def _do_cat_acl(self, obj): prinrole = IPrincipalRoleManager(obj) auth = getUtility(IAuthentication, context=None) user_allow = collections.defaultdict(list) user_deny = collections.defaultdict(list) users = set() for role, principal, setting in prinrole.getPrincipalsAndRoles(): users.add(principal) if setting.getName() == 'Allow': user_allow[principal].append(role) else: user_deny[principal].append(role) acl = {'allow': [], 'deny': []} for principal in users: def formatted_perms(perms): prin = auth.getPrincipal(principal) typ = 'group' if isinstance(prin, Group) else 'user' def grants(i): return ','.join('@%s' % i[0] for i in rolePermissionManager.getPermissionsForRole(i) if i[0] != 'oms.nothing') return (typ, principal, ''.join('%s' % (Role.role_to_nick.get(i, '(%s)' % i)) for i in sorted(perms))) if principal in user_allow: acl['allow'].append('%s:%s:%s' % formatted_perms(user_allow[principal])) if principal in user_deny: acl['deny'].append('%s:%s:%s' % formatted_perms(user_deny[principal])) return acl
def render(self): # Test that our installation was successful pau = queryUtility(IAuthentication) if pau is None or type(pau) is not PluggableAuthenticatorPlugin: if pau is not None: st = "PAU not installed correctly: %s" % pau utilities = getUtilitiesFor(IAuthentication) st += "\n Available utilities are: %s" % [u for u in utilities] return st else: return "PAU Utility not found" st = ('Success: Credentials plugins= %s; Authenticator plugins= %s' % (pau.credentialsPlugins, pau.authenticatorPlugins)) roleMgr = IPrincipalRoleManager(self.context) p = roleMgr.getPrincipalsForRole('gfn.Administrator') st += "\n Administrators: %s" %p for ut in pau.credentialsPlugins: if queryUtility(ICredentialsPlugin, name=ut) is None: st += '\n Could not find credentials plugin for %s' % ut for ut in pau.authenticatorPlugins: if queryUtility(IAuthenticatorPlugin, name=ut) is None: st += '\n Could not find authenticator plugin for %s' % ut return st
def addUser(self, username, email, password, real_name, role): if username not in self.user_folder: user = Account(username, email, password, real_name, role) self.user_folder[username] = user role_manager = IPrincipalRoleManager(grok.getSite()) print role, username role_manager.assignRoleToPrincipal(role, username)
def clean_roles(context, role_id, setting=Allow): """Remove given role for all principals""" prinrole = IPrincipalRoleManager(context) old = prinrole.getPrincipalsForRole(role_id) for x in old: if x[1] == setting: prinrole.unsetRoleForPrincipal(role_id, x[0])
def setup_site_manager(self, context): context.setSiteManager(LocalSiteManager(context)) sm = context.getSiteManager() pau = PluggableAuthentication(prefix='2f.pau.') notify(ObjectCreatedEvent(pau)) sm[u'authentication'] = pau context['PluggableAuthentication'] = pau sm.registerUtility(pau, IAuthentication) annotation_utility = PrincipalAnnotationUtility() sm.registerUtility(annotation_utility, IPrincipalAnnotationUtility) session_data = PersistentSessionDataContainer() sm.registerUtility(session_data, ISessionDataContainer) client_id_manager = CookieClientIdManager() notify(ObjectCreatedEvent(client_id_manager)) sm[u'CookieClientIdManager'] = client_id_manager sm.registerUtility(client_id_manager, ICookieClientIdManager) principals = PrincipalFolder(prefix='users') notify(ObjectCreatedEvent(principals)) pau[u'users'] = principals pau.authenticatorPlugins += (u"users", ) notify(ObjectModifiedEvent(pau)) pau.credentialsPlugins = (u'TwoFactor Session Credentials',) admin1 = InternalPrincipal('admin1', 'admin1', "Admin 1", passwordManagerName="Plain Text") principals['admin1'] = admin1 role_manager = IPrincipalRoleManager(context) login_name = principals.getIdByLogin(admin1.login) pid = unicode('2f.pau.' + login_name) role_manager.assignRoleToPrincipal('zope.Manager', pid)
def accountFromRoles(self, login): ''' Populate self.roles by querying the role manager ''' roleMgr = IPrincipalRoleManager(grok.getSite()) for rid, setting in roleMgr.getRolesForPrincipal('gfn.'+login): if setting.getName() == 'Allow': self.roles.add(rid)
def addUser(self, username, password, real_name): user_folder = grok.getSite()['users'] if username not in user_folder: user = Account(username, password, real_name) user_folder[username] = user role_manager = IPrincipalRoleManager(grok.getSite()) role_manager.assignRoleToPrincipal('merlot.Manager', username)
def handle_delete(self): data, errors = self.extractData() del self.context.__parent__[self.context.__name__] role_manager = IPrincipalRoleManager(grok.getSite()) for role_id, setting in role_manager.getRolesForPrincipal(data['login']): role_manager.removeRoleFromPrincipal(role_id, data['login']) self.redirect(self.url(grok.getSite(), '/benutzer'))
def issue_transition_handler(ob, e): if e.transition.transition_id in UPDATE_RESPONSIBILITY: clean_roles(ob, "dynamic_tacklets.project.DocumentResponsible") prinrole = IPrincipalRoleManager(ob) principal_id = IResponsibility(ob).responsible prinrole.assignRoleToPrincipal("dynamic_tacklets.project.DocumentResponsible", principal_id)
def applyViewContentForCoUsers(factory): principal = factory.object homefolder = IHomeFolder(principal).homeFolder if not homefolder: return if homefolder.__name__ != principal.id: hprm = IPrincipalRoleManager(homefolder) if hprm.getSetting('uvc.HomeFolderUser', principal.id).getName() in ('Deny', 'Unset'): hprm.assignRoleToPrincipal('uvc.HomeFolderUser', principal.id) log('applying Role uvc.HomeFolderUser for USER %s in HOMEFOLDER %s' % (principal.id, homefolder.__name__))
def setup_local(e): sm = e.manager site = sm.__parent__ # root folder intids = IntIds() sm[u'intids'] = intids sm.registerUtility(intids, IIntIds) catalog = Catalog() sm[u'catalog'] = catalog sm.registerUtility(catalog, ICatalog) catalog[u'fulltext'] = TextIndex(interface=ISearchableText, field_name='getSearchableText', field_callable=True) auth = PluggableAuthentication() sm[u'authentication'] = auth sm.registerUtility(auth, IAuthentication) pfolder = principalfolder.PrincipalFolder(prefix='principal.') auth[u'principalfolder'] = pfolder gfolder = groupfolder.GroupFolder(prefix='group.') auth[u'groupfolder'] = gfolder auth.credentialsPlugins += (u'Session Credentials',) auth.authenticatorPlugins += (u'principalfolder', u'groupfolder') pran = PrincipalAnnotationUtility() sm[u'principalannotation'] = pran sm.registerUtility(pran, IPrincipalAnnotationUtility) pwdreset = PasswordResetUtility() sm[u'passwordreset'] = pwdreset sm.registerUtility(pwdreset, IPasswordResetUtility) # default bootstrap admin login = u"manager" password = "******" pfolder[login] = principalfolder.InternalPrincipal(login, password, login, u"", "SSHA") principal_id = pfolder.prefix + login prinrole = IPrincipalRoleManager(site) prinrole.assignRoleToPrincipal('tackle.SystemManager', principal_id) # all authenticated users are guests by default prinrole.assignRoleToPrincipal('tackle.Guest', 'zope.Authenticated') # site title dc = IZopeDublinCore(site) dc.title = u"Tackle" # custom local setup notify(NewLocalSite(sm))
def roles(self): principal_id = self.__principal__.id rolemanager = IPrincipalRoleManager(getSite()) roles = {} for rid in self._roles: roles[rid] = Unset for role, setting in rolemanager.getRolesForPrincipal(principal_id): if role in self._roles: roles[role] = setting return roles
def agregarUsuario(self, usuario, password, confirm_password, nombre_real, rol, seccion): if usuario not in self.contenedor_cuentas: user = Cuenta(usuario, password, nombre_real, rol, seccion) self.contenedor_cuentas[usuario] = user role_manager = IPrincipalRoleManager(grok.getSite()) if rol == u'empleado': role_manager.assignRoleToPrincipal('ct.empleadorol', usuario) if rol == u'administrador': role_manager.assignRoleToPrincipal('ct.adminrol', usuario) else: return u"El nombre de usuario ya existe"
def anlegen(self): data, errors = self.extractData() if errors: self.flash('Es sind Fehler aufgetreten', type='error') return um = getUtility(IUserManagement) um.addUser(**data) # Setting Home Folder Rights for role in data.get('rollen'): principal_roles = IPrincipalRoleManager(self.context.__parent__[role]) principal_roles.assignRoleToPrincipal('uvc.Editor', data.get('mnr')) self.flash(_(u'Der Mitbenutzer wurde gespeichert')) principal = self.request.principal homeFolder = IHomeFolder(principal).homeFolder self.redirect(self.url(homeFolder, '++enms++'))
def assignHomeFolder(self, principalId, folderName=None, create=None): """See IHomeFolderManager""" # The name of the home folder is folderName, if specified, otherwise # it is the principal id name = folderName or principalId # Make the assignment. self.assignments[principalId] = name # Create a home folder instance, if the correct flags are set. if (create is True) or (create is None and self.createHomeFolder): if name not in self.homeFolderBase: objectToCreate = resolve(self.containerObject) self.homeFolderBase[name] = objectToCreate() principal_roles = IPrincipalRoleManager(self.homeFolderBase[name]) for role in self.homeFolderRole: principal_roles.assignRoleToPrincipal( role, principalId)
def prepare(self): results = getUtility(IAcknowledgements).search(object=self.context) acknowledged = [i.principal for i in results] allusers = searchPrincipals( type=('user',), principalSubscribed={'any_of': (True,)}) members = [] bannedusers = getUtility(IBanPrincipalConfiglet) rolemanager = IPrincipalRoleManager(getSite()) checkroles = ['zope.Anonymous', ] portal_roles = getUtility(IPortalRoles) if 'site.member' in portal_roles: checkroles.append(portal_roles['site.member'].id) for pid in [i.id for i in allusers if i.id not in acknowledged]: # Note: skip banned users if pid in bannedusers.banned: continue try: principal = getPrincipal(pid) except PrincipalLookupError: continue # Note: skip users with Deny roles nextitem = False for role, setting in rolemanager.getRolesForPrincipal(pid): if role == 'zope.Manager': continue if role in checkroles and setting == Deny: nextitem = True break if nextitem: continue profile = IPersonalProfile(principal, None) if profile is None: continue members.append(profile) return self.export(members)
def __call__(self, *args): site = getObject(self.context) sm = site.getSiteManager() # устанавливаем утилиту аутентификации if u'authentication' not in sm: pau = zope.pluggableauth.PluggableAuthentication(prefix='bbru.') zope.event.notify(ObjectCreatedEvent(pau)) sm[u'authentication'] = pau sm.registerUtility(pau, IAuthentication) pau = sm.getUtility(IAuthentication) # устанавливаем в утилиту аутентификации # стандартный контейнер для пользователей if u'principals' not in pau: plugin = PrincipalFolder(prefix='principal.') zope.event.notify(ObjectCreatedEvent(plugin)) pau[u'principals'] = plugin pau.authenticatorPlugins += (u'principals',) zope.event.notify(ObjectModifiedEvent(pau)) # устанавливаем в утилиту аутентификации # стандартный контейнер для групп пользователей if u'group' not in pau: groupfolder = GroupFolder(prefix='group.') zope.event.notify(ObjectCreatedEvent(groupfolder)) pau[u'group'] = groupfolder pau.authenticatorPlugins += (u'group',) zope.event.notify(ObjectModifiedEvent(pau)) groupfolder = pau[u'group'] roles = IPrincipalRoleManager(site) # создаем одну предустановленную группу if u'members' not in groupfolder: group = GroupInformation(title=u'members') zope.event.notify(ObjectCreatedEvent(group)) groupfolder[u'members'] = group roles.assignRoleToPrincipal('bbru.Member', 'bbru.group.members') # конфигрируем утилиту подключаемой аутентификации так, чтобы # использовать сессии для хранения удостоверений безопасности if u'Session Credentials' not in pau.credentialsPlugins: pau.credentialsPlugins += (u'Session Credentials',)
def prepare(self): results = getUtility(IAcknowledgements).search(object=self.context) if len(results) > 0: members = [] # localtz = tz.tzlocal() bannedusers = getUtility(IBanPrincipalConfiglet) rolemanager = IPrincipalRoleManager(getSite()) checkroles = ['zope.Anonymous', ] portal_roles = getUtility(IPortalRoles) if 'site.member' in portal_roles: checkroles.append(portal_roles['site.member'].id) for pid, ack_date in [(i.principal, i.date) for i in results]: # Note: skip banned users if pid in bannedusers.banned: continue try: principal = getPrincipal(pid) except PrincipalLookupError: continue # Note: skip users with Deny roles nextitem = False for role, setting in rolemanager.getRolesForPrincipal(pid): if role == 'zope.Manager': continue if role in checkroles and setting == Deny: nextitem = True break if nextitem: continue profile = IPersonalProfile(principal, None) if profile is None: continue members.append( (profile, ack_date.strftime('%Y-%m-%d %H:%M UTC'))) # NOTE: convert date to local time zone # .replace(tzinfo=utc).astimezone(localtz).strftime('%Y-%m-%d %H:%M %Z') return self.export(members)
def handle_add(self): data, errors = self.extractData() if errors: self.flash(u'Es ist ein Fehler aufgetreten', 'warning') return changes = apply_data_event(self.fields, self.context, data) role_manager = IPrincipalRoleManager(grok.getSite()) for role_id, setting in role_manager.getRolesForPrincipal(data['login']): role_manager.removeRoleFromPrincipal(role_id, data['login']) role_manager.assignRoleToPrincipal(data['role'], data['login']) print role_manager.getRolesForPrincipal(data['login']) self.redirect(self.url(grok.getSite(), '/benutzer'))
def applyPermissionsForExistentCoUsers(factory): principal = factory.object createProductFolders(principal) homefolder = IHomeFolder(principal).homeFolder if not homefolder: return um = getUtility(IUserManagement) user = um.getUser(principal.id) rollen = user['rollen'] if user['az'] != '00': pid = "%s-%s" % (user['mnr'], user['az']) else: pid = user['mnr'] if homefolder.__name__ != pid: for pf in homefolder.keys(): if pf in rollen: prm = IPrincipalRoleManager(homefolder.get(pf)) if prm.getSetting('uvc.Editor', pid).getName() == 'Unset': prm.assignRoleToPrincipal('uvc.Editor', pid) uvcsite.log('Give uvc.Editor to %s in folder %s' % (pid, pf))
def _do_print_acl(self, obj, verbose, recursive, seen): prinrole = IPrincipalRoleManager(obj) auth = getUtility(IAuthentication, context=None) user_allow = collections.defaultdict(list) user_deny = collections.defaultdict(list) users = set() for role, principal, setting in prinrole.getPrincipalsAndRoles(): users.add(principal) if setting.getName() == 'Allow': user_allow[principal].append(role) else: user_deny[principal].append(role) for principal in users: def formatted_perms(perms): prin = auth.getPrincipal(principal) typ = 'group' if isinstance(prin, Group) else 'user' if verbose: def grants(i): return ','.join('@%s' % i[0] for i in rolePermissionManager.getPermissionsForRole(i) if i[0] != 'oms.nothing') return (typ, principal, ''.join('%s{%s}' % (Role.role_to_nick.get(i, '(%s)' % i), grants(i)) for i in sorted(perms))) else: return (typ, principal, ''.join(Role.role_to_nick.get(i, '(%s)' % i) for i in sorted(perms))) if principal in user_allow: self.write("%s:%s:+%s\n" % formatted_perms(user_allow[principal])) if principal in user_deny: self.write("%s:%s:-%s\n" % formatted_perms(user_deny[principal])) if recursive and IContainer.providedBy(follow_symlinks(obj)): for sobj in follow_symlinks(obj).listcontent(): if follow_symlinks(sobj) not in seen: seen.append(sobj) self.write('%s:\n' % canonical_path(sobj)) self._do_print_acl(sobj, verbose, recursive, seen)
class PrincipalRoles(grok.Adapter): """Grant a role to a principal. """ grok.context(IPrincipal) grok.implements(IPrincipalRoles) def __init__(self, context): site = getSite() self.userid = context.id self.manager = IPrincipalRoleManager(site) @apply def roles(): """Writable property for roles. """ def get(self): setting = self.manager.getRolesForPrincipal(self.userid) return [role[0] for role in setting if role[1] is Allow] def set(self, roles): # removing undefined roles setting = self.manager.getRolesForPrincipal(self.userid) for role in setting: if role[0] not in roles and role[1] is Allow: self.manager.unsetRoleForPrincipal(role[0], self.userid) # setting new roles for role in roles: self.manager.assignRoleToPrincipal(role, self.userid) return property(get, set)
def update(self, **data): cn = '%s-%s' % (self.mnr, data.get('az')) self.um.updUser(**data) for role in self.__parent__.values(): principal_roles = IPrincipalRoleManager(role) principal_roles.removeRoleFromPrincipal('uvc.Editor', cn) for role in data.get('rollen'): principal_roles = IPrincipalRoleManager(self.__parent__[role]) principal_roles.assignRoleToPrincipal('uvc.Editor', cn)
def create_user(self, site, sm, data, site_roles=(), site_permissions=(), prefix='bbru.principal.', folder_key=u'principals'): auth = sm.getUtility(IAuthentication) principalfolder = auth[folder_key] key = data['login'] # convenient principal = InternalPrincipal( data['login'], data['password'], data.get('title') or data['login'].title(), data.get('description') or u'', data.get('passwordManagerName') or 'SSHA') if key not in principalfolder: principalfolder[key] = principal roles = IPrincipalRoleManager(site) for role in site_roles: roles.assignRoleToPrincipal(role, prefix + data['login']) permissions = IPrincipalPermissionManager(site) for permission in site_permissions: permissions.grantPermissionToPrincipal( permission, prefix + data['login'])
def rolesFromAccount(self): ''' Populate the managed roles for this principal from self.roles ''' roleMgr = IPrincipalRoleManager(grok.getSite()) if self.login == 'admin': self.roles.add('gfn.Administrator') for rid, _setting in roleMgr.getRolesForPrincipal('gfn.'+self.login): roleMgr.unsetRoleForPrincipal(rid, 'gfn.'+self.login) for role in self.roles: roleMgr.assignRoleToPrincipal(role, 'gfn.'+self.login)
def roles(self, value): principal_id = self.__principal__.id rolemanager = IPrincipalRoleManager(getSite()) for role, setting in value.items(): if role not in self._roles: continue if setting is Allow: rolemanager.assignRoleToPrincipal(role, principal_id) elif setting is Deny: rolemanager.removeRoleFromPrincipal(role, principal_id) else: rolemanager.unsetRoleForPrincipal(role, principal_id)
def __init__(self, *args, **kwargs): ''' Create an administrator with default login and password ''' super(AuthenticatorPlugin, self).__init__(*args, **kwargs) su = InternalPrincipal(login='******', password='******', title=u'Administrator', description=u'The SuperUser') self['admin'] = su roleMgr = IPrincipalRoleManager(grok.getSite()) for uid, _setting in roleMgr.getPrincipalsForRole('gfn.Administrator'): roleMgr.unsetRoleForPrincipal('gfn.Administrator', 'gfn.'+uid) uid = self.getIdByLogin('admin') roleMgr.assignRoleToPrincipal('gfn.Administrator', 'gfn.'+uid)
def removeUser(self, username): user_folder = grok.getSite()['users'] if username in user_folder: role_manager = IPrincipalRoleManager(grok.getSite()) role_manager.removeRoleFromPrincipal('merlot.Manager', username) del user_folder[username]
def getRoles(self, user): manager = IPrincipalRoleManager(self.context) setting = manager.getRolesForPrincipal(user) return [role[0] for role in setting if role[1] is Allow]
def grant_role(self, role_id, pids): if isinstance(pids, basestring): pids = [pids] role_id = ROLE_MAP[role_id] prinrole = IPrincipalRoleManager(self.context) for pid in pids: prinrole.assignRoleToPrincipal(role_id, pid)
def createUtils(root_folder, connection=None, dummy_db=None): madeLdapAdapter = ensureUtility(\ root_folder, IManageableLDAPAdapter, 'ManageableLDAPAdapter', ManageableLDAPAdapter, name='ManageableLDAPAdapter', copy_to_zlog=False) madeLdapPas = ensureUtility(\ root_folder, IMyLDAPAuthentication, 'MyLDAPAuthentication', MyLDAPAuthentication, name='MyLDAPAuthentication', copy_to_zlog=False) if isinstance(madeLdapPas, MyLDAPAuthentication): madeLdapPas.adapterName = 'ManageableLDAPAdapter' madeLdapPas.searchBase = u'ou=staff,o=ikom-online,c=de,o=ifdd' madeLdapPas.searchScope = u'sub' madeLdapPas.groupsSearchBase = u'cn=testIKOMtrol,o=ikom-online,c=de,o=ifdd' madeLdapPas.groupsSearchScope = u'one' madeLdapPas.loginAttribute = u'uid' madeLdapPas.principalIdPrefix = u'principal.' madeLdapPas.idAttribute = u'uid' madeLdapPas.titleAttribute = u'cn' madeLdapPas.groupIdAttribute = u'cn' madePluggableAuthentication = ensureUtility(\ root_folder, IAdmUtilUserManagement, 'AdmUtilUserManagement', AdmUtilUserManagement, name='', copy_to_zlog=False) if isinstance(madePluggableAuthentication, PluggableAuthentication): logger.info(u"bootstrap: Ensure named AdmUtilUserManagement") dcore = IWriteZopeDublinCore(madePluggableAuthentication) dcore.title = u"User Authentication" dcore.created = datetime.utcnow() madePluggableAuthentication.ikName = dcore.title # madePluggableAuthentication.__post_init__() sitem = root_folder.getSiteManager() utils = [ util for util in sitem.registeredUtilities() if util.provided.isOrExtends(IAdmUtilSupervisor) ] instAdmUtilSupervisor = utils[0].component instAdmUtilSupervisor.appendEventHistory(\ u" bootstrap: made AdmUtilUserManagement-Utility") groups = GroupFolder(u'group.') madePluggableAuthentication[u'groups'] = groups principals = PrincipalFolder(u'principal.') madePluggableAuthentication[u'principals'] = principals madePluggableAuthentication.credentialsPlugins = \ (u'Session Credentials', u'No Challenge if Authenticated',) p_user = InternalPrincipal(u'User', u'User', u'Initial User', passwordManagerName="SHA1") p_manager = InternalPrincipal(u'Manager', u'Manager', u'Initial Manager', passwordManagerName="SHA1") p_admin = InternalPrincipal(u'Administrator', u'Administrator', u'Initial Administrator', passwordManagerName="SHA1") p_developer = InternalPrincipal(u'Developer', u'Developer', u'Initial Developer', passwordManagerName="SHA1") principals[u'User'] = p_user principals[u'Manager'] = p_manager principals[u'Administrator'] = p_admin principals[u'Developer'] = p_developer grp_usr = GroupInformation( u'User', u'view & analyse data, generate reports ' u'& leave notes at any object') grp_mgr = GroupInformation( u'Manager', u'search, connect, configure ' u'& delete devices') grp_adm = GroupInformation( u'Administrator', u'install, configure ' u'& administrate System') grp_dvl = GroupInformation( u'Developer', u'individual adaption ' u'& development on System') grp_usr.principals = [u'principal.User'] grp_mgr.principals = [u'principal.Manager'] grp_adm.principals = [u'principal.Administrator'] grp_dvl.principals = [u'principal.Developer'] groups[u'User'] = grp_usr groups[u'Manager'] = grp_mgr groups[u'Administrator'] = grp_adm groups[u'Developer'] = grp_dvl #import pdb #pdb.set_trace() madePluggableAuthentication[u'LDAPAuthentication'] = madeLdapPas madePluggableAuthentication.authenticatorPlugins = \ (u'groups', u'principals', u'LDAPAuthentication') prm = IPrincipalRoleManager(root_folder) prm.assignRoleToPrincipal(u'org.ict_ok.usr', u'group.User') prm.assignRoleToPrincipal(u'org.ict_ok.mgr', u'group.Manager') prm.assignRoleToPrincipal(u'org.ict_ok.adm', u'group.Administrator') prm.assignRoleToPrincipal(u'org.ict_ok.dvl', u'group.Developer') transaction.get().commit() if connection is not None: connection.close()
def __init__(self, context): self._rolemanager = IPrincipalRoleManager(context) self.context = context
def grantCreator(obj): dc = IWriteZopeDublinCore(obj) role_manager = IPrincipalRoleManager(obj) role_manager.assignRoleToPrincipal('quotationtool.Creator', dc.creators[0])
def borrarUsuario(self, usuario): if usuario in self.contenedor_cuentas: role_manager = IPrincipalRoleManager(grok.getSite()) rol = role_manager.getRolesForPrincipal(usuario)[0] role_manager.removeRoleFromPrincipal(rol[0], usuario) del self.contenedor_cuentas[usuario]
def unset_role(self, role_id, pids): if isinstance(pids, basestring): pids = [pids] role_id = ROLE_MAP[role_id] prinrole = IPrincipalRoleManager(self.context) for pid in pids: prinrole.unsetRoleForPrincipal(role_id, pid)
def deny_role(self, role_id, pids): if isinstance(pids, basestring): pids = [pids] role_id = ROLE_MAP[role_id] prinrole = IPrincipalRoleManager(self.context) for pid in pids: prinrole.removeRoleFromPrincipal(role_id, pid)
def update(self): prm = IPrincipalRoleManager(self.context) principals = prm.getPrincipalsForRole('uvc.Editor') self.allowed_principals = [x[0] for x in principals if x[1] is Allow]
def delete(self, az): cn = '%s-%s' % (self.mnr, az) self.um.deleteUser(cn) for role in self.__parent__.values(): principal_roles = IPrincipalRoleManager(role) principal_roles.removeRoleFromPrincipal('uvc.Editor', cn)
def create(self, uid): home = self.container[uid] = self.content_factory() principal_roles = IPrincipalRoleManager(home) for role in self.owner_roles: principal_roles.assignRoleToPrincipal(role, uid) return home
def roles(self, values): prmanager = IPrincipalRoleManager(self.context) for role_id in self.roles: prmanager.unsetRoleForPrincipal(role_id, self.principal_id) for role_id in values: prmanager.assignRoleToPrincipal(role_id, self.principal_id)
class Ownership(object): adapts(IOwnerAware) implements(IOwnership) def __init__(self, context): self._rolemanager = IPrincipalRoleManager(context) self.context = context def _getCurrentOwnerId(self): settings = self._rolemanager.getPrincipalsForRole(OWNER_ROLE) principals = [ principal_id for (principal_id, setting) in settings if sameProxiedObjects(setting, Allow) ] if not principals: return None if len(principals) > 1: raise RuntimeError( 'Object has multiple owners. This should not happen') return principals[0] @apply def owner(): def fget(self): principal_id = self._getCurrentOwnerId() if principal_id is None: return None try: return getUtility(IAuthentication).getPrincipal(principal_id) except PrincipalLookupError: return None def fset(self, new_owner): if not (new_owner is None or IPrincipal.providedBy(new_owner)): raise ValueError('IPrincipal object or None required') if new_owner is None: new_owner_id = None else: new_owner_id = new_owner.id current_owner_id = self._getCurrentOwnerId() if new_owner_id == current_owner_id: return if current_owner_id is not None: self._rolemanager.unsetRoleForPrincipal( OWNER_ROLE, current_owner_id) current_owner = getUtility(IAuthentication).getPrincipal( current_owner_id) else: current_owner = None if new_owner_id: self._rolemanager.assignRoleToPrincipal( OWNER_ROLE, new_owner_id) notify(OwnerChangedEvent(self.context, new_owner, current_owner)) return property(fget, fset)
def bootStrapSubscriberDatabase(event): """initialisation of usermanagement utility on first database startup """ if appsetup.getConfigContext().hasFeature('devmode'): logger.info(u"starting bootStrapSubscriberDatabase (org.ict_ok...)") dummy_db, connection, dummy_root, root_folder = \ getInformationFromEvent(event) madePluggableAuthentication = ensureUtility(\ root_folder, IAdmUtilUserManagement, 'AdmUtilUserManagement', AdmUtilUserManagement, copy_to_zlog=False, asObject=True) if isinstance(madePluggableAuthentication, PluggableAuthentication): logger.info(u"bootstrap: Ensure named AdmUtilUserManagement") dcore = IWriteZopeDublinCore(madePluggableAuthentication) dcore.title = u"User Authentication" dcore.created = datetime.utcnow() madePluggableAuthentication.ikName = dcore.title # madePluggableAuthentication.__post_init__() sitem = root_folder.getSiteManager() utils = [ util for util in sitem.registeredUtilities() if util.provided.isOrExtends(IAdmUtilSupervisor) ] instAdmUtilSupervisor = utils[0].component instAdmUtilSupervisor.appendEventHistory(\ u" bootstrap: made AdmUtilUserManagement-Utility") groups = GroupFolder(u'group.') madePluggableAuthentication[u'groups'] = groups principals = PrincipalFolder(u'principal.') madePluggableAuthentication[u'principals'] = principals madePluggableAuthentication.credentialsPlugins = \ (u'Session Credentials', u'No Challenge if Authenticated',) p_user = InternalPrincipal(u'User', u'User', u'Initial User', passwordManagerName="SHA1") p_manager = InternalPrincipal(u'Manager', u'Manager', u'Initial Manager', passwordManagerName="SHA1") p_admin = InternalPrincipal(u'Administrator', u'Administrator', u'Initial Administrator', passwordManagerName="SHA1") p_developer = InternalPrincipal(u'Developer', u'Developer', u'Initial Developer', passwordManagerName="SHA1") principals[u'User'] = p_user principals[u'Manager'] = p_manager principals[u'Administrator'] = p_admin principals[u'Developer'] = p_developer grp_usr = GroupInformation( u'User', u'view & analyse data, generate reports ' u'& leave notes at any object') grp_mgr = GroupInformation( u'Manager', u'search, connect, configure ' u'& delete devices') grp_adm = GroupInformation( u'Administrator', u'install, configure ' u'& administrate System') grp_dvl = GroupInformation( u'Developer', u'individual adaption ' u'& development on System') grp_usr.principals = [u'principal.User'] grp_mgr.principals = [u'principal.Manager'] grp_adm.principals = [u'principal.Administrator'] grp_dvl.principals = [u'principal.Developer'] groups[u'User'] = grp_usr groups[u'Manager'] = grp_mgr groups[u'Administrator'] = grp_adm groups[u'Developer'] = grp_dvl madePluggableAuthentication.authenticatorPlugins = (u'groups', u'principals') prm = IPrincipalRoleManager(root_folder) prm.assignRoleToPrincipal(u'org.ict_ok.usr', u'group.User') prm.assignRoleToPrincipal(u'org.ict_ok.mgr', u'group.Manager') prm.assignRoleToPrincipal(u'org.ict_ok.adm', u'group.Administrator') prm.assignRoleToPrincipal(u'org.ict_ok.dvl', u'group.Developer') transaction.get().commit() connection.close()