def assignRoleToPrincipal( self, role_id, principal_id, REQUEST=None ): try: return ZODBRoleManager.assignRoleToPrincipal( self, role_id, principal_id, REQUEST) except KeyError: # Lazily update our roles list and try again self.updateRolesList() return ZODBRoleManager.assignRoleToPrincipal( self, role_id, principal_id, REQUEST)
def assignRoleToPrincipal(self, role_id, principal_id, REQUEST=None): try: return ZODBRoleManager.assignRoleToPrincipal( self, role_id, principal_id) except KeyError: # Lazily update our roles list and try again self.updateRolesList() return ZODBRoleManager.assignRoleToPrincipal( self, role_id, principal_id)
def _replaceUserFolder(self, RESPONSE=None): """replaces the old acl_users folder with a PluggableAuthService, preserving users and passwords, if possible """ from Acquisition import aq_base from Products.PluggableAuthService.PluggableAuthService \ import PluggableAuthService, _PLUGIN_TYPE_INFO from Products.PluginRegistry.PluginRegistry import PluginRegistry from Products.PluggableAuthService.plugins.ZODBUserManager \ import ZODBUserManager from Products.PluggableAuthService.plugins.ZODBRoleManager \ import ZODBRoleManager from Products.PluggableAuthService.interfaces.plugins \ import IAuthenticationPlugin, IUserEnumerationPlugin from Products.PluggableAuthService.interfaces.plugins \ import IRolesPlugin, IRoleEnumerationPlugin, IRoleAssignerPlugin if getattr(aq_base(self), '__allow_groups__', None): if self.__allow_groups__.__class__ is PluggableAuthService: _write(RESPONSE, 'replaceUserFolder', 'Already replaced this user folder\n') return # Capture all the user info from the previous user folder, # then delete it. old_acl = self.__allow_groups__ user_map = [] for user_name in old_acl.getUserNames(): old_user = old_acl.getUser(user_name) _write(RESPONSE, 'replaceRootUserFolder', 'Capturing user info for %s\n' % user_name) user_map.append({ 'login': user_name, 'password': old_user._getPassword(), 'roles': old_user.getRoles() }) self._delObject('acl_users') # Create the new PluggableAuthService, and re-populate from # the captured data _pas = self.manage_addProduct['PluggableAuthService'] new_pas = _pas.addPluggableAuthService() new_acl = self.acl_users user_folder = ZODBUserManager('users') new_acl._setObject('users', user_folder) role_manager = ZODBRoleManager('roles') new_acl._setObject('roles', role_manager) plugins = getattr(new_acl, 'plugins') plugins.activatePlugin(IAuthenticationPlugin, 'users') plugins.activatePlugin(IUserEnumerationPlugin, 'users') plugins.activatePlugin(IRolesPlugin, 'roles') plugins.activatePlugin(IRoleEnumerationPlugin, 'roles') plugins.activatePlugin(IRoleAssignerPlugin, 'roles') for user_dict in user_map: _write(RESPONSE, 'replaceRootUserFolder', 'Translating user %s\n' % user_name) login = user_dict['login'] password = user_dict['password'] roles = user_dict['roles'] _migrate_user(new_acl, login, password, roles) _write(RESPONSE, 'replaceRootUserFolder', 'Replaced root acl_users with PluggableAuthService\n') transaction.savepoint(True)
def getRoleInfo(self, role_id): if role_id not in self._roles: self.updateRolesList() return ZODBRoleManager.getRoleInfo(self, role_id)
def listRoleInfo(self): self.updateRolesList() return ZODBRoleManager.listRoleInfo(self)
def _replaceUserFolder(self, RESPONSE=None): """replaces the old acl_users folder with a PluggableAuthService, preserving users and passwords, if possible """ from Acquisition import aq_base from Products.PluggableAuthService.PluggableAuthService \ import PluggableAuthService, _PLUGIN_TYPE_INFO from Products.PluginRegistry.PluginRegistry import PluginRegistry from Products.PluggableAuthService.plugins.ZODBUserManager \ import ZODBUserManager from Products.PluggableAuthService.plugins.ZODBRoleManager \ import ZODBRoleManager from Products.PluggableAuthService.interfaces.plugins \ import IAuthenticationPlugin, IUserEnumerationPlugin from Products.PluggableAuthService.interfaces.plugins \ import IRolesPlugin, IRoleEnumerationPlugin, IRoleAssignerPlugin if getattr( aq_base(self), '__allow_groups__', None ): if self.__allow_groups__.__class__ is PluggableAuthService: _write( RESPONSE , 'replaceUserFolder' , 'Already replaced this user folder\n' ) return old_acl = self.__allow_groups__ new_acl = PluggableAuthService() preg = PluginRegistry( _PLUGIN_TYPE_INFO ) preg._setId( 'plugins' ) new_acl._setObject( 'plugins', preg ) self._setObject( 'new_acl_users', new_acl ) new_acl = getattr( self, 'new_acl_users' ) user_folder = ZODBUserManager( 'users' ) new_acl._setObject( 'users', user_folder ) role_manager = ZODBRoleManager( 'roles' ) new_acl._setObject( 'roles', role_manager ) plugins = getattr( new_acl, 'plugins' ) plugins.activatePlugin( IAuthenticationPlugin, 'users' ) plugins.activatePlugin( IUserEnumerationPlugin, 'users' ) plugins.activatePlugin( IRolesPlugin, 'roles' ) plugins.activatePlugin( IRoleEnumerationPlugin, 'roles' ) plugins.activatePlugin( IRoleAssignerPlugin, 'roles' ) for user_name in old_acl.getUserNames(): old_user = old_acl.getUser( user_name ) _write( RESPONSE , 'replaceRootUserFolder' , 'Translating user %s\n' % user_name ) _migrate_user( new_acl.users, user_name, old_user._getPassword() ) new_user = new_acl.getUser( user_name ) for role_id in old_user.getRoles(): if role_id not in ['Authenticated', 'Anonymous']: new_acl.roles.assignRoleToPrincipal( role_id, new_user.getId() ) self._delObject( 'acl_users' ) self._setObject( 'acl_users', aq_base( new_acl ) ) self._delObject( 'new_acl_users' ) self.__allow_groups__ = aq_base( new_acl ) _write( RESPONSE , 'replaceRootUserFolder' , 'Replaced root acl_users with PluggableAuthService\n' ) get_transaction().commit()