def __call__(self, object_id): from Products.PluginRegistry.PluginRegistry import PluginRegistry registry = PluginRegistry(()) registry._setId(object_id) self.context._setObject(object_id, registry) return registry
def _makePlugins(self, plugin_type_info=None): from Products.PluggableAuthService.PluggableAuthService \ import _PLUGIN_TYPE_INFO from Products.PluginRegistry.PluginRegistry import PluginRegistry if plugin_type_info is None: plugin_type_info = _PLUGIN_TYPE_INFO reg = PluginRegistry(plugin_type_info=plugin_type_info) reg._setId('plugins') reg._plugins = {} return reg
def addPluggableAuthService( dispatcher, REQUEST=None ): """ Add a PluggableAuthService to 'self. """ pas = PluggableAuthService() preg = PluginRegistry( _PLUGIN_TYPE_INFO ) preg._setId( 'plugins' ) pas._setObject( 'plugins', preg ) dispatcher._setObject( pas.getId(), pas ) if REQUEST is not None: REQUEST['RESPONSE'].redirect( '%s/manage_workspace' '?manage_tabs_message=' 'PluggableAuthService+added.' % dispatcher.absolute_url() )
def _initRegistry(self, plugin_type_info=(), plugins={}): from OFS.Folder import Folder from OFS.SimpleItem import SimpleItem from Products.PluginRegistry.PluginRegistry import PluginRegistry app = Folder() app.getPhysicalPath = lambda: () app.getPhysicalRoot = lambda: app app._setObject('foo_plugin_1', SimpleItem()) app._setObject('foo_plugin_2', SimpleItem()) registry = PluginRegistry(plugin_type_info) registry._plugins = {} # it is usually lazy for plugin_type, registered in plugins.items(): registry._plugins[plugin_type] = registered app._setObject('plugin_registry', registry) registry = app._getOb('plugin_registry') return app, registry
def addConfiguredPAS( dispatcher , base_profile , extension_profiles=() , create_snapshot=True , setup_tool_id='setup_tool' , REQUEST=None ): """ Add a PluggableAuthService to 'self. """ from Products.GenericSetup.tool import SetupTool pas = PluggableAuthService() preg = PluginRegistry( _PLUGIN_TYPE_INFO ) preg._setId( 'plugins' ) pas._setObject( 'plugins', preg ) dispatcher._setObject( pas.getId(), pas ) pas = dispatcher._getOb( pas.getId() ) # wrapped tool = SetupTool( setup_tool_id ) pas._setObject( tool.getId(), tool ) tool = pas._getOb( tool.getId() ) # wrapped tool.setImportContext( 'profile-%s' % base_profile ) tool.runAllImportSteps() for extension_profile in extension_profiles: tool.setImportContext( 'profile-%s' % extension_profile ) tool.runAllImportSteps() tool.setImportContext( 'profile-%s' % base_profile ) if create_snapshot: tool.createSnapshot( 'initial_configuration' ) if REQUEST is not None: REQUEST['RESPONSE'].redirect( '%s/manage_workspace' '?manage_tabs_message=' 'PluggableAuthService+added.' % dispatcher.absolute_url() )
def addPluggableAuthService( dispatcher , base_profile=None , extension_profiles=() , create_snapshot=True , setup_tool_id='setup_tool' , REQUEST=None ): """ Add a PluggableAuthService to 'dispatcher'. o BBB for non-GenericSetup use. """ pas = PluggableAuthService() preg = PluginRegistry( _PLUGIN_TYPE_INFO ) preg._setId( 'plugins' ) pas._setObject( 'plugins', preg ) dispatcher._setObject( pas.getId(), pas ) if REQUEST is not None: REQUEST['RESPONSE'].redirect( '%s/manage_workspace' '?manage_tabs_message=' 'PluggableAuthService+added.' % dispatcher.absolute_url() )
def test_roles_for_control_panel(self): """There's a special case, the users control panel for which we should never grant to users the roles they have got through the groups they belong. In that intent, the control panels view pushes '__ignore_group_roles__' = True in the request. """ root = FauxPAS() # Add a minimal PluginRegistry with a mock IGroupsPlugin, because the # roles plugin depends on it: root._setObject('plugins', PluginRegistry(_PLUGIN_TYPE_INFO)) root._setObject('groups', FauxGroupsPlugin()) root['plugins'].activatePlugin(IGroupsPlugin, 'groups') garm = self._makeOne('garm').__of__(root) # 2 roles garm.addRole('foo_role') garm.addRole('bar_role') # Group 'somegroup' has 'bar_role' garm.assignRoleToPrincipal('bar_role', 'somegroup') # 'johndoe' has 'foo_role' johndoe = DummyUser('johndoe', ('somegroup', )) garm.assignRoleToPrincipal('foo_role', 'johndoe') # 'johndoe' should have 'foo_role' and 'bar_roles' got = garm.getRolesForPrincipal(johndoe) expected = ['foo_role', 'bar_role'] self.assertEqual(set(got), set(expected)) # For the users control panel, johndoe has only the 'foo_role' garm.REQUEST.set('__ignore_group_roles__', True) got = garm.getRolesForPrincipal(johndoe) self.assertEqual(got, ('foo_role', )) # Confirm we can get only the inherited roles garm.REQUEST.set('__ignore_group_roles__', False) garm.REQUEST.set('__ignore_direct_roles__', True) got = garm.getRolesForPrincipal(johndoe) self.assertEqual(got, ('bar_role', )) return
def _replaceUserFolder(self, RESPONSE=None): """replaces the old acl_users folder with a PluggableAuthService, preserving users and passwords, if possible """ from Acquisition import aq_base from Products.PluggableAuthService.PluggableAuthService \ import PluggableAuthService, _PLUGIN_TYPE_INFO from Products.PluginRegistry.PluginRegistry import PluginRegistry from Products.PluggableAuthService.plugins.ZODBUserManager \ import ZODBUserManager from Products.PluggableAuthService.plugins.ZODBRoleManager \ import ZODBRoleManager from Products.PluggableAuthService.interfaces.plugins \ import IAuthenticationPlugin, IUserEnumerationPlugin from Products.PluggableAuthService.interfaces.plugins \ import IRolesPlugin, IRoleEnumerationPlugin, IRoleAssignerPlugin if getattr( aq_base(self), '__allow_groups__', None ): if self.__allow_groups__.__class__ is PluggableAuthService: _write( RESPONSE , 'replaceUserFolder' , 'Already replaced this user folder\n' ) return old_acl = self.__allow_groups__ new_acl = PluggableAuthService() preg = PluginRegistry( _PLUGIN_TYPE_INFO ) preg._setId( 'plugins' ) new_acl._setObject( 'plugins', preg ) self._setObject( 'new_acl_users', new_acl ) new_acl = getattr( self, 'new_acl_users' ) user_folder = ZODBUserManager( 'users' ) new_acl._setObject( 'users', user_folder ) role_manager = ZODBRoleManager( 'roles' ) new_acl._setObject( 'roles', role_manager ) plugins = getattr( new_acl, 'plugins' ) plugins.activatePlugin( IAuthenticationPlugin, 'users' ) plugins.activatePlugin( IUserEnumerationPlugin, 'users' ) plugins.activatePlugin( IRolesPlugin, 'roles' ) plugins.activatePlugin( IRoleEnumerationPlugin, 'roles' ) plugins.activatePlugin( IRoleAssignerPlugin, 'roles' ) for user_name in old_acl.getUserNames(): old_user = old_acl.getUser( user_name ) _write( RESPONSE , 'replaceRootUserFolder' , 'Translating user %s\n' % user_name ) _migrate_user( new_acl.users, user_name, old_user._getPassword() ) new_user = new_acl.getUser( user_name ) for role_id in old_user.getRoles(): if role_id not in ['Authenticated', 'Anonymous']: new_acl.roles.assignRoleToPrincipal( role_id, new_user.getId() ) self._delObject( 'acl_users' ) self._setObject( 'acl_users', aq_base( new_acl ) ) self._delObject( 'new_acl_users' ) self.__allow_groups__ = aq_base( new_acl ) _write( RESPONSE , 'replaceRootUserFolder' , 'Replaced root acl_users with PluggableAuthService\n' ) get_transaction().commit()