[Zope3-Users] Assigning programmatically a Role to a Principal

Jens adner at fh-schmalkalden.de
Fri Jun 5 02:40:38 EDT 2009 

in grok I do:

@grok.subscribe(IPrincipalCreated)
def update_principal_info(event):
 principal = event.principal
 ...
 app = grok.getSite()
 ...
 prm = IPrincipalRoleManager(app)
 prm.assignRoleToPrincipal('some_role', principal.id)

somthing like this.

maybe in zope3 this is similar.

Jens

Simon Elbaz schrieb:
> Hi,
> I have a similar difficulty.
> 
> In site.zcml, the role 'zope.Member' is defined and a permission is granted:
> <role id="zope.Member" title="Site Member" />
> <grant permission="zope.View"
>          role="zope.Member" />
> 
> How can I assign a role to a principal who is created on the fly:
> a_principal =
> zope.app.authentication.principalfolder.InternalPrincipal(login=tab[0].encode('utf-8'),
> password=tab[1].encode('utf-8'), title=a_title.encode('utf-8'),
> passwordManagerName='SHA1')
> a_auth_plugin =
> getUtility(zope.app.authentication.interfaces.IAuthenticatorPlugin,
> 'myAuthenticatorPlugin')
> role_map = IPrincipalRoleManager(a_auth_plugin)          
> role_map.assignRoleToPrincipal('zope.Member', a_principal.login)
> a_auth_plugin[a_principal.title] = a_principal
> 
> I verify that the role is assigned:
>             interaction =    
> zope.securitypolicy.zopepolicy.ZopeSecurityPolicy()
> print interaction.checkPermission(a_principal, a_auth_plugin)
>>>> True
> 
> But when I want to access the page defined below, it returns 'Unauthorized':
> <page
>       name="login.html"
>       for="zope.app.folder.interfaces.IFolder"
>       permission="zope.View"
>           layer="cdcadama.layer.ICdcadamaBrowserLayer"
>       class=".login.LoginAddForm"
> />
> 
> Thanks for your help
> Simon
> 
> 
> On Tue, May 12, 2009 at 12:34 PM, Massimiliano della Rovere
> <massimiliano.dellarovere at gmail.com
> <mailto:massimiliano.dellarovere at gmail.com>> wrote:
> 
>     I had a similar problem.
>     My mistake was that I forgot the application prefix in the
>     event.principal.id <http://event.principal.id>. (so instead of user
>     app.XYZ I used only XYZ, which
>     was not found in the PrincipalFolder).
> 
> 
>     On Tue, May 12, 2009 at 12:18, Thierry Florac <thierry.florac at onf.fr
>     <mailto:thierry.florac at onf.fr>> wrote:
>     > Le mardi 12 mai 2009,
>     >  paftek <paftek at gmail.com <mailto:paftek at gmail.com>> a écrit :
>     > ======================================================================
>     >> I created a Role and a Permission affected to it :
>     >> <role id="app.User" title="Utilisateur" />
>     >> <permission id="app.Auth" title="Utilisateur authentifié" />
>     >> <grant permission="app.Auth" role="app.User" />
>     >>
>     >> My users are store in a PostgreSQL database, not in the ZODB.
>     >> I use the Zope authentication system to return a PrincipalInfo
>     when an
>     >> user log in.
>     >>
>     >> I do not know how to assign my "app.User" Role to the Principal who
>     >> log in. I tried the following, without success :
>     >>
>     >> @adapter(IAuthenticatedPrincipalCreated)
>     >> def setPermission(event):
>     >>     role_map = IPrincipalRoleManager(getSiteManager())
>     >>     role_map.assignRoleToPrincipal('app.User', event.principal.id
>     <http://event.principal.id>)
>     > ======================================================================
>     >
>     > Hi,
>     >
>     > What do you mean when you say "without success" ?
>     > What do you get when you look at the "@@grant.html" view over your
>     > context ??
>     >
>     > Thierry
>     > --
>     > Chef de projets intranet/internet
>     > Office National des Forêts - Département Informatique
>     > 2, Avenue de Saint-Mandé
>     > 75570 Paris Cedex 12
>     > Tél. : 01 40 19 59 64
>     > Fax. : 01 40 19 58 85
>     > Mél. : thierry.florac at onf.fr <mailto:thierry.florac at onf.fr>
>     > Web. : http://www.onf.fr
>     >
>     > _______________________________________________
>     > Zope3-users mailing list
>     > Zope3-users at zope.org <mailto:Zope3-users at zope.org>
>     > http://mail.zope.org/mailman/listinfo/zope3-users
>     >
>     _______________________________________________
>     Zope3-users mailing list
>     Zope3-users at zope.org <mailto:Zope3-users at zope.org>
>     http://mail.zope.org/mailman/listinfo/zope3-users
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Zope3-users mailing list
> Zope3-users at zope.org
> http://mail.zope.org/mailman/listinfo/zope3-users

More information about the Zope3-users mailing list