NewPTKArchitecture

PTK II

At the base of the portal we have the following "tool" objects. DTML in the portal uses these tools to access services. The tools can be subclassed or replaced at the site. These tools should help managers to understand all the features that PTK provides. DemoPortal provides some small extensions to the architecture.

See NewPTKArchitectureDiscussion.

• Portal Objects diagram

• Portal Tools diagram

Permissions

• Manage portal -- default roles: (Manager,)

• Add portal member -- default roles: (Anonymous,)

• Set own password -- default roles: (Member,)

• Set own properties -- default roles: (Member,)

• Mail forgotten password -- default roles: (Anonymous,)

• Add portal content -- default roles: (Member,)

• Modify portal content -- default roles: (Owner, Manager,)

• Request review -- default roles: (Member,)

• Review portal content -- default roles: (Reviewer,)

• Access future portal content -- default roles: (Reviewer,)

Singleton strategy objects

portal_membership

Deals with the details of how and where to store and retrieve members and their member folders.

Anonymous permission

getAuthenticatedMember(self)

Returns a PortalMember object corresponding to the authenticated user.

isAnonymousUser(self)

Returns 1 if the user is not logged in, otherwise 0.

checkPermission(self, permissionName, object)

Checks whether the authenticated user has the named permission on the given object. Does not raise an exception.

credentialsChanged(self, password)

Notifies the authentication mechanism that the authenticated user has changed passwords. This can be used to update the authentication cookie. Note that this call should not cause any change at all to user databases.

getHomeFolder(self, id)

Returns a member's home folder object.

getHomeUrl(self, id)

Returns the URL to a member's home folder.

Manage portal permission

getMemberById(self, id)

Returns the PortalMember object with the given id.

listMemberIds(self)

Lists the id's of all members. This may eventually be replaced with a set of methods for querying pieces of the list rather than the entire list at once.

listMembers(self)

Gets the list of all members.

No permission (called only by Python)

addMember(self, id, password, roles, domains)

Adds the given member. Security checks will have already been performed.

listActions(self, isAnonymous, portal_url)

Returns a list of actions available to the user.

portal_registration

Establishes policies for member registration. Depends on portal_membership. Is not aware of membership storage details.

Anonymous permission

isRegistrationAllowed(self, REQUEST)

Returns a boolean value indicating whether the user is allowed to add a member to the portal. Should always return 0 if the user does not have the Add Portal Member permission.

testPasswordValidity(self, password, confirm=None)

If the password is valid, returns None. If not, returns a string explaining why.

testPropertiesValidity(self, properties, member=None)

If the properties are valid, returns None. If not, returns a string explaining why.

generatePassword(self)

Generates a password which is guaranteed to pass the isPasswordAllowed test.

Add Portal member permission

addMember(self, id, password, roles=(Member,), domains='', properties=None)

Creates a PortalMember and returns it. The properties argument can be a mapping with additional member properties. Raises an exception if the given id already exists, the password does not comply with the policy in effect, or the authenticated user is not allowed to grant one of the roles listed (where Member is a special role that can always be granted); these conditions should be detected before the fact so that a cleaner message can be printed.

isMemberIdAllowed(self, id)

Returns 1 if the member ID is not in use and is not reserved.

No permission

afterAdd(self, member, id, password, properties)

Called after a member has been added successfully.

Mail forgotten password permission

mailPassword(self, forgotten_userid, REQUEST)

Finds the given userid and executes a method called "mail_password_template" with member and password parameters. Raises an exception if the userid is not found.

Set own password permission

setPassword(self, password, domains=None)

Allows the authenticated member to set their own password.

Set own properties permission

setProperties(self, properties)

Allows the authenticated member to set their own properties.

portal_workflow

Anonymous permission

getStateFor(self, content)

Returns the current workflow state of content. State is implemented as a mapping object. (ShaneH?: or should it be a Python object?)

listAllowableTransitionsFor(self, content)

Returns the list of transition names which are available to the current user from the state of content.

changeStateFor(self, content, transition, comment, **kw)

Executes the given transition name on content with the keyword arguments as modifiers and the comment as a history attribute. Returns content, which may be in a new location. Remember there are no implicit security assertions; implementations will need to add code that calls checkPermission. (The fact that the objects can move eliminates the need for review_policy(), which was a hook for changing the role/permission mappings. Role/permission mappings are not intended to be changed or set by application code.)

listAddableTypesFor(self, container)

Lists the meta types that are allowed to be added by the user to the given container.

No permission

listActions(self, isAnonymous, portal_url)

Returns a list of actions available to the user.

portal_catalog

Anonymous permission

searchResults(self, REQUEST=None, **kw)

Calls the catalog's searchResults() method with extra arguments that filter the results to what the user is allowed to see. Unless the user has the "Access future portal content" permission, content with a Date property set later than the current date will be filtered out.

__call__(self, REQUEST=None, **kw)

Same as searchResults().

getpath(self, data_recordid)

A call to ZCatalog?.

No permission (called only by Python code)

reindexObject(self, object)

Notifies the catalog of a change to object.

indexObject(self, object)

Ensures object is in the catalog.

unindexObject(self, object)

Removes object from the catalog.

portal_discussion

Anonymous permission

getDiscussionFor(self, content)

Gets the PortalDiscussion? object that applies to content.

isDiscussionAllowedFor(self, content)

Returns a boolean indicating whether a discussion is allowed for the specified content.

portal_actions

Anonymous permission

listFilteredActionsFor(self, object)

Gets all actions available to the user and returns a mapping containing user actions, object actions, and global actions. The actions are collected from a listActions() method on other portal tools, a listActions() method on the object and all of its parents, and the defaultActions() method on the portal_actions object.

listFilteredActions(self)

Gets the actions available to the user without being in the context of a PortalContent object.

No permission

listActions(self, isAnonymous, portal_url)

Returns a list of actions available to the user.

portal_undo

Undo changes permission

listUndoableTransactionsFor(self, object, ...)

Lists all transaction ID's the user is allowed to undo. The other arguments correspond with the Zope undo methods.

undo(self, transactionIds, ...)

Performs an undo operation. The other arguments correspond with the Zope undo methods.

Changed assumptions

• PortalMember may not be able to locate the portal_membership or acl_users objects.

• In LoginManager, PortalMember is accessed through "user source" plugins. Authentication is not necessarily accessible from the user sources. Therefore PortalMember can not update the authentication tokens. Our solution is to create a utility method in portal_membership that causes acl_users (or whatever) to generate updated authentication tokens.

Other object types in Portal

PortalMember

PortalContent

DublinCore?

PortalDiscussion?

PortalDiscussionItem?

See NewPTKArchitectureDiscussion.