Changeset 6203

Timestamp:

27 May 2011, 02:05:02 (13 years ago)

Author:

uli

Message:

#38

Location:

main/waeup.sirp/trunk/src/waeup/sirp

Files:

• authentication.py (modified) (1 diff)
• authentication.txt (modified) (1 diff)

main/waeup.sirp/trunk/src/waeup/sirp/authentication.py

@@ -174 +174 @@
         site = grok.getSite()
         return site['users']
+
+@grok.subscribe(IUserAccount, grok.IObjectRemovedEvent)
+def handle_account_removal(account, event):
+    """When an account is removed, local roles might have to be deleted.
+    """
+    local_roles = account.getLocalRoles()
+    principal = account.name
+    for role_id, object_list in local_roles.items():
+        for object in object_list:
+            try:
+                role_manager = IPrincipalRoleManager(object)
+            except TypeError:
+                # No role manager, no roles to remove
+                continue
+            role_manager.unsetRoleForPrincipal(role_id, principal)
+    return

main/waeup.sirp/trunk/src/waeup/sirp/authentication.txt

@@ -120 +120 @@
    True
 
+When an account get deleted, also the local roles of the owner get
+removed. Let's setup a local role for `alice`:
+
+   >>> faculty = Faculty()
+   >>> root['app']['alice_fac'] = faculty
+   >>> role_manager = IPrincipalRoleManager(faculty)
+   >>> role_manager.assignRoleToPrincipal(
+   ...    'waeup.PortalManager', 'alice')
+   >>> notify(LocalRoleSetEvent(faculty, 'waeup.PortalManager', 'alice',
+   ...                          granted=True))
+
+The local role is set now:
+
+   >>> from zope.securitypolicy.interfaces import IPrincipalRoleMap
+   >>> IPrincipalRoleMap(faculty).getPrincipalsAndRoles()
+   [('waeup.PortalManager', 'alice', PermissionSetting: Allow)]
+
+But when we delete Alices account from ZODB:
+
+   >>> del root['app']['users']['alice']
+   >>> IPrincipalRoleMap(faculty).getPrincipalsAndRoles()
+   []
+
+the local role has gone.
+
+
 Logging in via side bar
 =======================