As I understand a principal is created and destroyed with each request. This would make your application set the permission at each request which might not be exactly what you had in mind. I use a group folder from pau and set the group with a subscriber when the site object is created.
def SiteCreatedHandler(context, event): ... sm = LocalSiteManager(context) context.setSiteManager(sm) setSite(context) default = sm['default'] pau = PluggableAuthentication(prefix='pau.') default['pau'] = pau sm.registerUtility(pau, provided=IAuthentication) groups = GroupFolder(prefix='groups.') pau['groups'] = groups sm.registerUtility(groups, provided=IAuthenticatorPlugin, name='groups') members = GroupInformation('members') groups['members'] = members sm.registerUtility(members, provided=IGroupInformation, name='members') principals = PrincipalFolder(prefix='principals.') pau['principals'] = principals sm.registerUtility(principals, provided=IAuthenticatorPlugin, \ name='principals') principal_roles = IPrincipalRoleManager(context) principal_roles.assignRoleToPrincipal(u'metrod.Member', \ 'pau.groups.members') Then when a new member sign up I add them to the group i.e. 'member'. I do this in the createAndAdd method of formlibs AddForm. def createAndAdd(self, data): name = data['name'] password = data['password'] pau = getUtility(IAuthentication, context=self.context) principals = getUtility(IAuthenticatorPlugin, name='principals', \ context=self.context) principal = InternalPrincipal(name, password, name) principals[name] = principal groups = getUtility(IGroupInformation, name='members', \ context=self.context) groups.principals += (pau.prefix + principals.prefix + name, ) return self.request.response.redirect('.') Not sure this is the best way to do it but it works for me. One thing I did see in your code though is: prm.assignRoleToPrincipal('isi.member', event.principal) which should be: prm.assignRoleToPrincipal('isi.member', event.principal.id) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hassan Alirezaei Sent: Thursday, September 21, 2006 7:55 AM To: zope3-users@zope.org Subject: [Zope3-Users] assigning roles to principals onAuthenticatedPrincipalCreated event Hello zope3-users, I am trying to do make easy user registrations for my website. but I am having problems assigning roles to the principals automatically. the question is WHEN should I assign these roles to the new principals? which is the standard procedure? right now I am doing : 1. User accounts (InternalPrincipal) are created. 2. The first time the user logs in a role with id="isi.member" will be assigned to it on the whole site so the user receives membership permissions. *********************************************configure.zcml***************** ************************************ <subscriber handler=".userhome.UserLoggedIn" for="zope.app.authentication.interfaces.IAuthenticatedPrincipalCreated" /> *********************************************userhome.py******************** ************************************ class UserLoggedIn(object): def __init__(self, event): userAnno=zapi.getUtility(IPrincipalAnnotationUtility, 'ISIUserAnnotation') annotations=userAnno.getAnnotations(event.principal) if annotations.get('user_home') is None: print "***************RGISTERING ANNOTATIONS*****************" annotations['user_home'] = Folder() annotations['user_home']['register'] = PersistentDict() annotations['user_home']['personal'] = Person() annotations['user_home']['personal'].first='hassan' annotations['user_home']['personal'].last='alirezaei' annotations['user_home']['testing'] = "TESTING THE NEW USER" siteroot=getSite() prm=IPrincipalRoleManager(siteroot) print "******************for %s *******************" %siteroot prm.assignRoleToPrincipal('isi.member', event.principal) **************************************************************************** ************************** getSite() gives me <ISI.isi.isi.isi object at 0xb659eb2c> but when i go to this object (my main site root) and change to "Grant" from zmi_actions menu the role is still unset for the user. any help is highly appreciated. it is very much possible I am doing the hard way to perform the task. Thank you in advance! Hass _______________________________________________ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users _______________________________________________ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users