Re: [Zope-PAS] Re: local roles plugins
On Apr 18, 2005, at 9:17, Kapil Thangavelu wrote: On Apr 11, 2005, at 1:51 PM, Zachery Bir wrote: On 2005-02-07 17:44:21 -0500, Kapil Thangavelu <[EMAIL PROTECTED]> said: hi folks, i'd like to see a new plugin type for local roles plugins. the major driving reason is to enable a local roles blocking policy on containers. i've got a version of it implemented and if its sounds good i'll setup a pas branch with the code. the implementation patches propertied user and setups a new plugin type based on the following interface. How would this not be satisfied by writing a special user factory, whose user class specifies a different behavior for getRolesInContext()? This doesn't strike me as an interface that needs to go into the workings of PAS itself. agreed. the implementation itself was briefly done as a monkey patch, which the previous email was an artifact of, and then changed to a custom user factory and user class, which delegates to an internal local roles plugin type. unfortunately i haven't had time to push any of the other changes back into pas cvs, the core modifications/monkies currently are just adding add/del user api implementations. Actually, you need more than just getRolesInContext on your custom user. "allowed" needs to be overridden as well because the version on PropertiedUser explicitly foregoes calling getRolesInContext. But that didn't solve all problems for my setup: Sometimes it does not seem possible to deduce the "real" context in the overridden getRolesInContext/allowed methods. Imagine a structure where you have a portal with sub-portals. The PAS instance is in the portal, and I want to manipulate roles for requests that are done at the subportal level, based on a property of the subportal. If the requested page (a PageTemplate for example) is using a tool that resides in the main portal and I grab the tool inside the template and call a method with a simple... foo here/portal_footool/foomethod then the "object" that is passed into "allowed" has no context information linking it to the subportal. Its own context is the main portal. This is a complete blocker for that approach for me right now. At this point I'm not sure if there's a way to make this scheme work at all for my requirements. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: local roles plugins
On Apr 18, 2005, at 13:31, Zachery Bir wrote: It's been a tricky business. For our part, we've been using PAS to separate the concerns of the folks using both the app server (traditional ZMI stuff) and folks using the application, and allow the application to talk directly to the plugins that concern it. We never bothered trying to come up with an API directly on PAS, since the plugins are so accessible. Honestly, doing it that way leads to a complete mess as I'm finding out in the work I'm doing for Andrew. The goal of putting PAS into the application in question was, I assume, to make everything regarding user handling more generic so it's easier to factor out specific customer requirements. Unfortunately it's just the opposite, things are getting worse. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Authenticator for NT
I'm new to PAS and would like to know if there is an authenticator to NT Domains. I don't think there is. Patches gladly accepted! :) Also, I would like to know if someone is using PlonePAS and how is it status. PlonePAS is a separate project. I believe Kapil, who is on this list, is involved in it and can tell you where to ask questions about it. And to finnish, how is the security question in PAS? What security question? jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] id mangling
On Apr 20, 2005, at 5:04, J Cameron Cooper wrote: I understand there was to be some re-working of id mangling. Is that supposed to be on the zbir_fixing_ids_branch, and if so, how's that going? The exposure of the mangled id through getId (on PropertiedUser) seems problematic (although I'm not entirely done with my investigations yet) when it comes to old code that expects non-mangled names. (The PAS UserFolder API expects non-mangled names, right?) Yes, something was supposed to be worked on. I understand Zac is extremely busy with "real" work right now, not sure what a good way is to get around the bottleneck. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: Authenticator for NT
On 14 Jul 2005, at 05:09, Sidnei da Silva wrote: Luis Flavio Rocha <[EMAIL PROTECTED]> writes: Hi, I'm new to PAS and would like to know if there is an authenticator to NT Domains. Like Chris said, the 'ActiveDirectory Multi Plugin' should be able to authenticate against 'Active Directory' *wink*. If your Zope server happens to be running on Windows and the machine is part of a Windows Domain, we've just got a ADSI plugin based on 'ActiveDirectory Multi Plugin' that should make things a lot easier to configure. We also have NTLM challenge, extraction and authorization working which means *real* single sign-on. Sidnei, are you guys going to release those plugins (including the NTLM ones) or is that all for-pay? jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: Authenticator for NT
So the trick will be to locate and resurrect that sample, then plug in the NTLM functions. As mentioned above, I haven't bothered trying to keep it up to date as to my knowledge no one has ever even looked at it. *If and only if* you happen to run on Windoze :) Ah well. It was worth a try. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
[Zope-PAS] Moving PAS and PluginRegistry to SVN?
I would volunteer to move both the PluggableAuthService and PluginRegistry products to svn.zope.org. Anyone have any thoughts about that? jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] question about user.getProperty()
On 7 Oct 2005, at 16:24, Rocky Burt wrote: Hi all, I'm trying to wrap my head on how the traditional user.getProperty ('someProperty') call works particularly with reference to PAS (and ultimately PlonePaS). I see that my new PAS property plugin is providing a propertysheet for my member (in this case my plugin has id, 'source_properties') so that I can see someMember.getPropertysheet('source_properties') comes back with my sheet. But how would I get someMember.getProperty('someProperty') to return someMember.getPropertysheet('source_properties').getProperty ('someProperty') ? Bottom line is I can't find how getProperty() is being issued anyplace. AFAIK getProperty for a user object does not exist in this form. You have to get the propertysheet and then the property. jens P.S.: Please don't confuse "member" and "user". "user" is what the userfolder creates. "member" is a CMF/Plone thing only, it represents a user wrapped in a member data wrapper. So if you're asking specifically about "member" then you need to make the memberdata class' "getProperty" as intelligent as you need yourself. ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: Moving PAS and PluginRegistry to SVN?
On 9 Oct 2005, at 19:46, Rocky Burt wrote: What is the timeframe on this being done? Just so I know when to update my development versions of PAS. - Rocky Jens Vagelpohl wrote: I would volunteer to move both the PluggableAuthService and PluginRegistry products to svn.zope.org. Anyone have any thoughts about that? There is no time frame. Only Zac has responded and I'm not sure if that constitutes enough assent. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: Moving PAS and PluginRegistry to SVN?
On 10 Oct 2005, at 12:20, Lennart Regebro wrote: On 10/9/05, Jens Vagelpohl <[EMAIL PROTECTED]> wrote: On 9 Oct 2005, at 19:46, Rocky Burt wrote: What is the timeframe on this being done? Just so I know when to update my development versions of PAS. Well, I guess there is a consensus then ;) I'll try to get to it this upcoming weekend then. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: Moving PAS and PluginRegistry to SVN?
On 10 Oct 2005, at 13:09, Jens Vagelpohl wrote: What is the timeframe on this being done? Just so I know when to update my development versions of PAS. Well, I guess there is a consensus then ;) I'll try to get to it this upcoming weekend then. In case you didn't see it yet, this migration is now complete. See http://svn.zope.org/PluginRegistry/ http://svn.zope.org/PluggableAuthService/ jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Authenticated vs Member - was: Authentication and Users
I've often wondered about this: Authenticated vs Member. Member is often treated and being equivalent to authenticated: if you can authenticate then you are a member. They certainly aren't in PAS and I don't know of any other place where they are treated equivalently. If other third-party application code treats them equivalently then that is a mistake in that code. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] IPropertiedUser
On 30 Dec 2005, at 22:29, Wichert Akkerman wrote: Previously Wichert Akkerman wrote: Can someone tell me what/where IPropertiedUser is? PluggableAuthService.interfaces.plugins mentions it several times but I can not find it anywhere. I overlooked the PropertiedUser class; I am asusming that that will that get an IPropertiedUser at some point? It's probably just an oversight. IPropertiedUser would be the IBasicUser interface in authservice.py plus methods getGroups and the three property sheet management methods at the bottom of IPropertiedUser. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PlonePAS error handling
On 14 Jan 2006, at 07:45, Tom Hallam wrote: Wichert Akkerman wrote: The error handling in PlonePAS for user registration is quite suboptimal: for all errors it just says "The login name you selected is already in use or is not valid". For plone.org this causes us to get users that are only created partially: they are created in a LDAP database, but since LDAPMultiPlugins does not implement mutable property sheets yet setting the user properties fails. So we have a new user, but without any properties. The PlonePAS registry.cpy catches the exception raised by the property setting code and tells the user that the login name is already in use or invalid, which is not true. I'm not sure what the best way to fix this is. Either we should rollback user creation if it fails halfway (tricky) or add some new exception types so we can distinguish between fatal errors and non-fatal ones. Wichert. Sounds like the problem is more at the plugin design level. Why is PAS trying to set properties for a plugin that does not support them? Really an error should not be happening in this situation. To me it seems that either the interface should require the plugin to implement mutable properties (this should be part of the interface compliance testing) or PAS should inquire via the interface as to whether the properties are mutable and behave correctly. It seem that the former is being assumed and that LDAPMultiPlugins are not compliant with the plugin interface requirements (as implemented). "Mutable property sheets" have nothing to do with any plugin. They are part of the user object implementation (-> PropertiedUser class). There is no interface requirement (and thus no compliance issue) as far as LDAPMultiPlugins is concerned. A quick look at the plugin interfaces in the PluggableAuthService product will tell you that plugins that claim to be able to edit a user must fulfill IUpdatePlugin. LDAPMultiPlugins do not claim to support this interface, so again no compliance issues with the LDAPMultiPlugins package. Something assumes it can just go and edit the user, and that code is not part of the LDAPMultiPlugins package. By the way, editing a user object that was assembled with data from the LDAP database makes no sense, anyway. It is not persisted in any way and it cannot write back to where the data really came from, which is the LDAP DIT. Currently the only way to make that happen is by directly talking to the LDAPUserFolder embedded in the plugin. The latest versions of LDAPUserFolder had the former CMFLDAP package folded into it, those can be seen as an example of how a tool acting as CMF member data/membership tool talks directly to a LDAPUserFolder to do the work it needs to do. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] role management
On 19 Jan 2006, at 21:48, Wichert Akkerman wrote: I notice that PAS is missing an interface which specifies how to add a role. Is that a conscious decision? Zope user folders don't manage roles, containers do. Or basically any RoleManager (see AccessControl/Role.py if I remember correctly). jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] role management
On 19 Jan 2006, at 22:55, Wichert Akkerman wrote: Currently adding roles through a RoleManager breaks ZODBRoleManager: it reads a list of all roles when it created and assumes they do not change after that. If you add a new role you can do that through a RoleManager directly, but ZODBRoleManager will not notice and will not enumerate it. Can someone enlighten me as to how roles and local roles really differ, and why every folder has both? Roles are "global". User objects get them assigned upon creation. Local roles are only used within the context they are defined in. So if user "A" has role "Member" after authenticating at the root in / acl_users, and he has a local role "Manager" in /members/A, then security validation will recognize him as Member and Manager for all items accessed in or underneath /members/A, but only as Member everywhere else. If ZODBRoleManager does not "see" global roles added after its instantiation then that's a bug. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] role management
On 21 Jan 2006, at 15:37, Wichert Akkerman wrote: Previously Jens Vagelpohl wrote: Roles are "global". User objects get them assigned upon creation. Upon creation of what? The user object. If ZODBRoleManager does not "see" global roles added after its instantiation then that's a bug. ZODBRoleManager only adds and updates roles in itself and never in the RoleManager, which suggests that it is meant to take over global role management completely. So I'm thinking that it should either indeed take that role and implement an interface for it, or not and always use __ac_roles__ from the closest containing RoleManager instead of using its internal data structure. The ZODBRoleManager (or anything implementing the requisite PAS plugin interfaces) is a bit removed from the normal RoleManager bit. There is no automatic synchronization between what the ZODBRoleManager shows in its Role tab and what shows up in the Security tab on RoleManagers. Basically, what's shown in the ZODBRoleManager Roles tab tells you "these are the roles that this role manager can hand out to users". I personally would consider it too much magic if adding a role here would automatically add it to the Security tab on either the enclosing container or the root. If you have a need to make a RoleManager role available to the ZODBRoleManager and vice versa you will need to do this with an explicit gesture at this point, meaning manually. So in essence the ZODBRoleManager has nothing to do with managing the standard RoleManager roles. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Problem logging out with PAS 1.1b2
On 31 Jan 2006, at 18:44, Clemens Robbenhaar wrote: Hi all, I ran into some small issue concerning logout with PAS; it would be nice if the developers would consider the attached patch or address the issue in other ways. Could you post this in the PAS collector? http://www.zope.org/Members/urbanape/PluggableAuthService/Collector/ jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PAS and PluginRegistry releases
On 23 Feb 2006, at 08:29, Wichert Akkerman wrote: Hi, Starting from 2.5 Plone will use PAS, and Plone 2.5-alpha2 is about to hit the streets. For a release we would like to use released versions of all products used, which includes PluggableAuthService and PluginRegistry. The latest PAS release (1.1b2) does not include the later interface work which is in svn; would it be possible to get a release which includes that? PluginRegistry version 1.0.2 seems to be tagged in subversion, but the latest downloaded release is still 1.0. Would it be possible to get 1.0.2 up on www.zope.org so we can use that as well? I could create releases this weekend if no one objects jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PAS and PluginRegistry releases
On 23 Feb 2006, at 12:16, Tres Seaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wichert Akkerman wrote: Hi, Starting from 2.5 Plone will use PAS, and Plone 2.5-alpha2 is about to hit the streets. For a release we would like to use released versions of all products used, which includes PluggableAuthService and PluginRegistry. We could probably cut a 1.2 beta from the trunk right away. We might also need to look at: http://www.zope.org/Members/urbanape/PluggableAuthService/Collector/ Wichert, can you quantify "about to hit the streets"? I would assume for a Plone alpha a PAS beta is perfectly fine, and that could be cut right away. For the Plone 2.5 final a PAS final release would be appropriate, and that gives us time to work the collector a bit. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PAS and PluginRegistry releases
On 23 Feb 2006, at 15:27, Wichert Akkerman wrote: Previously Jens Vagelpohl wrote: Wichert, can you quantify "about to hit the streets"? I would assume for a Plone alpha a PAS beta is perfectly fine, and that could be cut right away. For the Plone 2.5 final a PAS final release would be appropriate, and that gives us time to work the collector a bit. It was planned for last Friday but postponed due to issues running on Zope 2.9 which are now resolved. Yesterday the only holdbacks were a new CMFFormController release (now in I believe) and PAS & PluginRegistry releases. So basically within 12 hours after you cut a release seems a good estimate. I'm traveling for the rest of the day and can only commit to cutting a release on Saturday if that's OK. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PAS and PluginRegistry releases
On 23 Feb 2006, at 17:54, Wichert Akkerman wrote: Previously Jens Vagelpohl wrote: I'm traveling for the rest of the day and can only commit to cutting a release on Saturday if that's OK. I'll take whatever I can get :). If you can cut PluginRegistry and PAS releases on Saturday that will certainly work for us. If you can drop me an email when you have made the release to Alec Mitchell <[EMAIL PROTECTED]> so he can make the Plone 2.5-alpha2 release I'ld appreciate it. OK, will do jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
[Zope-PAS] PluggableAuthService 1.2-beta and PluginRegistry 1.1 released
The releases can be found here: http://www.zope.org/Members/urbanape/PluggableAuthService/ PluggableAuthService-1.2-beta http://www.zope.org/Members/urbanape/PluginRegistry/PluginRegistry-1.1 The final PluggableAuthService 1.2 release date is currently TBD, but will definitely be before Plone 2.5 final (see http://plone.org/ products/plone/roadmap). There are a lot of low-hanging fruit in the PAS collector: http://www.zope.org/Members/urbanape/PluggableAuthService/Collector/ jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
[Zope-PAS] Re: PluggableAuthService 1.2-beta and PluginRegistry 1.1 released
On 25 Feb 2006, at 15:28, Wichert Akkerman wrote: The final PluggableAuthService 1.2 release date is currently TBD, but will definitely be before Plone 2.5 final (see http://plone.org/ products/plone/roadmap). There are a lot of low-hanging fruit in the PAS collector: http://www.zope.org/Members/urbanape/PluggableAuthService/Collector/ I'll make sure to go over those in the next couple of weeks. Oops, sorry, there's nothing left. Do some good testing instead and file new issues as they arise ;) jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
[Zope-PAS] project questions
Zac has asked to step back a bit as the contact for the project and I told him I could take over that part. That includes things like release stewardship. One of the items that had been on my list for a while was to move both the download area as well as the collector out of Zac's member folder on zope.org into the "well-known" areas, underneath / Collectors and /Products, respectively. Anyone see a problem with that? jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] project questions
On 1 Mar 2006, at 21:50, Tino Wildenhain wrote: Jens Vagelpohl schrieb: Zac has asked to step back a bit as the contact for the project and I told him I could take over that part. That includes things like release stewardship. One of the items that had been on my list for a while was to move both the download area as well as the collector out of Zac's member folder on zope.org into the "well-known" areas, underneath / Collectors and /Products, respectively. +1 on that. This eases development a lot. PAS, PluginRegistry and the PAS collector have now moved: http://www.zope.org/Products/PluggableAuthService http://www.zope.org/Products/PluginRegistry http://www.zope.org/Collectors/PAS I continue to be foiled by %$£@ zope.org in that many items are private after pasting. I have repaired the worst of of, but catalog searches are still not revealing anything useful for PluggableAuthService. I am hoping this is a caching issue. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] project questions
On 2 Mar 2006, at 22:28, Sidnei da Silva wrote: On Thu, Mar 02, 2006 at 10:22:55PM +, Jens Vagelpohl wrote: | PAS, PluginRegistry and the PAS collector have now moved: | | http://www.zope.org/Products/PluggableAuthService | | http://www.zope.org/Products/PluginRegistry | | http://www.zope.org/Collectors/PAS | | I continue to be foiled by %$£@ zope.org in that many items are | private after pasting. I have repaired the worst of of, but catalog | searches are still not revealing anything useful for | PluggableAuthService. I am hoping this is a caching issue. Can't someone change the workflow in portal_workflow to have a different initial state? Should be a couple clicks away. I'm not suicidal. I'm not going to change workflows that apply to all instances of a content type for moving two products and a collector... jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PAS Collector closed?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The collector is now at http://www.zope.org/Collectors/PAS, as announced on this list weeks ago. Do not post to the old location! Zac, please delete the one in your member folder. jens On 10 Apr 2006, at 19:30, Zachery Bir wrote: On Apr 10, 2006, at 2:17 PM, Clemens Robbenhaar wrote: Hi, when I try to access the PAS collector on zope.org: http://www.zope.org/Collectors/PAS/ I get an error page about "Insufficient Privileges". Can anyone reproduce this? Is this the right list to report this problem, or should I bug the "zope.org" Collector instead? It's the right collector. I think when Jens moved it, it reverted to the Private state. I've republished it, so it should be accessible now. Thanks, Zac ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEOrG2RAx5nvEhZLIRAksDAJ44/EXRAklD0TD8iriekO+q5MoUoQCcCdPm kFDviGeUe8tzD8mHaBo6Ngw= =X0yK -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PAS Collector closed?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry, I misread the email. I thought I had set it up correctly when I moved it. That's odd. I do remember it being quite a pain because of the &^%$ way the Collector works. Thanks Zac! jens On 10 Apr 2006, at 19:30, Zachery Bir wrote: On Apr 10, 2006, at 2:17 PM, Clemens Robbenhaar wrote: Hi, when I try to access the PAS collector on zope.org: http://www.zope.org/Collectors/PAS/ I get an error page about "Insufficient Privileges". Can anyone reproduce this? Is this the right list to report this problem, or should I bug the "zope.org" Collector instead? It's the right collector. I think when Jens moved it, it reverted to the Private state. I've republished it, so it should be accessible now. Thanks, Zac ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEOrJYRAx5nvEhZLIRAkhFAKCxwDI0uLN/me7Dt1uvamHHnszEwQCggwX9 bh3meAjk7xPwu30z9vkGabg= =TM+j -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] IPropertiedUser still missing?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If there is interest but nobody is working on it I could work out a patch for it and put it in the collector. This is probably the case. Patches gladly accepted! jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEPikeRAx5nvEhZLIRAhrgAJ0eCg4j2zyVyFAQoZbrFEMGp6FrtgCeK+ah XlJGgNU4/ti0KWIJ13Dj7IM= =y9lw -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] mutable property sheets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16 Apr 2006, at 16:48, Wichert Akkerman wrote: Is there any reason not to merge the MutablePropertySheets from PlonePAS into PAS? The implementation is quite trivial: http://dev.plone.org/collective/browser/PlonePAS/trunk/interfaces/ propertysheets.py https://dev.plone.org/collective/browser/PlonePAS/trunk/sheet.py https://dev.plone.org/collective/browser/PlonePAS/trunk/plugins/ property.py A couple things I noticed: - - IMutablePropertiesPlugin.getPropertiesForUser deviates from the original contract in IPropertiesPlugin.getPropertiesForUser and returns a property sheet object instead of a mapping. IMHO it should return a mapping. - - IPropertiesPlugin.setPropertiesForUser claims to only accept a propertysheet object, but it would probably work fine with a simple mapping (eyeballing the implementation in the ZODBMutablePropertyProvider class). The contract could be changed to accept mappings. - - setting properties on a user will magically turn around and persist the change. This would be the first user folder I have seen where this happens. Personally, I'm a bit uncomfortable with this magic. Just my 2 ¢. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEQmIxRAx5nvEhZLIRApvDAJ0f/T021SNDzq+sgVSMNaRKCotTXwCdFy1W ScpwyruPB0bhk2XAomp5rX8= =1Mxw -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] mutable property sheets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16 Apr 2006, at 17:46, Wichert Akkerman wrote: Previously Jens Vagelpohl wrote: - - IMutablePropertiesPlugin.getPropertiesForUser deviates from the original contract in IPropertiesPlugin.getPropertiesForUser and returns a property sheet object instead of a mapping. IMHO it should return a mapping. It has to return an object so it can persist property changes. Ah, right, that's how something is retrieved that will actuate the magic. Ugh. - - setting properties on a user will magically turn around and persist the change. This would be the first user folder I have seen where this happens. Personally, I'm a bit uncomfortable with this magic. setProperty on GRUFUser will persist the change as well. I hate to say it, but GRUF isn't an example for anything right or good when it comes to user folders. And that opinion goes right up to the top in Plone circles. So my own opinion is that I don't like the persistence magic for setting properties. IMHO the methods on the properties plugins should be called explicitly instead of automatically whenever anyone touches one of these mutable property sheets. This is just one opinion, I hope others will chime in as well. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEQm5bRAx5nvEhZLIRAnbYAJ47QaUil6WWiQ6MM9syC1d65OwFegCgpImW CGbDwcwX/XSFnYTXRJ5NjE8= =KRrT -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] mutable property sheets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16 Apr 2006, at 18:27, Wichert Akkerman wrote: Previously Jens Vagelpohl wrote: I hate to say it, but GRUF isn't an example for anything right or good when it comes to user folders. And that opinion goes right up to the top in Plone circles. No argument there. But considering how popular GRUF is its behaviour is a good measure of what people are used to. IMHO this makes that specific behavior a candidate for being in the Plone layer as opposed to the PAS layer. Or at least set up in PAS so it is not the default behavior. So my own opinion is that I don't like the persistence magic for setting properties. IMHO the methods on the properties plugins should be called explicitly instead of automatically whenever anyone touches one of these mutable property sheets. That makes your code very verbose though. For all changes you have to figure out which plugin the property belongs to, figure out which user folder should be used, get the plugin from that userfolder and call a method on that. There's two specific reasons I have for not liking it. First of all, it's magic. Magic is just plain bad in my book. Simple and explicit is better. Secondly, I fear implementations inadvertently writing more than necessary into a potentially expensive data store (think RDBMs, LDAP, etc). jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEQnJvRAx5nvEhZLIRAlaJAJ4rBJNdO3GNwVXrGbdvc/jLZI8iHwCdFrdz 9UHkGKDXNfTxgtBWXr575wY= =xt3t -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] IPropertiedUser still missing?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18 Apr 2006, at 15:33, Clemens Robbenhaar wrote: Hi Jens, [...] If there is interest but nobody is working on it I could work out a patch for it and put it in the collector. This is probably the case. Patches gladly accepted! Ok, done: http://www.zope.org/Collectors/PAS/16 Please let me know if there are problems with the patch or if it can be improved in some ways. Thanks Clemens, I just eyeballed it very quickly and it looks fine. I might find time tonight or in the next few days to merge it in. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFERO1KRAx5nvEhZLIRAqRaAJ9gMUwCwz0nx/0SMbJZY04p2nIyAACgrBbS CjCKMgyXr0nElqbnw4J4DsY= =SYAO -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] mutable property sheets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Usually I am not fond of magic either, but from an user point of view ("user" = someone who might write ZODB Python scripts using PAS or the like) I am used to have all changes to objects saved magically, so why not user properties? This is true - if this were a normal persistent object. But that is only true with a few user folder implementations, like the bog- standard Zope user folder. For most user folder implementations the user object cannot counted as being persistent because it is assembled on the fly using data from external sources (RDBMS, LDAP, etc). It gets used once (or a few times if it bis cached internally for speeed) and then thrown away. Basically, the expectation you mention is unrealistic for most user folders out there. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFER4dXRAx5nvEhZLIRAk65AKCwfD9r9u3iKiLRfYEOn7zQbIMP7wCgtOmU twbDkZxwFNvAzQ4E7IM8Zm8= =KIvd -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] mutable property sheets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20 Apr 2006, at 14:16, Clemens Robbenhaar wrote: Basically, the expectation you mention is unrealistic for most user folders out there. Ok, got the point. As I said, I have been arguing from some (dummy?) end-user perspective. I guess other users can figure out that user objects are normally not the same as persistent objects, too. If I put a developer hat on, I feel an explicit "saveProperties" call or something like that is better, too - so sorry for the noise I created. No, this is all helpful, don't get me wrong. It just helped me hone the argument why this magic is bad, or unexpected. ;) jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFER4tURAx5nvEhZLIRAsUeAJ95QKE+xPnrj9V748qtkjJZn3D8AgCfSg8b aoxpdVswnHqQ7LIWgYWcj94= =wKd4 -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PropertiedUser role checking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21 Apr 2006, at 09:26, Wichert Akkerman wrote: (I can't find any link to the issue tracker at http://www.zope.org/Products/PluggableAuthService so I'll just post this here) The issue tracker is at http://www.zope.org/Collectors/PAS/ and prominently linked from http://www.zope.org/Collectors, where most collectors live. I have now added a link on the product page, too. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFESKBBRAx5nvEhZLIRAjJDAJ9Zz7q3cpoDJTubAxLEBYHGJuLNcACfds1u LxWTPWXDUQy7JegkRQGuhd0= =/cVb -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] mutable property sheets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16 Apr 2006, at 15:48, Wichert Akkerman wrote: Is there any reason not to merge the MutablePropertySheets from PlonePAS into PAS? The implementation is quite trivial: http://dev.plone.org/collective/browser/PlonePAS/trunk/interfaces/ propertysheets.py https://dev.plone.org/collective/browser/PlonePAS/trunk/sheet.py https://dev.plone.org/collective/browser/PlonePAS/trunk/plugins/ property.py it would certainly be a good step in making PlonePAS slowly disappear :) Wichert, After this somewhat muted discussion I think the best way forward would be to create a branch and merge whatever you think should be merged, and then we'll go from there deciding what gets merged back to the trunk. I'd think almost everything will, with the exception of that contentious magic persistence. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFESgJKRAx5nvEhZLIRAs+sAKCLkEiznJ3p0V3rWrI/OUF2oJJNIgCgnUsf e0WtfYNInyGk7GbxxntaVGQ= =Yax7 -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] mutable property sheets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22 Apr 2006, at 11:22, Wichert Akkerman wrote: Hi Jens, Previously Jens Vagelpohl wrote: After this somewhat muted discussion I think the best way forward would be to create a branch and merge whatever you think should be merged, and then we'll go from there deciding what gets merged back to the trunk. I'd think almost everything will, with the exception of that contentious magic persistence. Sounds like an excellent plan. Who should I contact to get commit access to work on that branch? You don't have commit access for svn.zope.org? Ouch. Hm, I think Jim is a good first address. I'm not entirely sure who does what in that regard nowadays. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFESglaRAx5nvEhZLIRAg4OAJ96k9wL2V3b8JDmTTMVBC1SWrTs2QCfbeAJ GB6iDpmD+PamBIxYUO1/cy0= =N9c6 -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PlonePAS & session auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9 May 2006, at 10:44, Emyr Thomas wrote: Is there a way to use session auth instead of cookie auth with PlonePAS as I'd prefer not to use cookie auth for security reasons. I notice PluggableAuthService has a Session Auth Helper plugin - any advice on getting this to work with Plone? With a standard PluggableAuthService (I am assuming/hoping PlonePAS behaves in the same way, but don't really know) you can follow the description here: http://mail.zope.org/pipermail/zope-pas/2004-November/000220.html You can disregard the text underneath "Problem:", that has now been solved. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEYGs8RAx5nvEhZLIRAlYbAJ9xOP4FZwCeFbtJjarW9DYJqNdHQwCfSbvo WogXEKtV+G+kEE3F6XywiHQ= =29ba -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] dealing with deleted users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27 May 2006, at 20:37, Wichert Akkerman wrote: I was investigating a plone bug (http://dev.plone.org/plone/ticket/ 5355) and it is caused by PAS behaviour. The problems boils down to logic in CookieAuthHelper.extractCredentials: if a cookie is present the credentials are extracted from it and form fields are ignored. This means that if we have a cookie containing credentials which no longer authenticate it becomes impossible to login as a different user since the form data is never seen. Looking at the equivalent in the CookieCrumbler code (method modifyRequest) it seems the cookie crumber does it the other way around and will look for form data before looking for the cookie. I'd be interested to find out the rationale for weighting cookie information higher than form data. Does anyone remember? jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEeMMtRAx5nvEhZLIRAk2jAKC10jUqyQphNPvjehDWmP9bXmhDvACgjvwZ vGn0MPGP/Ueu77mQOj+c2C4= =k3jP -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] dealing with deleted users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I would have hoped for a few more opinions before doing that... please don't be so quick next time. jens On 27 May 2006, at 22:40, Wichert Akkerman wrote: Ok, I'll change PAS to behave like CookieCrumbler on trunk. Wichert. Previously Chris McDonough wrote: I imagine it's an accident of implementation. On May 27, 2006, at 5:22 PM, Jens Vagelpohl wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27 May 2006, at 20:37, Wichert Akkerman wrote: I was investigating a plone bug (http://dev.plone.org/plone/ticket/ 5355) and it is caused by PAS behaviour. The problems boils down to logic in CookieAuthHelper.extractCredentials: if a cookie is present the credentials are extracted from it and form fields are ignored. This means that if we have a cookie containing credentials which no longer authenticate it becomes impossible to login as a different user since the form data is never seen. Looking at the equivalent in the CookieCrumbler code (method modifyRequest) it seems the cookie crumber does it the other way around and will look for form data before looking for the cookie. I'd be interested to find out the rationale for weighting cookie information higher than form data. Does anyone remember? jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEeMMtRAx5nvEhZLIRAk2jAKC10jUqyQphNPvjehDWmP9bXmhDvACgjvwZ vGn0MPGP/Ueu77mQOj+c2C4= =k3jP -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas -- Wichert Akkerman <[EMAIL PROTECTED]>It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEeMhmRAx5nvEhZLIRAmTRAJ9Lh0BfAVgqZzzU16PT03DXRWQ8FgCeI+e9 QY9D7oTueEquHED+MoVuqSQ= =Qhmc -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] documentation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 30 May 2006, at 08:56, Nicolas Rod wrote: So my question: is there documentation anywhere with guidelines to develop a PAS Plugin ? For instance, I'd like to know the order in which the interface methods are called, where do the parameters come from, which ones are passed to other methods when a method returns something, etc. Any chance to find this somewhere ? I'm afraid the plugins and interface files shipped with PAS *are* the documentation at this time. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEfA5IRAx5nvEhZLIRAp/kAKCp+nE//Z8u/46VsZJbVg4V859EkACggaI8 5L5qwxo6MnoD96jGo8BPqB8= =ckRT -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Plone 2.1.3 - _getLocalRolesForDisplay
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6 Jun 2006, at 17:24, Brecht Samyn wrote: I upgraded from Plone 2.1.2 and PlonePAS 1.2 to Plone 2.1.3 and now I get an attribute error when trying to access the sharing tab of a folder in Plone. Plone 2.1.3 seems to use the _getLocalRolesForDisplay method of GRUF which PlonePAS doesn't provide. Should we use PlonePAS with Plone 2.1.x ? PAS and PlonePAS are two distinct products, you might get more help on Plone mailing list. Most list members here deal with PAS only. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEhah/RAx5nvEhZLIRAr5QAJ0WfriPBhCJ09NYbCJ1tomVwJv9AQCeKVq9 asAXq7s2GSyD4LUxSWncrP0= =/Gi3 -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PAS needs GenericSetup?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22 Jun 2006, at 15:08, Tres Seaver wrote: Janko Hauser wrote: The last two releases (1.2 and 1.3) both need to have GenericSetup installed. I couldn't find a released version of GenericSetup, so I installed a checkout from the trunk. But this does not work with Zope-2.8.6, because it needs a newer Five-version (There is an import from BBB.OFS). Are there spelled out dependencies? [/home/tseaver/projects/CMF/CMF-SVN/CMF-2_0-branch/GenericSetup] $ cat DEPENDENCIES.txt Zope >= 2.8.5 Five >= 1.2 Note that it works fine to install tne newer Five version into $INSTANCE_HOME/Products (and I would recommend Five 1.2 for all Zope 2.8.x users). I think the main point is that PAS does not have a DEPENDENCIES file. I put an issue into the PAS collector for it. To be honest, I wouldn't be able to say which version of GenericSetup should be used with which version of PAS... jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEmtG2RAx5nvEhZLIRAty7AJ0ZsbKmHOIAdby6dfjW7vm0hLGX8wCgkcKe 6p2btDTHzxs9wPqeFtL5VhQ= =4XF6 -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
[Zope-PAS] PAS Caching (sucks)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Even though I am the perpetrator, I think the current way of caching, using ZCacheable and RAM cache managers, is absolutely horrific. It's cumbersome to set up and the ZCacheable API is ugly as sin using it from code. I think simplification is needed. I personally don't see any need to have caching in plugins themselves. Instead, caching should be applied at the "gateway" into the user folder, where it emits user objects. These user objects should be cached as a whole. I am envisioning a thread-independent cache (meaning no redundant lookups in each thread) that is configured using a caching ZMI tab on the PAS instance. No more Cache tab everywhere and no more RAM cache managers to configure. And no more contortions in plugin code to utilize ZCacheable. This model is the exact same model used in the LDAPUserFolder itself. The caching mechanism in the LDAPUserFolder contains two thread- independent "bags" where unwrapped users are stored: One exclusively for user objects generated from "passwordless" lookups, such as calls to getUser or getUserById and friends, and those generated by lookups that provide passwords. In this particular application having two user caches is simply an artifact of my slight abuse of getUser, so it might end up different in PAS. Who's got an opinion? jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEy3CIRAx5nvEhZLIRArwVAJ9V4hJ6dR4B7CE7p7E/v56oaolL+QCfX3OQ yJmjbx2cNCSp2KFBEMTveLo= =meix -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PAS Caching (sucks)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 29 Jul 2006, at 11:44, Sidnei da Silva wrote: | You do still need to configure the PAS instance to actually do | caching. But this seems OK. I think you can just ignore caching | when creating plugins if this is all you want. Even though the | ZCacheable API sucks, the indirection here is good. I wouldn't want | PAS itself to have a hard-wired caching implementation in it, and I | don't mind associating the PAS instance with a cache manager. Same here. I am fine with the use of ZCacheable. It also can be used with other cache implementations, for example the MemcachedCacheManager to share the cache between multiple instances. OK, no problem. I won't harp about it again. Still hate it. ;) jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEzNEhRAx5nvEhZLIRArhzAJ4io/iRmdIGzlNz6jvmHU1hD6E/iACdHWd1 048di+XZ7Z2O704kLkOH6M8= =zb5V -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Plone Group assignment to LDAP group
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17 Aug 2006, at 10:36, Stephen Kenworthy wrote: Hi all, I've been trying out the Plone 2.5, Zope 2.8.7 release for the first time and looking to migrate our intranet which is currently Plone 2.1. I love the new pas system but am still getting to grips with it. Can anyone offer any advice on the following... Can I assign LDAP *groups* to Zope *groups*? and if so, how? Currently, no. The LDAPMultiPlugin does not perform any mapping. You get the same group names that are stored in LDAP. Mapping of names is only available for roles, and it is set up at the LDAPUserFolder level. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFE5aWrRAx5nvEhZLIRAsZlAJ9xQniaz7QzQ3rCorWGmC4cFWgZWQCdHAvb 5ryy8K0TtTwcr1cWsY2PjBQ= =5CZX -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] plonePAS and JAX-WS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25 Aug 2006, at 05:47, Serge Zagorac wrote: Hi All Is there any way or example how to configure plonePAS to consume a web service (in my case JAX-WS via SOAP ) in order to get user details? This won't be a configuration issue, it will be a coding issue. You don't mention specifically what "consume a web service" means, but you might be able to put together a Scriptable Multiplugin or write your own filesystem-based plugin to do the job. However, there is one big caveat. Making HTTP calls (or almost any other network request) out of Zope code during the execution of a web request is risky. The executing thread will wait until the external request has been answered, and if for whatever reason no answer is received it will hang forever. There are four threads available in a normal Zope configuration, the fourth time this happens your website will be unavailable and Zope must be restarted. A lot of care needs to be taken to ensure there are sensible timeouts on these external calls to prevent hangs. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFE7sWDRAx5nvEhZLIRAlG6AJ9sSjNcg2aeMpAkFjVEFyX/ACoTEACfRTh+ fJ8VKl3cXDKf7L+o0xCcqBs= =LwGy -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] adding an "image" type to the set of known property types
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 30 Sep 2006, at 02:00, Rob Miller wrote: hi, i'm working on implementing the Plone member data as user properties, but have hit a snag b/c PAS doesn't recognize images as a possible property type. in the short term, does anyone object (with an alternate proposal, ideally) to the following patch: I don't see a reason not to integrate that patch. Gotta love double negatives, even I have to think twice about what it is I am saying ;) jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFHnZ9RAx5nvEhZLIRApgYAKCqkPSLauDTT3tLqA/SAEZn7oNLHgCgoDi4 obY2ruP4K3vrI9d344pEh/w= =fsIc -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] all_meta_types filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3 Oct 2006, at 05:40, Wichert Akkerman wrote: I am updating my OpenId authentication plugin to be a standard python package instead of a Zope product and am hitting a problem with PluggableAuthService.all_meta_types: it filters the registered types on a list of meta_types in the Products package. Since my package lives in plone.openid that effectively removes it. Is there any reason to do that filtering? Since the meta_types are registered at runtime we already know that the package is present. What we get from the plugin registration isn't the structure expected as a return value from all_meta_types. The plugin registration only gives us a sequence of meta_type strings. So in effect we are not filtering, we're simply converting to a suitable data structure that is found in Products.meta_types, and those are then returned. I haven't worked with products that are standard Python packages, but even if you cannot find them in Products.meta_types (why not I wonder? Is this a bug in the mechanism that enables Python package products?) I am assuming there has to be some place where you could look up their product information programmatically. all_meta_types could be extended to look in more than one place for this product information. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFIlR3RAx5nvEhZLIRAtnPAKCKnCSMJx9bqODCSsNGiYuMtFNoBQCgpOm2 Cuy5s+cls/hhYlzJQpwmUFY= =sIOk -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PluggableAuthService colon-in-cookie bug
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27 Nov 2006, at 18:00, Daniel Doerr wrote: Hey guys, recently I discovered a bug (or a feature???!!) in the way credentials are stored in cookies with PluggableAuthService. Daniel, please file this as a bug report in the PAS collector: http://www.zope.org/Collectors/PAS Mailing lists are a bad place to send bug reports, they will simply get lost and be forgotten. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFbqOaRAx5nvEhZLIRAhyoAJ90b8UkjrRQ3jNVpukgDKTYkQZWKwCfWoHk q4c2EaG+lzuDKF/8oxfoWRU= =cGFZ -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Duplicate pulgin types created by PluginRegistry.exportimport._updatePluginRegistry
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19 Dec 2006, at 10:32, Ross Patterson wrote: Attached is a small patch that avoids this rather simply. I'd love to see it merged so I don't have to maintain changed copies in my own product to have extension profiles that modify a PAS UF configuration. Please do not use the mailing list for sending patches, they *will* get lost and forgotten. Use the PAS collector: http://www.zope.org/Collectors/PAS jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFh7eRRAx5nvEhZLIRAgLSAJ44w0kAPICIYJ4/MFy5WvQ0WxuaQwCgttJ4 ZV2VWyBOZPhDMqJkP4KOVs8= =bGv8 -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: New PAS release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19 Dec 2006, at 21:23, Tres Seaver wrote: Would probably be helpful as well. Thanks for looking at this and backporting those changes. Do you think you'll have time to make a release? Also, does the PAS release policy require a 1 week beta/rc period for minor releases like 1.4.1? Nope. I can cut one at will, especially if you are willing to help test it. ;) It's *my* policy. I thought I had mentioned that, Alec. If someone else makes the release, well, it's none of my business... jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFiFbkRAx5nvEhZLIRApSvAJ9bm9UIQgdIa3cSl35CDKmlMn9QlgCgin8m mNMlLUrDM2PUXdneIVcksh0= =oEwt -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Failing to fill users properties, should it cause an error?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2 Feb 2007, at 19:45, Sidnei da Silva wrote: Now, some might argue that this is an application-specific policy. The fact is that there's no obvious way currently of 'vetoing' a login based on the lack of certain user properties (like the email example above). I would like to change PAS so this is possible to do. Any objections? Instead of adding yet another plugin type (I think there are too many as it is), shouldn't this be handled by an overridden plugin of one of the standard types, like maybe an overridden properties plugin? I think this is a very narrowly focused functionality that only very few users may ever need. Providing a more specialized "standard" plugin for a specific customer with that need is what I would do instead. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFw4wXRAx5nvEhZLIRApayAJ9v1QNwXjN8hYPjCKNdwpZrrkiQtwCfcpjK KEU1mXyeegxtL2JEiGL5P+k= =YjOU -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Failing to fill users properties, should it cause an error?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2 Feb 2007, at 20:23, Sidnei da Silva wrote: On 2/2/07, Jens Vagelpohl <[EMAIL PROTECTED]> wrote: Instead of adding yet another plugin type (I think there are too many as it is), shouldn't this be handled by an overridden plugin of one of the standard types, like maybe an overridden properties plugin? I think this is a very narrowly focused functionality that only very few users may ever need. Providing a more specialized "standard" plugin for a specific customer with that need is what I would do instead. Are you suggesting to add an IPropertiesPlugin and order it last so that it can look at what properties the user have and raise an exception? Sounds definitely hackish, but could work. I was only thinking about a decision based on what a single plugin knows as it is executing. I was not even considering plugin order. There are a few pieces missing as well, like you'd probably need a special exception that a plugin can raise which would signal such a veto to the user folder. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFw5SERAx5nvEhZLIRAlvYAJ0QtW/x0Qwmwp4fS+KYIOwAsbqwWgCcD6Zm I8RQjHP9wP3Cn/e1lpRPkYY= =Fkk4 -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Failing to fill users properties, should it cause an error?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4 Feb 2007, at 23:24, Mark Hammond wrote: So to slightly change the focus of Sidnei's question: should PAS complain loudly when after enumerating all property related plugins, PAS fails to find *any* properties for a specific user? I think you're mixing up a couple things, you brought roles into the game as well. For pure properties PAS should *not* complain. The basic user folder behavior doesn't even use and expect them, either. Maybe if a user has no roles it may complain, but even then I'm not sure. This whole properties issue looks very much like a "site policy" decision to me. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFxl8FRAx5nvEhZLIRAl5KAKCMLQQ8cYiwXWn4f4AEhr9owajixwCeOzAl GkgjYsxEGY6mjw26NHawofY= =ttWR -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] merge r70450 to 1.4 branch?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13 Feb 2007, at 01:40, Rob Miller wrote: i made a very small fix on the trunk some while ago to allow PAS to support image type properties on UserPropertySheets (http://svn.zope.org/PluggableAuthService/trunk/ UserPropertySheet.py?rev=70450&view=rev). i forgot, however, to merge it onto the 1.4 branch at the time. is this change minimal enough to make it onto the maintenance branch? I'd be OK if you extended the unit tests for the UserPropertySheet module to test this as well. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFF0Y5TRAx5nvEhZLIRAkGbAJ9P0NcClTism4bFJPU3uJZ96uulwgCfX4DU YPVTquvUiGnByNswz4oy/TU= =U2SW -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
[Zope-PAS] Re: [Checkins] SVN: PluggableAuthService/trunk/plugins/tests/test_exportimport.py Made tests pass with GenericSetup trunk.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stefan, you just created a dependency on the CMF in the PluggableAuthService, which has nothing to do with the CMF. There has to be a better solution, otherwise the checkin must be reverted. jens On 25 Mar 2007, at 17:09, Stefan H. Holek wrote: Log message for revision 73609: Made tests pass with GenericSetup trunk. Changed: U PluggableAuthService/trunk/plugins/tests/test_exportimport.py -=- Modified: PluggableAuthService/trunk/plugins/tests/ test_exportimport.py === --- PluggableAuthService/trunk/plugins/tests/test_exportimport.py 2007-03-25 14:38:56 UTC (rev 73608) +++ PluggableAuthService/trunk/plugins/tests/test_exportimport.py 2007-03-25 15:09:38 UTC (rev 73609) @@ -34,7 +34,11 @@ from Products.GenericSetup.tests.conformance \ import ConformsToIFilesystemImporter -from Products.GenericSetup.tests.common import SecurityRequestTest +try: +from Products.GenericSetup.tests.common import SecurityRequestTest +except ImportError: +from Products.CMFCore.tests.base.testcase import SecurityRequestTest + from Products.GenericSetup.tests.common import DOMComparator from Products.GenericSetup.tests.common import DummyExportContext from Products.GenericSetup.tests.common import DummyImportContext ___ Checkins mailing list [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/checkins -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGBp/XRAx5nvEhZLIRAsdAAJsF55hb5aM7GwLp2uTc0LthcbKohQCgtdxj GCY4X5XDPcu4HsHun7e3G9o= =eR4B -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PluggableAuthService question about roles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3 Apr 2007, at 09:18, Wichert Akkerman wrote: How do zope-pas@zope.org and [EMAIL PROTECTED] related to each-other? I've always wondered that. They're one and the same thing :) If they're not, we have a problem. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGEhMKRAx5nvEhZLIRArGKAJkB4QqCn6idMaU98P+HDdJdSvElDgCfcAL7 cpW6gu+S96/PRPTw6UwXiNc= =GwHl -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4 Apr 2007, at 11:52, Wichert Akkerman wrote: If he needs to use a session using something else than the username & password as used by the cookie plugin it should be trivial to leverage plone.session here. Just add a plone.session plugin to your acl_users, enable its interfaces, disable credentials update and reset for the cookie plugin and you're all set. And it'll be more secure as well :) Storing the credentials in a session instead of a cookie does not require installing yet another addon product. You can do that with the standard CookieAuthHelper and the standard SessionAuthHelper. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGE4EcRAx5nvEhZLIRAuWFAJ9zV8KARWIBpFO5Z/VRqXxYAw/YWACcC/7e MqCtENwQXsc4j51HRjCf9Ik= =OjKb -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4 Apr 2007, at 12:46, Wichert Akkerman wrote: As an added benefit plone.session does not use Zope sessions, making it more scalable. For that I'd always try Tres' "Faster" product first. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGE4XHRAx5nvEhZLIRApuMAJ95V13D3uHvtwQCxFg6mrxMKyEaSwCgrSuj UOfH2u706d26CvYOpakUIAc= =H1pM -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] easy way to list all ldap users from script??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16 Apr 2007, at 13:56, robert rottermann wrote: Hi there, I have installed LDAPUserfolder 2.8beta and LDAPMultiPlugun for Plone 2.5.0 Is there an easy way to list all users from a script. something like we have in the ZMI user tab of the LDAPUserFolder? You'll have to write your own, taking inspiration from the ZMI user tab you already noticed on the LDAPUserFolder. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGJd1dRAx5nvEhZLIRAu59AJ0fwhFM3HUQhvQmbtQyZbYOcnptBgCgmS5Y ovyzEO9IxwQm5d6O/HrsITU= =tirD -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] how to specify a filter for ldap userfolder?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24 Apr 2007, at 14:27, robert rottermann wrote: Hi there, how can I specify a filter like the following: (&(sAMAccountType=805306368) (!(sAMAccountName=_*)) (! (sAMAccountName=~*)) (sn=*) (!(givenName="")) (givenName=*) ) to retrieve users when using LDAPUserfolder? You can't. P.S.: This is off-topic on this list. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGLptURAx5nvEhZLIRAl4MAJ9eHNqg8rWafX3yopAi58fGmIsCYQCfYUkf nhRqBM4A+i5MwZWSg0AUyQM= =bq+e -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] missing method in interfaces
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4 May 2007, at 05:17, Miles wrote: Hi, The interfaces definition from the plugins directory defines: IRoleAssignerPlugin def doAssignRoleToPrincipal( principal_id, role ): However, it doesn't document any way to remove a role from a principal. Should there be a doRemoveRoleFromPrincipal ( principal_id ) method for this? zodbrolemanager provides a removeRoleFromPrincipal method which does this, and could be wired up in the same way as doAssignRoleToPrincipal is currently. Can I provide a patch to add it into the definition, and to zodbrolemanager? You're very welcome to provide any bug report or patch through the PAS collector: http://www.zope.org/Collectors/PAS/ jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGOyxJRAx5nvEhZLIRAtcLAJ9Lv/7nO2SpJpsurzS89OyUDYVAYwCdFlqO OhG+IcKdv06ksix2AujjLac= =qlO+ -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] proposal: IUserAdder plugins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5 May 2007, at 17:00, Wichert Akkerman wrote: I think that a better approach would be to use events. I made a branch a while ago which has an event which is fired when a new user is created which solves your use case perfectly. That branch is still missing test for the events though. Someday I need to write those and offer it up for merging. Using events does indeed sound like the best solution, not just for this particular use case. I've been in quite a few situation where contortions were needed because one plugin needed to communicate with another one, which is pretty evil. Events are a good solution to any problem like that. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGPQkVRAx5nvEhZLIRAu58AJ9Vkd6QKmq8+FYrRpg0UoM555R76wCcD8tX d9kFyZmTaeexH+24uoW1mzU= =k9SE -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: proposal: IUserAdder plugins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6 May 2007, at 05:12, Miles wrote: -1, we can not change semantics of existing interfaces. I agree with this. Though the restriction is not documented anywhere: I am happy to add some explanatory notes though. It does not need to be documented because that is a generally accepted rune, not something specific to this project. Interfaces should not change out of the blue. If a change must be made there are mechanisms (deprecation warnings, etc) that can be used to tell people about impending changes, and they're usually employed for 2 releases. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGPfEhRAx5nvEhZLIRAlAgAJ9WQvtbvGYfuJFxyzLU8GIqkKDWWACfVLRk bBXX+KiZJHEF/xndT25xFpE= =Kdtc -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Using Zope3 events
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9 Jun 2007, at 20:28, Wichert Akkerman wrote: I'm not quite happy with the current interfaces; I think it makes more sense to carry an IBasicUser instance in the event instead of the current userid and acl_users attributes. I'd do that if possible. Before I'm going to put more effort in this I would like to know if there is an interest in adding events and if my current approach is sane. In other words: feedback please! Yes, events are definitely useful. I can't see anything wrong with the current approach. It's a good idea. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGa6zNRAx5nvEhZLIRAjh/AJsHKCHeZm6Nqj5hwoTLO0/Tl4CF3wCfbHH+ pzcaLqAJ6q11kgRafUDPegs= =/Gj/ -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Using Zope3 events
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jun 2007, at 00:22, Wichert Akkerman wrote: Previously Jens Vagelpohl wrote: On 9 Jun 2007, at 20:28, Wichert Akkerman wrote: I'm not quite happy with the current interfaces; I think it makes more sense to carry an IBasicUser instance in the event instead of the current userid and acl_users attributes. I'd do that if possible. I've done that now. Unless someone objects I'ld like to merge this into trunk. if it's all tested well then no objections from me. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGbH/YRAx5nvEhZLIRAvnbAJ93PGjwytP5G+2AHR/cKwFjJtuDswCghFP7 9JilOarUZqL4lLYtheep090= =g/As -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PAS 1.5 release plans?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jun 2007, at 09:44, Wichert Akkerman wrote: Are there plans for a PAS 1.5 release? 1.4 is over 10 months old now and I would like to be able to include something newer in Plone 3. If merging my z3-events branch is a factor in this I don't mind postponing merging that until 1.5 is out. I can do the release at any time, no one asked for it so far. I personally wouldn't mind if the event changes get merged before the release. Any other opinions out there? jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGbQK1RAx5nvEhZLIRAuufAKCdH/suop3nt9vh5U7dxVCnIPgA3ACeIZwT 719rpG7dtdBToKXmf22XfOE= =pBJg -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PAS 1.5 release plans?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jun 2007, at 15:14, Tres Seaver wrote: Are there plans for a PAS 1.5 release? 1.4 is over 10 months old now and I would like to be able to include something newer in Plone 3. If merging my z3-events branch is a factor in this I don't mind postponing merging that until 1.5 is out. I can do the release at any time, no one asked for it so far. I personally wouldn't mind if the event changes get merged before the release. Any other opinions out there? +1 for a near-term 1.5 release, including the event-based changes. OK, I'll target this coming Sunday (6/17) for a PAS release. Wichert, that's enough time for you to do your merging I assume? I'll also look at some of the collector issues. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGbVm7RAx5nvEhZLIRAiDXAJ4rUoTePL1IFtZBha21LTxUsU1uxgCcCZa5 6dirIeAJ/rgInmUZ/hs1Kj0= =GWVm -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PAS 1.5 release plans?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jun 2007, at 16:20, Wichert Akkerman wrote: OK, I'll target this coming Sunday (6/17) for a PAS release. Wichert, that's enough time for you to do your merging I assume? I'll merge it today. Wichert, I am getting a failing test running against my Zope 2.10- branch sandbox: Failure in test testCredentialsEvent (Products.PluggableAuthService.tests.test_UserFolder.UserEvents) Traceback (most recent call last): File "/usr/local/zope/src/Zope-2.10-branch/lib/python/Testing/ ZopeTestCase/profiler.py", line 98, in __call__ testMethod() File "/usr/local/zope/210Instance/Products/PluggableAuthService/ tests/test_UserFolder.py", line 323, in testCredentialsEvent self.assertEqual(len(self.uf._data), 1) File "/usr/local/lib/python2.4/unittest.py", line 333, in failUnlessEqual raise self.failureException, \ AssertionError: 0 != 1 jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGbWemRAx5nvEhZLIRAm4SAKCOw2b5rbd58IMpCndcLSuPE9WmgQCfVtdL G5HRM1JX6MLrACfP/SkL5DY= =hcMy -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PAS 1.5 release plans?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jun 2007, at 21:53, Wichert Akkerman wrote: AssertionError: 0 != 1 That looks like the event re-dispatcher is not getting triggered. I'll look into it. That test was missing a provideHandler. I've added that and all 405 tests run correctly now. Thanks Wichert, I put a Sunday release on my calendar. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGbam6RAx5nvEhZLIRAn2JAJsGI7tB0o4BwkinuWDchycqFYzztgCfTfxY xLTL7xkqUvkQ9sW5tQCLIzk= =cOzb -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PAS 1.5 release plans?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jun 2007, at 09:44, Wichert Akkerman wrote: Are there plans for a PAS 1.5 release? 1.4 is over 10 months old now and I would like to be able to include something newer in Plone 3. Done: http://www.zope.org/Products/PluggableAuthService/ PluggableAuthService-1.5 jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGdXhFRAx5nvEhZLIRAnf9AJ9PQE77BpJcMRsIfR/ghPs5+/Tj+QCfadlL uJ4a+RILr9MIkc8qymmLQA4= =q6bq -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
[Zope-PAS] PAS collector moved to Launchpad
FYI, the old PAS collector has been moved to Launchpad: https://bugs.launchpad.net/zope-pas/ I have set up a team named "zope-pas" to receive bug requests etc, however, I need everyone who still wants to be a collector supporter to look at the team roster and let me know their Launchpad ID if they're not on the team: https://launchpad.net/~zope-pas/ I found a few of the people who are current supporters, but not all. A redirect is already in place to send people to the right place on Launchpad if they attempt to access the old collector. Please let me know if you see any problems. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Need old-style PAS 1.5.2.1 release
I have uploaded a new tarball to the same location. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Problems Upgrading PluggableAuthService
On Jan 30, 2008, at 14:01 , Mark Phillips wrote: I looked at the bug reports and found 2 that relate to this error: http://plone.org/products/remember/issues/44 http://plone.org/products/remember/issues/32 The suggested solution is to upgrade PluggableAuthService to version 1.5.2, which I did. I stopped zope, removed PluggableAuthService v 1.4.2 from the Products directory, installed the new PluggableAuthService v 1.5.2, and restarted zope. However, no one can log in now. The remember members are still alive and well, but entering the use name and password does nothing - no error, no logged event, just return to the login page. What else do I have to do to upgrade PluggableAuthService? There are no additional steps. In a case like this I would start by manually inspecting the user folder instance to make sure the plugin registrations are still correct. It may help to enable the verbose-security setting in zope.conf and remove "Unauthorized" from the swallowed exceptions in the error_log object in the ZMI, you may get tracebacks that point to the issue then. If that doesn't provide enough clues I would use the Python debugger to step through the login process. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Problems Upgrading PluggableAuthService
On Jan 30, 2008, at 15:40 , Mark Phillips wrote: In a case like this I would start by manually inspecting the user folder instance to make sure the plugin registrations are still correct. How do I do this? Through the ZMI? My apologies for being so new to zope. Yes. It may help to enable the verbose-security setting in zope.conf and remove "Unauthorized" from the swallowed exceptions in the error_log object in the ZMI, you may get tracebacks that point to the issue then. If that doesn't provide enough clues I would use the Python debugger to step through the login process. jens Thanks. I tried And..? jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Problems Upgrading PluggableAuthService
On Jan 30, 2008, at 17:39 , Mark Phillips wrote: I figured out where the plugins are - acl_users for my plone site, not the root level acl_users, right? Plone has the annoying habit of replacing the root user folder as well, so it might be helpful to look there as well. I then removed Unauthorized from the swallowed exceptions, and added verbose-security to zope.conf. I then tried to login, and no error messages. I am reading the "How to debug Plone" using pdb, but I don't know where to start with a break point. I don't know the process for login in plone/zope. Any tutorials on that? I couldn't find any. I can't say much about Plone, but in many cases you can "follow the code" by looking at the source of that login page. From there you see where it posts to, and what code is invoked to check credentials, or which conditions must be met for the login page to be shown again, etc. You may find more helpful answers by asking on a Plone-specific list, by the way. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Problems Upgrading PluggableAuthService
On Jan 31, 2008, at 10:49 , Sven Deichmann wrote: Hello... I'm afraid that was my fault... I added that comment to the issue without checking all results first. I already added a comment yesterday stating this problem. My recommendation now: stick with 1.4.2 and add the patch listed in the comments further up. Should be the fastest solution. Though it would be great to know, why 1.5.2 does not work... Next time you reply to a digest message please take a second to trim the 2 miles of irrelevant quoted text. Thanks. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PAS 1.5.3 Released
On Feb 15, 2008, at 13:59 , Wichert Akkerman wrote: All the tools to create that tarball and the current installres assume that we either have an egg or a plain product release. But apparently there *is* an egg, right? Or am I misunderstanding something? jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PAS 1.5.3 Released
On Feb 15, 2008, at 18:33 , Wichert Akkerman wrote: Previously Sidnei da Silva wrote: I wouldn't call the lack of shipping with a compiler installed tool-poverty. Some modern Linux 'desktop' distributions do not ship with a compiler installed by default either, though it's relatively easy installing a compiler there than on Windows, I wouldn't say that's such a big deal. Iirc OSX ships without a usable compiler as well. It comes with Developer Tools packages that you can install after the OS installation is done. jens ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] _verifyUser() broken for anonymous
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sep 23, 2008, at 20:55 , Paul Winkler wrote: > (There does not seem to be a 1.6 branch.) We have informally decided to proceed with a simpler trunk + tags release policy, right now there's no need to add the complication of release branches. If for some reason a branch is really needed it's easy to cut it from the first 1.6 tag. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkjZSZoACgkQRAx5nvEhZLJexgCgjv5c6eX0hrrKdAwbATJyLfqZ xNEAoJZjGOO26njuD4PUgCF2yyv0nYXW =Uzif -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] _verifyUser() broken for anonymous
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sep 24, 2008, at 18:11 , Paul Winkler wrote: > Any thoughts on the fix itself? > I've got two branches now, against trunk and against 1.5: > > .../branches/slinkp-fix-anonymous-performance-branch > .../branches/slinkp-fix-anonymous-performance-1.5-branch I can't see any good reason why this can't be merged to the trunk and the 1.5 branch, and no one else has complained. Go ahead, please. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkjni+YACgkQRAx5nvEhZLKFmACdEa0VxfawzFfSQyh5RtkRCxJ4 m+UAn3O5YEEizQwseHwYodgHiQZHlFHL =Q4/k -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Basic auth/challenge problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Jun 12, 2009, at 07:40 , Ian McCracken wrote: > Recently upgraded from PAS 1.4 to 1.5.3 (and Zope 2.8.8 to 2.11.2). > I'm having a new problem with basic auth; namely, that basic auth > information is ignored when using wget. Browsers work fine, ZMI asks > for basic auth creds. wget (and lynx, for that matter) doesn't. I don't know what kinds of plugins you're using, but this works perfectly fine for me on Zope 2.11.3 with PAS 1.6.1 when I instantiate the most basic set of plugins possible and activate them. This set of plugins include a Basic Auth Helper, a ZODB User Manager, and a ZODB Role Manager. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkoyTYkACgkQRAx5nvEhZLIWQQCghpUpsCt2uXgBXWLAz1MerPlr IJ0AoJZbw4qvi6ZiRqGyuYeew3Mu+S4L =NOk8 -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas