source: main/waeup.sirp/trunk/src/waeup/sirp/users.py @ 6196

Last change on this file since 6196 was 6180, checked in by uli, 13 years ago

Add local roles dicts for user accounts. That seems to
need pretty much machinery, but seems also to work. So,
why not?

We have a new event type, that should be fired when
a local role is set or unset somewhere.

We have also two new event subscribers, one listening
to the new event (and then updates the user account
local roles listings), and another one listening to
IObjectRemoved events.

The latter is the trick to keep the local role listings
in user accounts more or less up-to-date. Without it
these lists would grow and grow, not noticing that
the objects they refer to, have gone already.

We now must think about subscribing to other events.
What happens, when an object is moved or copied.
Will the local roles then be copied as well? And would
that fact be reflected in user accounts?

Beside this we have to find all places in sources
where local roles are set/unset and trigger the new
LocalRoleSetEvent? defined in users.py.

Samples for the whole new stuff are in authentication.txt.

File size: 2.1 KB
Line 
1"""Users (principals) for the WAeUP portal.
2"""
3import grok
4from zope.event import notify
5from zope.interface import Interface
6from zope.securitypolicy.interfaces import IPrincipalRoleMap
7from waeup.sirp.authentication import Account
8from waeup.sirp.interfaces import IUserContainer, ILocalRoleSetEvent
9
10class UserContainer(grok.Container):
11    """A container for principals.
12
13    See interfaces.py and users.txt for extensive description.
14    """
15    grok.implements(IUserContainer)
16    grok.require('waeup.manageUsers')
17
18    def addUser(self, name, password, title=None, description=None, roles=[]):
19        """Add a new Account instance, created from parameters.
20        """
21        if title is None:
22            title = name
23        if description is None:
24            description = title
25        self[name] = Account(name, password, title, description, roles)
26
27    def addAccount(self, account):
28        """Add the account passed.
29        """
30        self[account.name] = account
31
32    def delUser(self, name):
33        """Delete user, if an account with the given name exists.
34
35        Do not complain, if the name does not exist.
36        """
37        if name in self.keys():
38            del self[name]
39
40class LocalRoleSetEvent(object):
41
42    grok.implements(ILocalRoleSetEvent)
43
44    def __init__(self, object, role_id, principal_id, granted=True):
45        self.object = object
46        self.role_id = role_id
47        self.principal_id = principal_id
48        self.granted = granted
49
50@grok.subscribe(Interface, ILocalRoleSetEvent)
51def handle_local_role_changed(obj, event):
52    site = grok.getSite()
53    if site is None:
54        return
55    users = site['users']
56    role_id = event.role_id
57    if event.principal_id not in users.keys():
58        return
59    user = users[event.principal_id]
60    user.notifyLocalRoleChanged(event.object, event.role_id, event.granted)
61    return
62
63@grok.subscribe(Interface, grok.IObjectRemovedEvent)
64def handle_local_roles_on_obj_removal(obj, event):
65    role_map = IPrincipalRoleMap(obj)
66    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
67        notify(LocalRoleSetEvent(
68                obj, local_role, user_name, granted=False))
69    return
Note: See TracBrowser for help on using the repository browser.