[Zope3-Users] assigning roles to principals onAuthenticatedPrincipalCreated event

Mats Nordgren mats at ronin-group.org
Wed Sep 20 15:18:21 EDT 2006


As I understand a principal is created and destroyed with each request.
This would make your application set the permission at each request which
might not be exactly what you had in mind.  I use a group folder from pau
and set the group with a subscriber when the site object is created.  

def SiteCreatedHandler(context, event):
 ...
sm = LocalSiteManager(context)
context.setSiteManager(sm)
setSite(context)
	
default = sm['default']

pau = PluggableAuthentication(prefix='pau.')
default['pau'] = pau
sm.registerUtility(pau, provided=IAuthentication)

groups = GroupFolder(prefix='groups.')
pau['groups'] = groups
sm.registerUtility(groups, provided=IAuthenticatorPlugin, name='groups')

members = GroupInformation('members')
groups['members'] = members
sm.registerUtility(members, provided=IGroupInformation, name='members')
	
principals = PrincipalFolder(prefix='principals.')
pau['principals'] = principals
sm.registerUtility(principals, provided=IAuthenticatorPlugin, \
name='principals')

principal_roles = IPrincipalRoleManager(context)
principal_roles.assignRoleToPrincipal(u'metrod.Member', \
'pau.groups.members')


Then when a new member sign up I add them to the group i.e. 'member'.  I do
this in the createAndAdd method of formlibs AddForm.


def createAndAdd(self, data):
    name = data['name']
    password = data['password']
    pau = getUtility(IAuthentication, context=self.context)
    principals = getUtility(IAuthenticatorPlugin, name='principals', \
context=self.context)
        
    principal = InternalPrincipal(name, password, name)
    principals[name] = principal

    groups = getUtility(IGroupInformation, name='members', \
context=self.context)
    groups.principals += (pau.prefix + principals.prefix + name, )
        
    return self.request.response.redirect('.')


Not sure this is the best way to do it but it works for me.  One thing I did
see in your code though is:

prm.assignRoleToPrincipal('isi.member', event.principal)

which should be:

prm.assignRoleToPrincipal('isi.member', event.principal.id)


-----Original Message-----
From: zope3-users-bounces at zope.org [mailto:zope3-users-bounces at zope.org] On
Behalf Of Hassan Alirezaei
Sent: Thursday, September 21, 2006 7:55 AM
To: zope3-users at zope.org
Subject: [Zope3-Users] assigning roles to principals
onAuthenticatedPrincipalCreated event

Hello zope3-users,

I am trying to do make easy user registrations for my website. but I am 
having problems assigning roles to the principals automatically.
the question is WHEN should I assign these roles to the new principals? 
which is the standard procedure?
right now I am doing :

1. User accounts (InternalPrincipal) are created.
2. The first time the user logs in a role with id="isi.member" will be 
assigned to it on the whole site so the user receives membership 
permissions.


*********************************************configure.zcml*****************
************************************
  <subscriber
      handler=".userhome.UserLoggedIn"
      
for="zope.app.authentication.interfaces.IAuthenticatedPrincipalCreated"
  />

*********************************************userhome.py********************
************************************

class UserLoggedIn(object):
    
    def __init__(self, event):
             
        userAnno=zapi.getUtility(IPrincipalAnnotationUtility, 
'ISIUserAnnotation')
        annotations=userAnno.getAnnotations(event.principal)
        
        if annotations.get('user_home') is None:
            print "***************RGISTERING ANNOTATIONS*****************"
            annotations['user_home'] = Folder()
            annotations['user_home']['register'] = PersistentDict()
            annotations['user_home']['personal'] = Person()
            annotations['user_home']['personal'].first='hassan'
            annotations['user_home']['personal'].last='alirezaei'
            annotations['user_home']['testing'] = "TESTING THE NEW USER"
          
            siteroot=getSite()
            prm=IPrincipalRoleManager(siteroot)
            print "******************for %s *******************" %siteroot
            prm.assignRoleToPrincipal('isi.member', event.principal)



****************************************************************************
**************************

getSite() gives me  <ISI.isi.isi.isi object at 0xb659eb2c>  but when i 
go to this object (my main site root) and change to "Grant" from 
zmi_actions menu the role is still unset for the user.

any help is highly appreciated. it is very much possible I am doing the 
hard way to perform the task.
Thank you in advance!

Hass






 
            

_______________________________________________
Zope3-users mailing list
Zope3-users at zope.org
http://mail.zope.org/mailman/listinfo/zope3-users



More information about the Zope3-users mailing list