# HG changeset patch # User Thierry Florac # Date 1505131013 -7200 # Node ID 01d611aa789105380d15f86764b54f71a6cdb033 # Parent be0b2504aaf3800d96df6800fe938d0af2c1d0e9 Initialize system users (administrator and internal user) on site upgrade diff -r be0b2504aaf3 -r 01d611aa7891 src/pyams_security/site.py --- a/src/pyams_security/site.py Mon Sep 11 13:55:37 2017 +0200 +++ b/src/pyams_security/site.py Mon Sep 11 13:56:53 2017 +0200 @@ -16,7 +16,7 @@ # import standard library # import interfaces -from pyams_security.interfaces import ISecurityManager +from pyams_security.interfaces import ISecurityManager, SYSTEM_PREFIX, ADMIN_USER_LOGIN, INTERNAL_USER_LOGIN from pyams_utils.interfaces.site import ISiteGenerations from zope.lifecycleevent.interfaces import IObjectCreatedEvent from zope.principalannotation.interfaces import IPrincipalAnnotationUtility @@ -37,6 +37,26 @@ (IPrincipalAnnotationUtility, '', PrincipalAnnotationUtility, 'User profiles')) +def get_admin_user(): + """Get system manager profile""" + admin_auth = AdminAuthenticationPlugin() + admin_auth.prefix = SYSTEM_PREFIX + admin_auth.title = 'System manager authentication' + admin_auth.login = ADMIN_USER_LOGIN + admin_auth.password = 'admin' + return admin_auth + + +def get_service_user(): + """Get internal services profile""" + service_auth = AdminAuthenticationPlugin() + service_auth.prefix = SYSTEM_PREFIX + service_auth.title = 'internal service' + service_auth.login = INTERNAL_USER_LOGIN + service_auth.password = None + return service_auth + + @subscriber(INewLocalSite) def handle_new_local_site(event): """Create a new security manager when a site is created""" @@ -53,16 +73,25 @@ def evolve(self, site, current=None): """Check for required utilities""" check_required_utilities(site, REQUIRED_UTILITIES) + manager = site.getSiteManager().queryUtility(ISecurityManager) + if manager is not None: + if '__system__' not in manager: + admin_auth = get_admin_user() + get_current_registry().notify(ObjectCreatedEvent(admin_auth)) + manager['__internal__'] = admin_auth + if '__internal__' not in manager: + service_auth = get_service_user() + get_current_registry().notify(ObjectCreatedEvent(service_auth)) + manager['__internal__'] = service_auth @subscriber(IObjectCreatedEvent, context_selector=ISecurityManager) def handle_new_security_manager(event): """Automatically create a new administration login""" - admin_auth = AdminAuthenticationPlugin() - admin_auth.prefix = 'system' - admin_auth.title = 'System manager authentication' - admin_auth.login = 'admin' - admin_auth.password = 'admin' + utility = event.object + admin_auth = get_admin_user() get_current_registry().notify(ObjectCreatedEvent(admin_auth)) - utility = event.object utility['__system__'] = admin_auth + service_auth = get_service_user() + get_current_registry().notify(ObjectCreatedEvent(service_auth)) + utility['__internal__'] = service_auth