def addPrincipal(self, id, login, title, description, password, roles): """Add a principal to the PAU. """ if not self.writeable: self.msg = (u'Could not add principal: ' u'the authenticator holding the principals ' u'seems not to be writeable.') return if id is None: id = login principals = self.getPrincipals() if login in [x.login for x in principals]: self.msg = (u'Login `%s` already exists.' % (login, )) return for key in [id, login, title]: if key is None or key == '': self.msg = (u'To add a principal you must give valid id, ' u'login and title.') return principal = InternalPrincipal(login, password, title, description) self.userfolder[id] = principal role_manager = IPrincipalRoleManager(self.context) role_manager = removeSecurityProxy(role_manager) id = "%s%s" % (self.userfolder.prefix, id) for role in roles: role_manager.assignRoleToPrincipal(role, id) self.msg = u'Successfully added new principal `%s`.' % (title, )
def signUp(self, login, title, password, confirmation): if confirmation != password: raise UserError(_(u"Password and confirmation didn't match")) folder = self._signupfolder() if login in folder: raise UserError(_(u"This login has already been chosen.")) principal_id = folder.signUp(login, password, title) role_manager = IPrincipalRoleManager(self.context) role_manager = removeSecurityProxy(role_manager) for role in folder.signup_roles: role_manager.assignRoleToPrincipal(role, principal_id) self.request.response.redirect("@@welcome.html")
def updatePrincipal(self, id, login, title, description, passwd, roles): if not self.writeable: self.msg = (u'Principal could not be updated: ' u'the authenticator holding the principals ' u'seems not to be writeable.') return if id is None: id = login principals = self.getPrincipals() if login not in [x.login for x in principals]: self.msg = (u'Login `%s` does not exist.' % (login, )) return for key in [login, title]: if key is None or key == '': self.msg = (u'Login and title must not be empty.') return # Update generic data... principal = self.userfolder[id[len(self.userfolder.prefix):]] principal.title = title principal.description = description principal.password = passwd and passwd or principal.password # Update roles... role_manager = IPrincipalRoleManager(self.context) role_manager = removeSecurityProxy(role_manager) for role in self.roles: if role in roles: role_manager.assignRoleToPrincipal(role, id) else: role_manager.unsetRoleForPrincipal(role, id) self.msg = u'Principal `%s` successfully updated.' % (title, )
def grantRoleToQuizEditor(event): """""" pau = event.authentication sm = pau.__parent__ site = sm.__parent__ print "this is a site" print site if IQreatureSite.providedBy(site): quiz_folder_name = unicode((event.info.id).split('qreature').pop()) print "this is a folder name" print quiz_folder_name editor_role = getUtility(IRole, quiz_folder_name, site[quiz_folder_name]) print "this is a role" print editor_role princ_role_manager = IPrincipalRoleManager(site[quiz_folder_name]) princ_role_manager.assignRoleToPrincipal(editor_role.id, event.info.id) princ_perm = IPrincipalPermissionManager(site) princ_perm.grantPermissionToPrincipal('qreature.idle_perm', event.principal.id) print "this is a princ_role_manager" print princ_role_manager print "princ_perm" print princ_perm
def setUp(test): root = getRootFolder() # add and register PAU sm = root.getSiteManager() pau = sm['pau'] = PluggableAuthentication() sm.registerUtility(pau, IAuthentication) # add, configure and register cookie credentials plug-in cookies = pau['cookies'] = CookieCredentialsPlugin() cookies.loginpagename = 'wclogin.html' pau.credentialsPlugins = ('cookies',) # add, configure and register sign-up authenticator plug-in signups = pau['signups'] = SignupPrincipalFolder('worldcookery.signup.') signups.signup_roles = ['worldcookery.Visitor', 'worldcookery.Member'] pau.authenticatorPlugins = ('signups',) # give anonymous user the visitor role role_manager = IPrincipalRoleManager(root) role_manager.assignRoleToPrincipal('worldcookery.Visitor', 'zope.anybody') transaction.commit()
def setupSessionAuthentication(root_folder=None, principal_credentials=[{ u'id': u'zope.manager', u'login': u'grok', u'password': u'grok', u'title': u'Manager' }], auth_foldername=u'authentication', userfolder_name=u'Users', userfolder_prefix=u'grokadmin'): """Add session authentication PAU to root_folder. Add a PluggableAuthentication in site manager of root_folder. ``auth_foldername`` gives the name of the PAU to install, userfolder_prefix the prefix of the authenticator plugin (a simple ``PrincipalFolder``), which will be created in the PAU and gets name ``userfolder_name``. ``principal_credentials`` is a list of dicts with, well, principal_credentials. The keys ``id``, ``login``, ``password`` and ``title`` are required for each element of this list. """ from zope.component import getUtilitiesFor from zope.security.proxy import removeSecurityProxy from zope.app.security.interfaces import IAuthentication from zope.app.securitypolicy.interfaces import IPrincipalRoleManager from zope.app.securitypolicy.interfaces import IRole from zope.app.authentication import PluggableAuthentication from zope.app.authentication.interfaces import IAuthenticatorPlugin from zope.app.authentication.principalfolder import PrincipalFolder from zope.app.authentication.principalfolder import InternalPrincipal sm = root_folder.getSiteManager() if auth_foldername in sm.keys(): # There is already a folder of this name. return pau = PluggableAuthentication() users = PrincipalFolder(userfolder_prefix) # Add users into principals folder to enable login... for user in principal_credentials: # XXX make sure, the keys exist... user['id'] = user['id'].rsplit('.', 1)[-1] user_title = user['title'] principal = InternalPrincipal(user['login'], user['password'], user['title']) users[user['id']] = principal # Configure the PAU... pau.authenticatorPlugins = (userfolder_name, ) pau.credentialsPlugins = ("No Challenge if Authenticated", "Session Credentials") # Add the pau and its plugin to the root_folder... sm[auth_foldername] = pau sm[auth_foldername][userfolder_name] = users pau.authenticatorPlugins = (users.__name__, ) # Register the PAU with the site... sm.registerUtility(pau, IAuthentication) sm.registerUtility(users, IAuthenticatorPlugin, name=userfolder_name) # Add manager roles to new users... # XXX the real roles could be obtained from site.zcml. role_ids = [name for name, util in getUtilitiesFor(IRole, root_folder)] user_ids = [users.prefix + p['id'] for p in principal_credentials] role_manager = IPrincipalRoleManager(root_folder) role_manager = removeSecurityProxy(role_manager) for role in role_ids: for user_id in user_ids: role_manager.assignRoleToPrincipal(role, user_id)