Metadata-Version: 1.0
Name: Products.PlonePAS
Version: 4.0b3
Summary: PlonePAS adapts the PluggableAuthService for use by Plone.
Home-page: http://pypi.python.org/pypi/Products.PlonePAS
Author: Kapil Thangavelu, Wichert Akkerman
Author-email: plone-developers@lists.sourceforge.net
License: ZPL
Description: Overview
        ========
        
        This product adapts the
        "PluggableAuthService":http://svn.zope.org/PluggableAuthService/
        for use by Plone.
        
        Notes
        -----
        
        Why doesn't the title of my group, that I set in the ZODB, show up?
        The title for a group comes from the properties plugin. The info
        in the groups plugin isn't used, except for the name.
        
        The value of the 'title' property on the portal_groupdata or
        portal_memberdata tools themselves (as opposed to the group or
        member data records within them) will not be used as a default for
        the title of the group or member. This is to prevent UI confusion if
        a title is set without realizing the implications. To remove this
        special case, see 'plugins.property._getDefaultValues'.
        
        If PAS caching is enabled (see the "Cache" tab) and the cache
        manager does not have a 'cleanup' method (RAMCacheManager has one),
        then changes to the memberdata schema will not effect users already
        cached. In this case, restart the server or clear the cache (if
        possible) for the changes to take effect.
        
        Similarly, changes to the memberdata schema will not propagate to
        member objects already in use. If you have a memberdata object and
        change the memberdata properties you must re-construct the member by
        saying portal_membership.getMemberById again.  See
        'tests.test_properties.test_user_properties' for example.
        
        By default, logout from users signed in under HTTP Basic Auth cannot
        log out.  If you enable the "Credentials Reset" plugin for the HTTP
        Basic plugin, the logout for cookies will no longer work. However,
        this is not a problem if you're not using cookies.
        
        Implementation
        --------------
        
        In some places, PlonePAS acts as an adaptor to make PAS provide
        enough of GRUF's interface to satisfy Plone. All the monkey patches
        in pas.py, for instance, extend PAS with expected methods.
        
        PlonePAS also modifies Plone to work with PAS by providing
        partially-new implementations of several tools.  In the tools/
        directory you can see new tools for groups and members, as well as
        the utils tool.
        
        It also provides extra capabilities for PAS needed by plone, such as
        mutable property sheets, local role calculation, creation of group
        objects, and more.
        
        Authorship
        ----------
        
        Initial creation: The PAS CIGNEX Sprint Team [ Anders, Bob, Ben,
        Chad, Gautham, Joel, Kapil, Michel, Micheal ]
        
        Post-sprint work: J Cameron Cooper, Leo, Sidnei, Mark at "Enfold
        Systems":http://enfoldsystems.com
        
        Basic setAuthCookie support (to mimick CookieCrumbler):
        Rocky Burt at "ServerZen Software":http://www.serverzen.com
        
        Synced login process with Plone:
        Dorneles Tremea at "PloneSolutions":http://plonesolutions.com
        
        Bugfixes, various development and merging with Plone:
        Wichert Akkerman at Simplon
        
        Bugfixes, improvements to membership and property lookups:
        Eric Steele and Erik Rose
        
        Changelog
        =========
        
        4.0b3 - 2010-01-31
        ------------------
        
        - Role plugin's tests no longer subclass (and run all of) ZODBRoleManagerTests
        as they cannot properly handle the plugin's expectation of finding a
        PluginRegistry with IGroupsPlugin
        [erikrose, esteele]
        
        - Revert changes made to ZODBMutablePropertyProvider's enumerateUsers method
        which prevented lookup of users by id. Some refactoring.
        Refs http://dev.plone.org/plone/ticket/9361
        [erikrose, esteele]
        
        - GroupAwareRoleManager now properly computes the roles of deeply-nested
        principals.
        [erikrose, esteele]
        
        - Factor up getGroupsForPrincipal call.
        [erikrose, esteele]
        
        - AutoGroup now implements IPropertiesPlugin to return group title and description.
        [erikrose, esteele]
        
        - GroupsTool's getGroupsForPrincipal and getGroupMembers now return a list
        made up of groups/members from all responding plugins instead of just the
        first responder.
        [erikrose, esteele]
        
        - Remove GroupData's _gruf_getProperty method, move remaining functionality
        into getProperty. getProperty now searches for properties in the following
        places: property sheets directly on the group object, PAS
        IPropertyProviders, portal_groupdata properties, and attributes on its
        GroupData entry. It returns the first piece of data found.
        Closes http://dev.plone.org/plone/ticket/9828
        [erikrose, esteele]
        
        - Added __ignore_direct_roles__ request flag to getRolesForPrincipal() to
        permit retrieval of only group-provided (inherited) roles.
        [cah190]
        
        - getGroupsForPrincipal is a method of PAS' IGroupsPlugin, adjust the groups
        tool's plugin lookup accordingly.
        [esteele]
        
        - Rework the group detection of the ZODBMutablePropertyProvider so that
        enumerateUsers only returns users.
        [esteele]
        
        - Add, but don't activate, a recursive groups plugin on installation.
        [esteele]
        
        - Set proper titles for default groups.
        [esteele]
        
        - Avoid the use of the classImplements helper from PAS. It dealt with the now
        gone Zope2 Interface variants and is no longer needed.
        [hannosch]
        
        - Fix a misnamed kwarg in autogroup plugin.
        [cah190]
        
        - Allow the groups tool's searchForGroups to handle an empty search string as
        'find all'.
        [esteele, cah190]
        
        - Allow PASSearchView's searchGroups method to accept a sorting option.
        [esteele]
        
        - Apply deiter's patch from http://dev.plone.org/plone/ticket/9460 to prevent
        GroupManager's 'getGroupById' from returning groups managed by other group
        managers.
        [esteele]
        
        - GroupsTool.editGroup() now stores title and description in PAS
        propertysheets in addition to Plone-specific tools. This helps us not pave
        over group titles with IDs.
        [erikrose]
        
        - Query the correct keyword variable for the group's description.
        [esteele]
        
        - Fix an incorrect setdefault syntax.
        Closes http://dev.plone.org/plone/ticket/7345
        [esteele]
        
        4.0b2 - 2010-01-02
        ------------------
        
        - Don't specify PIL as a direct dependencies. It is not installed as an egg on
        all platforms.
        [hannosch]
        
        4.0b1 - 2009-12-27
        ------------------
        
        - Fixed package dependencies declaration.
        [hannosch]
        
        4.0a2 - 2009-12-16
        ------------------
        
        - Added backwards compatibility alias for PloneTool to support upgrades from
        Plone 2.5 to work.
        [hannosch]
        
        - Added 'has_email' to the info returned by getMemberInfo.
        Refs http://dev.plone.org/plone/ticket/8707
        [maurits]
        
        4.0a1 - 2009-11-14
        ------------------
        
        - Simplified ``pas_member`` view.  Also return info when no member
        with the requested id exists, so this can be safely used also to get
        "member info" for deleted members.
        [maurits]
        
        - Added new ``pas_member`` view, which provides easy access to the membership
        tools getMemberInfo method but caches the result on the request.
        [hannosch]
        
        - Changed the default value of `memberareaCreationFlag` for the membership
        tool to False, as it was done during Plone site creation so far.
        [hannosch]
        
        - Removed patch on ZODBUserManager.enumerateUsers which was introduced
        historical because of a former missing release of PluggableAuthService 1.5.
        This now superfluous patch also reduced the functionality of the
        patched method and introduced different behavior compared to i.e in
        a similar method on LDAPMultiPlugins. For details on the former
        patch see:
        https://dev.plone.org/collective/changeset/41512/PlonePAS/trunk/pas.py
        [jensens]
        
        - Moved a couple DTML files here from CMFPlone that got left out of the earlier
        refactoring.
        [davisagli]
        
        - Added a view of the Unauthorized exception which re-raises that exception
        in order to make sure that it triggers PAS' challenge plugin rather than
        rendering the standard_error_message.
        [davisagli]
        
        - Removed deprecation warnings for various methods. These never happened.
        [hannosch]
        
        - Removed half-done ZCacheable caching for users and groups.
        [hannosch]
        
        - Removed the CMFDefault dependency of the membership tool. We only need the
        CMFCore functionality.
        [hannosch]
        
        - PlonePAS.gruf_support.authenticate method was not breaking out of
        the loop upon successful authenticateCredentials.
        [runyaga]
        
        - Changed objectIds and objectValues calls to use the IContainer API.
        [hannosch]
        
        - Removed parts of the outdated Extensions.Install code.
        [hannosch]
        
        - Removed a dependency on CMFPlone's `_createObjectByType` method.
        [hannosch]
        
        - Removed magical `homePageText` lookup for initial memberarea content. You
        can use the `notifyMemberAreaCreated` hook for any kind of custom behavior.
        [hannosch]
        
        - Moved the `scale_image` function from CMFPlone.utils into our own utils
        module, as we are the only user of it. Also made the tests independent of
        any CMFPlone code.
        [hannosch]
        
        - Cleaned up package metadata.
        [hannosch]
        
        - Declare test dependencies in an extra and fixed deprecation warnings
        for use of Globals.
        [hannosch]
        
        - Switched the installation progress reporting to the logging framework.
        [hannosch]
        
        - Cleaned up annoying license headers in all files. We have a central place
        to state the license.
        [hannosch]
        
        - Started cleaning up deprecated methods and comments.
        [hannosch]
        
        - Removed support for group workspaces. This part from GRUF hasn't been
        supported for many releases anymore.
        [hannosch]
        
        - Merged all code for the groups tool from GRUF into this package, we are
        officially GRUF-dependency-free :)
        [hannosch]
        
        - Merged all code for the group data tool from GRUF into this package.
        [hannosch]
        
        - Removed the GRUFBridge plugin. PAS inside GRUF isn't supported anymore.
        [hannosch]
        
        - Merged tests moved from CMFPlone into the same modules as the existing
        tests and normalized file names.
        [hannosch]
        
        - Modernized tests and introduce a proper base testcase and layer.
        [hannosch]
        
        - Removed cookie auth tests, these don't work anymore with plone.session.
        [hannosch]
        
        - Moved over all tests for the four tools from CMFPlone.
        [hannosch]
        
        - Removed the user folder migration code and cleaned up tests.
        [hannosch]
        
        - Moved all code from the four tools from CMFPlone into this package.
        [hannosch]
        
        - Removed 'listed' member property support from one of the many search
        functions following Plone.
        [hannosch]
        
        - Copied setLoginFormInCookieAuth from CMFPlone migrations.
        [hannosch]
        
        - Purged old Zope 2 Interface interfaces for Zope 2.12 compatibility.
        (only a test in this case)
        [elro]
        
        
        3.12 - 2009-10-16
        -----------------
        
        - Fixed the performance fix again. enumerateUsers from mutable_properties
        plugin should return all the users if kw is empty. And it returns empty
        tuple if login or id parameter is used.
        [vincentfretin]
        
        
        3.11 - 2009-10-05
        -----------------
        
        - Revert performance fix introduced in 3.10 for the mutable properties plugin.
        enumerateUsers shouldn't return results if id or login is not None like in
        3.9 (data dict doesn't contain id or login key, so testMemberData returns
        always False). The search should be performed only if kw parameter is not
        empty. This is the new optimization fix.
        [vincentfretin]
        
        
        3.10 - 2009-09-06
        -----------------
        
        - Performance fix for searching in the mutable properties plugin:
        when only searching on user id do not walk over all properties,
        but only test if the user id is known. This fixes
        http://dev.plone.org/plone/ticket/9361
        [toutpt]
        
        - Nested groups are now visible in prefs_group_members. This closes
        http://dev.plone.org/plone/ticket/8557
        [vincentfretin]
        
        - Add sort and merge PASSearchView's interface to prevent code duplication.
        [csenger]
        
        
        3.9 - 2009-04-21
        ----------------
        
        - Fix the cookie plugin's login handler to not trust the username
        from the request. Instead we use the login name of the currently
        authenticated user. This fixes CVE-2009-0662 (see
        http://plone.org/products/plone/security/advisories/cve-2009-0662
        for more information).
        [wichert]
        
        
        3.8 - 2009-02-13
        ----------------
        
        - Update the role manager's assignRoleToPrincipal method to lazily
        update the cached list of portal roles. This fixes problems with
        adding users with GenericSetup-created roles.
        [wichert]
        
        - Fixed our OrderedDict to be unpickable with pickle protocol 2. On
        unpickling a __init__ method is not called and an optimization in
        protocol 2 would call __setitem__ without the _list to be initialized.
        Even using a __getstate__ / __setstate__ combination wouldn't work
        around that. This change was found in using membrane and
        MemcachedManager.
        [hannosch, tesdal]
        
        
        3.7 - 2008-09-28
        ----------------
        
        - Removed deprecation zcml statements for PluggableAuthService components:
        these are now in PluggableAuthService itself.
        [wichert]
        
        - Adjusted deprecation warnings to point to Plone 4.0 instead of Plone 3.5
        since we changed the version numbering again.
        [hannosch]
        
        
        3.6 - 2008-06-25
        ----------------
        
        - Modify PloneGroup.getMemberIds to use all IGroupIntrospection plugins
        to get the group members. This makes it possible to list members in
        an LDAP group.
        [wichert]
        
        
        3.5 - 2008-06-25
        ----------------
        
        - Make PASSearchView.merge actually merge search results. Its previous
        behaviour was quite nasty: it preferred search results from the
        enumeration plugin with the lowest priority!
        [wichert]
        
        
        3.4 - 2008-03-26
        ----------------
        
        - Added BBB code for changed setLoginFormInCookieAuth upgrade method.
        [hannosch]
        
        - Ignore but log users without passwords during migration from pre-PAS, as
        these cannot be added to any standard user source.
        [hannosch]
        
        - Fix listRoleInfo on the role plugin to also lazily update the list
        of portal roles.
        [wichert]
        
        3.3 - 2007-03-07
        ----------------
        
        - Added metadata.xml file to the profile.
        [hannosch]
        
        - Move global role lookup out of the local role plugin. Part of the
        PLIP 127 merge for Plone 3.1.
        [alecm]
        
        
        3.2 - 2008-02-15
        ----------------
        
        - Fix schema handling for ZODBMutablePropertyProvider initialization.
        [maurits]
        
        - Remove some exception swallowing from the installation logic so errors
        are not hidden.
        [hannosch]
        
        - Correct handling an empty roles list when modifying groups.
        This fixes http://dev.plone.org/plone/ticket/6994
        [rsantos]
        
        
        3.1 - 2007-10-08
        ----------------
        
        - Improve handing of sorting for searches.
        [csenger]
        
        - Updating the roles for a group did not invalidate the _findGroup cache.
        [wichert]
        
        - Fixed some tool icons to point to existing icons.
        [hannosch]
        
        
        3.0 - 2007-08-16
        ----------------
        
        - Fix check for authenticateCredentials return value
        [rossp]
        
        
        3.0rc2 - 2007-07-27
        -------------------
        
        - Fake a getPhysicalPath on our search view so ZCacheing works properly
        everywhere.
        [wichert]
        
        - Add event classes for logged-in and logged-out events.
        [wichert]
        
        
        3.0rc1 - 2007-07-08
        -------------------
        
        - Correct logic in MemberData capability methods: any plugin is
        allowed to (re)set a password, delete the user or add roles.
        [wichert]
        
        - Use the proper API to get the containing PAS in the group plugin
        [wichert]
        
        - Fix setting user properties on the user object.
        [wichert]
        
        
        3.0b7 - 2007-05-05
        ------------------
        
        - Removed the five:registerPackage statement again. It causes problems in a
        ZEO environment.
        [hannosch]
        
        - Removed our version of the Plone tool from ToolInit. It won't get an icon
        anymore and you cannot add it, but existing instances still work. We
        migrate all instances back to the regular tool anyways.
        [hannosch]
        
        
        3.0b6 - 2007-05-05
        ------------------
        
        - Fixed two migration related test failures.
        [hannosch]
        
        - Spring cleaning, removed some cruft, pyflaked and corrected some more
        undefined names.
        [hannosch]
        
        - New package layout, following standard Python package conventions.
        [hannosch]
        
        - Fixed tool names in ToolInit, so the permission has a proper name. This
        closes http://dev.plone.org/plone/ticket/6525.
        [hannosch]
        
        
        3.0-beta5 - 2007-05-02
        ----------------------
        
        - Modify the roles plugin to lazily update its roles list from the portal.
        [wichert]
        
        - Filter duplicate search results.
        [laz, wichert]
        
        - Add a sort_by option to the search methods to allow sorting of results
        by a property.
        [laz, wichert]
        
        - Modify login method for the cookie plugin to perform the credential
        update in the PAS of the user instead of the PAS of the plugin. This
        helps in making sure that users will only authenticate against their
        own user folder, so we get all their roles, properties, etc. correctly.
        [wichert]
        
        - Update installation logic to use plone.session for cookies
        [wichert]
        
        - Add pas_info and pas_search browser views.
        [wichert]
        
        - Deprecate the PlonePAS PloneTool; its changes have been merged in the
        standard Plone version.
        [wichert]
        
        - Use getUtility to get the portal object.
        [wichert]
        
        - Deprecate user and group searching through CMF member and group tools
        in favour of PAS enumeration.
        [wichert]
        
        - Refactor user searching in the membership tool to use standard PAS
        searches.
        [wichert]
        
        - Add user enumeration capabilities to the mutable properties plugin.
        [wichert]
        
        - Add a new automatic group plugin which puts all users in a virtual
        group. This is useful for permissions handling: since it is not
        possible to add roles to users with the Authenticated role a
        virtual group can be used instead.
        [wichert]
        
        - Added support to import PloneUserFactory and added stub
        for ZODBMutableProperties. Attention: Latter needs a real
        export and import! At the moment it do not export the
        propertysheets. This is a TODO. At least with this two
        additions PlonePAS import runs. Additional I needed to
        hack PluginRegistry and and PluggableAuthService slightly.
        [jensens]
        
        - Added HISTORY.txt and updated version information.
        [hannosch]
        
        
        2.4 - 2007-04-15
        ----------------
        
        - Optomise the local roles plugin for the common case where
        local_roles is empty
        [dreamcatcher]
        
        - the plone user was assuming a one to one mapping between property plugin
        and user property sheet, and stripping away additional ones as part of
        the retrieval of ordered sheets, instead, it now stores all
        propertysheets in an ordered dictionary, so this assumption is not needed
        [k_vertigo]
        
        - More postonly security changes
        [alecm, ramon]
        
        
        2.3 - 2007-05-30
        ----------------
        
        - Use a local postonly decorator so PlonePAS can be used with Plone
        2.5, 2.5.1 and 2.5.2.
        [wichert]
        
        - Protect the tools with postonly security modifiers.
        [mj]
        
        - Update GRUF compatibility functions to use the same security checks
        as GRUF itself uses.
        [mj]
        
        - Fix migration to handle properties of selection or multiple selection
        types.
        [reinout]
        
        - Correct creation of groups wich default group managers.
        [dreamcatcher]
        
        - Fix migration from GRUF sites: also include the member properties in the
        migration.
        [tesdal]
        
        - Correct the test for creation of groups with the same id as users: search
        for the exact id, not substrings.
        [tesdal]
        
        - Fix bad form action which made it impossible to add a plone user factory
        plugin through the ZMI. Backported from trunk.
        [wichert]
        
Keywords: Zope CMF Plone PAS authentication
Platform: UNKNOWN
Classifier: Framework :: Plone
Classifier: Framework :: Zope2
