| 1 | """Users (principals) for the WAeUP portal. |
|---|
| 2 | """ |
|---|
| 3 | import grok |
|---|
| 4 | from zope.event import notify |
|---|
| 5 | from zope.interface import Interface |
|---|
| 6 | from zope.securitypolicy.interfaces import ( |
|---|
| 7 | IPrincipalRoleMap, IPrincipalRoleManager) |
|---|
| 8 | from waeup.sirp.authentication import Account |
|---|
| 9 | from waeup.sirp.interfaces import ( |
|---|
| 10 | IUserContainer, ILocalRoleSetEvent, IUserAccount) |
|---|
| 11 | |
|---|
| 12 | class UserContainer(grok.Container): |
|---|
| 13 | """A container for principals. |
|---|
| 14 | |
|---|
| 15 | See interfaces.py and users.txt for extensive description. |
|---|
| 16 | """ |
|---|
| 17 | grok.implements(IUserContainer) |
|---|
| 18 | grok.require('waeup.manageUsers') |
|---|
| 19 | |
|---|
| 20 | def addUser(self, name, password, title=None, description=None, roles=[]): |
|---|
| 21 | """Add a new Account instance, created from parameters. |
|---|
| 22 | """ |
|---|
| 23 | if title is None: |
|---|
| 24 | title = name |
|---|
| 25 | if description is None: |
|---|
| 26 | description = title |
|---|
| 27 | self[name] = Account(name, password, title, description, roles) |
|---|
| 28 | |
|---|
| 29 | def addAccount(self, account): |
|---|
| 30 | """Add the account passed. |
|---|
| 31 | """ |
|---|
| 32 | self[account.name] = account |
|---|
| 33 | |
|---|
| 34 | def delUser(self, name): |
|---|
| 35 | """Delete user, if an account with the given name exists. |
|---|
| 36 | |
|---|
| 37 | Do not complain, if the name does not exist. |
|---|
| 38 | """ |
|---|
| 39 | if name in self.keys(): |
|---|
| 40 | del self[name] |
|---|
| 41 | |
|---|
| 42 | class LocalRoleSetEvent(object): |
|---|
| 43 | |
|---|
| 44 | grok.implements(ILocalRoleSetEvent) |
|---|
| 45 | |
|---|
| 46 | def __init__(self, object, role_id, principal_id, granted=True): |
|---|
| 47 | self.object = object |
|---|
| 48 | self.role_id = role_id |
|---|
| 49 | self.principal_id = principal_id |
|---|
| 50 | self.granted = granted |
|---|
| 51 | |
|---|
| 52 | @grok.subscribe(Interface, ILocalRoleSetEvent) |
|---|
| 53 | def handle_local_role_changed(obj, event): |
|---|
| 54 | site = grok.getSite() |
|---|
| 55 | if site is None: |
|---|
| 56 | return |
|---|
| 57 | users = site.get('users', None) |
|---|
| 58 | if users is None: |
|---|
| 59 | return |
|---|
| 60 | role_id = event.role_id |
|---|
| 61 | if event.principal_id not in users.keys(): |
|---|
| 62 | return |
|---|
| 63 | user = users[event.principal_id] |
|---|
| 64 | user.notifyLocalRoleChanged(event.object, event.role_id, event.granted) |
|---|
| 65 | return |
|---|
| 66 | |
|---|
| 67 | @grok.subscribe(Interface, grok.IObjectRemovedEvent) |
|---|
| 68 | def handle_local_roles_on_obj_removed(obj, event): |
|---|
| 69 | try: |
|---|
| 70 | role_map = IPrincipalRoleMap(obj) |
|---|
| 71 | except TypeError: |
|---|
| 72 | # no map, no roles to remove |
|---|
| 73 | return |
|---|
| 74 | for local_role, user_name, setting in role_map.getPrincipalsAndRoles(): |
|---|
| 75 | notify(LocalRoleSetEvent( |
|---|
| 76 | obj, local_role, user_name, granted=False)) |
|---|
| 77 | return |
|---|
| 78 | |
|---|
| 79 | @grok.subscribe(IUserAccount, grok.IObjectAddedEvent) |
|---|
| 80 | def handle_user_added(account, event): |
|---|
| 81 | """If an account is added the local owner role must be set. |
|---|
| 82 | """ |
|---|
| 83 | # First we have to set the local owner role of the account object |
|---|
| 84 | role_manager = IPrincipalRoleManager(account) |
|---|
| 85 | role_manager.assignRoleToPrincipal( |
|---|
| 86 | 'waeup.local.Owner', account.name) |
|---|
| 87 | # Then we have to notify the user account that the local role |
|---|
| 88 | # of the same object has changed |
|---|
| 89 | notify(LocalRoleSetEvent( |
|---|
| 90 | account, 'waeup.local.Owner', account.name, granted=True)) |
|---|
| 91 | return |
|---|
