Must Plone groups be persistent in acl_users?

zopyx · September 24, 2018, 1:39pm

I have written a PAS plugin that connects through PAS with Civirm.

The enumerateGroups() returns two groups Anlage 1 and Anlage 2. They exist as Civirm groups and we want to map them as Plone groups.

The Plone group control panel fails here:


Module ZPublisher.Publish, line 138, in publish
Module ZPublisher.mapply, line 77, in mapply
Module ZPublisher.Publish, line 48, in call_object
Module Products.CMFPlone.controlpanel.browser.usergroups_groupsoverview, line 35, in __call__
Module Products.CMFPlone.controlpanel.browser.usergroups_groupsoverview, line 57, in doSearch
AttributeError: 'NoneType' object has no attribute 'getProperty'

The doSearch() implementation has these group data here:

(Pdb) pp inheritance_enabled_groups        
[{'groupid': u'Anlage2',
  'id': u'Anlage2',
  'pluginid': 'civicrm_helper',
  'principal_type': 'group',
  'title': u'(Group) Anlage2'},
 {'groupid': u'Anlage1',
  'id': u'Anlage1',
  'pluginid': 'civicrm_helper',
  'principal_type': 'group',
  'title': u'(Group) Anlage1'}]

and then tries to get the group from the acl_users folder by id.

(Pdb) acl
<PluggableAuthService at /plone/acl_users used for /plone>
(Pdb) print acl.getGroupById(groupId)
None
(Pdb) groupId
u'Anlage2'

This fails of course because the groups are only transient and do not exist in Plone directly.

Is there a way to inject arbitrary groups into PAS without having them as a persistent group inside Plone?

-aj

jaroel · September 24, 2018, 6:29pm

I don't think so. You'll need to implement a lot, though - ie getGroupById and properties support.

rafaelbco · September 24, 2018, 7:41pm

I think collective.anotherdynamicgroupsplugin (available in PyPI and GitHub) deals with similar issues.

jensens · September 24, 2018, 8:21pm

If you do not want to access the group data on each request from its original source, you have to store it somewhere. I think that's the nature of data if you need to work with it. pas.plugins.ldap does cache it using memcached, pas.plugins.authomatic writes a btree with most basic information (here users, but users and groups are very similar).

zopyx · September 25, 2018, 6:42am

Yes, you are right here. The plugin must provide getGroupById() and return a GroupData object or something similar.