[Zope3-checkins] SVN: Zope3/trunk/ Defined global groups for unuathenticated, authenticated, and all

Jim Fulton jim at zope.com
Fri Feb 4 18:50:27 EST 2005


Log message for revision 29051:
  Defined global groups for unuathenticated, authenticated, and all
  users.  Registered these groups as utilities to make them easy to get
  to.  Also register the unauthenticated principal as a utility, so one
  could get to it's meta data to provide an alternate principal-object
  implementation with the same id and other data.
  

Changed:
  U   Zope3/trunk/doc/CHANGES.txt
  U   Zope3/trunk/ftesting.zcml
  U   Zope3/trunk/sample_principals.zcml
  A   Zope3/trunk/src/zope/app/security/globalprincipals.txt
  U   Zope3/trunk/src/zope/app/security/interfaces.py
  U   Zope3/trunk/src/zope/app/security/meta.zcml
  U   Zope3/trunk/src/zope/app/security/metaconfigure.py
  U   Zope3/trunk/src/zope/app/security/metadirectives.py
  U   Zope3/trunk/src/zope/app/security/principalregistry.py
  U   Zope3/trunk/src/zope/app/security/tests/test_directives.py
  U   Zope3/trunk/zopeskel/etc/principals.zcml.in

-=-
Modified: Zope3/trunk/doc/CHANGES.txt
===================================================================
--- Zope3/trunk/doc/CHANGES.txt	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/doc/CHANGES.txt	2005-02-04 23:50:26 UTC (rev 29051)
@@ -10,6 +10,9 @@
 
     New features
 
+      - Groups for unauthenticated users, authenticated users, and
+        everybody can now be defined in ZCML.
+
       - A handler attribute is now used in subscriber directives for
         event subscribers that don't create objects, which is the case
         for most subscribers.  Using the factory attribute without a

Modified: Zope3/trunk/ftesting.zcml
===================================================================
--- Zope3/trunk/ftesting.zcml	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/ftesting.zcml	2005-02-04 23:50:26 UTC (rev 29051)
@@ -20,6 +20,21 @@
       id="zope.anybody"
       title="Unauthenticated User" />
 
+  <unauthenticatedGroup
+    id="zope.Anybody"
+    title="Unauthenticated Users" 
+    />
+
+  <authenticatedGroup
+    id="zope.Authenticated"
+    title="Authenticated Users" 
+    />
+
+  <everybodyGroup
+    id="zope.Everybody"
+    title="All Users" 
+    />
+
   <!-- Principal that tests generally run as -->
   <principal
       id="zope.mgr"

Modified: Zope3/trunk/sample_principals.zcml
===================================================================
--- Zope3/trunk/sample_principals.zcml	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/sample_principals.zcml	2005-02-04 23:50:26 UTC (rev 29051)
@@ -6,8 +6,24 @@
 
   <unauthenticatedPrincipal
     id="zope.anybody"
-    title="Unauthenticated User" />
+    title="Unauthenticated User" 
+    />
 
+  <unauthenticatedGroup
+    id="zope.Anybody"
+    title="Unauthenticated Users" 
+    />
+
+  <authenticatedGroup
+    id="zope.Authenticated"
+    title="Authenticated Users" 
+    />
+
+  <everybodyGroup
+    id="zope.Everybody"
+    title="All Users" 
+    />
+
   <principal
     id="zope.sample_manager"
     title="Sample Manager"

Added: Zope3/trunk/src/zope/app/security/globalprincipals.txt
===================================================================
--- Zope3/trunk/src/zope/app/security/globalprincipals.txt	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/src/zope/app/security/globalprincipals.txt	2005-02-04 23:50:26 UTC (rev 29051)
@@ -0,0 +1,277 @@
+Global principal definition
+===========================
+
+Global principals are defined via ZCML.  There are several kinds of
+principals that can be defined.  
+
+Authenticated Users
+-------------------
+
+There are principals that can log in:
+
+    >>> zcml("""
+    ...    <configure 
+    ...        xmlns="http://namespaces.zope.org/zope"
+    ...        >
+    ...
+    ...      <principal
+    ...         id="zope.manager"
+    ...         title="Manager"
+    ...         description="System Manager"
+    ...         login="admin"
+    ...         password="123"
+    ...         />
+    ...
+    ...    </configure>
+    ... """)
+
+    >>> from zope.app.security.principalregistry import principalRegistry
+    >>> [p] = principalRegistry.getPrincipals('')
+    >>> p.id, p.title, p.description, p.getLogin(), p.validate('123')
+    ('zope.manager', u'Manager', u'System Manager', u'admin', True)
+
+The unauthenticated principal
+-----------------------------
+
+There is the unauthenticated principal:
+
+    >>> zcml("""
+    ...    <configure 
+    ...        xmlns="http://namespaces.zope.org/zope"
+    ...        >
+    ...
+    ...      <unauthenticatedPrincipal
+    ...         id="zope.unknown"
+    ...         title="Anonymous user"
+    ...         description="A person we don't know"
+    ...         />
+    ...
+    ...    </configure>
+    ... """)
+
+    >>> p = principalRegistry.unauthenticatedPrincipal()
+    >>> p.id, p.title, p.description
+    ('zope.unknown', u'Anonymous user', u"A person we don't know")
+
+The unauthenticated principal will also be registered as a utility.
+This is to provide easy access to the data defined for the principal so
+that other (more featureful) principal objects can be created for the
+same principal.
+
+    >>> from zope import component
+    >>> from zope.app.security import interfaces
+    >>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
+    >>> p.id, p.title, p.description
+    ('zope.unknown', u'Anonymous user', u"A person we don't know")
+
+The unauthenticated group
+-------------------------
+
+An unauthenticated group can also be defined in ZCML:
+
+    >>> zcml("""
+    ...    <configure 
+    ...        xmlns="http://namespaces.zope.org/zope"
+    ...        >
+    ...
+    ...      <unauthenticatedGroup
+    ...         id="zope.unknowngroup"
+    ...         title="Anonymous users"
+    ...         description="People we don't know"
+    ...         />
+    ...
+    ...    </configure>
+    ... """)
+
+This directive creates a group and registers it as a utility providing
+IUnauthenticatedGroup:
+
+    >>> g = component.getUtility(interfaces.IUnauthenticatedGroup)
+    >>> g.id, g.title, g.description
+    ('zope.unknowngroup', u'Anonymous users', u"People we don't know")
+
+The unauthenticatedGroup directive also updates the group of the
+unauthenticated principal:
+
+    >>> p = principalRegistry.unauthenticatedPrincipal()
+    >>> g.id in p.groups
+    True
+    >>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
+    >>> g.id in p.groups
+    True
+
+If the unauthenticated principal is defined after the unauthenticated
+group, it will likewise have the group added to it:
+
+    >>> reset()
+    >>> zcml("""
+    ...    <configure 
+    ...        xmlns="http://namespaces.zope.org/zope"
+    ...        >
+    ...
+    ...      <unauthenticatedGroup
+    ...         id="zope.unknowngroup2"
+    ...         title="Anonymous users"
+    ...         description="People we don't know"
+    ...         />
+    ...      <unauthenticatedPrincipal
+    ...         id="zope.unknown2"
+    ...         title="Anonymous user"
+    ...         description="A person we don't know"
+    ...         />
+    ...
+    ...    </configure>
+    ... """)
+
+    >>> g = component.getUtility(interfaces.IUnauthenticatedGroup)
+    >>> g.id, g.title, g.description
+    ('zope.unknowngroup2', u'Anonymous users', u"People we don't know")
+    >>> p = principalRegistry.unauthenticatedPrincipal()
+    >>> p.id, g.id in p.groups
+    ('zope.unknown2', True)
+    >>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
+    >>> p.id, g.id in p.groups
+    ('zope.unknown2', True)
+
+The unauthenticated group shows up as a principal in the principal
+registry:
+
+    >>> principalRegistry.getPrincipal(g.id) == g
+    True
+
+    >>> list(principalRegistry.getPrincipals("Anonymous")) == [g]
+    True
+
+The authenticated group
+-----------------------
+
+There is an authenticated group:
+
+    >>> reset()
+    >>> zcml("""
+    ...    <configure 
+    ...        xmlns="http://namespaces.zope.org/zope"
+    ...        >
+    ...
+    ...      <unauthenticatedPrincipal
+    ...         id="zope.unknown3"
+    ...         title="Anonymous user"
+    ...         description="A person we don't know"
+    ...         />
+    ...      <principal
+    ...         id="zope.manager2"
+    ...         title="Manager"
+    ...         description="System Manager"
+    ...         login="admin"
+    ...         password="123"
+    ...         />
+    ...      <authenticatedGroup
+    ...         id="zope.authenticated"
+    ...         title="Authenticated users"
+    ...         description="People we know"
+    ...         />
+    ...      <principal
+    ...         id="zope.manager3"
+    ...         title="Manager 3"
+    ...         login="admin3"
+    ...         password="123"
+    ...         />
+    ...
+    ...    </configure>
+    ... """)
+
+It defines an IAuthenticatedGroup utility:
+
+    >>> g = component.getUtility(interfaces.IAuthenticatedGroup)
+    >>> g.id, g.title, g.description
+    ('zope.authenticated', u'Authenticated users', u'People we know')
+
+It also adds it self to the groups of any non-group principals already
+defined, and, when non-group principals are defined, they put
+themselves in the group if it's defined:
+
+    >>> principals = list(principalRegistry.getPrincipals(''))
+    >>> principals.sort(lambda p1, p2: cmp(p1.id, p2.id))
+    >>> for p in principals:
+    ...    print p.id, p.groups == [g.id]
+    zope.authenticated False
+    zope.manager2 True
+    zope.manager3 True
+
+Excluding unauthenticated principals, of course:
+
+    >>> p = principalRegistry.unauthenticatedPrincipal()
+    >>> p.id, g.id in p.groups
+    ('zope.unknown3', False)
+    >>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
+    >>> p.id, g.id in p.groups
+    ('zope.unknown3', False)
+
+
+The everybody group
+-------------------
+
+Finally, there is an everybody group:
+
+    >>> reset()
+    >>> zcml("""
+    ...    <configure 
+    ...        xmlns="http://namespaces.zope.org/zope"
+    ...        >
+    ...
+    ...      <unauthenticatedPrincipal
+    ...         id="zope.unknown4"
+    ...         title="Anonymous user"
+    ...         description="A person we don't know"
+    ...         />
+    ...      <principal
+    ...         id="zope.manager4"
+    ...         title="Manager"
+    ...         description="System Manager"
+    ...         login="admin"
+    ...         password="123"
+    ...         />
+    ...      <everybodyGroup
+    ...         id="zope.everybody"
+    ...         title="Everybody"
+    ...         description="All People"
+    ...         />
+    ...      <principal
+    ...         id="zope.manager5"
+    ...         title="Manager 5"
+    ...         login="admin5"
+    ...         password="123"
+    ...         />
+    ...
+    ...    </configure>
+    ... """)
+
+The everybodyGroup directive defines an IEveryoneGroup utility:
+
+    >>> g = component.getUtility(interfaces.IEveryoneGroup)
+    >>> g.id, g.title, g.description
+    ('zope.everybody', u'Everybody', u'All People')
+
+It also adds it self to the groups of any non-group principals already
+defined, and, when non-group principals are defined, they put
+themselves in the group if it's defined:
+
+    >>> principals = list(principalRegistry.getPrincipals(''))
+    >>> principals.sort(lambda p1, p2: cmp(p1.id, p2.id))
+    >>> for p in principals:
+    ...    print p.id, p.groups == [g.id]
+    zope.everybody False
+    zope.manager4 True
+    zope.manager5 True
+
+Including unauthenticated principals, of course:
+
+    >>> p = principalRegistry.unauthenticatedPrincipal()
+    >>> p.id, g.id in p.groups
+    ('zope.unknown4', True)
+    >>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
+    >>> p.id, g.id in p.groups
+    ('zope.unknown4', True)
+
+Note that it is up to IAuthentication implementations to associate
+these groups with their principals, as appropriate.


Property changes on: Zope3/trunk/src/zope/app/security/globalprincipals.txt
___________________________________________________________________
Name: svn:eol-style
   + native

Modified: Zope3/trunk/src/zope/app/security/interfaces.py
===================================================================
--- Zope3/trunk/src/zope/app/security/interfaces.py	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/src/zope/app/security/interfaces.py	2005-02-04 23:50:26 UTC (rev 29051)
@@ -18,7 +18,7 @@
 from zope.interface import Interface
 from zope.app.i18n import ZopeMessageIDFactory as _
 from zope.schema import Text, TextLine
-from zope.security.interfaces import IPrincipal, IPermission
+from zope.security.interfaces import IPrincipal, IPermission, IGroup
 from zope.schema.interfaces import ISource
 
 from zope.exceptions import NotFoundError
@@ -33,6 +33,24 @@
     Authenticated principals are preferable to UnauthenticatedPrincipals.
     """
 
+class IUnauthenticatedGroup(IGroup):
+    """A group containing unauthenticated users
+    """
+
+class IAuthenticatedGroup(IGroup):
+    """A group containing authenticated users
+    """
+
+class IEveryoneGroup(IGroup):
+    """A group containing all users
+    """
+
+class IUnauthenticatedPrincipal(IPrincipal):
+    """A principal that hasn't been authenticated.
+
+    Authenticated principals are preferable to UnauthenticatedPrincipals.
+    """
+
 class IAuthentication(Interface):
     """Provide support for establishing principals for requests.
 

Modified: Zope3/trunk/src/zope/app/security/meta.zcml
===================================================================
--- Zope3/trunk/src/zope/app/security/meta.zcml	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/src/zope/app/security/meta.zcml	2005-02-04 23:50:26 UTC (rev 29051)
@@ -15,11 +15,29 @@
       handler=".metaconfigure.principal" />
 
   <meta:directive 
+      name="unauthenticatedPrincipal" 
       namespace="http://namespaces.zope.org/zope"
-      name="unauthenticatedPrincipal" 
       schema=".metadirectives.IDefineUnauthenticatedPrincipalDirective"
       handler=".metaconfigure.unauthenticatedPrincipal" />
 
+  <meta:directive 
+      name="unauthenticatedGroup" 
+      namespace="http://namespaces.zope.org/zope"
+      schema=".metadirectives.IDefineUnauthenticatedGroupDirective"
+      handler=".metaconfigure.unauthenticatedGroup" />
+
+  <meta:directive 
+      name="authenticatedGroup" 
+      namespace="http://namespaces.zope.org/zope"
+      schema=".metadirectives.IDefineAuthenticatedGroupDirective"
+      handler=".metaconfigure.authenticatedGroup" />
+
+  <meta:directive 
+      name="everybodyGroup" 
+      namespace="http://namespaces.zope.org/zope"
+      schema=".metadirectives.IDefineEverybodyGroupDirective"
+      handler=".metaconfigure.everybodyGroup" />
+
   <meta:directive
       name="securityPolicy"
       namespace="http://namespaces.zope.org/zope"

Modified: Zope3/trunk/src/zope/app/security/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/security/metaconfigure.py	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/src/zope/app/security/metaconfigure.py	2005-02-04 23:50:26 UTC (rev 29051)
@@ -15,16 +15,19 @@
 
 $Id$
 """
-from zope.app.component.metaconfigure import utility
 
+from zope import component
 from zope.security.checker import moduleChecker, Checker, defineChecker
 from zope.security.checker import CheckerPublic
 from zope.security.management import setSecurityPolicy
-from zope.app.security.interfaces import IPermission
+from zope.security.interfaces import IPermission
+
+from zope.app.component.metaconfigure import utility
+
 from zope.app.security.permission import Permission
-from zope.app.security.principalregistry import principalRegistry
+from zope.app.security import principalregistry
+from zope.app.security import interfaces
 
-
 def securityPolicy(_context, component):
 
     _context.action(
@@ -93,19 +96,112 @@
     utility(_context, IPermission, permission, name=id)
 
 
+def _principal():
+    group = component.queryUtility(interfaces.IAuthenticatedGroup)
+    if group is not None:
+        _authenticatedGroup(group.id)
+    group = component.queryUtility(interfaces.IEveryoneGroup)
+    if group is not None:
+        _everybodyGroup(group.id)
+
 def principal(_context, id, title, login, password, description=''):
     _context.action(
         discriminator = ('principal', id),
-        callable = principalRegistry.definePrincipal,
+        callable = principalregistry.principalRegistry.definePrincipal,
         args = (id, title, description, login, password) )
+    _context.action(discriminator = None, callable = _principal, args = ())
 
 
+def _unauthenticatedPrincipal():
+    group = component.queryUtility(interfaces.IUnauthenticatedGroup)
+    if group is not None:
+        _unauthenticatedGroup(group.id)
+    group = component.queryUtility(interfaces.IEveryoneGroup)
+    if group is not None:
+        _everybodyGroup(group.id)
+
 def unauthenticatedPrincipal(_context, id, title, description=''):
+    principal = principalregistry.UnauthenticatedPrincipal(
+        id, title, description)
     _context.action(
         discriminator = 'unauthenticatedPrincipal',
-        callable = principalRegistry.defineDefaultPrincipal,
-        args = (id, title, description) )
+        callable = principalregistry.principalRegistry.defineDefaultPrincipal,
+        args = (id, title, description, principal) )
+    utility(_context, interfaces.IUnauthenticatedPrincipal, principal)
+    _context.action(
+        discriminator = None,
+        callable = _unauthenticatedPrincipal,
+        args = (),
+        )
 
+def _unauthenticatedGroup(group):
+    p = principalregistry.principalRegistry.unauthenticatedPrincipal()
+    if p is not None:
+        p.groups.append(group)
+
+def unauthenticatedGroup(_context, id, title, description=''):
+    principal = principalregistry.UnauthenticatedGroup(
+        id, title, description)
+    utility(_context, interfaces.IUnauthenticatedGroup, principal)
+    _context.action(
+        discriminator = None,
+        callable = _unauthenticatedGroup,
+        args = (principal.id, ),
+        )
+    _context.action(
+        discriminator = None,
+        callable = principalregistry.principalRegistry.registerGroup,
+        args = (principal, ),
+        )
+
+def _authenticatedGroup(group):
+    for p in principalregistry.principalRegistry.getPrincipals(''):
+        if not isinstance(p, principalregistry.Principal):
+            continue
+        if group not in p.groups:
+            p.groups.append(group)
+
+def authenticatedGroup(_context, id, title, description=''):
+    principal = principalregistry.AuthenticatedGroup(
+        id, title, description)
+    utility(_context, interfaces.IAuthenticatedGroup, principal)
+    _context.action(
+        discriminator = None,
+        callable = _authenticatedGroup,
+        args = (principal.id, ),
+        )
+    _context.action(
+        discriminator = None,
+        callable = principalregistry.principalRegistry.registerGroup,
+        args = (principal, ),
+        )
+
+def _everybodyGroup(group):
+    for p in principalregistry.principalRegistry.getPrincipals(''):
+        if not isinstance(p, principalregistry.Principal):
+            continue
+        if group not in p.groups:
+            p.groups.append(group)
+    p = principalregistry.principalRegistry.unauthenticatedPrincipal()
+    if p is not None:
+        p.groups.append(group)
+
+def everybodyGroup(_context, id, title, description=''):
+    principal = principalregistry.EverybodyGroup(
+        id, title, description)
+    utility(_context, interfaces.IEveryoneGroup, principal)
+    _context.action(
+        discriminator = None,
+        callable = _everybodyGroup,
+        args = (principal.id, ),
+        )
+    _context.action(
+        discriminator = None,
+        callable = principalregistry.principalRegistry.registerGroup,
+        args = (principal, ),
+        )
+
+
 def redefinePermission(_context, from_, to):
     _context = _context.context
     

Modified: Zope3/trunk/src/zope/app/security/metadirectives.py
===================================================================
--- Zope3/trunk/src/zope/app/security/metadirectives.py	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/src/zope/app/security/metadirectives.py	2005-02-04 23:50:26 UTC (rev 29051)
@@ -131,6 +131,15 @@
 class IDefineUnauthenticatedPrincipalDirective(IBasePrincipalDirective):
     """Define a new unauthenticated principal."""
 
+class IDefineUnauthenticatedGroupDirective(IBasePrincipalDirective):
+    """Define the unauthenticated group."""
+
+class IDefineAuthenticatedGroupDirective(IBasePrincipalDirective):
+    """Define the authenticated group."""
+
+class IDefineEverybodyGroupDirective(IBasePrincipalDirective):
+    """Define the everybody group."""
+
 class IRedefinePermission(Interface):
     """Define a permission to replace another permission."""
 

Modified: Zope3/trunk/src/zope/app/security/principalregistry.py
===================================================================
--- Zope3/trunk/src/zope/app/security/principalregistry.py	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/src/zope/app/security/principalregistry.py	2005-02-04 23:50:26 UTC (rev 29051)
@@ -19,9 +19,8 @@
 from zope.interface import implements
 from zope.app.security.interfaces import PrincipalLookupError
 from zope.app import zapi
-from zope.app.security.interfaces import ILoginPassword
-from zope.app.security.interfaces import IAuthentication, IPrincipal
-from zope.app.security.interfaces import IUnauthenticatedPrincipal
+from zope.security.interfaces import IPrincipal, IGroupAwarePrincipal
+from zope.app.security import interfaces
 from zope.app.container.contained import Contained, contained
 from warnings import warn
 
@@ -30,12 +29,12 @@
 
 class PrincipalRegistry(object):
 
-    implements(IAuthentication)
+    implements(interfaces.IAuthentication)
 
     # Methods implementing IAuthentication
 
     def authenticate(self, request):
-        a = ILoginPassword(request, None)
+        a = interfaces.ILoginPassword(request, None)
         if a is not None:
             login = a.getLogin()
             if login is not None:
@@ -49,21 +48,22 @@
     __defaultid = None
     __defaultObject = None
 
-    def defineDefaultPrincipal(self, principal, title, description=''):
-        id = principal
+    def defineDefaultPrincipal(self, id, title, description='',
+                               principal=None):
         if id in self.__principalsById:
             raise DuplicateId(id)
         self.__defaultid = id
-        p = UnauthenticatedPrincipal(principal, title, description)
-        self.__defaultObject = contained(p, self, id)
-        return p
+        if principal is None:
+            principal = UnauthenticatedPrincipal(id, title, description)
+        self.__defaultObject = contained(principal, self, id)
+        return principal
 
     def unauthenticatedPrincipal(self):
         return self.__defaultObject
 
     def unauthorized(self, id, request):
         if id is None or id is self.__defaultid:
-            a = ILoginPassword(request)
+            a = interfaces.ILoginPassword(request)
             a.needLogin(realm="zope")
 
     def getPrincipal(self, id):
@@ -106,6 +106,13 @@
 
         return p
 
+    def registerGroup(self, group):
+        id = group.id
+        if id in self.__principalsById or id == self.__defaultid:
+            raise DuplicateId(id)
+
+        self.__principalsById[group.id] = group
+
     def _clear(self):
         self.__init__()
 
@@ -122,11 +129,16 @@
         self.id = id
         self.title = title
         self.description = description
+        self.groups = []
 
+class Group(PrincipalBase):
 
+    def getLogin(self):
+        return '' # to make registry search happy
+
 class Principal(PrincipalBase):
 
-    implements(IPrincipal)
+    implements(IGroupAwarePrincipal)
 
     def __init__(self, id, title, description, login, pw):
         super(Principal, self).__init__(id, title, description)
@@ -142,4 +154,17 @@
 
 class UnauthenticatedPrincipal(PrincipalBase):
 
-    implements(IUnauthenticatedPrincipal)
+    implements(interfaces.IUnauthenticatedPrincipal)
+
+class UnauthenticatedGroup(Group):
+
+    implements(interfaces.IUnauthenticatedGroup)
+
+class AuthenticatedGroup(Group):
+
+    implements(interfaces.IAuthenticatedGroup)
+
+class EverybodyGroup(Group):
+
+    implements(interfaces.IEveryoneGroup)
+    

Modified: Zope3/trunk/src/zope/app/security/tests/test_directives.py
===================================================================
--- Zope3/trunk/src/zope/app/security/tests/test_directives.py	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/src/zope/app/security/tests/test_directives.py	2005-02-04 23:50:26 UTC (rev 29051)
@@ -18,8 +18,10 @@
 import unittest
 from pprint import PrettyPrinter
 from zope.interface import Interface, Attribute
-from zope.testing.doctestunit import DocTestSuite
+from zope.testing import doctest
+from zope.configuration import xmlconfig
 
+import zope.app.security
 from zope.security.checker import moduleChecker
 from zope.app.tests import ztapi
 from zope.app.tests.placelesssetup import setUp, tearDown
@@ -217,10 +219,23 @@
     def testRedefinePermission(self):
         self.assertEqual(perms, ['zope.Security'])
 
+def zcml(s):
+    context = xmlconfig.file('meta.zcml', package=zope.app.security)
+    xmlconfig.string(s, context)
+
+def reset():
+    tearDown()
+    setUp()
+
 def test_suite():
     return unittest.TestSuite((
-        DocTestSuite(setUp=setUp, tearDown=tearDown),
+        doctest.DocTestSuite(setUp=setUp, tearDown=tearDown),
         unittest.makeSuite(DirectivesTest),
+        doctest.DocFileSuite(
+            '../globalprincipals.txt',
+            globs={'zcml': zcml, 'reset': reset},
+            setUp=setUp, tearDown=tearDown,
+            )
         ))
 
 if __name__ == '__main__': unittest.main()

Modified: Zope3/trunk/zopeskel/etc/principals.zcml.in
===================================================================
--- Zope3/trunk/zopeskel/etc/principals.zcml.in	2005-02-04 23:50:24 UTC (rev 29050)
+++ Zope3/trunk/zopeskel/etc/principals.zcml.in	2005-02-04 23:50:26 UTC (rev 29051)
@@ -8,6 +8,21 @@
     id="zope.anybody"
     title="Unauthenticated User" />
 
+  <unauthenticatedGroup
+    id="zope.Anybody"
+    title="Unauthenticated Users" 
+    />
+
+  <authenticatedGroup
+    id="zope.Authenticated"
+    title="Authenticated Users" 
+    />
+
+  <everybodyGroup
+    id="zope.Everybody"
+    title="All Users" 
+    />
+
   <principal
     id="zope.manager"
     title="Manager"



More information about the Zope3-Checkins mailing list