def updLocalRoles(self, path=None, row=None, roles=None): """ Update the specified roles. """ if roles is None: roles = [] if path and path in self.localRoles and row is not None: try: self.localRoles[path][row]['_roles'] = roles except (IndexError, TypeError): logger.warning("updLocalRoles error updating row %s from %s" % (str(row), str(path)), exc_info=True)
def authenticateCredentials(self, credentials): """See class's docstring and IAuthenticationPlugin.""" mappings = credentials.pop('_getMappings', []) defaultRoles = credentials.pop('_defaultRoles', []) userId = credentials.get(usernameKey, None) pas = self._getPAS() if not pas: return None elif userId is None: return None # Pass control to the next IAuthenticationPlugin. user = pas.getUserById(userId) if user is None: # Make a user with id `userId`, and assign him at least the Member # role, since user doesn't exist. # Make sure we actually have user adders and role assigners. It # would be ugly to succeed at making the user but be unable to # assign him the role. userAdders = self.plugins.listPlugins(IUserAdderPlugin) if not userAdders: raise NotImplementedError("I wanted to make a new user, but" " there are no PAS plugins active" " that can make users.") roleAssigners = self.plugins.listPlugins(IRoleAssignerPlugin) if not roleAssigners: raise NotImplementedError("I wanted to make a new user and give" " him the Member role, but there are" " no PAS plugins active that assign" " roles to users.") # Add the user to the first IUserAdderPlugin that works: user = None for _, curAdder in userAdders: if curAdder.doAddUser(userId, self._generatePassword()): # Assign a dummy password. It'll never be used;. user = self._getPAS().getUser(userId) try: membershipTool = getToolByName(self, 'portal_membership') if not membershipTool.getHomeFolder(userId): membershipTool.createMemberArea(userId) except (ConflictError, KeyboardInterrupt): raise except Exception: pass self._updateUserProperties(user, credentials) break # Build a list of roles to assign to the user, starting with the # default roles (usually at least Member) roles = {} for role in defaultRoles: roles[role] = True groups = [] if credentials.has_key('filters'): for role in mappings: # for each source given in authz_mappings for ii in role['values'].iterkeys(): assignRole = False # if the authz_mappings pattern is not set, assume ok if not role['values'][ii]: assignRole = True # if the source exists in the environment elif credentials['filters'].has_key(ii): try: # compile the pattern from authz_mappings oRe = re.compile(role['values'][ii]) # and compare the pattern to the environment # value match = oRe.search(credentials['filters'][ii]) except (ConflictError, KeyboardInterrupt): raise except Exception: match = False if match: assignRole = True if not assignRole: break # either there was no pattern or the pattern matched # for every mapping, so add specified roles or groups. if assignRole: for ii in role['roles'].iterkeys(): if role['roles'][ii] == 'on': roles[ii] = True for ii in role['groupid']: groups.append(ii) # Map the given roles to the user using all available # IRoleAssignerPlugins (just like doAddUser does for some reason): for curAssignerId, curAssigner in roleAssigners: for role in roles.iterkeys(): try: curAssigner.doAssignRoleToPrincipal(user.getId(), role) except _SWALLOWABLE_PLUGIN_EXCEPTIONS: logger.warning('RoleAssigner %s error' % curAssignerId, exc_info=True) source_groups = getToolByName(self, 'source_groups') for ii in groups: source_groups.addPrincipalToGroup(user.getId(), ii) else: config = self.getConfig() if config.get(autoUpdateUserPropertiesKey, 0): self._updateUserProperties(user, credentials) #Allow other plugins to handle credentials; eg session or cookie pas.updateCredentials(self.REQUEST, self.REQUEST.RESPONSE, userId, "") return userId, userId
def authenticateCredentials(self, credentials): """See class's docstring and IAuthenticationPlugin.""" mappings = credentials.pop('_getMappings', []) defaultRoles = credentials.pop('_defaultRoles', []) userId = credentials.get(usernameKey, None) pas = self._getPAS() if not pas: # pragma: no cover return None elif userId is None: return None # Pass control to the next IAuthenticationPlugin. user = pas.getUserById(userId) if user is None: with safe_write(self.REQUEST): # Make a user with id `userId`, and assign him at least the Member # role, since user doesn't exist. # Make sure we actually have user adders and role assigners. It # would be ugly to succeed at making the user but be unable to # assign him the role. userAdders = self.plugins.listPlugins(IUserAdderPlugin) if not userAdders: raise NotImplementedError( "I wanted to make a new user, but" " there are no PAS plugins active" " that can make users.") roleAssigners = self.plugins.listPlugins(IRoleAssignerPlugin) if not roleAssigners: raise NotImplementedError( "I wanted to make a new user and give" " him the Member role, but there are" " no PAS plugins active that assign" " roles to users.") # Add the user to the first IUserAdderPlugin that works: user = None for _, curAdder in userAdders: if curAdder.doAddUser(userId, self._generatePassword()): # Assign a dummy password. It'll never be used;. user = self._getPAS().getUser(userId) try: membershipTool = getToolByName( self, 'portal_membership') if not membershipTool.getHomeFolder(userId): membershipTool.createMemberArea(userId) except (ConflictError, KeyboardInterrupt): raise except Exception: pass self._updateUserProperties(user, credentials) break # Build a list of roles to assign to the user, starting with the # default roles (usually at least Member) roles = {} for role in defaultRoles: roles[role] = True groups = [] if credentials.has_key('filters'): for role in mappings: # for each source given in authz_mappings for ii in role['values'].iterkeys(): assignRole = False # if the authz_mappings pattern is not set, assume ok if not role['values'][ii]: assignRole = True # if the source exists in the environment elif credentials['filters'].has_key(ii): try: # compile the pattern from authz_mappings oRe = re.compile(role['values'][ii]) # and compare the pattern to the environment # value match = oRe.search( credentials['filters'][ii]) except (ConflictError, KeyboardInterrupt): raise except Exception: match = False if match: assignRole = True if not assignRole: break # either there was no pattern or the pattern matched # for every mapping, so add specified roles or groups. if assignRole: for ii in role['roles'].iterkeys(): if role['roles'][ii] == 'on': roles[ii] = True for ii in role['groupid']: groups.append(ii) # Map the given roles to the user using all available # IRoleAssignerPlugins (just like doAddUser does for some reason): for curAssignerId, curAssigner in roleAssigners: for role in roles.iterkeys(): try: curAssigner.doAssignRoleToPrincipal( user.getId(), role) except _SWALLOWABLE_PLUGIN_EXCEPTIONS: logger.warning('RoleAssigner %s error' % curAssignerId, exc_info=True) source_groups = getToolByName(self, 'source_groups') for ii in groups: source_groups.addPrincipalToGroup(user.getId(), ii) else: config = self.getConfig() if config.get(autoUpdateUserPropertiesKey, 0): if time.time() > user.getProperty( LAST_UPDATE_USER_PROPERTY_KEY) + config.get( autoUpdateUserPropertiesIntervalKey, 0): with safe_write(self.REQUEST): self._updateUserProperties(user, credentials) #Allow other plugins to handle credentials; eg session or cookie pas.updateCredentials(self.REQUEST, self.REQUEST.RESPONSE, userId, "") return userId, userId