def setPrincipals(self, prinlist, check=True): parent = self.__parent__ old = self._principals self._principals = tuple(prinlist) if parent is not None: oldset = set(old) new = set(prinlist) group_id = parent._groupid(self) for principal_id in oldset - new: try: parent._removePrincipalFromGroup(principal_id, group_id) except AttributeError: pass for principal_id in new - oldset: try: parent._addPrincipalToGroup(principal_id, group_id) except AttributeError: pass if check: try: nocycles(new, [], zapi.principals().getPrincipal) except GroupCycle: # abort self.setPrincipals(old, False) raise
def getTerm(self, principal_id): if principal_id not in self.context: raise LookupError(principal_id) auth = zapi.principals() principal = auth.getPrincipal(principal_id) if principal is None: raise LookupError(principal_id) return Term(principal_id.encode("base64").strip().replace("=", "_"), principal.title)
def issueChallenge(self): # Set the error status to 403 (Forbidden) in the case when we don't # challenge the user self.request.response.setStatus(403) # make sure that squid does not keep the response in the cache self.request.response.setHeader('Expires', 'Mon, 26 Jul 1997 05:00:00 GMT') self.request.response.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate') self.request.response.setHeader('Pragma', 'no-cache') principal = self.request.principal auth = zapi.principals() auth.unauthorized(principal.id, self.request)
def setPrincipals(self, prinlist, check=True): # method is not a part of the interface parent = self.__parent__ old = self._principals self._principals = tuple(prinlist) if parent is not None: oldset = set(old) new = set(prinlist) group_id = parent._groupid(self) removed = oldset - new added = new - oldset try: parent._removePrincipalsFromGroup(removed, group_id) except AttributeError: removed = None try: parent._addPrincipalsToGroup(added, group_id) except AttributeError: added = None if check: try: nocycles(new, [], zapi.principals().getPrincipal) except GroupCycle: # abort self.setPrincipals(old, False) raise # now that we've gotten past the checks, fire the events. if removed: event.notify( interfaces.PrincipalsRemovedFromGroup( removed, self.__parent__.__parent__.prefix + group_id)) if added: event.notify( interfaces.PrincipalsAddedToGroup( added, self.__parent__.__parent__.prefix + group_id))