Hi ALL,
I have been doing an authentcation package with signup and login/logout
features using PAU. When i refered to philips book and the worldcookery
example i found the following codes in the signup logic.
class SignUpView(BaseSignUpView):
signUpForm = ViewPageTemplateFile('signup.pt')
def signUp(self, login, title, password, confirmation):
if confirmation != password:
raise UserError(_(u"Password and confirmation didn't match"))
folder = self._signupfolder()
if login in folder:
raise UserError(_(u"This login has already been chosen."))
principal_id = folder.signUp(login, password, title)
role_manager = IPrincipalRoleManager(self.context)
role_manager = removeSecurityProxy(role_manager) # <- wot does it
really do and how does it make the newly
# created user to be authenticated automatically
for role in folder.signup_roles:
role_manager.assignRoleToPrincipal(role, principal_id)
self.request.response.redirect("@@welcome.html")
The above logic works well for me too. But if i comment the line
'role_manager = removeSecurityProxy(role_manager)',still user creation and
role assignment works. but i am asked to login again right after the signup.
and the redirect does not work.
And another apporch i have seen in
http://kelpi.com/script/e2019a
http://kelpi.com/script/f49219
so i tried to set the principal as
principal=pau.getPrincipal(principal_id)
sel.request.setPrincipal(principal)
and commented the removeSecurityProxy line.
But it also gives same result.
So is there any other way than using removeSecurityProxy(role_manager)? I
also would like to know how risky it can be to use removeSecurityProxy in a
code with public (zope.public) permission. I Know this is very trivial issue
and everyone have gone through this once.
Thanks in advance.
_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
