but not a group to itself. This could happen # for global defined groups principal.groups.extend( [id for id in plugin.getGroupsForPrincipal(principal.id) if id != principal.id])
def specialGroups(event): """Set groups for IGroupAwarePrincipal.""" principal = event.principal # only apply to non groups because it will end in cycle dependencies # since the principal will have tis role anyway if (IGroup.providedBy(principal) or not (IGroupAwarePrincipal.providedBy(principal) or IUnauthenticatedPrincipal.providedBy(principal))): return # global utility registered by everybodyGroup directive everyone = zope.component.queryUtility(IEveryoneGroup) if everyone is not None and everyone.id != principal.id and \ everyone.id not in principal.groups: principal.groups.append(everyone.id) if IUnauthenticatedPrincipal.providedBy(principal): # global utility registered by unauthenticatedGroup directive unAuthGroup = zope.component.queryUtility(IUnauthenticatedGroup) if unAuthGroup is not None and unAuthGroup.id != principal.id and \ unAuthGroup.id not in principal.groups: principal.groups.append(unAuthGroup.id) else: # global utility registered by authenticatedGroup directive authGroup = zope.component.queryUtility(IAuthenticatedGroup) if authGroup is not None and authGroup.id != principal.id and \ authGroup.id not in principal.groups: principal.groups.append(authGroup.id)
def getGroups(self, type=None): if type is None: type = IPrincipal principal = self.principal if IGroupAwarePrincipal.providedBy(principal): if principal.groups: seen = set() principals = getUtility(IAuthentication) stack = [iter(principal.groups)] if IGroup.providedBy(principal): stack.append(iter([principal.id])) while stack: try: group_id = stack[-1].next() except StopIteration: stack.pop() else: if group_id not in seen: group = principals.getPrincipal(group_id) seen.add(group_id) stack.append(iter(group.groups)) if type.providedBy(group): yield group
def specialGroups(event): principal = event.principal if (IGroup.providedBy(principal) or not IGroupAwarePrincipal.providedBy(principal)): return everyone = component.queryUtility(IEveryoneGroup) if everyone is not None: principal.groups.append(everyone.id) auth = component.queryUtility(IAuthenticatedGroup) if auth is not None: principal.groups.append(auth.id)
def setGroupsForPrincipal(event): """Set group information when a principal is created""" principal = event.principal if not IGroupAwarePrincipal.providedBy(principal): return authentication = event.authentication for name, plugin in authentication.getAuthenticatorPlugins(): if not IGroupFolder.providedBy(plugin): continue groupfolder = plugin principal.groups.extend( [authentication.prefix + id for id in groupfolder.getGroupsForPrincipal(principal.id) ]) id = principal.id prefix = authentication.prefix + groupfolder.prefix if id.startswith(prefix) and id[len(prefix):] in groupfolder: alsoProvides(principal, IGroup)
def getPortalGroups(self): """Returns portal wide groups.""" for principal in principalRegistry.getPrincipals(''): if IGroupAwarePrincipal.providedBy(principal): continue yield principal.id, principal.title