New security UI

lib/python/AccessControl/Role.py

 """Access control support"""
 
-__version__='$Revision: 1.13 $'[11:-2]
+__version__='$Revision: 1.14 $'[11:-2]
 
 
 from Globals import HTMLFile, MessageDialog
@@ -20,67 +20,8 @@ class RoleManager:
 			('Shared permission',['']),
 		       )
    
-    __ac_types__=(('Full Access', map(lambda x: x[0], __ac_permissions__)),
-		 )
-
     __ac_roles__=('Manager', 'Anonymous', 'Shared')
 
-    def access_info(self):
-	# Return access summary info
-	data={}
-	for t in self.access_types():
-	    name=t.name
-	    for role in t.getRoles():
-		data[role]=name
-	keys=data.keys()
-	for i in range(len(keys)):
-	    key=keys[i]
-	    keys[i]={'name': key, 'value': data[key]}
-	return keys
-
-    def access_defaults(self):
-	data=[]
-	for p in self.access_permissions():
-	    if not p.getRoles():
-		data.append(p)
-	return data
-
-    def access_types(self):
-	# Return list of access type objects
-	list=[]
-	for name,value in self.__ac_types__:
-	    list.append(AccessType(name,value,self))
-	return list
-
-    def access_types_dict(self):
-	# Return dict of access type objects
-	dict={}
-	for name,value in self.__ac_types__:
-	    dict[name]=AccessType(name,value,self)
-	return dict
-
-    def access_types_gc(self, dict):
-	# Remove unused types of access
-	static=map(lambda x: x[0], self.__class__.__ac_types__)
-
-	data=list(self.__ac_types__)
-	flag=0
-	for name, type in dict.items():
-	    roles=type.getRoles()
-	    if not roles and name not in static:
-		try:
-		    data.remove((name, type.data))
-		    flag=1
-		except:
-		    pass
-	if flag: self.__ac_types__=tuple(data)
-
-    def access_type_for(self, role):
-	for type in self.access_types():
-	    if role in type.getRoles():
-		return type
-	return None
-
     def access_permissions(self):
 	# Return list of permission objects
 	list=[]
@@ -151,136 +92,89 @@ class RoleManager:
 	return roles
 
     _mainAccess=HTMLFile('mainAccess', globals())
-    _listAccess=HTMLFile('listAccess', globals())
     _editAccess=HTMLFile('editAccess', globals())
-    _specAccess=HTMLFile('specAccess', globals())
     _add_Access=HTMLFile('addAccess', globals())
+    _del_Access=HTMLFile('delAccess', globals())
 
-    def manage_access(self,SUBMIT=None,REQUEST=None):
+    def manage_access(self,submit=None,REQUEST=None):
 	""" """
-	if SUBMIT=='Add...':
+	if submit=='Add...':
 	    return self._add_Access(self, REQUEST)
 
-	if SUBMIT=='Edit':
+	if submit=='Edit':
 	    return self._editAccess(self, REQUEST)
 
-	if SUBMIT=='Add':
+	if submit=='Add':
 	    roles =reqattr(REQUEST, 'roles')
-	    access=reqattr(REQUEST, 'access')
-	    return self._addAccess(roles, access, REQUEST)
-
-	if SUBMIT=='List':
-	    return self._listAccess(self, REQUEST)
+	    permissions=reqattr(REQUEST, 'permissions')
+	    return self._addAccess(roles, permissions, REQUEST)
 
-	if SUBMIT=='Change':
+	if submit=='Change':
 	    role  =reqattr(REQUEST, 'role')
-	    access=reqattr(REQUEST, 'access')
-	    return self._changeAccess(role, access, REQUEST)
+	    permissions=reqattr(REQUEST, 'permissions')
+	    return self._changeAccess(role, permissions, REQUEST)
 
-	if SUBMIT=='Remove':
+	if submit=='Remove...':
+	    return self._del_Access(self, REQUEST)
+
+	if submit=='Remove':
 	    roles=reqattr(REQUEST, 'roles')
 	    return self._delAccess(roles, REQUEST)
 
-	if SUBMIT=='OK':
-	    permissions=reqattr(REQUEST, 'permissions')
-	    access=reqattr(REQUEST, 'access')
-	    roles =reqattr(REQUEST, 'roles')
-	    return self._specialAccess(roles,access,permissions,REQUEST)
-
-	if SUBMIT=='Add Role':
+	if submit=='Add Role':
 	    role=reqattr(REQUEST, 'role')
 	    return self._addRole(role, REQUEST)
 
-	if SUBMIT=='Delete Role':
+	if submit=='Delete Role':
 	    roles=reqattr(REQUEST, 'roles')
 	    return self._delRoles(roles, REQUEST)
 
 	return self._mainAccess(self,REQUEST)
 
-    def _addAccess(self, roles, access, REQUEST):
-	if not roles or not access:
+    def _addAccess(self, roles, permissions, REQUEST):
+	if not roles or not permissions:
 	    return MessageDialog(
 		   title  ='Incomplete',
-		   message='You must specify roles and a type of access',
+		   message='You must specify roles and permissions',
 		   action ='manage_access')
 	if not self.validate_roles(roles):
 	    return MessageDialog(
 		   title  ='Undefined Role',
 		   message='An undefined role was specified',
 		   action ='manage_access')
-	if access=='Special Access...':
-	    return self._specAccess(self, REQUEST)
-	types=self.access_types_dict()
-	for type in types.values():
-	    type.delRoles(roles)
-	types[access].setRoles(roles)
-	return self._mainAccess(self, REQUEST)
-
-    def _changeAccess(self, role, access, REQUEST=None):
-	if not access or not role:
-	    return MessageDialog(
-		   title  ='Incomplete',
-		   message='You must specify a type of access',
-		   action ='manage_access')
-	if not self.validate_roles([role,]):
+	dict=self.access_permissions_dict()
+	if 0 in map(dict.has_key, permissions):
 	    return MessageDialog(
-		   title  ='Undefined Role',
-		   message='An undefined role was specified',
-		   action ='manage_access')
-	if access=='Special Access...':
-	    REQUEST['roles']=[role,]
-	    return self._specAccess(self, REQUEST)
-	types=self.access_types_dict()
-	for type in types.values():
-	    type.delRoles([role,])
-	types[access].setRoles([role,])
-	self.access_types_gc(types)
+		   title  ='Unknown permission',
+		   message='An unknown permission was specified',
+		   action ='manage_changeAccess')
+	for p in dict.values():
+	    p.delRoles(roles)
+	for p in permissions:
+	    dict[p].setRoles(roles)
 	return self._mainAccess(self, REQUEST)
 
-    def _specialAccess(self, roles, access, permissions, REQUEST=None):
-	if not roles or not access:
+    def _changeAccess(self, role, permissions, REQUEST=None):
+	if not role or not permissions:
 	    return MessageDialog(
 		   title  ='Incomplete',
-		   message='You must specify roles and a type of access',
+		   message='You must specify roles and permissions',
 		   action ='manage_access')
-	if not self.validate_roles(roles):
+	if not self.validate_roles([role]):
 	    return MessageDialog(
 		   title  ='Undefined Role',
 		   message='An undefined role was specified',
 		   action ='manage_access')
-
-	if not permissions: permissions=[]
-
 	dict=self.access_permissions_dict()
 	if 0 in map(dict.has_key, permissions):
 	    return MessageDialog(
 		   title  ='Unknown permission',
 		   message='An unknown permission was specified',
 		   action ='manage_changeAccess')
-	dict=self.access_types_dict()
-	if dict.has_key(access):
-	    return MessageDialog(
-		   title  ='Name in use',
-		   message='The name specified is already in use',
-		   action ='manage_access')
-
-	# Check for duplicate access types
-	permissions.sort()
-	for key, value in dict.items():
-	    names=value.data[:]
-	    names.sort()
-	    if permissions==names:
-		return MessageDialog(
-		       title  ='Already defined',
-		       message='Another access type (%s) is already defined '\
-		               'with the selected permissions' % key,
-		       action ='manage_access')
-
-	self.__ac_types__=self.__ac_types__+((access,permissions),)
-	types=self.access_types_dict()
-	for type in types.values():
-	    type.delRoles(roles)
-	types[access].setRoles(roles)
+	for p in dict.values():
+	    p.delRoles([role])
+	for p in permissions:
+	    dict[p].setRoles([role])
 	return self._mainAccess(self, REQUEST)
 
     def _delAccess(self, roles, REQUEST=None):
@@ -289,10 +183,9 @@ class RoleManager:
 		   title  ='Incomplete',
 		   message='You must specify roles to remove',
 		   action ='manage_access')
-	types=self.access_types_dict()
-	for type in types.values():
-	    type.delRoles(roles)
-	self.access_types_gc(types)
+	dict=self.access_permissions_dict()
+	for p in dict.values():
+	    p.delRoles(roles)
 	return self._mainAccess(self, REQUEST)
 
     def _addRole(self, role, REQUEST=None):
@@ -339,6 +232,10 @@ class RoleManager:
 
 Globals.default__class_init__(RoleManager)
 
+
+
+
+
 class Permission:
     # A Permission maps a named logical permission to a set
     # of attribute names. Attribute names which appear in a
@@ -401,104 +298,28 @@ class Permission:
 	    if hasattr(attr,'aq_self'):
 		attr=attr.aq_self
 	    if not hasattr(attr, '__roles__'):
-		return
-	    data=attr.__roles__
+	    #	return
+	        data=['Shared']
+	    #data=attr.__roles__
+            else: data=attr.__roles__
 	    if data is None: data=[]
 	    data=list(data)
 	    for role in roles:
 		if role in data:
 		    data.remove(role)
-	    if data: attr.__roles__=data
-	    else:
+	    attr.__roles__=data
+	    #if data: attr.__roles__=data
+	    #else:
 		# The hasattr above will find __roles__ defined
 		# in the class, but we wont be able to delete it.
-		try:    del attr.__roles__
-		except: pass
-
+		#try:    del attr.__roles__
+		#except: pass
+		
     def __len__(self): return 1
     def __str__(self): return self.name
 
 
 
-class AccessType:
-    # An AccessType is a named subset of 0 or more of the
-    # permissions defined by an object. AccessTypes may
-    # have overlapping permissions, but two AccessTypes
-    # cannot map to the exact same subset of permissions.
-
-    def __init__(self,name,data,obj):
-	self.name=name
-	self.data=data
-	if hasattr(obj, 'aq_self'):
-	    obj=obj.aq_self
-	self.obj=obj
-
-    def getRoles(self):
-	# Return the list of role names which have been given
-	# this type of access for the object in question. To
-	# determine this, we iterate through the permissions
-	# that this access type represents, asking each for 
-	# the list of roles which have that permission.
-	# Role names which appear in all of the lists returned
-	# by our set of permissions *and* in no other lists
-	# are returned.
-        dict ={}
-	names=[]
-	lists=[]
-	roles=[]
-	value=[]
-	for p in self.obj.access_permissions():
-	    dict[p.name]=p.getRoles()
-	for p in self.data:
-	    for role in dict[p]:
-		if role not in names:
-		    names.append(role)
-	    lists.append(dict[p])
-	for name in names:
-	    for list in lists:
-		if name not in list:
-		    name=None
-		    break
-	    if name: roles.append(name)
-	lists=[]
-	for p in dict.keys():
-	    if p not in self.data:
-		lists.append(dict[p])
-	for role in roles:
-	    for list in lists:
-		if role in list:
-		    role=None
-		    break
-	    if role: value.append(role)
-	return value
-
-    def setRoles(self, roles):
-	# Add the given list of role names to the appropriate 
-	# subobjects for this type of access. To do this, we
-	# just call the setRoles method for each permission
-	# in the list of permissions represented by this type
-	# of access.
-	permissions={}
-	for p in self.obj.access_permissions():
-	    permissions[p.name]=p
-	for p in self.data:
-	    permissions[p].setRoles(roles)
-
-    def delRoles(self, roles):
-	# Remove the given list of role names from the appropriate
-	# subobjects for this type of access. To do this, we call
-	# the delRoles method for each permission in the list of
-	# permissions represented by this type of access.
-	permissions={}
-	for p in self.obj.access_permissions():
-	    permissions[p.name]=p
-	for p in self.data:
-	    permissions[p].delRoles(roles)
-
-    def __len__(self): return 1
-    def __str__(self): return self.name
-
-
 
 
 def absattr(attr):
@@ -519,8 +340,6 @@ def classattr(cls, attr):
 	    return attr
     return None
 
-
-
 def instance_dict(inst):
     try:    return inst.__dict__
     except: return {}
@@ -546,40 +365,3 @@ def class_attrs(inst, _class=None, data=None):
     for base in _class.__bases__:
 	data=class_attrs(inst, base, data)
     return data
-
-
-
-#     Folder
-#     __ac_permissions__=(
-#     ('View Management Screens',
-#      ['manage','manage_menu','manage_main','manage_copyright',
-#       'manage_tabs','manage_propertiesForm','manage_UndoForm']),
-#     ('Undo Changes',       ['manage_undo_transactions']),
-#     ('Change Permissions', ['manage_access']),
-#     ('Add Objects',        ['manage_addObject']),
-#     ('Delete Objects',     ['manage_delObjects']),
-#     ('Add Properties',     ['manage_addProperty']),
-#     ('Change Properties',  ['manage_editProperties']),
-#     ('Delete Properties',  ['manage_delProperties']),
-#     )
-   
-#     __ac_types__=(('Full Access', map(lambda x: x[0], __ac_permissions__)),
-# 		 )
-#     __ac_roles__=('Manager', 'Anonymous'
-# 		 )
-
-
-
-#     Document
-#     __ac_permissions__=(
-#     ('View Management Screens', ['manage','manage_tabs','manage_uploadForm']),
-#     ('Change Permissions', ['manage_access']),
-#     ('Change/Upload Data', ['manage_edit','manage_upload','PUT']),
-#     ('View', ['',]),
-#     )
-   
-#     __ac_types__=(('Full Access', map(lambda x: x[0], __ac_permissions__)),
-# 		  ('View Access', ['View',]),
-# 		 )
-
-#     __ac_roles__=('Manager', 'Anonymous')

lib/python/AccessControl/User.py

 """Access control package"""
 
-__version__='$Revision: 1.33 $'[11:-2]
+__version__='$Revision: 1.34 $'[11:-2]
 
 
 from PersistentMapping import PersistentMapping
@@ -47,7 +47,6 @@ class User(Implicit, Persistent):
 		continue
 	    return 0
 
-
 # 	if (roles is None) or ('Anonymous' in roles):
 # 	    return 1
 # 	for role in roles:
@@ -160,6 +159,11 @@ class UserFolder(Implicit, Persistent, Navigation, Tabs, Item,
 		   title  ='Illegal value', 
                    message='Password and confirmation do not match',
                    action ='manage_main')
+	if 'Shared' in roles:
+            return MessageDialog(
+		   title  ='Illegal value', 
+                   message='Shared is not a legal role name',
+                   action ='manage_main')
         self.data[name]=User(name,password,roles)
 	return self._mainUser(self, REQUEST)
 
@@ -179,6 +183,11 @@ class UserFolder(Implicit, Persistent, Navigation, Tabs, Item,
 		   title  ='Illegal value', 
                    message='Password and confirmation do not match',
                    action ='manage_main')
+	if 'Shared' in roles:
+            return MessageDialog(
+		   title  ='Illegal value', 
+                   message='Shared is not a legal role name',
+                   action ='manage_main')
 	user=self.data[name]
 	user.__=password
 	user.roles=roles

lib/python/AccessControl/addAccess.dtml

@@ -7,9 +7,9 @@
 <!--#var manage_tabs-->
 <!--#/if manage_tabs-->
 <P>
-Select one or more roles below, and a type of access that will given 
-to users who have those roles. Select &quot;Special Access...&quot;
-if you would like to define a new type of access.
+Select one or more roles below, and the permissions that should be
+given to those roles.
+
 
 <FORM ACTION="manage_access" METHOD="POST">
 <TABLE CELLPADDING="2">
@@ -27,19 +27,24 @@ if you would like to define a new type of access.
 </TR>
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Type of access</STRONG>
+  <STRONG>Permissions</STRONG>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <SELECT NAME="access">
-  <!--#in access_types-->
-  <OPTION VALUE="<!--#var sequence-var-name-->"><!--#var sequence-var-name-->
-  <!--#/in access_types-->
-  <OPTION VALUE="Special Access...">Special Access...
-  </SELECT>
-  <BR>
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add">
+  <FONT SIZE="-1">
+  <!--#in access_permissions-->
+  <INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"><!--#var sequence-var-name--><BR>
+  <!--#/in access_permissions-->
+  </FONT>
   </TD>
 </TR>
+<TR>
+  <TD ALIGN="LEFT" VALIGN="TOP">
+  </TD>
+  <TD ALIGN="LEFT" VALIGN="TOP">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add">
+  </TD>
+</TR>
+
 </TABLE>
 </FORM>
 </BODY>

lib/python/AccessControl/addUser.dtml

@@ -41,7 +41,9 @@ roles for the new user and click "Add".
   <TD VALIGN="TOP">
   <SELECT NAME="roles:list" SIZE="5" MULTIPLE>
   <!--#in valid_roles-->
+  <!--#if expr="_vars['sequence-item'] != 'Shared'"-->
   <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
+  <!--#/if-->
   <!--#/in valid_roles-->
   </SELECT>
   <BR>

lib/python/AccessControl/specAccess.dtml → lib/python/AccessControl/delAccess.dtml

@@ -7,33 +7,28 @@
 <!--#var manage_tabs-->
 <!--#/if manage_tabs-->
 <P>
+To remove all permissions for one or more roles, select the roles 
+below and click the &quot;Remove&quot; button.
+
 <FORM ACTION="manage_access" METHOD="POST">
 <TABLE CELLPADDING="2">
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Roles</STRONG>
+  <STRONG>Remove permissions for</STRONG>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
   <SELECT NAME="roles:list" SIZE="4" MULTIPLE>
   <!--#in valid_roles-->
-  <OPTION VALUE="<!--#var sequence-item-->" <!--#if expr="_vars['sequence-item'] in roles"-->SELECTED<!--#/if-->><!--#var sequence-item-->
+  <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
   <!--#/in valid_roles-->
   </SELECT>
   </TD>
 </TR>
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Special access</STRONG>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="TEXT" NAME="access" SIZE="25">
-  <BR>
-  <!--#in access_permissions-->
-  <INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"> <EM><!--#var sequence-var-name--></EM>
-  <BR>
-  <!--#/in access_permissions-->
-  <BR>
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="OK">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Remove">
   </TD>
 </TR>
 </TABLE>

lib/python/AccessControl/editAccess.dtml

@@ -6,7 +6,7 @@
 <!--#if manage_tabs-->
 <!--#var manage_tabs-->
 <!--#/if manage_tabs-->
-<P>
+
 <FORM ACTION="manage_access" METHOD="POST">
 <TABLE CELLPADDING="2">
 <TR>
@@ -14,25 +14,31 @@
   <STRONG>Role</STRONG>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <EM><!--#var role--></EM>
+  <!--#var role-->
+  </TD>
+</TR>
+<TR>
+  <TD ALIGN="LEFT" VALIGN="TOP">
+  <STRONG>Permissions</STRONG>
+  </TD>
+  <TD ALIGN="LEFT" VALIGN="TOP">
+  <FONT SIZE="-1">
+  <!--#in access_permissions-->
+  <INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"<!--#if expr="role in _vars['sequence-item'].getRoles()"-->  CHECKED<!--#/if-->>
+  <!--#var sequence-var-name--><BR>
+  <!--#/in access_permissions-->
+  </FONT>
   </TD>
 </TR>
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Type of access</STRONG>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
   <INPUT TYPE="HIDDEN" NAME="role" VALUE="<!--#var role-->">
-  <SELECT NAME="access">
-  <!--#in access_types-->
-  <OPTION VALUE="<!--#var sequence-var-name-->"<!--#if expr="role in _vars['sequence-item'].getRoles()"-->SELECTED<!--#/if-->><!--#var sequence-var-name-->
-  <!--#/in access_types-->
-  <OPTION VALUE="Special Access...">Special Access...
-  </SELECT>
-  <BR>
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Change">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Change">
   </TD>
 </TR>
+
 </TABLE>
 </FORM>
 </BODY>

lib/python/AccessControl/editUser.dtml

@@ -38,11 +38,13 @@
 <TD VALIGN="TOP">
 <SELECT NAME="roles:list" SIZE="5" MULTIPLE>
 <!--#in valid_roles-->
+<!--#if expr="_vars['sequence-item'] != 'Shared'"-->
 <!--#if expr="_vars['sequence-item'] in user.roles"-->
 <OPTION VALUE="<!--#var sequence-item-->" SELECTED><!--#var sequence-item-->
 <!--#else-->
 <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
 <!--#/if-->
+<!--#/if-->
 <!--#/in valid_roles-->
 </SELECT>
 <INPUT TYPE="HIDDEN" NAME="name" VALUE="<!--#var expr="user.name"-->">

lib/python/AccessControl/listAccess.dtml

-<HTML>
-<HEAD>
-<TITLE>Security</TITLE>
-</HEAD>
-<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
-<!--#if manage_tabs-->
-<!--#var manage_tabs-->
-<!--#/if manage_tabs-->
-
-<FORM ACTION="manage_access" METHOD="POST">
-<TABLE CELLPADDING="2">
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Users with the role</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var role-->
-  </TD>
-</TR>
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>have type of access</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var expr="access_type_for(role)"-->,
-  </TD>
-</TR>
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>which corresponds to</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <FONT SIZE="-1">
-  <!--#in access_permissions-->
-  <INPUT TYPE="CHECKBOX" NAME="p" VALUE=""<!--#if
-  expr="_vars['sequence-item'].name in access_type_for(role).data"-->
-  CHECKED<!--#/if-->>
-  <!--#var sequence-var-name--><BR>
-  <!--#/in access_permissions-->
-  </FONT>
-  </TD>
-</TR>
-</TABLE>
-</FORM>
-</BODY>
-</HTML>

lib/python/AccessControl/mainAccess.dtml

@@ -6,70 +6,49 @@
 <!--#if manage_tabs-->
 <!--#var manage_tabs-->
 <!--#/if manage_tabs-->
+
 <P>
-<!--#if access_info-->
 The listing below shows the current security settings for this item. 
-Each role listed has been given a type of access which represents 
-a specific set of permissions. Click on the name of a role for details 
-on the specific permissions granted to that role.
+Each permission is listed along with the roles which have been given 
+that permission. To change the permissions for a role, click on the 
+name of the role.
+
+
 <FORM ACTION="manage_access" METHOD="POST">
-<TABLE CELLPADDING="2">
+<TABLE>
 <TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>
-  Role
-  </STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Type of access</STRONG>
-  </TD>
+<TD ALIGN="LEFT" VALIGN="TOP">
+<STRONG>Permission</STRONG>
+</TD>
+<TD ALIGN="LEFT" VALIGN="TOP">
+<STRONG>Roles</STRONG>
+</TD>
 </TR>
-<!--#in access_info mapping-->
+<!--#in access_permissions-->
 <TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="CHECKBOX" NAME="roles:list"
-   VALUE="<!--#var sequence-var-name-->">
-  <A HREF="manage_access?role=<!--#var sequence-var-name fmt=url-quote-->&SUBMIT=List"><!--#var sequence-var-name--></A>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var sequence-var-value-->
-  </TD>
+<TD ALIGN="LEFT" VALIGN="TOP">
+<!--#var sequence-var-name-->
+</TD>
+<TD ALIGN="LEFT" VALIGN="TOP">
+<!--#in sequence-var-getRoles-->
+<A HREF="manage_access?role=<!--#var sequence-item fmt=url-quote-->&submit=Edit"><!--#var sequence-item--></A><!--#else sequence-end-->, <!--#/else-->
+<!--#/in-->
+<!--#else sequence-var-getRoles-->
+<I>None Defined</I>
+<!--#/else-->
+</TD>
 </TR>
-<!--#/in access_info-->
+<!--#/in-->
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add...">
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Remove">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add...">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Remove...">
   </TD>
 </TR>
 </TABLE>
 </FORM>
-<P>
-<!--#if access_defaults-->
-Users having roles defined at this level and above that have been 
-given the &quot;Default permission&quot; have the following 
-permissions to this object: <EM>
-<!--#in access_defaults-->
-<!--#var sequence-var-name-->
-<!--#if sequence-end--><!--#else-->, <!--#/if-->
-<!--#/in access_defaults-->
-</EM>
-<!--#/if access_defaults-->
-<!--#/if access_info-->
-
-<!--#else access_info-->
-This object is using default security. Users having roles defined at 
-this level and above that have been given the &quot;Default permission&quot; 
-have access to this object.
-<P>
-To set explicit security on this item, click the &quot;Add...&quot; button.
-<BR>
-<FORM ACTION="manage_access" METHOD="POST">
-<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add...">
-</FORM>
-<!--#/else access_info-->
 
 <P> 
 <FORM ACTION="manage_access" METHOD="POST">
@@ -88,7 +67,7 @@ To set explicit security on this item, click the &quot;Add...&quot; button.
   <INPUT TYPE="TEXT" NAME="role" SIZE="16">
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add Role">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add Role">
   </TD>
 </TR>
 <!--#if userdefined_roles-->
@@ -101,7 +80,7 @@ To set explicit security on this item, click the &quot;Add...&quot; button.
   </SELECT>
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Delete Role">
+  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Delete Role">
   </TD>
 </TR>
 <!--#/if userdefined_roles-->
@@ -112,35 +91,6 @@ To set explicit security on this item, click the &quot;Add...&quot; button.
 <BR><BR>
 <BR><BR>
 <BR><BR>
-Access Types:
-<TABLE BORDER="0" CELLPADDING="2">
-<!--#in access_types-->
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var sequence-var-name-->
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var sequence-var-getRoles-->
-  </TD>
-</TR>
-<!--#/in access_types-->
-</TABLE>
-<P>
-Permissions:
-<TABLE BORDER="0" CELLPADDING="2">
-<!--#in access_permissions-->
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var sequence-var-name-->
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var sequence-var-getRoles-->
-  </TD>
-</TR>
-<!--#/in access_permissions-->
-</TABLE>
-<P>
-Attributes:
 <TABLE BORDER="0" CELLPADDING="2">
 <!--#in access_debug_info mapping-->
 <TR>