New security UI

lib/python/AccessControl/User.py

 """Access control package"""
 
-__version__='$Revision: 1.33 $'[11:-2]
+__version__='$Revision: 1.34 $'[11:-2]
 
 
 from PersistentMapping import PersistentMapping
@@ -47,7 +47,6 @@ class User(Implicit, Persistent):
 		continue
 	    return 0
 
-
 # 	if (roles is None) or ('Anonymous' in roles):
 # 	    return 1
 # 	for role in roles:
@@ -160,6 +159,11 @@ class UserFolder(Implicit, Persistent, Navigation, Tabs, Item,
 		   title  ='Illegal value', 
                    message='Password and confirmation do not match',
                    action ='manage_main')
+	if 'Shared' in roles:
+            return MessageDialog(
+		   title  ='Illegal value', 
+                   message='Shared is not a legal role name',
+                   action ='manage_main')
         self.data[name]=User(name,password,roles)
 	return self._mainUser(self, REQUEST)
 
@@ -179,6 +183,11 @@ class UserFolder(Implicit, Persistent, Navigation, Tabs, Item,
 		   title  ='Illegal value', 
                    message='Password and confirmation do not match',
                    action ='manage_main')
+	if 'Shared' in roles:
+            return MessageDialog(
+		   title  ='Illegal value', 
+                   message='Shared is not a legal role name',
+                   action ='manage_main')
 	user=self.data[name]
 	user.__=password
 	user.roles=roles

lib/python/AccessControl/addAccess.dtml

@@ -7,9 +7,9 @@
 <!--#var manage_tabs-->
 <!--#/if manage_tabs-->
 <P>
-Select one or more roles below, and a type of access that will given 
-to users who have those roles. Select &quot;Special Access...&quot;
-if you would like to define a new type of access.
+Select one or more roles below, and the permissions that should be
+given to those roles.
+
 
 <FORM ACTION="manage_access" METHOD="POST">
 <TABLE CELLPADDING="2">
@@ -27,19 +27,24 @@ if you would like to define a new type of access.
 </TR>
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Type of access</STRONG>
+  <STRONG>Permissions</STRONG>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <SELECT NAME="access">
-  <!--#in access_types-->
-  <OPTION VALUE="<!--#var sequence-var-name-->"><!--#var sequence-var-name-->
-  <!--#/in access_types-->
-  <OPTION VALUE="Special Access...">Special Access...
-  </SELECT>
-  <BR>
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add">
+  <FONT SIZE="-1">
+  <!--#in access_permissions-->
+  <INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"><!--#var sequence-var-name--><BR>
+  <!--#/in access_permissions-->
+  </FONT>
   </TD>
 </TR>
+<TR>
+  <TD ALIGN="LEFT" VALIGN="TOP">
+  </TD>
+  <TD ALIGN="LEFT" VALIGN="TOP">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add">
+  </TD>
+</TR>
+
 </TABLE>
 </FORM>
 </BODY>

lib/python/AccessControl/addUser.dtml

@@ -41,7 +41,9 @@ roles for the new user and click "Add".
   <TD VALIGN="TOP">
   <SELECT NAME="roles:list" SIZE="5" MULTIPLE>
   <!--#in valid_roles-->
+  <!--#if expr="_vars['sequence-item'] != 'Shared'"-->
   <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
+  <!--#/if-->
   <!--#/in valid_roles-->
   </SELECT>
   <BR>

lib/python/AccessControl/specAccess.dtml → lib/python/AccessControl/delAccess.dtml

@@ -7,33 +7,28 @@
 <!--#var manage_tabs-->
 <!--#/if manage_tabs-->
 <P>
+To remove all permissions for one or more roles, select the roles 
+below and click the &quot;Remove&quot; button.
+
 <FORM ACTION="manage_access" METHOD="POST">
 <TABLE CELLPADDING="2">
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Roles</STRONG>
+  <STRONG>Remove permissions for</STRONG>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
   <SELECT NAME="roles:list" SIZE="4" MULTIPLE>
   <!--#in valid_roles-->
-  <OPTION VALUE="<!--#var sequence-item-->" <!--#if expr="_vars['sequence-item'] in roles"-->SELECTED<!--#/if-->><!--#var sequence-item-->
+  <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
   <!--#/in valid_roles-->
   </SELECT>
   </TD>
 </TR>
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Special access</STRONG>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="TEXT" NAME="access" SIZE="25">
-  <BR>
-  <!--#in access_permissions-->
-  <INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"> <EM><!--#var sequence-var-name--></EM>
-  <BR>
-  <!--#/in access_permissions-->
-  <BR>
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="OK">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Remove">
   </TD>
 </TR>
 </TABLE>

lib/python/AccessControl/editAccess.dtml

@@ -6,7 +6,7 @@
 <!--#if manage_tabs-->
 <!--#var manage_tabs-->
 <!--#/if manage_tabs-->
-<P>
+
 <FORM ACTION="manage_access" METHOD="POST">
 <TABLE CELLPADDING="2">
 <TR>
@@ -14,25 +14,31 @@
   <STRONG>Role</STRONG>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <EM><!--#var role--></EM>
+  <!--#var role-->
+  </TD>
+</TR>
+<TR>
+  <TD ALIGN="LEFT" VALIGN="TOP">
+  <STRONG>Permissions</STRONG>
+  </TD>
+  <TD ALIGN="LEFT" VALIGN="TOP">
+  <FONT SIZE="-1">
+  <!--#in access_permissions-->
+  <INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"<!--#if expr="role in _vars['sequence-item'].getRoles()"-->  CHECKED<!--#/if-->>
+  <!--#var sequence-var-name--><BR>
+  <!--#/in access_permissions-->
+  </FONT>
   </TD>
 </TR>
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Type of access</STRONG>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
   <INPUT TYPE="HIDDEN" NAME="role" VALUE="<!--#var role-->">
-  <SELECT NAME="access">
-  <!--#in access_types-->
-  <OPTION VALUE="<!--#var sequence-var-name-->"<!--#if expr="role in _vars['sequence-item'].getRoles()"-->SELECTED<!--#/if-->><!--#var sequence-var-name-->
-  <!--#/in access_types-->
-  <OPTION VALUE="Special Access...">Special Access...
-  </SELECT>
-  <BR>
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Change">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Change">
   </TD>
 </TR>
+
 </TABLE>
 </FORM>
 </BODY>

lib/python/AccessControl/editUser.dtml

@@ -38,11 +38,13 @@
 <TD VALIGN="TOP">
 <SELECT NAME="roles:list" SIZE="5" MULTIPLE>
 <!--#in valid_roles-->
+<!--#if expr="_vars['sequence-item'] != 'Shared'"-->
 <!--#if expr="_vars['sequence-item'] in user.roles"-->
 <OPTION VALUE="<!--#var sequence-item-->" SELECTED><!--#var sequence-item-->
 <!--#else-->
 <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
 <!--#/if-->
+<!--#/if-->
 <!--#/in valid_roles-->
 </SELECT>
 <INPUT TYPE="HIDDEN" NAME="name" VALUE="<!--#var expr="user.name"-->">

lib/python/AccessControl/listAccess.dtml

-<HTML>
-<HEAD>
-<TITLE>Security</TITLE>
-</HEAD>
-<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
-<!--#if manage_tabs-->
-<!--#var manage_tabs-->
-<!--#/if manage_tabs-->
-
-<FORM ACTION="manage_access" METHOD="POST">
-<TABLE CELLPADDING="2">
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Users with the role</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var role-->
-  </TD>
-</TR>
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>have type of access</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var expr="access_type_for(role)"-->,
-  </TD>
-</TR>
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>which corresponds to</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <FONT SIZE="-1">
-  <!--#in access_permissions-->
-  <INPUT TYPE="CHECKBOX" NAME="p" VALUE=""<!--#if
-  expr="_vars['sequence-item'].name in access_type_for(role).data"-->
-  CHECKED<!--#/if-->>
-  <!--#var sequence-var-name--><BR>
-  <!--#/in access_permissions-->
-  </FONT>
-  </TD>
-</TR>
-</TABLE>
-</FORM>
-</BODY>
-</HTML>

lib/python/AccessControl/mainAccess.dtml

@@ -6,70 +6,49 @@
 <!--#if manage_tabs-->
 <!--#var manage_tabs-->
 <!--#/if manage_tabs-->
+
 <P>
-<!--#if access_info-->
 The listing below shows the current security settings for this item. 
-Each role listed has been given a type of access which represents 
-a specific set of permissions. Click on the name of a role for details 
-on the specific permissions granted to that role.
+Each permission is listed along with the roles which have been given 
+that permission. To change the permissions for a role, click on the 
+name of the role.
+
+
 <FORM ACTION="manage_access" METHOD="POST">
-<TABLE CELLPADDING="2">
+<TABLE>
 <TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>
-  Role
-  </STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Type of access</STRONG>
-  </TD>
+<TD ALIGN="LEFT" VALIGN="TOP">
+<STRONG>Permission</STRONG>
+</TD>
+<TD ALIGN="LEFT" VALIGN="TOP">
+<STRONG>Roles</STRONG>
+</TD>
 </TR>
-<!--#in access_info mapping-->
+<!--#in access_permissions-->
 <TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="CHECKBOX" NAME="roles:list"
-   VALUE="<!--#var sequence-var-name-->">
-  <A HREF="manage_access?role=<!--#var sequence-var-name fmt=url-quote-->&SUBMIT=List"><!--#var sequence-var-name--></A>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var sequence-var-value-->
-  </TD>
+<TD ALIGN="LEFT" VALIGN="TOP">
+<!--#var sequence-var-name-->
+</TD>
+<TD ALIGN="LEFT" VALIGN="TOP">
+<!--#in sequence-var-getRoles-->
+<A HREF="manage_access?role=<!--#var sequence-item fmt=url-quote-->&submit=Edit"><!--#var sequence-item--></A><!--#else sequence-end-->, <!--#/else-->
+<!--#/in-->
+<!--#else sequence-var-getRoles-->
+<I>None Defined</I>
+<!--#/else-->
+</TD>
 </TR>
-<!--#/in access_info-->
+<!--#/in-->
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add...">
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Remove">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add...">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Remove...">
   </TD>
 </TR>
 </TABLE>
 </FORM>
-<P>
-<!--#if access_defaults-->
-Users having roles defined at this level and above that have been 
-given the &quot;Default permission&quot; have the following 
-permissions to this object: <EM>
-<!--#in access_defaults-->
-<!--#var sequence-var-name-->
-<!--#if sequence-end--><!--#else-->, <!--#/if-->
-<!--#/in access_defaults-->
-</EM>
-<!--#/if access_defaults-->
-<!--#/if access_info-->
-
-<!--#else access_info-->
-This object is using default security. Users having roles defined at 
-this level and above that have been given the &quot;Default permission&quot; 
-have access to this object.
-<P>
-To set explicit security on this item, click the &quot;Add...&quot; button.
-<BR>
-<FORM ACTION="manage_access" METHOD="POST">
-<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add...">
-</FORM>
-<!--#/else access_info-->
 
 <P> 
 <FORM ACTION="manage_access" METHOD="POST">
@@ -88,7 +67,7 @@ To set explicit security on this item, click the &quot;Add...&quot; button.
   <INPUT TYPE="TEXT" NAME="role" SIZE="16">
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add Role">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add Role">
   </TD>
 </TR>
 <!--#if userdefined_roles-->
@@ -101,7 +80,7 @@ To set explicit security on this item, click the &quot;Add...&quot; button.
   </SELECT>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Delete Role">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Delete Role">
   </TD>
 </TR>
 <!--#/if userdefined_roles-->
@@ -112,35 +91,6 @@ To set explicit security on this item, click the &quot;Add...&quot; button.
 <BR><BR>
 <BR><BR>
 <BR><BR>
-Access Types:
-<TABLE BORDER="0" CELLPADDING="2">
-<!--#in access_types-->
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var sequence-var-name-->
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var sequence-var-getRoles-->
-  </TD>
-</TR>
-<!--#/in access_types-->
-</TABLE>
-<P>
-Permissions:
-<TABLE BORDER="0" CELLPADDING="2">
-<!--#in access_permissions-->
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var sequence-var-name-->
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var sequence-var-getRoles-->
-  </TD>
-</TR>
-<!--#/in access_permissions-->
-</TABLE>
-<P>
-Attributes:
 <TABLE BORDER="0" CELLPADDING="2">
 <!--#in access_debug_info mapping-->
 <TR>