Re: [Zope3-Users] Re: Programatically add plugins to PAU
On Tuesday 11 April 2006 18:26, Andreas Elvers wrote: I use events to trigger post initialization of my content object. setUpMyapp is called by such a subscriber. This example is *not* complete. Maybe its helpful. I have developed a small post-initialization configuration system last week that I plan to check in. We use it for exactly this use case: Setup a site after initialization. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Concurrent data access in Zope
On Tuesday 11 April 2006 07:33, Andreas Jung wrote: How is access synchronisation to such a structure handled in Zope? What happens automatically? What do I have to do on my own? First come, first serves. There is no fancy synchronization. If two threads are trying to modify the same object then one thread will receive a WriteConflict error. It is up to the app to deal with these kind of errors. In the Zope 2 world Zope tries to re-do the current transaction for up to three times before the ConflictError is passed up to the application. Same in Zope 3. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Programatically add plugins to PAU
Florian Lindner wrote: Hello, I've a PluggableAuthentication and want to add and register some plugins to it. Adding works fine: principal_folder = zope.app.authentication.principalfolder.PrincipalFolder(prefix = cs) pau[PrincipalFolder] = principal_folder and I think I can select it with: pau.credentialsPlugins = [principal_folder] but how to register it before? And how do I select credential plugins? This is how we did it in a project: createAuthenticationUtils is called on handling the ObjectAddedEvent for the folder (which is programmatically made a site) which should contain the PAU. HTH, mac --- from zope.app.security.interfaces import IAuthentication from zope.app.authentication.interfaces import IAuthenticatorPlugin from zope.app.appsetup.bootstrap import ensureUtility from zope.app.authentication.authentication import \ PluggableAuthentication from zope.app.authentication.principalfolder import PrincipalFolder from zope.app.authentication.groupfolder import \ GroupFolder, GroupInformation from zope.app import zapi from myproject import config def addUtilityToPAU(pau, interface, utility_factory, id, name): utility = utility_factory() pau[id] = utility reg_man = pau.registrationManager reg = site.UtilityRegistration(name, interface, utility) reg_man.addRegistration(reg) reg.status = u'Active' def _addGroupInformation(group_folder, id, title, description): group = GroupInformation() group.title = title group.description = description group_folder[id] = group def createAuthenticationUtils(obj): ensureUtility(obj, IAuthentication, '', PluggableAuthentication, copy_to_zlog=False) auth = zapi.getUtility(IAuthentication) auth.credentialsPlugins = (u'Session Credentials',) addUtilityToPAU(auth, IAuthenticatorPlugin, PrincipalFolder, 'principal_folder', u'Benutzerverwaltung') addUtilityToPAU(auth, IAuthenticatorPlugin, GroupFolder, 'group_folder', u'Rollenverwaltung') auth.authenticatorPlugins = (u'Benutzerverwaltung', u'Rollenverwaltung',) group_folder = auth['group_folder'] for group in config.company_groups: _addGroupInformation(group_folder, group['id'], group['title'], group['description']) ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] RE: principal folder subclassing
On Tuesday 11 April 2006 04:07, Pete Taylor wrote: if you create your own principal info like i did for these principals, you have to make sure you don't set title or description to None. if they're set to none, attempting to grant on them fails because it attempts to lower() the NoneType. Thanks for the follow up. Note that at least title is a required field, so you must provide one. If you implement your own component, always study the required interfaces carefully! We tries hard to always provide good documentation in those interfaces on how to implement them. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Programatically add plugins to PAU
On Wednesday 12 April 2006 02:39, Michael Howitz wrote: This is how we did it in a project: createAuthenticationUtils is called on handling the ObjectAddedEvent for the folder (which is programmatically made a site) which should contain the PAU. Interesting. We did, of course, something similar too in our current project. This either means that (a) PAU is too hard to set up and/or (b) that we need another helper layer. I would like to think the problem is (b), because I like the flexibility of PAU. The configuration package we wrote is step one, but it would be good to agree on a set of high-level helper functions too. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] ILoginPassword and Unauthorized Exception
On Saturday 01 April 2006 21:02, David Johnson wrote: I have created and am using a custom ILoginPassword (an updated version of what's in Phillip's book - cookieauth), and Zope does not seem to raise the Unauthorized exception for unauthorized users. In otherwords, if a user who is not authenticated tries to access a page they are not authorized for, they allowed to. When and how is the unauthorized exception raised? Why does adapting ILoginPassword seem to disable that? You have to give us more information than that? I think the book discusses the old pluggableauth, which is not used anymore. In PAU, you can configure the behavior. You shoudl read the text files associated with zope.app.authentication. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Re: Programmatically changing GroupInformation.principals
Hi, I looked a bit deeper and found that zapi.principals().getPrincipal does not know about principals defined in a local site. It will only return principals defined in zcml. zapi.principals().getPrincipal is used in groupfolder.py in line 261 for Zope 3.2.0 and magically finds the right principal when a principal is added to a group through ZMI. But when I try to do: mygroup.principals = ('pauprefix.principalprefix.principalid') it is simply not working. There must be some kind of hidden context. I think I'm missing a big link in the Zope3 puzzle. Can someone elaborate please ? Thanks - Andreas ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Re: Programmatically changing GroupInformation.principals
Thanks Michael, this did the trick. Zope3 stores the current site in a tread-global variable, so if you want to change this context, you have to set a hook like this: try: old_site = zope.app.component.hooks.getSite() zope.app.component.hooks.setSite(root_folder) # do the pau things finally: zope.app.component.hooks.setSite(old_site) Where root_folder is the object providing ISite (the site containing your PAU). HTH ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Programatically add plugins to PAU
Am Mittwoch, 12. April 2006 08:50 schrieb Stephan Richter: On Wednesday 12 April 2006 02:39, Michael Howitz wrote: This is how we did it in a project: createAuthenticationUtils is called on handling the ObjectAddedEvent for the folder (which is programmatically made a site) which should contain the PAU. Interesting. We did, of course, something similar too in our current project. This either means that (a) PAU is too hard to set up and/or (b) that we need another helper layer. I would like to think the problem is (b), because I like the flexibility of PAU. The configuration package we wrote is step one, but it would be good to agree on a set of high-level helper functions too. I think it's fine the way it is beside one thing. # This is fine, it's added just like all the other utilites. pau = ensureUtility(cs, IPluggableAuthentication, '', PluggableAuthentication , asObject = True) # This is ok for adding, but I got no idea how to register it. A nice thing would be function like ensurePlugin that works analog to ensureUtility (adds und registers a plugin, does the NameChooser call if needed, ...) principal_folder = PrincipalFolder(prefix = cs) pau[PrincipalFolder] = principal_folder # This is pretty straightforward but I was not expecting to give a string, rather I thougt it expected a Interface or something like that. pau.credentialsPlugins = (u'Session Credentials',) The only thing I would change is to add a ensurePlugin function to either the pau object itself or also as part of zope.app.appsetup. (like all the other ensure* functions). Florian ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Programatically add plugins to PAU
Am Mittwoch, 12. April 2006 08:39 schrieb Michael Howitz: Florian Lindner wrote: Hello, I've a PluggableAuthentication and want to add and register some plugins to it. Adding works fine: principal_folder = zope.app.authentication.principalfolder.PrincipalFolder(prefix = cs) pau[PrincipalFolder] = principal_folder and I think I can select it with: pau.credentialsPlugins = [principal_folder] but how to register it before? And how do I select credential plugins? This is how we did it in a project: createAuthenticationUtils is called on handling the ObjectAddedEvent for the folder (which is programmatically made a site) which should contain the PAU. reg = site.UtilityRegistration(name, interface, utility) Thanks for the code. One question: Of what type is site? Thanks, Florian ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Blobs and filestream iterator
Hi. I had written a repository product in zope2 for blobs. I am looking at bringing this into Z3 at the moment and looking for equivalent for stream iterator of zpublisher. Regards, David ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] request.principal and render/update
Hi all... here goes yet another PAU email, after a fashion. it's really more a question of design, and am i thinking about this correctly than anything else. what follows is wordy and potentially too specific to my own implementation to be reasonably troubleshootable, so feel free to ignore... there's just really only one place to go for these kind of answers ;) i have built a credentials plugin and an authenticator plugin, and set them up in my PAU. i built the credentials plugin such that if no credentials a recieved in the request, it checks the cookies for the expected credentials, and if they're there, builds the necessary credentials dict out of that instead, and returns that back for the authenticator plugin to use. the login logic then, assuming a principal is infact returned from pau.authenticate(self.request) (either because the cookies have the credentials or the request did), returns back self.request.setPrincipal(principal) and sets the cookies for the next use (in the case that the credentials were found in the request, but hadn't been set yet). my login form's action looks like this: @form.action('Login') def handle_login_action(self, action, data): lsm = component.getSiteManager(context=self.context) pau = component.getUtility(IAuthentication, context=lsm) principal = pau.authenticate(self.request) if principal is not None: self.setCookies() #i've both used this and not used this... #doesn't seem to affect anything one way or the other self.request.setPrincipal(principal) and, usually thereafter, my principal is available in request.principal. but not always. certain submission update/render make request.principal unavailable. and in my logs, when i get an unauthorized error, the user shows up as unauthorized, myUserId, as opposed to login, id etc. since http is fundamentally stateless, my thought here is that i need to add Session Credentials to my PAU as well, and put my principal in the session, so that it's always available to me somewhere. but is this correct? mexiKON in IRC the other day mentioned that the pau itself should handle making the authenticated principal resident, but I think I may have misunderstood how, or misinterpreted the context to which he referred. or he may have meant that the pau handles it *if* you add session credentials to your credentials plugins. but i'm confused/worried because my logs show my user as unauthenticated anyway, so I'm wondering if I haven't actually successfully authenticated, but am rather re-authenticating on each request with the cookies... which may be what is supposed to happen? the userDetails div does show me logged in as the expected user, and the user has the role site member granted. as a bit of extra background, i have a viewlet that needs to be aware of request.principal. in tales, i did a bit of tracking of where and when the current self.request was aware of request.principal. the primary page view found request/principal/id every time. the viewlet could find request/principal/id in tales, but not in the viewlet class (a form.Form), even though self.request is super'd up through. i attempted, in the viewlet, to look at self.__parent__.request.principal since i set __parent__ to the view that comes in on __init__, and i know that view can see request.principal, since it shows up in tales every time. still no luck, it always throws AttributeError on request.principal. so i'm confused as to whether or not i've failed to properly authenticate, or if there's something i misunderstand about the render/update pattern for form.Form that doesn't include the request.principal in the post. that's all i've got for now. again, if my questions are likely answerable only with the context of my own implementation, that's ok... i'll be fighting with it more anyway. but if something sticks out as misunderstood or misconceived on my part, please, let me know! ;) Thanks in advance for any help... Pete -- All guilt is relative, loyalty counts, and never let your conscience be your guide. - Lucas Buck, American Gothic ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] maybe a bug in formlib?
On 4/12/06, Lorenzo Gil Sanchez [EMAIL PROTECTED] wrote: I'm trying to use formlib and while looking at the source code of this package for a better understanding I realized that the form.Action class has two methods with the same name: 'submitted'. You can see it at: ... Is that ok or is it a bug? If that's the way it should be, please somebody explain me how it works :) Not only should there be only one, but it looks like the first one looks buggy, too. Look at the computation of 'name' in that version. :-) -Fred -- Fred L. Drake, Jr.fdrake at gmail.com Don't let schooling interfere with your education. -- Mark Twain ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users