_accessmanager.py - Access and permission management for ZMS
Access and permission management module for ZMS (Zope Management System). This module provides comprehensive user, role, and public-access management functionality for ZMS objects and containers, including:
- User management: user creation, deletion, password updates, and attribute persistence through various user folder backends (LDAP, Pluggable Auth Service, classic Zope User Folders)
- Role management: definition and synchronization of security roles with permission assignments across object hierarchies
- Local role assignment: fine-grained access control through local role bindings to specific nodes and users
- Public access control: management of public/restricted content access with synchronized permission inheritance
- User import/export: bulk user data operations via XML format with fast pickle-based serialization
- SSO integration: support for Single Sign-On plugins with credential extraction and user attribute synchronization
- User invitation system: email-based user notification with role information
- Access validation: permission checking and ZMI (Zope Management Interface) access enforcement with optional registration flow redirects
- Configuration migration: versioning and upgrade mechanisms for security schema persistence
The module defines role hierarchies (ZMSAdministrator, ZMSEditor, ZMSAuthor, ZMSSubscriber, ZMSUserAdministrator) and provides security object mixins (AccessableObject, AccessableContainer, AccessManager) that integrate with Zope's acquisition model and ZODB persistence layer.
License: GNU General Public License v2 or later, Organization: ZMS Publishing
| Class | |
Access-control mixin for container-like ZMS objects. |
| Class | |
Mixin providing access-control helpers for ZMS objects. |
| Class | |
Main access-management mixin for users, roles, and local permissions. |
| Class | |
Adapter exposing a uniform add/remove-user API for classic user folders. |
| Function | add |
Add a role and initialize its security configuration entry. |
| Function | delete |
Delete a user and all of its local role assignments. |
| Function | del |
Remove all local roles for a user from the current node. |
| Function | get |
Normalize a user reference to its user id string. |
| Function | set |
Assign filtered local roles to a user on the current node. |
| Function | update |
Update a user's password in the underlying user folder. |
| Function | update |
Migrate persisted security settings to the current configuration schema. |
| Variable | role |
Undocumented |
| Variable | user |
Undocumented |
Add a role and initialize its security configuration entry.
| Parameters | |
| self | ZMS context object |
| id:str | Role id |
Remove all local roles for a user from the current node.
| Parameters | |
| self | ZMS context object |
| id:str | User id |
Normalize a user reference to its user id string.
| Parameters | |
| user | User object, user dict, or user id |
| Returns | |
| str | User id |
Assign filtered local roles to a user on the current node.
| Parameters | |
| self | ZMS context object |
| id:str | User id |
| roles:list | Role ids to assign |
Update a user's password in the underlying user folder.
| Parameters | |
| self | ZMS context object |
| user:dict | User descriptor dictionary |
| password:str | New password |
| confirm:str | Password confirmation |
| Returns | |
| bool | True if the password was changed |
| Raises | |
zExceptions.InternalError | If password and confirmation differ |