Re: [Zope] Anyone know of a tool to restore/cleanup/reset security/role settings?
"Alexander Limi" <[EMAIL PROTECTED]> writes: > On Sat, 29 Nov 2008 15:19:10 -0800, Ross Patterson > <[EMAIL PROTECTED]> wrote: > >> Yeah, I did see that and no it doesn't look like it resets anything. It >> also looks like it's only concerned with local roles and I need to reset >> the role mappings too. But thanks anyways! >> >> Keep an eye out for collective.securitycleanup. :) > > Cool, I will. It's a very frequently asked question — "how can I get back > to the state my site was in before I started messing with security?" :) I've released it: http://pypi.python.org/pypi/collective.securitycleanup collective.securitycleanup GenericSetup handlers to restore Zope security to defaults WARNING: Backup your ZODB before using this package! The Zope 2 security framework is very powerful and one of it's greatest strengths. A lot of it's power comes from it's flexibility. Exposing that power to site adminsitrators often ends up giving them enough rope to hang themselves with. This is exactly what the "Security" tab in the ZMI does. In many cases, a site admin or consultant is faced with the daunting task of restoring all the security settings throughout the Zope object heirarchy in order to bring sanity and predictability back to the site. The collective.securitycleanup package provides GenericSetup handlers for restoring the role mappings and local roles back to their defaults. This handler can be used in combination with existing handlers to set role mappings and to re-apply workflow security settings to help start the process of security cleanup. The clean up is performed on all ancestors including the Zope application root and by walking down the heirarchy to all descendants. This means all descendents of the context the handler is used on and all ancestors of the context including the root will be cleaned up. It will not clean up siblings or anything else that is not a direct ancestor to the context. The clean up removes all permission settings stored on the instance which effectively restores them to code defaults. The clean up also removes all local roles except the "Owner" role for the user returned by OFS.interfasces.IOwned.getOwnerTuple() if already assigned. Use of this tool will likely only ever be a starting point. So be sure to test thoroughly before deploying to your production server and backup your ZODB before using it. Ross ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Anyone know of a tool to restore/cleanup/reset security/role settings?
On Sat, 29 Nov 2008 15:19:10 -0800, Ross Patterson <[EMAIL PROTECTED]> wrote: > Yeah, I did see that and no it doesn't look like it resets anything. It > also looks like it's only concerned with local roles and I need to reset > the role mappings too. But thanks anyways! > > Keep an eye out for collective.securitycleanup. :) Cool, I will. It's a very frequently asked question — "how can I get back to the state my site was in before I started messing with security?" :) -- Alexander Limi · http://limi.net ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Anyone know of a tool to restore/cleanup/reset security/role settings?
"Alexander Limi" <[EMAIL PROTECTED]> writes: > On Fri, 28 Nov 2008 19:10:48 -0800, Ross Patterson > <[EMAIL PROTECTED]> wrote: > >> Does anyone know of an existing tool for restoring all security >> settings/rolemaps from the ground up? Obviously I can use >> rolemap.xml where applicable and update workflow security. I want to >> first restore the Zope root to code defaults and restore the whole >> hierarchy to just acquire. >> >> I'm going to write something myself if not, but I thought I'd see if >> there was anything out there. > > I assume you saw this release from Andreas today: > http://pypi.python.org/pypi/zopyx.plone.cassandra > > I'm not sure if it can actually reset the settings, but at least it > can show them. Maybe something you can contribute to the next release? > :) Yeah, I did see that and no it doesn't look like it resets anything. It also looks like it's only concerned with local roles and I need to reset the role mappings too. But thanks anyways! Keep an eye out for collective.securitycleanup. :) Ross ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Anyone know of a tool to restore/cleanup/reset security/role settings?
On Fri, 28 Nov 2008 19:10:48 -0800, Ross Patterson <[EMAIL PROTECTED]> wrote: > Does anyone know of an existing tool for restoring all security > settings/rolemaps from the ground up? Obviously I can use rolemap.xml > where applicable and update workflow security. I want to first restore > the Zope root to code defaults and restore the whole hierarchy to just > acquire. > > I'm going to write something myself if not, but I thought I'd see if > there was anything out there. I assume you saw this release from Andreas today: http://pypi.python.org/pypi/zopyx.plone.cassandra I'm not sure if it can actually reset the settings, but at least it can show them. Maybe something you can contribute to the next release? :) -- Alexander Limi · http://limi.net ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Anyone know of a tool to restore/cleanup/reset security/role settings?
Does anyone know of an existing tool for restoring all security settings/rolemaps from the ground up? Obviously I can use rolemap.xml where applicable and update workflow security. I want to first restore the Zope root to code defaults and restore the whole hierarchy to just acquire. I'm going to write something myself if not, but I thought I'd see if there was anything out there. Ross ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
