14 |
14 |
15 |
15 |
16 # import standard library |
16 # import standard library |
17 |
17 |
18 # import interfaces |
18 # import interfaces |
19 from pyams_security.interfaces import ISecurityManager |
19 from pyams_security.interfaces import ISecurityManager, SYSTEM_PREFIX, ADMIN_USER_LOGIN, INTERNAL_USER_LOGIN |
20 from pyams_utils.interfaces.site import ISiteGenerations |
20 from pyams_utils.interfaces.site import ISiteGenerations |
21 from zope.lifecycleevent.interfaces import IObjectCreatedEvent |
21 from zope.lifecycleevent.interfaces import IObjectCreatedEvent |
22 from zope.principalannotation.interfaces import IPrincipalAnnotationUtility |
22 from zope.principalannotation.interfaces import IPrincipalAnnotationUtility |
23 from zope.site.interfaces import INewLocalSite |
23 from zope.site.interfaces import INewLocalSite |
24 |
24 |
35 |
35 |
36 REQUIRED_UTILITIES = ((ISecurityManager, '', SecurityManager, 'Security manager'), |
36 REQUIRED_UTILITIES = ((ISecurityManager, '', SecurityManager, 'Security manager'), |
37 (IPrincipalAnnotationUtility, '', PrincipalAnnotationUtility, 'User profiles')) |
37 (IPrincipalAnnotationUtility, '', PrincipalAnnotationUtility, 'User profiles')) |
38 |
38 |
39 |
39 |
|
40 def get_admin_user(): |
|
41 """Get system manager profile""" |
|
42 admin_auth = AdminAuthenticationPlugin() |
|
43 admin_auth.prefix = SYSTEM_PREFIX |
|
44 admin_auth.title = 'System manager authentication' |
|
45 admin_auth.login = ADMIN_USER_LOGIN |
|
46 admin_auth.password = 'admin' |
|
47 return admin_auth |
|
48 |
|
49 |
|
50 def get_service_user(): |
|
51 """Get internal services profile""" |
|
52 service_auth = AdminAuthenticationPlugin() |
|
53 service_auth.prefix = SYSTEM_PREFIX |
|
54 service_auth.title = 'internal service' |
|
55 service_auth.login = INTERNAL_USER_LOGIN |
|
56 service_auth.password = None |
|
57 return service_auth |
|
58 |
|
59 |
40 @subscriber(INewLocalSite) |
60 @subscriber(INewLocalSite) |
41 def handle_new_local_site(event): |
61 def handle_new_local_site(event): |
42 """Create a new security manager when a site is created""" |
62 """Create a new security manager when a site is created""" |
43 site = event.manager.__parent__ |
63 site = event.manager.__parent__ |
44 check_required_utilities(site, REQUIRED_UTILITIES) |
64 check_required_utilities(site, REQUIRED_UTILITIES) |
51 generation = 1 |
71 generation = 1 |
52 |
72 |
53 def evolve(self, site, current=None): |
73 def evolve(self, site, current=None): |
54 """Check for required utilities""" |
74 """Check for required utilities""" |
55 check_required_utilities(site, REQUIRED_UTILITIES) |
75 check_required_utilities(site, REQUIRED_UTILITIES) |
|
76 manager = site.getSiteManager().queryUtility(ISecurityManager) |
|
77 if manager is not None: |
|
78 if '__system__' not in manager: |
|
79 admin_auth = get_admin_user() |
|
80 get_current_registry().notify(ObjectCreatedEvent(admin_auth)) |
|
81 manager['__internal__'] = admin_auth |
|
82 if '__internal__' not in manager: |
|
83 service_auth = get_service_user() |
|
84 get_current_registry().notify(ObjectCreatedEvent(service_auth)) |
|
85 manager['__internal__'] = service_auth |
56 |
86 |
57 |
87 |
58 @subscriber(IObjectCreatedEvent, context_selector=ISecurityManager) |
88 @subscriber(IObjectCreatedEvent, context_selector=ISecurityManager) |
59 def handle_new_security_manager(event): |
89 def handle_new_security_manager(event): |
60 """Automatically create a new administration login""" |
90 """Automatically create a new administration login""" |
61 admin_auth = AdminAuthenticationPlugin() |
91 utility = event.object |
62 admin_auth.prefix = 'system' |
92 admin_auth = get_admin_user() |
63 admin_auth.title = 'System manager authentication' |
|
64 admin_auth.login = 'admin' |
|
65 admin_auth.password = 'admin' |
|
66 get_current_registry().notify(ObjectCreatedEvent(admin_auth)) |
93 get_current_registry().notify(ObjectCreatedEvent(admin_auth)) |
67 utility = event.object |
|
68 utility['__system__'] = admin_auth |
94 utility['__system__'] = admin_auth |
|
95 service_auth = get_service_user() |
|
96 get_current_registry().notify(ObjectCreatedEvent(service_auth)) |
|
97 utility['__internal__'] = service_auth |