You are here: Home / Documentation / How To's / Scripts that let Site Owners manage group memberships

Scripts that let Site Owners manage group memberships

by nguyen — published May 02, 2011 11:40 PM, last modified Aug 16, 2016 10:50 AM
In our sites we give Site Owners a "SiteOwner" role, not "Manager", but we still want site owners to be able to manage group memberships on their site.

Obsolete?

The scripts described below have been superseded by version 0.2.1 of the uwosh.policy.siteowner product, which contains similar controller page forms packaged along with the SiteOwner role.

How to Use These Scripts

Put these Script (Python) objects into portal_skins/custom.  Use the ZMI Security tab to grant access only to Manager role and very limited access to SiteOwner role.  Use the Proxy tab to grant Manager role to the script.

Listing Group Members (.listGroupMembers)

# Use the ZMI Security tab to allow only Site Owners and Managers to run this script.
# Uncheck all the Acquire boxes, check all the Manager role boxes, and for SiteOwner role check only the "Access contents information" and "View" boxes.

users = context.acl_users
pgm = users.source_groups
pm = context.portal_membership
currentUser = pm.getAuthenticatedMember()

def doit():
  out = []
  groups = pgm.getGroupIds()
  for g in groups:
    who = pgm.listAssignedPrincipals(g)
    out.append( '%s members:\n' % (g))
    for x in who:
      out.append( '    %s\n' % (x[0]))
  return out

if True:
  out = doit()
  for o in out:
    print o

print 'Job completed.'
return printed
 

Adding a Group Member (.addGroupMember)

Set this Script (Python) object's parameter list to: userId, groupId

# Use the ZMI Security tab to allow only Site Owners and Managers to run this script.
# Uncheck all the Acquire boxes, check all the Manager role boxes, and for SiteOwner role check only the "Access contents information" and "View" boxes.

users = context.acl_users
pgm = users.source_groups
pm = context.portal_membership
currentUser = pm.getAuthenticatedMember

def doit():
  out = []
  groups = pgm.getGroupIds()
  if groupId not in groups:
    out.append( 'The groupId %s does not exist.' % groupId)
  else:
    who = pgm.listAssignedPrincipals(groupId)
    if userId in [w[0] for w in who]:
      out.append( 'userId %s is already in groupId %s.' % (userId, groupId))
    else:
      pgm.addPrincipalToGroup(userId, groupId)
      who2 = pgm.listAssignedPrincipals(groupId)
      if userId in [w[0] for w in who2]:
        out.append( 'OK: added userId %s to groupId %s\n' % (userId, groupId))
      else:
        out.append( 'ERROR adding userId %s to groupId %s\n' % (userId, groupId))
  return out

failz0r = False

if groupId in ('Administrators', 'Site Owners'):
  print 'You are not allowed to modify the membership of groupId %s' % groupId
  failz0r = True

info = pm.getMemberInfo(userId)
if not info:
  print 'userId %s does not exist' % userId
  failz0r = True

if not failz0r:
  out = doit()
  for o in out:
    print o

print 'Job completed.'
return printed
 

Removing a Group Member (.removeGroupMember)

Set this Script (Python) object's parameter list to: userId, groupId

# Use the ZMI Security tab to allow only Site Owners and Managers to run this script.
# Uncheck all the Acquire boxes, check all the Manager role boxes, and for SiteOwner role check only the "Access contents information" and "View" boxes.

users = context.acl_users
pgm = users.source_groups
pm = context.portal_membership
currentUser = pm.getAuthenticatedMember

def doit():
  out = []
  groups = pgm.getGroupIds()
  if groupId not in groups:
    out.append( 'The groupId %s does not exist.' % groupId)
  else:
    who = pgm.listAssignedPrincipals(groupId)
    if userId not in [w[0] for w in who]:
      out.append( 'userId %s is not in groupId %s.' % (userId, groupId))
    else:
      pgm.removePrincipalFromGroup(userId, groupId)
      who2 = pgm.listAssignedPrincipals(groupId)
      if userId not in [w[0] for w in who2]:
        out.append( 'OK: removed userId %s from groupId %s\n' % (userId, groupId))
      else:
        out.append( 'ERROR removing userId %s from groupId %s\n' % (userId, groupId))
  return out

failz0r = False

if groupId in ('Administrators', 'Site Owners'):
  print 'You are not allowed to modify the membership of groupId %s' % groupId
  failz0r = True

info = pm.getMemberInfo(userId)
if not info:
  print 'userId %s does not exist' % userId
  failz0r = True

if not failz0r:
  out = doit()
  for o in out:
    print o

print 'Job completed.'
return printed
 

 

Navigation