[Checkins] SVN: Sandbox/ulif/grok-adminui-with-principals/src/grok/admin/ A PAU with _separate_ fallback to global principal registry.

Uli Fouquet uli at gnufix.de
Tue Aug 21 17:24:14 EDT 2007 

Log message for revision 79099:
  A PAU with _separate_ fallback to global principal registry.

Changed:
  U   Sandbox/ulif/grok-adminui-with-principals/src/grok/admin/__init__.py
  U   Sandbox/ulif/grok-adminui-with-principals/src/grok/admin/auth.py

-=-
Modified: Sandbox/ulif/grok-adminui-with-principals/src/grok/admin/__init__.py
===================================================================
--- Sandbox/ulif/grok-adminui-with-principals/src/grok/admin/__init__.py	2007-08-21 20:08:32 UTC (rev 79098)
+++ Sandbox/ulif/grok-adminui-with-principals/src/grok/admin/__init__.py	2007-08-21 21:24:14 UTC (rev 79099)
@@ -21,10 +21,11 @@
 from zope.component import adapter, provideHandler
 from zope.app.appsetup.interfaces import IDatabaseOpenedWithRootEvent
 from zope.app.authentication import PluggableAuthentication
+from zope.app.authentication.principalfolder import PrincipalFolder
 from zope.app.authentication.interfaces import IAuthenticatorPlugin
 from zope.app.security.interfaces import IAuthentication
 
-from auth import GrokAuthenticator
+from auth import PrincipalRegistryAuthenticator
 
 AUTH_FOLDERNAME=u'authentication'
 USERFOLDER_NAME=u'Users'
@@ -46,7 +47,7 @@
     sm = root_folder.getSiteManager()
     if auth_foldername in sm.keys():
         userfolder = sm[auth_foldername]
-        if isinstance(userfolder[userfolder_name], GrokAuthenticator):
+        if isinstance(userfolder[userfolder_name], PrincipalFolder):
             # Correct PAU already installed.
             return
         # Remove old PAU
@@ -59,7 +60,8 @@
             pass
 
     pau = PluggableAuthentication()
-    users = GrokAuthenticator(userfolder_prefix)
+    users = PrincipalFolder(userfolder_prefix)
+    registry_users = PrincipalRegistryAuthenticator()
 
     # Configure the PAU...
     pau.authenticatorPlugins = (userfolder_name,)
@@ -69,11 +71,14 @@
     # Add the pau and its plugin to the root_folder...
     sm[auth_foldername] = pau
     sm[auth_foldername][userfolder_name] = users
-    pau.authenticatorPlugins = (users.__name__,)
+    pau.authenticatorPlugins = (users.__name__,
+                                'registry_principals')
 
     # Register the PAU with the site...
     sm.registerUtility(pau, IAuthentication)
     sm.registerUtility(users, IAuthenticatorPlugin, name=userfolder_name)
+    sm.registerUtility(registry_users, IAuthenticatorPlugin,
+                       name='registry_principals')
 
 
 # If a new database is created, initialize a session based

Modified: Sandbox/ulif/grok-adminui-with-principals/src/grok/admin/auth.py
===================================================================
--- Sandbox/ulif/grok-adminui-with-principals/src/grok/admin/auth.py	2007-08-21 20:08:32 UTC (rev 79098)
+++ Sandbox/ulif/grok-adminui-with-principals/src/grok/admin/auth.py	2007-08-21 21:24:14 UTC (rev 79099)
@@ -12,18 +12,19 @@
 #
 ##############################################################################
 
-from zope.app.authentication.principalfolder import PrincipalFolder
+from zope.app.authentication.interfaces import IAuthenticatorPlugin
 from zope.app.authentication.principalfolder import PrincipalInfo
 from zope.app.security.principalregistry import principalRegistry
+from zope.interface import implements
 
-class GrokAuthenticator(PrincipalFolder):
-    """A PrincipalFolder with fallback that asks also the root authentication.
+class PrincipalRegistryAuthenticator(object):
+    """An authenticator plugin, that authenticates principals against
+    the global principal registry.
 
-    This special principal folder can be used as an authenticator,
-    that is able to also authenticate against the principals defined
-    in site.zcml.
     """
 
+    implements(IAuthenticatorPlugin)
+
     def authenticateCredentials(self, credentials):
         """Return principal info if credentials can be authenticated
         """
@@ -31,11 +32,6 @@
             return None
         if not ('login' in credentials and 'password' in credentials):
             return None
-        # We shadow principals defined in site.zcml.
-        result = PrincipalFolder.authenticateCredentials(self, credentials)
-        if result is not None:
-            return result
-
         principal = None
         login, password = credentials['login'], credentials['password']
         try:
@@ -48,16 +44,13 @@
                                  principal.title,
                                  principal.description)
         return
-        
 
     def principalInfo(self, id):
-        result = PrincipalFolder.principalInfo(self, id)
-        if result is not None:
-            return result
         principal = principalRegistry.getPrincipal(id)
+        if principal is None:
+            return
         return PrincipalInfo(principal.id,
                              principal.getLogin(),
                              principal.title,
                              principal.description)
-        return result

More information about the Checkins mailing list