{ "info": { "author": "RedTurtle Technology", "author_email": "sviluppoplone@redturtle.it", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Framework :: Plone", "Framework :: Plone :: 3.3", "Framework :: Plone :: 4.0", "Framework :: Plone :: 4.1", "Framework :: Zope2", "Framework :: Zope3", "Intended Audience :: Developers", "Programming Language :: Python" ], "description": ".. contents:: Table of Contents\n\nIntroduction\n============\n\nA product for Plone developers. You will be able to register actions on site's contents, protected\nby a *secret token*.\n\nUsing an internal utility, or calling a provided view (``@@consume-powertoken``) you can run the action you\nhave configured previously.\n\nHow to use\n==========\n\nFirst of all you need the utility:\n\n>>> from collective.powertoken.core.interfaces import IPowerTokenUtility\n>>> utility = getUtility(IPowerTokenUtility)\n\nWith this you can register a new action on a site content (for example, a document):\n\n>>> token = utility.enablePowerToken(document, 'myMagicAction')\n\nThe *token* must (probably) kept secret, and you must use it has you prefer (for example: develop an\napplication that send the token by e-mail)\n\nYou can then execute the given action using the same utility:\n\n>>> result = utility.consumeActions(document, token)\n\nOr calling the provided view that need ``token`` and ``path`` parameters, for example:\n\n http://myplonesite/@@consume-powertoken?token=aaaa-bbbb-cccc&path=path/to/the/content\n\nThe ``consumeActions`` can also be called with additional *runtime arguments* that can be used later\nwhen the action is executed:\n\n>>> result = utility.consumeActions(document, token, runtime_parameter1='foo', runtime_parameter2=5.4)\n\nRegistering more that one action\n--------------------------------\n\nYou can also register (and then run all of theme) more that one action for a token.\n\n>>> token = utility.enablePowerToken(document, 'myMagicAction')\n>>> utility.addAction(document, token, 'myMagicAction')\n>>> utility.addAction(document, token, 'aDifferentAction')\n\nWhen you consume the token, all registered actions are executed in order.\n\n>>> result = utility.consumeActions(document, token)\n\nWhat action is executed?\n------------------------\n\nThis is only the core package so you need to look for other packages that add possible actions (or develop\nyour own).\n\nWhen you call:\n\n>>> token = utility.enablePowerToken(document, 'myMagicAction', parameter1='foo', parameter2=5)\n\n... you are preparing the call for an adapter called *myMagicAction*, saving also additional\n*configuration parameters* provided (in a special ``action`` object, see below).\nKnow that 3rd party adapter can require specific configuration parameters to works properly.\n\nWhen ``consumeActions`` is called, internally a new adapter is searched:\n\n>>> from collective.powertoken.core.interfaces import IPowerActionProvider\n>>> adapter = getMultiAdapter((document, request),\n... IPowerActionProvider,\n... name='myMagicAction')\n>>> result = adapter.doAction(action, runtime_parameter1='foo', runtime_parameter2=5.4)\n\nWhat to do with results (you can also don't provide results) is under your control. Result is always a\nPython list with all results from all executed actions. \n\nA `list of all know action providers`__ is available online (feel free to contribute and update this page\nwith your own).\n\n__ https://github.com/RedTurtle/collective.powertoken.core/blob/master/docs/KNOW-ACTION-PROVIDERS.txt\n\nSpecial parameters\n------------------\n\nWhen calling ``enablePowerToken`` and you give additional parameters, they are stored in the ``action``\nobject:\n\n``roles``\n Default to empty list. Commonly when you call ``consumeActions`` you are performing an action keeping user's\n privileges. Providing there a list of Zope roles will give you *those* roles instead. In this way,\n knowing a token, you can commonly perform unauthorized actions.\n``oneTime``\n Default to True. When you call ``consumeActions`` you commonly execute the action and remove the action\n from the action list.\n Instead you can configure an action that never expire the token when executed, so you can call it many\n times as you want (using the same token every time).\n``params``\n Default is an empty dict, automatically filled with every other keyword argument passed,\n commonly used by adapters.\n\nAdditional advanced, parameters:\n\n``unrestricted``\n Defaut: False. Use an unrestricted user, that always pass security check. Please note that\n *you commonly don't need this*, just configure well ``roles``.\n``username``\n Defaut: None. When using a different security context, like when using the ``roles`` parameter, instead\n of the current user's id (or an empty string when anonymous) you can choose a new one.\n\nFinal security note\n===================\n\nThis product play with Zope security, potentially giving great power to users, simply knowing the secret token.\n\n**Be careful!**\n\nAuthors\n=======\n\nThis product was developed by RedTurtle Technology team.\n\n.. image:: http://www.redturtle.it/redturtle_banner.png\n :alt: RedTurtle Technology Site\n :target: http://www.redturtle.it/\n\nChangelog\n=========\n\n0.3.0 (2012-02-15)\n------------------\n\n* now you can add *runtime parameters* when consuming actions [keul]\n* updated documentation and fixed from errors [keul]\n\n0.2.0 (2012-01-15)\n------------------\n\n* added new option: ``unrestricted`` (you commonly don't need this, really) [keul]\n* added new option: ``username`` [keul]\n\n0.1.0 (2012-01-11)\n------------------\n\n* Initial release", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://plone.org/products/collective.powertoken.core", "keywords": "plone security token plonegov", "license": "GPL", "maintainer": null, "maintainer_email": null, "name": "collective.powertoken.core", "package_url": "https://pypi.org/project/collective.powertoken.core/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/collective.powertoken.core/", "project_urls": { "Download": "UNKNOWN", "Homepage": "http://plone.org/products/collective.powertoken.core" }, "release_url": "https://pypi.org/project/collective.powertoken.core/0.3.0/", "requires_dist": null, "requires_python": null, "summary": "A mechanism for bypass Plone security, performing operations normally unauthorized, if a secret token is know (core package)", "version": "0.3.0" }, "last_serial": 1771622, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "b96deaa040ac6013934c08f9df37c13b", "sha256": "422f9d18be3dcd2b774994719fdd5615d0bbe72718f8f23992807751e687a198" }, "downloads": -1, "filename": "collective.powertoken.core-0.1.0.tar.gz", "has_sig": false, "md5_digest": "b96deaa040ac6013934c08f9df37c13b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 17792, "upload_time": "2012-01-11T09:22:36", "url": "https://files.pythonhosted.org/packages/8d/1a/a9fd629353e5d4ff1d4a3f1317d4a3bf2bb1d0fc80c99fef0471d348e7c3/collective.powertoken.core-0.1.0.tar.gz" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "b36be80aed56620f568dd66885eb5585", "sha256": "f01d55b5a8e98cfa06ecfeb8fb3d8f919b9567a2da58848145906ae3251e0fdd" }, "downloads": -1, "filename": "collective.powertoken.core-0.2.0.tar.gz", "has_sig": false, "md5_digest": "b36be80aed56620f568dd66885eb5585", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18692, "upload_time": "2012-01-15T16:21:44", "url": "https://files.pythonhosted.org/packages/7e/dc/ef35b358137e26ffaf1ed26fbf85a0acca1b5717136751b13487e5946a9c/collective.powertoken.core-0.2.0.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "7defb93c71e1b52ac0d26816f9686328", "sha256": "072eec6040f8b885b55e929e7842f65cb61528dc43c47ed6128e349c254addc8" }, "downloads": -1, "filename": "collective.powertoken.core-0.3.0.tar.gz", "has_sig": false, "md5_digest": "7defb93c71e1b52ac0d26816f9686328", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18998, "upload_time": "2012-02-15T15:46:29", "url": "https://files.pythonhosted.org/packages/95/aa/38c91b448cfd7ce020388317763a83f8fa9a3bf6528138cb3e5a7f316a45/collective.powertoken.core-0.3.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "7defb93c71e1b52ac0d26816f9686328", "sha256": "072eec6040f8b885b55e929e7842f65cb61528dc43c47ed6128e349c254addc8" }, "downloads": -1, "filename": "collective.powertoken.core-0.3.0.tar.gz", "has_sig": false, "md5_digest": "7defb93c71e1b52ac0d26816f9686328", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18998, "upload_time": "2012-02-15T15:46:29", "url": "https://files.pythonhosted.org/packages/95/aa/38c91b448cfd7ce020388317763a83f8fa9a3bf6528138cb3e5a7f316a45/collective.powertoken.core-0.3.0.tar.gz" } ] }