from App.class_init import InitializeClass
from Acquisition import aq_base
from AccessControl import ClassSecurityInfo
 
from zope.interface import implements
 
from Products.BTreeFolder2.BTreeFolder2 import BTreeFolder2
from Products.CMFCore.permissions import ManagePortal
from Products.CMFCore.utils import getToolByName
from Products.CMFCore.MemberDataTool import MemberData as BaseMemberData
from Products.CMFCore.MemberDataTool import MemberDataTool as BaseTool
 
from Products.PluggableAuthService.interfaces.authservice \
    import IPluggableAuthService
from Products.PluggableAuthService.interfaces.plugins \
    import IPropertiesPlugin, IRoleAssignerPlugin
 
from Products.PlonePAS.interfaces.plugins import IUserManagement
from Products.PlonePAS.interfaces.group import IGroupManagement
from Products.PlonePAS.interfaces.propertysheets import IMutablePropertySheet
from Products.PlonePAS.interfaces.capabilities \
    import IDeleteCapability, IPasswordSetCapability
from Products.PlonePAS.interfaces.capabilities \
    import IGroupCapability, IAssignRoleCapability
from Products.PlonePAS.interfaces.capabilities import IManageCapabilities
from AccessControl.requestmethod import postonly
 
_marker = object()
 
 
class MemberDataTool(BaseTool):
    """PAS-specific implementation of memberdata tool.
    """
 
    meta_type = "PlonePAS MemberData Tool"
    security = ClassSecurityInfo()
    toolicon = 'tool.gif'
 
    def __init__(self):
        BaseTool.__init__(self)
        self.portraits = BTreeFolder2(id='portraits')
 
    def _getPortrait(self, member_id):
        "return member_id's portrait if you can "
        return self.portraits.get(member_id, None)
 
    def _setPortrait(self, portrait, member_id):
        " store portrait which must be a raw image in _portrais "
        if member_id in self.portraits:
            self.portraits._delObject(member_id)
        self.portraits._setObject(id=member_id, object=portrait)
 
    def _deletePortrait(self, member_id):
        " remove member_id's portrait "
        if member_id in self.portraits:
            self.portraits._delObject(member_id)
 
    security.declarePrivate('pruneMemberDataContents')
    def pruneMemberDataContents(self):
        '''
        Compare the user IDs stored in the member data
        tool with the list in the actual underlying acl_users
        and delete anything not in acl_users
        '''
        BaseTool.pruneMemberDataContents(self)
        membertool = getToolByName(self, 'portal_membership')
        portraits = self.portraits
        user_list = membertool.listMemberIds()
 
        for tuple in portraits.items():
            member_id = tuple[0]
            if member_id not in user_list:
                self.portraits._delObject(member_id)
 
    security.declareProtected(ManagePortal, 'purgeMemberDataContents')
    def purgeMemberDataContents(self):
        '''
        Delete ALL MemberData information. This is required for us as we change
        the MemberData class.
        '''
        members = self._members
 
        for tuple in members.items():
            member_name = tuple[0]
            del members[member_name]
 
        return "Done."
 
    security.declarePrivate("updateMemberDataContents")
    def updateMemberDataContents(self,):
        """Update former MemberData objects to new MemberData objects
        """
        count = 0
        members = self._members
        properties = self.propertyIds()
 
        # Scan members for old MemberData
        for member_name, member_obj in members.items():
            values = {}
            if getattr(member_obj, "_is_new_kind", None):
                continue        # Do not have to upgrade that object
 
            # Have to upgrade. Create the values mapping.
            for pty_name in properties:
                user_value = getattr(member_obj, pty_name, _marker)
                if user_value is not _marker:
                    values[pty_name] = user_value
 
            # Wrap a new user object of the RIGHT class
            u = self.acl_users.getUserById(member_name, None)
            if not u:
                continue                # User is not in main acl_users anymore
            self.wrapUser(u)
 
            # Set its properties
            mbr = self._members.get(member_name, None)
            if not mbr:
                raise RuntimeError("Error while upgrading user '%s'."
                                        % (member_name, ))
            mbr.setProperties(values, force_local=1)
            count += 1
 
        return count
 
    security.declarePrivate('searchMemberDataContents')
    def searchMemberDataContents(self, search_param, search_term):
        """
        Search members.
        This is the same as CMFCore except that it doesn't check term case.
        """
        res = []
 
        search_term = search_term.strip().lower()
 
        if search_param == 'username':
            search_param = 'id'
 
        mtool = getToolByName(self, 'portal_membership')
 
        for member_id in self._members.keys():
            user_wrapper = mtool.getMemberById(member_id)
 
            if user_wrapper is not None:
                memberProperty = user_wrapper.getProperty
                searched = memberProperty(search_param, None)
 
                if searched is not None:
                    if searched.strip().lower().find(search_term) != -1:
 
                        res.append({'username': memberProperty('id'),
                                    'email': memberProperty('email', '')})
        return res
 
    security.declarePublic('searchFulltextForMembers')
    def searchFulltextForMembers(self, s):
        """search for members which do have string 's' in name, email or full
        name (if defined)
 
        this is mainly used for the localrole form
        """
        s = s.strip().lower()
        mu = getToolByName(self, 'portal_membership')
 
        res = []
        for member in mu.listMembers():
            u = member.getUser()
            if u.getUserName().lower().find(s) != -1 \
                or member.getProperty('fullname').lower().find(s) != -1 \
                or member.getProperty('email').lower().find(s) != -1:
                    res.append(member)
        return res
 
    #### check to see if we can add users. Need to be careful here
    #### so we do not write on read
    def canAddMemberData(self):
        try:
            if self.REQUEST.REQUEST_METHOD != 'POST':
                return False
            if getattr(self, '_p_jar', None) and \
                    len(self._p_jar._registered_objects) > 0:
                # XXX do not write on read
                return True
        except AttributeError:
            pass
        return False
 
    #### an exact copy from the base, so that we pick up the new MemberData.
    #### wrapUser should have a MemberData factory method to over-ride (or even
    #### set at run-time!) so that we don't have to do this.
    def wrapUser(self, u):
        '''
        If possible, returns the Member object that corresponds
        to the given User object.
        We override this to ensure OUR MemberData class is used
        '''
        id = u.getId()
        members = self._members
        if not id in members:
            base = aq_base(self)
            md = MemberData(base, id)
            if self.canAddMemberData():
                # XXX do not write on read
                members[id] = md
            return md.__of__(self).__of__(u)
        else:
            # Return a wrapper with self as containment and
            # the user as context.
            return members[id].__of__(self).__of__(u)
 
    @postonly
    def deleteMemberData(self, member_id, REQUEST=None):
        """ Delete member data of specified member.
        """
        if IPluggableAuthService.providedBy(self.acl_users):
            # It's a PAS! Whee!
            # XXX: can we safely assume that user name == member_id
            plugins = self._getPlugins()
            prop_managers = plugins.listPlugins(IPropertiesPlugin)
            for mid, prop_manager in prop_managers:
                # Not all PropertiesPlugins support user deletion
                try:
                    prop_manager.deleteUser(member_id)
                except AttributeError:
                    pass
 
        # we won't always have PlonePAS users, due to acquisition,
        # nor are guaranteed property sheets
        members = self._members
        if member_id in members:
            del members[member_id]
            return 1
        else:
            return 0
 
    ## plugin getter
    def _getPlugins(self):
        return self.acl_users.plugins
 
InitializeClass(MemberDataTool)
 
 
class MemberData(BaseMemberData):
 
    security = ClassSecurityInfo()
    implements(IManageCapabilities)
 
    ## setProperties uses setMemberProperties. no need to override.
 
    def setMemberProperties(self, mapping, force_local=0):
        """PAS-specific method to set the properties of a
        member. Ignores 'force_local', which is not reliably present.
        """
        sheets = None
 
        # We could pay attention to force_local here...
        if not IPluggableAuthService.providedBy(self.acl_users):
            # Defer to base impl in absence of PAS, a PAS user, or
            # property sheets
            return BaseMemberData.setMemberProperties(self, mapping)
        else:
            # It's a PAS! Whee!
            user = self.getUser()
            sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)()
 
            # We won't always have PlonePAS users, due to acquisition,
            # nor are guaranteed property sheets
            if not sheets:
                # Defer to base impl if we have a PAS but no property
                # sheets.
                return BaseMemberData.setMemberProperties(self, mapping)
 
        # If we got this far, we have a PAS and some property sheets.
        # XXX track values set to defer to default impl
        # property routing?
        modified = False
        for k, v in mapping.items():
            if v == None:
                continue
            for sheet in sheets:
                if not sheet.hasProperty(k):
                    continue
                if IMutablePropertySheet.providedBy(sheet):
                    sheet.setProperty(user, k, v)
                    modified = True
                else:
                    break
                    #raise RuntimeError, ("Mutable property provider "
                    #                     "shadowed by read only provider")
        if modified:
            self.notifyModified()
 
    def getProperty(self, id, default=_marker):
        """PAS-specific method to fetch a user's properties. Looks
        through the ordered property sheets.
        """
        sheets = None
        if not IPluggableAuthService.providedBy(self.acl_users):
            return BaseMemberData.getProperty(self, id)
        else:
            # It's a PAS! Whee!
            user = self.getUser()
            sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)()
 
            # we won't always have PlonePAS users, due to acquisition,
            # nor are guaranteed property sheets
            if not sheets:
                return BaseMemberData.getProperty(self, id, default)
 
        # If we made this far, we found a PAS and some property sheets.
        for sheet in sheets:
            if sheet.hasProperty(id):
                # Return the first one that has the property.
                value = sheet.getProperty(id)
                if isinstance(value, unicode):
                    # XXX Temporarily work around the fact that
                    # property sheets blindly store and return
                    # unicode. This is sub-optimal and should be
                    # dealed with at the property sheets level by
                    # using Zope's converters.
                    return value.encode('utf-8')
                return value
 
        # Couldn't find the property in the property sheets. Try to
        # delegate back to the base implementation.
        return BaseMemberData.getProperty(self, id, default)
 
    def getPassword(self):
        """Returns None. Present to avoid NotImplementedError."""
        return None
 
    ## IManageCapabilities methods
 
    def canDelete(self):
        """True iff user can be removed from the Plone UI."""
        # IUserManagement provides doDeleteUser
        plugins = self._getPlugins()
        managers = plugins.listPlugins(IUserManagement)
        for mid, manager in managers:
            if (IDeleteCapability.providedBy(manager) and
                    manager.allowDeletePrincipal(self.getId())):
                return True
        return False
 
    def canPasswordSet(self):
        """True iff user can change password."""
        # IUserManagement provides doChangeUser
        plugins = self._getPlugins()
        managers = plugins.listPlugins(IUserManagement)
        for mid, manager in managers:
            if (IPasswordSetCapability.providedBy(manager) and
                    manager.allowPasswordSet(self.getId())):
                return True
        return False
 
    def passwordInClear(self):
        """True iff password can be retrieved in the clear (not hashed.)
 
        False for PAS. It provides no API for getting passwords,
        though it would be possible to add one in the future.
        """
        return 0
 
    def _memberdataHasProperty(self, prop_name):
        mdata = getToolByName(self, 'portal_memberdata', None)
        if mdata:
            return mdata.hasProperty(prop_name)
        return 0
 
    def canWriteProperty(self, prop_name):
        """True iff the member/group property named in 'prop_name'
        can be changed.
        """
        if not IPluggableAuthService.providedBy(self.acl_users):
            # not PAS; Memberdata is writable
            return self._memberdataHasProperty(prop_name)
        else:
            # it's PAS
            user = self.getUser()
            sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)()
            if not sheets:
                return self._memberdataHasProperty(prop_name)
 
            for sheet in sheets:
                if not sheet.hasProperty(prop_name):
                    continue
                if IMutablePropertySheet.providedBy(sheet):
                    # BBB for plugins implementing an older version of
                    # IMutablePropertySheet
                    if hasattr(sheet, 'canWriteProperty'):
                        return sheet.canWriteProperty(user, prop_name)
                    return True
                else:
                    break  # shadowed by read-only
        return False
 
    def canAddToGroup(self, group_id):
        """True iff member can be added to group."""
        # IGroupManagement provides IGroupCapability
        plugins = self._getPlugins()
        managers = plugins.listPlugins(IGroupManagement)
        for mid, manager in managers:
            if (IGroupCapability.providedBy(manager) and
                    manager.allowGroupAdd(self.getId(), group_id)):
                return True
        return False
 
    def canRemoveFromGroup(self, group_id):
        """True iff member can be removed from group."""
        # IGroupManagement provides IGroupCapability
        plugins = self._getPlugins()
        managers = plugins.listPlugins(IGroupManagement)
        for mid, manager in managers:
            if (IGroupCapability.providedBy(manager) and
                    manager.allowGroupRemove(self.getId(), group_id)):
                return True
        return False
 
    def canAssignRole(self, role_id):
        """True iff member can be assigned role. Role id is string."""
        # IRoleAssignerPlugin provides IAssignRoleCapability
        plugins = self._getPlugins()
        managers = plugins.listPlugins(IRoleAssignerPlugin)
        for mid, manager in managers:
            if (IAssignRoleCapability.providedBy(manager) and
                    manager.allowRoleAssign(self.getId(), role_id)):
                return True
        return False
 
    security.declarePrivate('setSecurityProfile')
    def setSecurityProfile(self, password=None, roles=None, domains=None):
        """Set the user's basic security profile"""
        u = self.getUser()
 
        # The Zope User API is stupid, it should check for None.
        if roles is None:
            roles = list(u.getRoles())
            if 'Authenticated' in roles:
                roles.remove('Authenticated')
        if domains is None:
            domains = u.getDomains()
 
        u.userFolderEditUser(u.getUserId(), password, roles, domains)
 
    ## plugin getters
 
    security.declarePrivate('_getPlugins')
    def _getPlugins(self):
        return self.acl_users.plugins
 
 
InitializeClass(MemberData)