module documentation

_accessmanager.py - Access and permission management for ZMS

Access and permission management module for ZMS (Zope Management System). This module provides comprehensive user, role, and public-access management functionality for ZMS objects and containers, including:

  • User management: user creation, deletion, password updates, and attribute persistence through various user folder backends (LDAP, Pluggable Auth Service, classic Zope User Folders)
  • Role management: definition and synchronization of security roles with permission assignments across object hierarchies
  • Local role assignment: fine-grained access control through local role bindings to specific nodes and users
  • Public access control: management of public/restricted content access with synchronized permission inheritance
  • User import/export: bulk user data operations via XML format with fast pickle-based serialization
  • SSO integration: support for Single Sign-On plugins with credential extraction and user attribute synchronization
  • User invitation system: email-based user notification with role information
  • Access validation: permission checking and ZMI (Zope Management Interface) access enforcement with optional registration flow redirects
  • Configuration migration: versioning and upgrade mechanisms for security schema persistence

The module defines role hierarchies (ZMSAdministrator, ZMSEditor, ZMSAuthor, ZMSSubscriber, ZMSUserAdministrator) and provides security object mixins (AccessableObject, AccessableContainer, AccessManager) that integrate with Zope's acquisition model and ZODB persistence layer.

License: GNU General Public License v2 or later, Organization: ZMS Publishing

Class AccessableContainer Access-control mixin for container-like ZMS objects.
Class AccessableObject Mixin providing access-control helpers for ZMS objects.
Class AccessManager Main access-management mixin for users, roles, and local permissions.
Class UserFolderIAddUserPluginWrapper Adapter exposing a uniform add/remove-user API for classic user folders.
Function addRole Add a role and initialize its security configuration entry.
Function deleteUser Delete a user and all of its local role assignments.
Function delLocalRoles Remove all local roles for a user from the current node.
Function getUserId Normalize a user reference to its user id string.
Function setLocalRoles Assign filtered local roles to a user on the current node.
Function updateUserPassword Update a user's password in the underlying user folder.
Function updateVersion Migrate persisted security settings to the current configuration schema.
Variable role_defs Undocumented
Variable user_folder_meta_types Undocumented
def addRole(self, id): (source)

Add a role and initialize its security configuration entry.

Parameters
selfZMS context object
id:strRole id
def deleteUser(self, id): (source)

Delete a user and all of its local role assignments.

Parameters
selfZMS context object
id:strUser id
def delLocalRoles(self, id): (source)

Remove all local roles for a user from the current node.

Parameters
selfZMS context object
id:strUser id
def getUserId(user): (source)

Normalize a user reference to its user id string.

Parameters
userUser object, user dict, or user id
Returns
strUser id
def setLocalRoles(self, id, roles=[]): (source)

Assign filtered local roles to a user on the current node.

Parameters
selfZMS context object
id:strUser id
roles:listRole ids to assign
def updateUserPassword(self, user, password, confirm): (source)

Update a user's password in the underlying user folder.

Parameters
selfZMS context object
user:dictUser descriptor dictionary
password:strNew password
confirm:strPassword confirmation
Returns
boolTrue if the password was changed
Raises
zExceptions.InternalErrorIf password and confirmation differ
def updateVersion(root): (source)

Migrate persisted security settings to the current configuration schema.

Parameters
rootRoot ZMS object
role_defs: dict = (source)

Undocumented

user_folder_meta_types: list[str] = (source)

Undocumented