# HG changeset patch
# User Thierry Florac <thierry.florac@onf.fr>
# Date 1505131013 -7200
# Node ID 01d611aa789105380d15f86764b54f71a6cdb033
# Parent  be0b2504aaf3800d96df6800fe938d0af2c1d0e9
Initialize system users (administrator and internal user) on site upgrade

diff -r be0b2504aaf3 -r 01d611aa7891 src/pyams_security/site.py
--- a/src/pyams_security/site.py	Mon Sep 11 13:55:37 2017 +0200
+++ b/src/pyams_security/site.py	Mon Sep 11 13:56:53 2017 +0200
@@ -16,7 +16,7 @@
 # import standard library
 
 # import interfaces
-from pyams_security.interfaces import ISecurityManager
+from pyams_security.interfaces import ISecurityManager, SYSTEM_PREFIX, ADMIN_USER_LOGIN, INTERNAL_USER_LOGIN
 from pyams_utils.interfaces.site import ISiteGenerations
 from zope.lifecycleevent.interfaces import IObjectCreatedEvent
 from zope.principalannotation.interfaces import IPrincipalAnnotationUtility
@@ -37,6 +37,26 @@
                       (IPrincipalAnnotationUtility, '', PrincipalAnnotationUtility, 'User profiles'))
 
 
+def get_admin_user():
+    """Get system manager profile"""
+    admin_auth = AdminAuthenticationPlugin()
+    admin_auth.prefix = SYSTEM_PREFIX
+    admin_auth.title = 'System manager authentication'
+    admin_auth.login = ADMIN_USER_LOGIN
+    admin_auth.password = 'admin'
+    return admin_auth
+
+
+def get_service_user():
+    """Get internal services profile"""
+    service_auth = AdminAuthenticationPlugin()
+    service_auth.prefix = SYSTEM_PREFIX
+    service_auth.title = 'internal service'
+    service_auth.login = INTERNAL_USER_LOGIN
+    service_auth.password = None
+    return service_auth
+
+
 @subscriber(INewLocalSite)
 def handle_new_local_site(event):
     """Create a new security manager when a site is created"""
@@ -53,16 +73,25 @@
     def evolve(self, site, current=None):
         """Check for required utilities"""
         check_required_utilities(site, REQUIRED_UTILITIES)
+        manager = site.getSiteManager().queryUtility(ISecurityManager)
+        if manager is not None:
+            if '__system__' not in manager:
+                admin_auth = get_admin_user()
+                get_current_registry().notify(ObjectCreatedEvent(admin_auth))
+                manager['__internal__'] = admin_auth
+            if '__internal__' not in manager:
+                service_auth = get_service_user()
+                get_current_registry().notify(ObjectCreatedEvent(service_auth))
+                manager['__internal__'] = service_auth
 
 
 @subscriber(IObjectCreatedEvent, context_selector=ISecurityManager)
 def handle_new_security_manager(event):
     """Automatically create a new administration login"""
-    admin_auth = AdminAuthenticationPlugin()
-    admin_auth.prefix = 'system'
-    admin_auth.title = 'System manager authentication'
-    admin_auth.login = 'admin'
-    admin_auth.password = 'admin'
+    utility = event.object
+    admin_auth = get_admin_user()
     get_current_registry().notify(ObjectCreatedEvent(admin_auth))
-    utility = event.object
     utility['__system__'] = admin_auth
+    service_auth = get_service_user()
+    get_current_registry().notify(ObjectCreatedEvent(service_auth))
+    utility['__internal__'] = service_auth