[Zope3-Users] assigning roles to principals onAuthenticatedPrincipalCreated event

Mats Nordgren mats at ronin-group.org
Wed Sep 20 15:18:21 EDT 2006

As I understand a principal is created and destroyed with each request.
This would make your application set the permission at each request which
might not be exactly what you had in mind.  I use a group folder from pau
and set the group with a subscriber when the site object is created.  

def SiteCreatedHandler(context, event):
sm = LocalSiteManager(context)
default = sm['default']

pau = PluggableAuthentication(prefix='pau.')
default['pau'] = pau
sm.registerUtility(pau, provided=IAuthentication)

groups = GroupFolder(prefix='groups.')
pau['groups'] = groups
sm.registerUtility(groups, provided=IAuthenticatorPlugin, name='groups')

members = GroupInformation('members')
groups['members'] = members
sm.registerUtility(members, provided=IGroupInformation, name='members')
principals = PrincipalFolder(prefix='principals.')
pau['principals'] = principals
sm.registerUtility(principals, provided=IAuthenticatorPlugin, \

principal_roles = IPrincipalRoleManager(context)
principal_roles.assignRoleToPrincipal(u'metrod.Member', \

Then when a new member sign up I add them to the group i.e. 'member'.  I do
this in the createAndAdd method of formlibs AddForm.

def createAndAdd(self, data):
    name = data['name']
    password = data['password']
    pau = getUtility(IAuthentication, context=self.context)
    principals = getUtility(IAuthenticatorPlugin, name='principals', \
    principal = InternalPrincipal(name, password, name)
    principals[name] = principal

    groups = getUtility(IGroupInformation, name='members', \
    groups.principals += (pau.prefix + principals.prefix + name, )
    return self.request.response.redirect('.')

Not sure this is the best way to do it but it works for me.  One thing I did
see in your code though is:

prm.assignRoleToPrincipal('isi.member', event.principal)

which should be:

prm.assignRoleToPrincipal('isi.member', event.principal.id)

-----Original Message-----
From: zope3-users-bounces at zope.org [mailto:zope3-users-bounces at zope.org] On
Behalf Of Hassan Alirezaei
Sent: Thursday, September 21, 2006 7:55 AM
To: zope3-users at zope.org
Subject: [Zope3-Users] assigning roles to principals
onAuthenticatedPrincipalCreated event

Hello zope3-users,

I am trying to do make easy user registrations for my website. but I am 
having problems assigning roles to the principals automatically.
the question is WHEN should I assign these roles to the new principals? 
which is the standard procedure?
right now I am doing :

1. User accounts (InternalPrincipal) are created.
2. The first time the user logs in a role with id="isi.member" will be 
assigned to it on the whole site so the user receives membership 



class UserLoggedIn(object):
    def __init__(self, event):
        if annotations.get('user_home') is None:
            print "***************RGISTERING ANNOTATIONS*****************"
            annotations['user_home'] = Folder()
            annotations['user_home']['register'] = PersistentDict()
            annotations['user_home']['personal'] = Person()
            annotations['user_home']['testing'] = "TESTING THE NEW USER"
            print "******************for %s *******************" %siteroot
            prm.assignRoleToPrincipal('isi.member', event.principal)


getSite() gives me  <ISI.isi.isi.isi object at 0xb659eb2c>  but when i 
go to this object (my main site root) and change to "Grant" from 
zmi_actions menu the role is still unset for the user.

any help is highly appreciated. it is very much possible I am doing the 
hard way to perform the task.
Thank you in advance!



Zope3-users mailing list
Zope3-users at zope.org

More information about the Zope3-users mailing list