Back to index

plone3  3.1.7
authservice.py
Go to the documentation of this file.
00001 ##############################################################################
00002 #
00003 # Copyright (c) 2001 Zope Corporation and Contributors. All Rights
00004 # Reserved.
00005 #
00006 # This software is subject to the provisions of the Zope Public License,
00007 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this
00008 # distribution.
00009 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
00010 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00011 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
00012 # FOR A PARTICULAR PURPOSE.
00013 #
00014 ##############################################################################
00015 """ Interfaces:  IUser, IUserFolder, IMutableUserFolder, IEnumerableUserFolder
00016 
00017 $Id: authservice.py 76647 2007-06-12 20:18:02Z wichert $
00018 """
00019 
00020 try:
00021     from zope.interface import Interface
00022 except ImportError:
00023     from Interface import Interface
00024 from AccessControl.ZopeSecurityPolicy import _noroles
00025 
00026 
00027 class IBasicUser( Interface ):
00028 
00029     """ Specify the interface called out in AccessControl.User.BasicUser
00030         as the "Public User object interface", except that '_getPassword'
00031         is *not* part of the contract!
00032     """
00033 
00034     def getId():
00035 
00036         """ Get the ID of the user.
00037 
00038         o The ID can be used, at least from Python, to get the user from
00039           the user's UserDatabase
00040         """
00041 
00042     def getUserName():
00043 
00044         """ Return the name used by the user to log into the system.
00045 
00046         o Note that this may not be identical to the user's 'getId'
00047           (to allow users to change their login names without changing
00048           their identity).
00049         """
00050 
00051     def getRoles():
00052 
00053         """ Return the roles assigned to a user "globally".
00054         """
00055 
00056     def getRolesInContext( object ):
00057 
00058         """ Return the roles assigned to the user in context of 'object'.
00059 
00060         o Roles include both global roles (ones assigned to the user
00061           directly inside the user folder) and local roles (assigned
00062           in context of the passed in object.
00063         """
00064 
00065     def getDomains():
00066 
00067         """ Return the list of domain restrictions for a user.
00068         """
00069 
00070 
00071 class IPropertiedUser( IBasicUser ):
00072 
00073     """ A user which has property sheets associated with it,
00074         i.e. a mapping from strings (property sheet ids)
00075         to objects implementing IPropertySheet
00076     """
00077 
00078     def addPropertysheet( id, data ):
00079         
00080         """ Add a new property sheet to the user.
00081 
00082         The property sheet has to be a map or an IPropertySheet instance.
00083         """
00084 
00085     def listPropertysheets():
00086 
00087         """ Return a sequence of property sheet ids
00088 
00089         o for each id in the list getPropertysheet(id)
00090           returns a IPropertySheet
00091         """
00092 
00093     def getPropertysheet( id ):
00094 
00095         """ Return a property sheet for the given id
00096 
00097         o the returned object implements IPropertySheet
00098           and has the same id as the value passed to this method
00099 
00100         o if there is no property sheet for the given id,
00101           raise a KeyError
00102 
00103           An alternative way to get the property sheet is via item access,
00104           i.e. user.getPropertysheet( id ) == user[ id ]
00105         """
00106 
00107 
00108 class IUserFolder( Interface ):
00109 
00110     """ Specify the interface called out in AccessControl.User.BasicUserFolder
00111         as the "Public UserFolder object interface":
00112 
00113     o N.B: "enumeration" methods ('getUserNames', 'getUsers') are *not*
00114            part of the contract!  See IEnumerableUserFolder.
00115     """
00116 
00117     def getUser( name ):
00118 
00119         """ Return the named user object or None.
00120         """
00121 
00122     def getUserById( id, default=None ):
00123 
00124         """ Return the user corresponding to the given id.
00125 
00126         o If no such user can be found, return 'default'.
00127         """
00128 
00129     def validate( request, auth='', roles=_noroles ):
00130 
00131         """ Perform identification, authentication, and authorization.
00132 
00133         o Return an IUser-conformant user object, or None if we can't
00134           identify / authorize the user.
00135 
00136         o 'request' is the request object
00137 
00138         o 'auth' is any credential information already extracted by
00139           the caller
00140 
00141         o roles is the list of roles the caller
00142         """
00143 
00144 class IPluggableAuthService( IUserFolder ):
00145 
00146     """ The full, default contract for the pluggable authentication service.
00147     """
00148 
00149     def searchUsers(**kw):
00150 
00151         """ Search for users.  Returns a sequence of dicts, each dict
00152         representing a user matching the query, with the keys
00153         'userid','id', 'login', 'title', and 'principal_type',
00154         possibly among others.  'principal_type' is always 'user'.
00155 
00156         Possible keywords include the following:
00157 
00158         o id: user id
00159 
00160         o name: user name
00161 
00162         o max_results: an int (or value castable to int) indicating
00163           the maximum number of results the method should return
00164 
00165         o sort_by: the key in the user dictionary that should be used
00166           to sort the results
00167 
00168         o login: user login
00169         """
00170 
00171     def searchGroups(**kw):
00172         """ Search for groups.  Returns a sequence of dicts, each dict
00173         representing a group matching the query, with the keys
00174         'groupid','id', 'title', and 'principal_type', possibly among
00175         others.  'principal_type' is always 'group'.
00176 
00177         Possible keywords include the following:
00178 
00179         o id: user id
00180 
00181         o name: user name
00182 
00183         o max_results: an int (or value castable to int) indicating
00184           the maximum number of results the method should return
00185 
00186         o sort_by: the key in the user dictionary that should be used
00187           to sort the results
00188         """
00189 
00190     def searchPrincipals(groups_first=False, **kw):
00191         """ Search for principals (users, groups, or both).  Returns a
00192         sequence of dicts, each dict representing a principal (group
00193         or user) matching the query.  groups will be represented with
00194         dictionaries as described in searchGroups, and users as
00195         described in searchUsers.  Possible keywords include id, name,
00196         max_results, sort_by, and login.
00197         """
00198 
00199     def updateCredentials(request, response, login, new_password):
00200         """Central updateCredentials method
00201 
00202         This method is needed for cases where the credentials storage
00203         and the credentials extraction is handled by different
00204         plugins. Example case would be if the CookieAuthHelper is used
00205         as a Challenge and Extraction plugin only to take advantage of
00206         the login page feature but the credentials are not stored in
00207         the CookieAuthHelper cookie but somewhere else, like in a
00208         Session.
00209         """
00210 
00211     def logout(REQUEST):
00212         """Publicly accessible method to log out a user. A wrapper
00213         around resetCredentials that may implement some policy (the
00214         default implementation redirects to HTTP_REFERER).
00215         """
00216 
00217     def resetCredentials(self, request, response):
00218         """Reset credentials by informing all active resetCredentials
00219         plugins
00220         """
00221 
00222 # The IMutableUserFolder and IEnumerableFolder are not supported
00223 # out-of-the-box by the pluggable authentication service.  These
00224 # interfaces describe contracts that other standard Zope user folders
00225 # implement.
00226 
00227 class IMutableUserFolder( Interface ):
00228 
00229     """ Specify the interface called out in
00230         AccessControl.User.BasicUserFolder as the
00231         "Public UserFolder object interface":
00232 
00233     o N.B: "enumeration" methods ('getUserNames', 'getUsers') are *not*
00234            part of the contract!  See IEnumerableUserFolder.
00235     """
00236 
00237     def userFolderAddUser( name, password, roles, domains, **kw ):
00238 
00239         """ Create a new user object.
00240         """
00241 
00242     def userFolderEditUser( name, password, roles, domains, **kw ):
00243 
00244         """ Change user object attributes.
00245         """
00246 
00247     def userFolderDelUsers( names ):
00248 
00249         """ Delete one or more user objects.
00250         """
00251 
00252 class IEnumerableUserFolder( IUserFolder ):
00253 
00254     """ Interface for user folders which can afford to enumerate their users.
00255     """
00256 
00257     def getUserNames():
00258 
00259         """ Return a list of usernames.
00260         """
00261 
00262     def getUsers():
00263 
00264         """ Return a list of user objects.
00265         """