Back to index

plone3  3.1.7
gruf_support.py
Go to the documentation of this file.
00001 ##############################################################################
00002 #
00003 # PlonePAS - Adapt PluggableAuthService for use in Plone
00004 # Copyright (C) 2005 Enfold Systems, Kapil Thangavelu, et al
00005 #
00006 # This software is subject to the provisions of the Zope Public License,
00007 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this
00008 # distribution.
00009 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
00010 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00011 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
00012 # FOR A PARTICULAR PURPOSE.
00013 #
00014 ##############################################################################
00015 """
00016 gruf specific hacks to pas, to make it play well in gruf
00017 
00018 in general its not recommended, but its a low risk mechanism for
00019 experimenting with pas flexibility on an existing system.
00020 
00021 open question if this mode will be supported at all
00022 
00023 """
00024 
00025 import logging
00026 from zope.deprecation import deprecate
00027 from sets import Set
00028 
00029 from Products.PluggableAuthService.PluggableAuthService import security
00030 from Products.PluggableAuthService.PluggableAuthService import \
00031           PluggableAuthService, _SWALLOWABLE_PLUGIN_EXCEPTIONS
00032 from Products.PluggableAuthService.interfaces.plugins \
00033      import IAuthenticationPlugin
00034 from Products.PlonePAS.interfaces.group import IGroupManagement
00035 from Products.PlonePAS.interfaces.plugins import IUserIntrospection
00036 
00037 from Products.CMFCore.utils import getToolByName
00038 
00039 logger = logging.getLogger('Plone')
00040 
00041 def authenticate(self, name, password, request):
00042 
00043     plugins = self.plugins
00044 
00045     try:
00046         authenticators = plugins.listPlugins(IAuthenticationPlugin)
00047     except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00048         logger.info('PluggableAuthService: Plugin listing error', exc_info=1)
00049         authenticators = ()
00050 
00051     credentials = {'login': name,
00052                    'password': password}
00053 
00054     user_id = None
00055 
00056     for authenticator_id, auth in authenticators:
00057         try:
00058             uid_and_name = auth.authenticateCredentials(credentials)
00059 
00060             if uid_and_name is None:
00061                 continue
00062 
00063             user_id, name = uid_and_name
00064 
00065         except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00066             logger.info('PluggableAuthService: AuthenticationPlugin %s error',
00067                     authenticator_id, exc_info=1)
00068             continue
00069 
00070     if not user_id:
00071         return
00072 
00073     return self._findUser(plugins, user_id, name, request)
00074 
00075 PluggableAuthService.authenticate = authenticate
00076 PluggableAuthService.authenticate__roles__ = ()
00077 
00078 
00079 #################################
00080 # compat code galore
00081 @deprecate("userSetGroups is deprecated. Use the PAS methods instead")
00082 def userSetGroups(self, id, groupnames):
00083     plugins = self.plugins
00084     gtool = getToolByName(self, "portal_groups")
00085 
00086     member = self.getUser(id)
00087     groupnameset = Set(groupnames)
00088 
00089     # remove absent groups
00090     groups = Set(gtool.getGroupsForPrincipal(member))
00091     rmgroups = groups - groupnameset
00092     for gid in rmgroups:
00093         try:
00094             gtool.removePrincipalFromGroup(id, gid)
00095         except KeyError:
00096             # We could hit a group which does not allow user removal, such as
00097             # created by our AutoGroup plugin.
00098             pass
00099 
00100     # add groups
00101     try:
00102         groupmanagers = plugins.listPlugins(IGroupManagement)
00103     except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00104         logger.info('PluggableAuthService: Plugin listing error', exc_info=1)
00105         groupmanagers = ()
00106 
00107     for group in groupnames:
00108         for gm_id, gm in groupmanagers:
00109             try:
00110                 if gm.addPrincipalToGroup(id, group):
00111                     break
00112             except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00113                 logger.info('PluggableAuthService: GroupManagement %s error',
00114                             gm_id, exc_info=1)
00115 
00116 PluggableAuthService.userSetGroups = userSetGroups
00117 
00118 @deprecate("userFolderAddGroup is deprecated. Use the PAS methods instead")
00119 def userFolderAddGroup(self, name, roles, groups = (), **kw):
00120     gtool = getToolByName(self, 'portal_groups')
00121     return gtool.addGroup(name, roles, groups, **kw)
00122 
00123 PluggableAuthService.userFolderAddGroup = userFolderAddGroup
00124 
00125 #################################
00126 # monkies for the diehard introspection.. all these should die, imho - kt
00127 
00128 @deprecate("getUserIds is deprecated. Use the PAS methods instead")
00129 def getUserIds(self):
00130     plugins = self.plugins
00131 
00132     try:
00133         introspectors = plugins.listPlugins(IUserIntrospection)
00134     except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00135         logger.info('PluggableAuthService: Plugin listing error', exc_info=1)
00136         introspectors = ()
00137 
00138     results = []
00139     for introspector_id, introspector in introspectors:
00140         try:
00141             results.extend(introspector.getUserIds())
00142         except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00143             logger.info('PluggableAuthService: UserIntrospection %s error',
00144                     introspector_id, exc_info=1)
00145 
00146     return results
00147 
00148 
00149 @deprecate("getUserNames is deprecated. Use the PAS methods instead")
00150 def getUserNames(self):
00151     plugins = self.plugins
00152 
00153     try:
00154         introspectors = plugins.listPlugins(IUserIntrospection)
00155     except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00156         logger.info('PluggableAuthService: Plugin listing error', exc_info=1)
00157         introspectors = ()
00158 
00159     results = []
00160     for introspector_id, introspector in introspectors:
00161         try:
00162             results.extend(introspector.getUserNames())
00163         except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00164             logger.info('PluggableAuthService: UserIntroSpection plugin %s error',
00165                     introspector_id, exc_info=1)
00166 
00167     return results
00168 
00169 PluggableAuthService.getUserIds = getUserIds
00170 PluggableAuthService.getUserNames = getUserNames
00171 
00172 #################################
00173 # Evil role aquisition blocking
00174 
00175 # XXX: Is this used anywhere, all the code seems to use the PloneTool method
00176 def acquireLocalRoles(self, obj, status = 1):
00177     """If status is 1, allow acquisition of local roles (regular behaviour).
00178 
00179     If it's 0, prohibit it (it will allow some kind of local role blacklisting).
00180     """
00181     # Set local role status
00182     if not status:
00183         obj.__ac_local_roles_block__ = 1
00184     else:
00185         if getattr(obj, '__ac_local_roles_block__', None):
00186             obj.__ac_local_roles_block__ = None
00187 
00188 PluggableAuthService._acquireLocalRoles = acquireLocalRoles
00189 
00190 #################################
00191 # give interested parties some apriori way of noticing pas is a user folder impl
00192 PluggableAuthService.isAUserFolder = 1
00193