Re: [Zope-dev] Membership and Local Roles
Michael Bernstein wrote: Michael Bernstein wrote: I figured out how to get this to work (finally). In the acl_users LM, add the following two Python methods: Well, I discovered another problem: For some reason, when I create a PortalMembership member, add the two Python methods as I described earlier, and use the local roles screen to give them a role, they are subsequently authenticated regardless of whether their password is correct. Here's an example illustrating the bug: [snip example] This password problem is fixed with Bill Andersons new release of Membership 0.7.6, so the local roles fix now works generally. There is still a platform dependent password problem with Membership though. It affects Solaris and HPUX (possibly other unices) but not Linux, and has to do with the crypt module not being loaded correctly on those platforms, causing passwords to be encrypted omly part of the time. Here is the fix for local roles: First, the User Source needs to support a getUserNames method. This can be done two ways: You can add a Python method to the LoginManager named getUserNames that takes a 'self' parameter, and has the following body: user_ids=self.UserSource.getPersistentItemIDs() names=[] for i in user_ids: names.append(i) return names Or you can add the following code directly to the PersistentUserSource.py file, preferably right befor or after the getUsers method: def getUserNames(self): user_ids=self.getPersistentItemIDs() names=[] for i in user_ids: names.append(i) return names (I hope this will get included in future versions of Membership) Next we need to provide a user_names method in the LoginManager. Currently I only have a Python method to drop in to the LM. it takes a 'self' parameter, and has the following body if it's calling another Python method: return self.getUserNames() Or if you're calling the method in PersistentUserSource.py, it has this body: return self.UserSource.getUserNames() Note that this user_names method has some disadvantages, and it needs to be generalized to deal with multiple User Sources that aren't all named UserSource, and that may not all implement the getUserNames interface, and that may have duplicate user names in them. Suggestions on how to do this would be welcome. I hope that this little set of instructions helps others who are trying to integrate LM with the existing security interface and local roles. Comments, testing, and improvements would be welcomed. HTH, Michael Bernstein. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Membership and Local Roles
I posted this to the PTK list on Friday, but didn't get any responses
over the weekend, so I'm reposting here.
I feel that a barrier to Loginmanager and Membership becoming more
generally usable for site builders is it's current lack of support for
local roles. Specifically, members do not show up in the local roles
screen (manage_listLocalRoles) user list.
Through the magic of grep and find, I think I've identified the relevant
sections of code in Zope that need to be duplicated in Membership (or
maybe in LoginManager).
First I tracked down what seems to be the relevant section in
/lib/python/AccessControl/Role.py, in the section labeled 'Local roles
support':
def get_valid_userids(self):
item=self
dict={}
while 1:
if hasattr(aq_base(item), 'acl_users') and \
hasattr(item.acl_users, 'user_names'):
for name in item.acl_users.user_names():
dict[name]=1
if not hasattr(item, 'aq_parent'):
break
item=item.aq_parent
keys=dict.keys()
keys.sort()
return keys
Then I tracked down the user_names attribute to
/lib/python/AccessControl/User.py, in the section labeled 'Private
UserFolder
object interface':
def user_names(self):
return self.getUserNames()
Well, that wasn't very helpful. searching a bit more and I find:
def getUserNames(self):
"""Return a list of usernames"""
names=self.data.keys()
names.sort()
return names
Experimenting a bit, I find that a normal user folder object responds to
an /acl_users/user_names URL with an error, but does respond to an
/acl_users/getUserNames URL with a list of user names.
And now I'm stuck. I *think* that LoginManager needs a getUserNames
method that cycles through the available User Sources and grabs a list
of
names from each, concatenating them into one big list to return. I'll
settle for some code that has the User Source name hard-wired in,
though.
However, IANAC (I Am Not A Coder), and I don't know how to do this. If
anyone can offer a cut-and-paste set of instructions to add this into
LoginManager or Membership, it would be greatly appreciated.
If I've missed something obvious or misunderstood the problem, please
tell me that too.
Thanks,
Michael Bernstein.
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Membership and Local Roles
Michael Bernstein wrote: I posted this to the PTK list on Friday, but didn't get any responses over the weekend, so I'm reposting here. I feel that a barrier to Loginmanager and Membership becoming more generally usable for site builders is it's current lack of support for local roles. Specifically, members do not show up in the local roles screen (manage_listLocalRoles) user list. Through the magic of grep and find, I think I've identified the relevant sections of code in Zope that need to be duplicated in Membership (or maybe in LoginManager). I think you've found out why local roles don't work. Congratulations on a successful code hunting mission :-) I don't know for sure, but I think the API for returning a list of users has been omitted intentionally. A LoginManager instance might "contain" (or rather, provide authentication to) thousands of users. Listing all of these would arguably break the management interface. Perhaps what LoginManager (or Membership) needs is a way of stating, for each user, whether they should appear in the local-roles list. This could be a checkbox for each user, or it could be a method that gets called to specify the users that appear, for example, using a regular expression, or perhaps based on some quality of the user object. You should still be able to use local roles, even now, by using an external method to add local roles where you need them, and explicitly give the user id. You just can't select from the management interface. -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Membership and Local Roles
Steve Alexander wrote: Michael Bernstein wrote: I posted this to the PTK list on Friday, but didn't get any responses over the weekend, so I'm reposting here. I feel that a barrier to Loginmanager and Membership becoming more generally usable for site builders is it's current lack of support for local roles. Specifically, members do not show up in the local roles screen (manage_listLocalRoles) user list. Through the magic of grep and find, I think I've identified the relevant sections of code in Zope that need to be duplicated in Membership (or maybe in LoginManager). I think you've found out why local roles don't work. Congratulations on a successful code hunting mission :-) I *think* I've created a getUserNames python method that returns the appropriate results: Parameter list: self Body: user_ids=self.UserSource.getPersistentItemIDs() names=[] for i in user_ids: names.append(self.getItem(i)) return names I basically copied the Membership getMembers python method for this. Guess what? It still doesn't work. I don't understand the differences between the code I pasted above and the code on the original getUserNames method (from : def getUserNames(self): """Return a list of usernames""" names=self.data.keys() names.sort() return names Can anyone tell me what I need to fix? Michael Bernstein. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Membership and Local Roles
Michael Bernstein wrote: Steve Alexander wrote: Michael Bernstein wrote: I posted this to the PTK list on Friday, but didn't get any responses over the weekend, so I'm reposting here. I feel that a barrier to Loginmanager and Membership becoming more generally usable for site builders is it's current lack of support for local roles. Specifically, members do not show up in the local roles screen (manage_listLocalRoles) user list. Through the magic of grep and find, I think I've identified the relevant sections of code in Zope that need to be duplicated in Membership (or maybe in LoginManager). I think you've found out why local roles don't work. Congratulations on a successful code hunting mission :-) I *think* I've created a getUserNames python method that returns the appropriate results: Parameter list: self Body: user_ids=self.UserSource.getPersistentItemIDs() names=[] for i in user_ids: names.append(self.getItem(i)) return names Returns a list of objects. I basically copied the Membership getMembers python method for this. Guess what? It still doesn't work. I don't understand the differences between the code I pasted above and the code on the original getUserNames method (from : def getUserNames(self): """Return a list of usernames""" names=self.data.keys() names.sort() return names Returns a list of usernames. Can anyone tell me what I need to fix? Unfortunately, I cannot yet. -- Do not meddle in the affairs of sysadmins, for they are easy to annoy, and have the root password. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Membership and Local Roles
Michael Bernstein wrote: Steve Alexander wrote: Michael Bernstein wrote: I posted this to the PTK list on Friday, but didn't get any responses over the weekend, so I'm reposting here. I feel that a barrier to Loginmanager and Membership becoming more generally usable for site builders is it's current lack of support for local roles. Specifically, members do not show up in the local roles screen (manage_listLocalRoles) user list. Through the magic of grep and find, I think I've identified the relevant sections of code in Zope that need to be duplicated in Membership (or maybe in LoginManager). I think you've found out why local roles don't work. Congratulations on a successful code hunting mission :-) I *think* I've created a getUserNames python method that returns the appropriate results: I have made some more progress (of a sort). I added another Python Method to the LoginManager called user_names : Parameter list: self Body: return self.getUserNames() As far as i can see, this should be functionally equivalent to the user_names method in User.py: def user_names(self): return self.getUserNames() But it doesn't work. On the bright side, I've managed to break the manage_listLocalRoles local roles screen. This is the first time that I've had any interaction with the local roles screen, so I guess now I now I'm messing with the right stuff. The error message I get is: Error Type: AttributeError Error Value: __hash__ Here is the traceback: Traceback (innermost last): File /usr/local/zope/2-2-0/lib/python/ZPublisher/Publish.py, line 222, in publish_module File /usr/local/zope/2-2-0/lib/python/ZPublisher/Publish.py, line 187, in publish File /usr/local/zope/2-2-0/lib/python/Zope/__init__.py, line 221, in zpublisher_exception_hook (Object: ElementWithAttributes) File /usr/local/zope/2-2-0/lib/python/ZPublisher/Publish.py, line 171, in publish File /usr/local/zope/2-2-0/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: manage_listLocalRoles) File /usr/local/zope/2-2-0/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: manage_listLocalRoles) File /usr/local/zope/2-2-0/lib/python/App/special_dtml.py, line 121, in __call__ (Object: manage_listLocalRoles) File /usr/local/zope/2-2-0/lib/python/DocumentTemplate/DT_String.py, line 502, in __call__ (Object: manage_listLocalRoles) File /usr/local/zope/2-2-0/lib/python/DocumentTemplate/DT_In.py, line 630, in renderwob (Object: get_valid_userids) File /usr/local/zope/2-2-0/lib/python/AccessControl/Role.py, line 360, in get_valid_userids (Object: ElementWithAttributes) AttributeError: (see above) Any ideas? Michael Bernstein. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Membership and Local Roles
I figured out how to get this to work (finally). In the acl_users LM, add the following two Python methods: - getUserNames - Parameter List: self Body: user_ids=self.UserSource.getPersistentItemIDs() names=[] for i in user_ids: names.append(i) return names - user_names --- Parameter List: self Body: return self.getUserNames() And whatever users or members you've got that are stored persistently within the User Source will appear in the local roles screen (manage_listLocalRole). Preliminary tests show that local roles defined for LoginManager/Membership users work just as expected. Thanks to Bill Anderson for pointing out the difference between returning a list of objects and a list of names, which was the critical bug in the getUserNames method. Michael Bernstein. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
