[Zope3-Users] Assigning programmatically a Role to a Principal

Simon Elbaz elbazsimon9 at gmail.com
Thu Jun 4 19:20:14 EDT 2009


Hi,
I have a similar difficulty.

In site.zcml, the role 'zope.Member' is defined and a permission is granted:
<role id="zope.Member" title="Site Member" />
<grant permission="zope.View"
         role="zope.Member" />

How can I assign a role to a principal who is created on the fly:
a_principal =
zope.app.authentication.principalfolder.InternalPrincipal(login=tab[0].encode('utf-8'),
password=tab[1].encode('utf-8'), title=a_title.encode('utf-8'),
passwordManagerName='SHA1')
a_auth_plugin =
getUtility(zope.app.authentication.interfaces.IAuthenticatorPlugin,
'myAuthenticatorPlugin')
role_map = IPrincipalRoleManager(a_auth_plugin)
role_map.assignRoleToPrincipal('zope.Member', a_principal.login)
a_auth_plugin[a_principal.title] = a_principal

I verify that the role is assigned:
            interaction =
zope.securitypolicy.zopepolicy.ZopeSecurityPolicy()
print interaction.checkPermission(a_principal, a_auth_plugin)
>>> True

But when I want to access the page defined below, it returns 'Unauthorized':
<page
      name="login.html"
      for="zope.app.folder.interfaces.IFolder"
      permission="zope.View"
          layer="cdcadama.layer.ICdcadamaBrowserLayer"
      class=".login.LoginAddForm"
/>

Thanks for your help
Simon


On Tue, May 12, 2009 at 12:34 PM, Massimiliano della Rovere <
massimiliano.dellarovere at gmail.com> wrote:

> I had a similar problem.
> My mistake was that I forgot the application prefix in the
> event.principal.id. (so instead of user app.XYZ I used only XYZ, which
> was not found in the PrincipalFolder).
>
>
> On Tue, May 12, 2009 at 12:18, Thierry Florac <thierry.florac at onf.fr>
> wrote:
> > Le mardi 12 mai 2009,
> >  paftek <paftek at gmail.com> a écrit :
> > ======================================================================
> >> I created a Role and a Permission affected to it :
> >> <role id="app.User" title="Utilisateur" />
> >> <permission id="app.Auth" title="Utilisateur authentifié" />
> >> <grant permission="app.Auth" role="app.User" />
> >>
> >> My users are store in a PostgreSQL database, not in the ZODB.
> >> I use the Zope authentication system to return a PrincipalInfo when an
> >> user log in.
> >>
> >> I do not know how to assign my "app.User" Role to the Principal who
> >> log in. I tried the following, without success :
> >>
> >> @adapter(IAuthenticatedPrincipalCreated)
> >> def setPermission(event):
> >>     role_map = IPrincipalRoleManager(getSiteManager())
> >>     role_map.assignRoleToPrincipal('app.User', event.principal.id)
> > ======================================================================
> >
> > Hi,
> >
> > What do you mean when you say "without success" ?
> > What do you get when you look at the "@@grant.html" view over your
> > context ??
> >
> > Thierry
> > --
> > Chef de projets intranet/internet
> > Office National des Forêts - Département Informatique
> > 2, Avenue de Saint-Mandé
> > 75570 Paris Cedex 12
> > Tél. : 01 40 19 59 64
> > Fax. : 01 40 19 58 85
> > Mél. : thierry.florac at onf.fr
> > Web. : http://www.onf.fr
> >
> > _______________________________________________
> > Zope3-users mailing list
> > Zope3-users at zope.org
> > http://mail.zope.org/mailman/listinfo/zope3-users
> >
> _______________________________________________
> Zope3-users mailing list
> Zope3-users at zope.org
> http://mail.zope.org/mailman/listinfo/zope3-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope3-users/attachments/20090605/6a60952f/attachment.html 


More information about the Zope3-users mailing list