• Remember Mailing List

  • Registration

    from hodren on May 06, 2008 09:33 AM 
    I wanna create a new user profile but I want the username to be generated using the first name and second name. Is there a way this can be done? I was thinking of inserting an algorithm that runs once the register button has been clicked. Can this be done? Thanks in advance
    Thread Outline:

  • Re: Registration

    from ra on May 12, 2008 06:47 PM 
    HodrenNaidoo wrote:
> I wanna create a new user profile but I want the username to be generated using the first name and second name. Is there a way this can be done?

yes, it can be done, it may have a few tricky corners.  the id field of the 
member object is what is used as the username, by default, and id fields are a 
bit special; they're roughly the ZODB equivalent of a relational database's 
primary key.  you have to have an id, and once you set the id you shouldn't 
change it.

i'd probably do something like this:

- tweak the id widget's 'visible' settings so it no longer shows up on the 
edit forms (also make regfield=0 so it doesn't show up on join form).

- create an IObjectAdded event subscriber that generates the id value and sets 
it on the member object.  probably want to check to make sure that the id is 
an auto-generated one, so you don't accidentally change the id should this 
event ever get fired when you don't expect it to.

keep in mind that if you allow users to edit their first and last names, 
there's a possibility that the id and the names may become out of sync.

-r


  I was thinking of inserting an algorithm that runs once the register button 
has been clicked. Can this be done? Thanks in advance
> 
> --
> Archive: http://www.openplans.org/projects/remember/lists/remember/archive/2008/05/1210080785780
> To unsubscribe send an email with subject unsubscribe to remember@....  Please contact remember-manager@... for questions.
>

    • Re: Registration

      from michaeljoseph on Jun 06, 2008 07:47 AM 
      Hi,

We get the following permissions error when attempting to set the id
of our custom remember.content.member.Member subclass either by using
an event subscriber, abusing the Archetypes validation hooks or
setting _at_rename_after_creation=True and overriding generateNewId:

2008-06-03T18:08:38 ERROR Zope.SiteErrorLog
http://localhost:8080/durban/portal_memberdata/portal_factory/eThekwiniMember/ethekwinimember.2008-06-03.1147579855/reg_form
Traceback (innermost last):
  Module ZPublisher.Publish, line 115, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 41, in call_object
  Module Products.CMFPlone.FactoryTool, line 369, in __call__
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 41, in call_object
  Module Products.CMFFormController.FSControllerPageTemplate, line 90,
in __call__
  Module Products.CMFFormController.BaseControllerPageTemplate, line
28, in _call
  Module Products.CMFFormController.ControllerBase, line 232, in
getNext
   - __traceback_info__: ['id = reg_form', 'status = success',
'button=register', 'errors={}', 'context=<eThekwiniMember at
ethekwinimember.2008-06-03.1147579855>',
"kwargs={'portal_status_message': 'Changes saved.'}",
'next_action=None', '']
  Module Products.CMFFormController.Actions.TraverseTo, line 38, in
__call__
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 41, in call_object
  Module Products.CMFFormController.FSControllerPythonScript, line
104, in __call__
  Module Products.CMFFormController.Script, line 145, in __call__
  Module Products.CMFCore.FSPythonScript, line 108, in __call__
  Module Shared.DC.Scripts.Bindings, line 311, in __call__
  Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
  Module Products.CMFCore.FSPythonScript, line 164, in _exec
  Module None, line 5, in do_register
   - <FSControllerPythonScript at /durban/do_register used for /durban/
portal_memberdata/portal_factory/eThekwiniMember/ethekwinimember.
2008-06-03.1147579855>
   - Line 5
  Module Products.Archetypes.BaseObject, line 649, in processForm
  Module Products.Archetypes.BaseObject, line 752, in
_renameAfterCreation
  Module Products.remember.content.member, line 100, in setId
  Module Products.Archetypes.BaseObject, line 236, in setId
  Module OFS.CopySupport, line 344, in manage_renameObject
Copy Error:
<HTML>
<HEAD>
<TITLE>Not Supported</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF">
<FORM ACTION="manage_main" METHOD="GET" >
<TABLE BORDER="0" WIDTH="100%" CELLPADDING="10">
<TR>
  <TD VALIGN="TOP">
  <BR>
  <CENTER><B><FONT SIZE="+6" COLOR="#77003B">!</FONT></B></CENTER>
  </TD>
  <TD VALIGN="TOP">
  <BR><BR>
  <CENTER>
  The action against the <em>ethekwinimember.2008-06-03.1147579855</
em> object could not be carried out. One of the following constraints
caused the problem: <br><br>The object does not support this
operation.<br><br>-- OR --<br><br>The currently logged-in user does
not have the <b>Copy or Move</b> permission respective to the object.
  </CENTER>
  </TD>
</TR>
<TR>
  <TD VALIGN="TOP">
  </TD>
  <TD VALIGN="TOP">
  <CENTER>
  <INPUT TYPE="SUBMIT" VALUE="   Ok   ">
  </CENTER>
  </TD>
</TR>
</TABLE>
</FORM>
</BODY></HTML>

My analysis is that the Anonymous user doesn't have the 'Copy or Move'
permission on portal_membership- how can I change this?
I've already given the Anonymous user the following permissions:
Add portal member
Copy or Move
membrane: Edit member id
membrane: Register member
remember: Add FolderishMember

Any ideas?

I've had another idea around trying to implement this id change in the
approval workflow, anyone have some general approach tips?

thanks
michael

On May 13, 12:48 am, Rob Miller <r...@...> wrote:
> HodrenNaidoo wrote:
> > I wanna create a new user profile but I want the username to be generated using the first name and second name. Is there a way this can be done?
>
> yes, it can be done, it may have a few tricky corners.  the id field of the
> member object is what is used as the username, by default, and id fields are a
> bit special; they're roughly the ZODB equivalent of a relational database's
> primary key.  you have to have an id, and once you set the id you shouldn't
> change it.
>
> i'd probably do something like this:
>
> - tweak the id widget's 'visible' settings so it no longer shows up on the
> edit forms (also make regfield=0 so it doesn't show up on join form).
>
> - create an IObjectAdded event subscriber that generates the id value and sets
> it on the member object.  probably want to check to make sure that the id is
> an auto-generated one, so you don't accidentally change the id should this
> event ever get fired when you don't expect it to.
>
> keep in mind that if you allow users to edit their first and last names,
> there's a possibility that the id and the names may become out of sync.
>
> -r
>
>   I was thinking of inserting an algorithm that runs once the register button
> has been clicked. Can this be done? Thanks in advance
>
>
>
> > --
> > Archive:http://www.openplans.org/projects/remember/lists/remember/archive/200...
> > To unsubscribe send an email with subject unsubscribe to remem...@....  Please contact remember-mana...@... for questions.
>
> --
> Archive:http://www.openplans.org/projects/remember/lists/remember/archive/200...
> To unsubscribe send an email with subject unsubscribe to remem...@....  Please contact remember-mana...@... for questions.

      • Re: Re: Registration

        from ra on Jun 06, 2008 02:03 PM 
        michaeljoseph wrote:
> Hi,
> 
> We get the following permissions error when attempting to set the id
> of our custom remember.content.member.Member subclass either by using
> an event subscriber, abusing the Archetypes validation hooks or
> setting _at_rename_after_creation=True and overriding generateNewId:

<---SNIP--->

> 
>   The action against the <em>ethekwinimember.2008-06-03.1147579855</
> em> object could not be carried out. One of the following constraints
> caused the problem: <br><br>The object does not support this
> operation.<br><br>-- OR --<br><br>The currently logged-in user does
> not have the <b>Copy or Move</b> permission respective to the object.

<---SNIP--->

> My analysis is that the Anonymous user doesn't have the 'Copy or Move'
> permission on portal_membership- how can I change this?

this is almost certainly wrong.  the 'Copy or Move' permission needs to be 
available on the member object, which lives in portal_memberdata. your 
permissions on portal_membership are unrelated.

> I've already given the Anonymous user the following permissions:
> Add portal member
> Copy or Move
> membrane: Edit member id
> membrane: Register member
> remember: Add FolderishMember

this opens up what is colloquially known as a BASH... i.e. a Big Ass Security 
Hole.  i'm pretty sure you've just made it possible for any anonymous visitor 
to your site to change the actual id of any of your member objects.  that 
means that i don't even have to be logged in to change your username from 
'michael' to 'pwn3d'.

it's very dangerous to go around granting permissions to Anonymous unless you 
really understand what you're doing.

> Any ideas?

usually in Plone you have to be logged in before you can create content. 
Remember is an unusual case, b/c you HAVE to allow Anonymous users to create 
member objects if you want people to be able to join your site.  this has to 
be handled carefully, however, b/c you DON'T want Anonymous to have any 
privileges on member objects after they've been initialized.

Remember achieves this with some fancy workflow footwork.  Anonymous has the 
'Add portal member' permission, which is the add permission for member 
objects.  the default workflow state for member objects is 'new'; when a 
member object is in this state, Anonymous has the 'Modify portal content' 
permission, which means that the Anonymous user can edit the member object, 
allowing him to specify email address, fullname, etc.

here's where the magic comes in.  when you submit these values, there is an 
"automatic" workflow transition that is fired which moves the member object 
into the next workflow state (either 'public' or 'pending', usually).  this 
next workflow state does NOT give Anonymous ANY permissions on the object. 
once a member object has been concretely associated w/ a particular person, 
then the security becomes much tighter on the object.

the automatic workflow transition is protected by a "here/isValid" guard. 
this means that the workflow state change will only happen if the member 
object passes validation.  this way you don't get locked out of your member 
object if, for instance, you forget to enter an email address.

my guess is that all of the places where you've tried to hook in the custom 
setting of the 'id' value are being hit AFTER this state change has already 
happened.  if this is indeed the case, then your options are a) hook the id 
mangling code up so that it's triggered before the state change is triggered 
or b) rewrite the id mangling code so that it uses a different mechanism to 
change the id which won't engage Zope's usual security checks, or c) rewrite 
the id mangling code so that it escalates the privileges of the user to beyond 
that of Anonymous, changes the id, and then immediately returns the user to 
his unprivileged state.

> I've had another idea around trying to implement this id change in the
> approval workflow, anyone have some general approach tips?

this is a fine approach.  workflows can trigger "before transition" scripts; 
you'd want to hook your code in so that it's fired before the automatic 
transition that removes the edit privileges from the user.

note that i don't know the details of your workflow setup; you'll definitely 
need to examine that carefully to make sure the permissions are set correctly 
according to your needs.  you can learn more about how all of this works here:

http://plone.org/documentation/tutorial/understanding-permissions/

especially:

http://plone.org/documentation/tutorial/understanding-permissions/workflows

good luck,

-r

        • Re: Registration

          from michaeljoseph on Jun 11, 2008 03:52 AM 
          Hi Rob,

> > My analysis is that the Anonymous user doesn't have the 'Copy or Move'
> > permission on portal_membership- how can I change this?
>
> this is almost certainly wrong.  the 'Copy or Move' permission needs to be
> available on the member object, which lives in portal_memberdata. your
> permissions on portal_membership are unrelated.

Ok, that makes sense- I was probably confusing the parent object with
the object in question when tracing through the permissions checks.

> > I've already given the Anonymous user the following permissions:
> > Add portal member
> > Copy or Move
> > membrane: Edit member id
> > membrane: Register member
> > remember: Add FolderishMember
>
> this opens up what is colloquially known as a BASH... i.e. a Big Ass Security
> Hole.  i'm pretty sure you've just made it possible for any anonymous visitor
> to your site to change the actual id of any of your member objects.  that
> means that i don't even have to be logged in to change your username from
> 'michael' to 'pwn3d'.
>
> it's very dangerous to go around granting permissions to Anonymous unless you
> really understand what you're doing.

Understood- these change were only made to my development instance in
the interests of uncovering the required permission.  It would not be
an acceptable solution for me to deploy the product with these
important rights being assigned to Anonymous.

<snip>

> my guess is that all of the places where you've tried to hook in the custom
> setting of the 'id' value are being hit AFTER this state change has already
> happened.  if this is indeed the case, then your options are a) hook the id
> mangling code up so that it's triggered before the state change is triggered
> or b) rewrite the id mangling code so that it uses a different mechanism to
> change the id which won't engage Zope's usual security checks, or c) rewrite
> the id mangling code so that it escalates the privileges of the user to beyond
> that of Anonymous, changes the id, and then immediately returns the user to
> his unprivileged state.

Thanks for the detailed insight into the remember workflow setup,
adding a before_script in the workflow to update the id seems like the
cleanest approach.

> > I've had another idea around trying to implement this id change in the
> > approval workflow, anyone have some general approach tips?
>
> this is a fine approach.  workflows can trigger "before transition" scripts;
> you'd want to hook your code in so that it's fired before the automatic
> transition that removes the edit privileges from the user.

My workflow is just a simple one-step approval one, based on the
member_approval_workflow in remember.

thanks again for the prompt response.
michael

          • Re: Registration

            from michaeljoseph on Jun 12, 2008 05:29 AM 
            Hi All,

The workflow approach worked well.  Here are the various bits of the
solution for completeness sake:

- A custom Member type (inheriting from
Products.remember.content.member.Member) with the following schema
modifications:
  - new fields for first name and surname
  - hide the existing id and fullname fields (with .widget.visible =
{'edit': 'hidden', 'view': 'invisible'})
  - remove the password field from the registration form
(with .regfield=0)
- An external method to change the members id based on the first name
and surname:

def rename_username(self, state_change):
    try:
        obj = state_change.object
        first = self.getFirstname()
        surname = self.getSurname()
        username = generateUserName(self, first, surname)
        obj.setId(username)
        log('set username to %s' % username)
    except:
        log_exc()

- Call the rename method in the register_public transition of our
approval workflow (essentially a copy of remember's
member_approval_workflow with a workflow_id change to make it
unique).  I tried the before_script of the auto_pending transition,
but I got the same permission error.

    <transition transition_id="register_public"
             title="Approve member, make profile public"
             new_state="public" trigger="USER"
             before_script="rename_username" after_script="register">

Ok, cool- thanks your your help, and I hope this helps someone else
trying to do something similar.

cool
michael

    • Re: Registration

      from michaeljoseph on Jun 06, 2008 07:51 AM 
      Hi,

We get the following permissions error when attempting to set the id
of our custom remember.content.member.Member subclass either by using
an event subscriber, abusing the Archetypes validation hooks or
setting _at_rename_after_creation=True and overriding generateNewId:

2008-06-03T18:08:38 ERROR Zope.SiteErrorLog
http://localhost:8080/durban/portal_memberdata/portal_factory/eThekwiniMember/ethekwinimember.2008-06-03.1147579855/reg_form
Traceback (innermost last):
  Module ZPublisher.Publish, line 115, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 41, in call_object
  Module Products.CMFPlone.FactoryTool, line 369, in __call__
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 41, in call_object
  Module Products.CMFFormController.FSControllerPageTemplate, line 90,
in __call__
  Module Products.CMFFormController.BaseControllerPageTemplate, line
28, in _call
  Module Products.CMFFormController.ControllerBase, line 232, in
getNext
   - __traceback_info__: ['id = reg_form', 'status = success',
'button=register', 'errors={}', 'context=<eThekwiniMember at
ethekwinimember.2008-06-03.1147579855>',
"kwargs={'portal_status_message': 'Changes saved.'}",
'next_action=None', '']
  Module Products.CMFFormController.Actions.TraverseTo, line 38, in
__call__
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 41, in call_object
  Module Products.CMFFormController.FSControllerPythonScript, line
104, in __call__
  Module Products.CMFFormController.Script, line 145, in __call__
  Module Products.CMFCore.FSPythonScript, line 108, in __call__
  Module Shared.DC.Scripts.Bindings, line 311, in __call__
  Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
  Module Products.CMFCore.FSPythonScript, line 164, in _exec
  Module None, line 5, in do_register
   - <FSControllerPythonScript at /durban/do_register used for /durban/
portal_memberdata/portal_factory/eThekwiniMember/ethekwinimember.
2008-06-03.1147579855>
   - Line 5
  Module Products.Archetypes.BaseObject, line 649, in processForm
  Module Products.Archetypes.BaseObject, line 752, in
_renameAfterCreation
  Module Products.remember.content.member, line 100, in setId
  Module Products.Archetypes.BaseObject, line 236, in setId
  Module OFS.CopySupport, line 344, in manage_renameObject
Copy Error:
<HTML>
<HEAD>
<TITLE>Not Supported</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF">
<FORM ACTION="manage_main" METHOD="GET" >
<TABLE BORDER="0" WIDTH="100%" CELLPADDING="10">
<TR>
  <TD VALIGN="TOP">
  <BR>
  <CENTER><B><FONT SIZE="+6" COLOR="#77003B">!</FONT></B></CENTER>
  </TD>
  <TD VALIGN="TOP">
  <BR><BR>
  <CENTER>
  The action against the <em>ethekwinimember.2008-06-03.1147579855</
em> object could not be carried out. One of the following constraints
caused the problem: <br><br>The object does not support this
operation.<br><br>-- OR --<br><br>The currently logged-in user does
not have the <b>Copy or Move</b> permission respective to the object.
  </CENTER>
  </TD>
</TR>
<TR>
  <TD VALIGN="TOP">
  </TD>
  <TD VALIGN="TOP">
  <CENTER>
  <INPUT TYPE="SUBMIT" VALUE="   Ok   ">
  </CENTER>
  </TD>
</TR>
</TABLE>
</FORM>
</BODY></HTML>

My analysis is that the Anonymous user doesn't have the 'Copy or Move'
permission on portal_membership- how can I change this?
I've already given the Anonymous user the following permissions:
Add portal member
Copy or Move
membrane: Edit member id
membrane: Register member
remember: Add FolderishMember

Any ideas?

thanks
michael

On May 13, 12:48 am, Rob Miller <r...@...> wrote:
> HodrenNaidoo wrote:
> > I wanna create a new user profile but I want the username to be generated using the first name and second name. Is there a way this can be done?
>
> yes, it can be done, it may have a few tricky corners.  the id field of the
> member object is what is used as the username, by default, and id fields are a
> bit special; they're roughly the ZODB equivalent of a relational database's
> primary key.  you have to have an id, and once you set the id you shouldn't
> change it.
>
> i'd probably do something like this:
>
> - tweak the id widget's 'visible' settings so it no longer shows up on the
> edit forms (also make regfield=0 so it doesn't show up on join form).
>
> - create an IObjectAdded event subscriber that generates the id value and sets
> it on the member object.  probably want to check to make sure that the id is
> an auto-generated one, so you don't accidentally change the id should this
> event ever get fired when you don't expect it to.
>
> keep in mind that if you allow users to edit their first and last names,
> there's a possibility that the id and the names may become out of sync.
>
> -r
>
>   I was thinking of inserting an algorithm that runs once the register button
> has been clicked. Can this be done? Thanks in advance
>
>
>
> > --
> > Archive:http://www.openplans.org/projects/remember/lists/remember/archive/200...
> > To unsubscribe send an email with subject unsubscribe to remem...@....  Please contact remember-mana...@... for questions.
>
> --
> Archive:http://www.openplans.org/projects/remember/lists/remember/archive/200...
> To unsubscribe send an email with subject unsubscribe to remem...@....  Please contact remember-mana...@... for questions.
Return to conversation view