Commit 11455635 authored by 's avatar

New security UI

parent d10ec59d
"""Access control support""" """Access control support"""
__version__='$Revision: 1.13 $'[11:-2] __version__='$Revision: 1.14 $'[11:-2]
from Globals import HTMLFile, MessageDialog from Globals import HTMLFile, MessageDialog
...@@ -20,67 +20,8 @@ class RoleManager: ...@@ -20,67 +20,8 @@ class RoleManager:
('Shared permission',['']), ('Shared permission',['']),
) )
__ac_types__=(('Full Access', map(lambda x: x[0], __ac_permissions__)),
)
__ac_roles__=('Manager', 'Anonymous', 'Shared') __ac_roles__=('Manager', 'Anonymous', 'Shared')
def access_info(self):
# Return access summary info
data={}
for t in self.access_types():
name=t.name
for role in t.getRoles():
data[role]=name
keys=data.keys()
for i in range(len(keys)):
key=keys[i]
keys[i]={'name': key, 'value': data[key]}
return keys
def access_defaults(self):
data=[]
for p in self.access_permissions():
if not p.getRoles():
data.append(p)
return data
def access_types(self):
# Return list of access type objects
list=[]
for name,value in self.__ac_types__:
list.append(AccessType(name,value,self))
return list
def access_types_dict(self):
# Return dict of access type objects
dict={}
for name,value in self.__ac_types__:
dict[name]=AccessType(name,value,self)
return dict
def access_types_gc(self, dict):
# Remove unused types of access
static=map(lambda x: x[0], self.__class__.__ac_types__)
data=list(self.__ac_types__)
flag=0
for name, type in dict.items():
roles=type.getRoles()
if not roles and name not in static:
try:
data.remove((name, type.data))
flag=1
except:
pass
if flag: self.__ac_types__=tuple(data)
def access_type_for(self, role):
for type in self.access_types():
if role in type.getRoles():
return type
return None
def access_permissions(self): def access_permissions(self):
# Return list of permission objects # Return list of permission objects
list=[] list=[]
...@@ -151,136 +92,89 @@ class RoleManager: ...@@ -151,136 +92,89 @@ class RoleManager:
return roles return roles
_mainAccess=HTMLFile('mainAccess', globals()) _mainAccess=HTMLFile('mainAccess', globals())
_listAccess=HTMLFile('listAccess', globals())
_editAccess=HTMLFile('editAccess', globals()) _editAccess=HTMLFile('editAccess', globals())
_specAccess=HTMLFile('specAccess', globals())
_add_Access=HTMLFile('addAccess', globals()) _add_Access=HTMLFile('addAccess', globals())
_del_Access=HTMLFile('delAccess', globals())
def manage_access(self,SUBMIT=None,REQUEST=None): def manage_access(self,submit=None,REQUEST=None):
""" """ """ """
if SUBMIT=='Add...': if submit=='Add...':
return self._add_Access(self, REQUEST) return self._add_Access(self, REQUEST)
if SUBMIT=='Edit': if submit=='Edit':
return self._editAccess(self, REQUEST) return self._editAccess(self, REQUEST)
if SUBMIT=='Add': if submit=='Add':
roles =reqattr(REQUEST, 'roles') roles =reqattr(REQUEST, 'roles')
access=reqattr(REQUEST, 'access') permissions=reqattr(REQUEST, 'permissions')
return self._addAccess(roles, access, REQUEST) return self._addAccess(roles, permissions, REQUEST)
if SUBMIT=='List':
return self._listAccess(self, REQUEST)
if SUBMIT=='Change': if submit=='Change':
role =reqattr(REQUEST, 'role') role =reqattr(REQUEST, 'role')
access=reqattr(REQUEST, 'access') permissions=reqattr(REQUEST, 'permissions')
return self._changeAccess(role, access, REQUEST) return self._changeAccess(role, permissions, REQUEST)
if submit=='Remove...':
return self._del_Access(self, REQUEST)
if SUBMIT=='Remove': if submit=='Remove':
roles=reqattr(REQUEST, 'roles') roles=reqattr(REQUEST, 'roles')
return self._delAccess(roles, REQUEST) return self._delAccess(roles, REQUEST)
if SUBMIT=='OK': if submit=='Add Role':
permissions=reqattr(REQUEST, 'permissions')
access=reqattr(REQUEST, 'access')
roles =reqattr(REQUEST, 'roles')
return self._specialAccess(roles,access,permissions,REQUEST)
if SUBMIT=='Add Role':
role=reqattr(REQUEST, 'role') role=reqattr(REQUEST, 'role')
return self._addRole(role, REQUEST) return self._addRole(role, REQUEST)
if SUBMIT=='Delete Role': if submit=='Delete Role':
roles=reqattr(REQUEST, 'roles') roles=reqattr(REQUEST, 'roles')
return self._delRoles(roles, REQUEST) return self._delRoles(roles, REQUEST)
return self._mainAccess(self,REQUEST) return self._mainAccess(self,REQUEST)
def _addAccess(self, roles, access, REQUEST): def _addAccess(self, roles, permissions, REQUEST):
if not roles or not access: if not roles or not permissions:
return MessageDialog( return MessageDialog(
title ='Incomplete', title ='Incomplete',
message='You must specify roles and a type of access', message='You must specify roles and permissions',
action ='manage_access') action ='manage_access')
if not self.validate_roles(roles): if not self.validate_roles(roles):
return MessageDialog( return MessageDialog(
title ='Undefined Role', title ='Undefined Role',
message='An undefined role was specified', message='An undefined role was specified',
action ='manage_access') action ='manage_access')
if access=='Special Access...': dict=self.access_permissions_dict()
return self._specAccess(self, REQUEST) if 0 in map(dict.has_key, permissions):
types=self.access_types_dict()
for type in types.values():
type.delRoles(roles)
types[access].setRoles(roles)
return self._mainAccess(self, REQUEST)
def _changeAccess(self, role, access, REQUEST=None):
if not access or not role:
return MessageDialog(
title ='Incomplete',
message='You must specify a type of access',
action ='manage_access')
if not self.validate_roles([role,]):
return MessageDialog( return MessageDialog(
title ='Undefined Role', title ='Unknown permission',
message='An undefined role was specified', message='An unknown permission was specified',
action ='manage_access') action ='manage_changeAccess')
if access=='Special Access...': for p in dict.values():
REQUEST['roles']=[role,] p.delRoles(roles)
return self._specAccess(self, REQUEST) for p in permissions:
types=self.access_types_dict() dict[p].setRoles(roles)
for type in types.values():
type.delRoles([role,])
types[access].setRoles([role,])
self.access_types_gc(types)
return self._mainAccess(self, REQUEST) return self._mainAccess(self, REQUEST)
def _specialAccess(self, roles, access, permissions, REQUEST=None): def _changeAccess(self, role, permissions, REQUEST=None):
if not roles or not access: if not role or not permissions:
return MessageDialog( return MessageDialog(
title ='Incomplete', title ='Incomplete',
message='You must specify roles and a type of access', message='You must specify roles and permissions',
action ='manage_access') action ='manage_access')
if not self.validate_roles(roles): if not self.validate_roles([role]):
return MessageDialog( return MessageDialog(
title ='Undefined Role', title ='Undefined Role',
message='An undefined role was specified', message='An undefined role was specified',
action ='manage_access') action ='manage_access')
if not permissions: permissions=[]
dict=self.access_permissions_dict() dict=self.access_permissions_dict()
if 0 in map(dict.has_key, permissions): if 0 in map(dict.has_key, permissions):
return MessageDialog( return MessageDialog(
title ='Unknown permission', title ='Unknown permission',
message='An unknown permission was specified', message='An unknown permission was specified',
action ='manage_changeAccess') action ='manage_changeAccess')
dict=self.access_types_dict() for p in dict.values():
if dict.has_key(access): p.delRoles([role])
return MessageDialog( for p in permissions:
title ='Name in use', dict[p].setRoles([role])
message='The name specified is already in use',
action ='manage_access')
# Check for duplicate access types
permissions.sort()
for key, value in dict.items():
names=value.data[:]
names.sort()
if permissions==names:
return MessageDialog(
title ='Already defined',
message='Another access type (%s) is already defined '\
'with the selected permissions' % key,
action ='manage_access')
self.__ac_types__=self.__ac_types__+((access,permissions),)
types=self.access_types_dict()
for type in types.values():
type.delRoles(roles)
types[access].setRoles(roles)
return self._mainAccess(self, REQUEST) return self._mainAccess(self, REQUEST)
def _delAccess(self, roles, REQUEST=None): def _delAccess(self, roles, REQUEST=None):
...@@ -289,10 +183,9 @@ class RoleManager: ...@@ -289,10 +183,9 @@ class RoleManager:
title ='Incomplete', title ='Incomplete',
message='You must specify roles to remove', message='You must specify roles to remove',
action ='manage_access') action ='manage_access')
types=self.access_types_dict() dict=self.access_permissions_dict()
for type in types.values(): for p in dict.values():
type.delRoles(roles) p.delRoles(roles)
self.access_types_gc(types)
return self._mainAccess(self, REQUEST) return self._mainAccess(self, REQUEST)
def _addRole(self, role, REQUEST=None): def _addRole(self, role, REQUEST=None):
...@@ -339,6 +232,10 @@ class RoleManager: ...@@ -339,6 +232,10 @@ class RoleManager:
Globals.default__class_init__(RoleManager) Globals.default__class_init__(RoleManager)
class Permission: class Permission:
# A Permission maps a named logical permission to a set # A Permission maps a named logical permission to a set
# of attribute names. Attribute names which appear in a # of attribute names. Attribute names which appear in a
...@@ -401,104 +298,28 @@ class Permission: ...@@ -401,104 +298,28 @@ class Permission:
if hasattr(attr,'aq_self'): if hasattr(attr,'aq_self'):
attr=attr.aq_self attr=attr.aq_self
if not hasattr(attr, '__roles__'): if not hasattr(attr, '__roles__'):
return # return
data=attr.__roles__ data=['Shared']
#data=attr.__roles__
else: data=attr.__roles__
if data is None: data=[] if data is None: data=[]
data=list(data) data=list(data)
for role in roles: for role in roles:
if role in data: if role in data:
data.remove(role) data.remove(role)
if data: attr.__roles__=data attr.__roles__=data
else: #if data: attr.__roles__=data
#else:
# The hasattr above will find __roles__ defined # The hasattr above will find __roles__ defined
# in the class, but we wont be able to delete it. # in the class, but we wont be able to delete it.
try: del attr.__roles__ #try: del attr.__roles__
except: pass #except: pass
def __len__(self): return 1 def __len__(self): return 1
def __str__(self): return self.name def __str__(self): return self.name
class AccessType:
# An AccessType is a named subset of 0 or more of the
# permissions defined by an object. AccessTypes may
# have overlapping permissions, but two AccessTypes
# cannot map to the exact same subset of permissions.
def __init__(self,name,data,obj):
self.name=name
self.data=data
if hasattr(obj, 'aq_self'):
obj=obj.aq_self
self.obj=obj
def getRoles(self):
# Return the list of role names which have been given
# this type of access for the object in question. To
# determine this, we iterate through the permissions
# that this access type represents, asking each for
# the list of roles which have that permission.
# Role names which appear in all of the lists returned
# by our set of permissions *and* in no other lists
# are returned.
dict ={}
names=[]
lists=[]
roles=[]
value=[]
for p in self.obj.access_permissions():
dict[p.name]=p.getRoles()
for p in self.data:
for role in dict[p]:
if role not in names:
names.append(role)
lists.append(dict[p])
for name in names:
for list in lists:
if name not in list:
name=None
break
if name: roles.append(name)
lists=[]
for p in dict.keys():
if p not in self.data:
lists.append(dict[p])
for role in roles:
for list in lists:
if role in list:
role=None
break
if role: value.append(role)
return value
def setRoles(self, roles):
# Add the given list of role names to the appropriate
# subobjects for this type of access. To do this, we
# just call the setRoles method for each permission
# in the list of permissions represented by this type
# of access.
permissions={}
for p in self.obj.access_permissions():
permissions[p.name]=p
for p in self.data:
permissions[p].setRoles(roles)
def delRoles(self, roles):
# Remove the given list of role names from the appropriate
# subobjects for this type of access. To do this, we call
# the delRoles method for each permission in the list of
# permissions represented by this type of access.
permissions={}
for p in self.obj.access_permissions():
permissions[p.name]=p
for p in self.data:
permissions[p].delRoles(roles)
def __len__(self): return 1
def __str__(self): return self.name
def absattr(attr): def absattr(attr):
...@@ -519,8 +340,6 @@ def classattr(cls, attr): ...@@ -519,8 +340,6 @@ def classattr(cls, attr):
return attr return attr
return None return None
def instance_dict(inst): def instance_dict(inst):
try: return inst.__dict__ try: return inst.__dict__
except: return {} except: return {}
...@@ -546,40 +365,3 @@ def class_attrs(inst, _class=None, data=None): ...@@ -546,40 +365,3 @@ def class_attrs(inst, _class=None, data=None):
for base in _class.__bases__: for base in _class.__bases__:
data=class_attrs(inst, base, data) data=class_attrs(inst, base, data)
return data return data
# Folder
# __ac_permissions__=(
# ('View Management Screens',
# ['manage','manage_menu','manage_main','manage_copyright',
# 'manage_tabs','manage_propertiesForm','manage_UndoForm']),
# ('Undo Changes', ['manage_undo_transactions']),
# ('Change Permissions', ['manage_access']),
# ('Add Objects', ['manage_addObject']),
# ('Delete Objects', ['manage_delObjects']),
# ('Add Properties', ['manage_addProperty']),
# ('Change Properties', ['manage_editProperties']),
# ('Delete Properties', ['manage_delProperties']),
# )
# __ac_types__=(('Full Access', map(lambda x: x[0], __ac_permissions__)),
# )
# __ac_roles__=('Manager', 'Anonymous'
# )
# Document
# __ac_permissions__=(
# ('View Management Screens', ['manage','manage_tabs','manage_uploadForm']),
# ('Change Permissions', ['manage_access']),
# ('Change/Upload Data', ['manage_edit','manage_upload','PUT']),
# ('View', ['',]),
# )
# __ac_types__=(('Full Access', map(lambda x: x[0], __ac_permissions__)),
# ('View Access', ['View',]),
# )
# __ac_roles__=('Manager', 'Anonymous')
"""Access control package""" """Access control package"""
__version__='$Revision: 1.33 $'[11:-2] __version__='$Revision: 1.34 $'[11:-2]
from PersistentMapping import PersistentMapping from PersistentMapping import PersistentMapping
...@@ -47,7 +47,6 @@ class User(Implicit, Persistent): ...@@ -47,7 +47,6 @@ class User(Implicit, Persistent):
continue continue
return 0 return 0
# if (roles is None) or ('Anonymous' in roles): # if (roles is None) or ('Anonymous' in roles):
# return 1 # return 1
# for role in roles: # for role in roles:
...@@ -160,6 +159,11 @@ class UserFolder(Implicit, Persistent, Navigation, Tabs, Item, ...@@ -160,6 +159,11 @@ class UserFolder(Implicit, Persistent, Navigation, Tabs, Item,
title ='Illegal value', title ='Illegal value',
message='Password and confirmation do not match', message='Password and confirmation do not match',
action ='manage_main') action ='manage_main')
if 'Shared' in roles:
return MessageDialog(
title ='Illegal value',
message='Shared is not a legal role name',
action ='manage_main')
self.data[name]=User(name,password,roles) self.data[name]=User(name,password,roles)
return self._mainUser(self, REQUEST) return self._mainUser(self, REQUEST)
...@@ -179,6 +183,11 @@ class UserFolder(Implicit, Persistent, Navigation, Tabs, Item, ...@@ -179,6 +183,11 @@ class UserFolder(Implicit, Persistent, Navigation, Tabs, Item,
title ='Illegal value', title ='Illegal value',
message='Password and confirmation do not match', message='Password and confirmation do not match',
action ='manage_main') action ='manage_main')
if 'Shared' in roles:
return MessageDialog(
title ='Illegal value',
message='Shared is not a legal role name',
action ='manage_main')
user=self.data[name] user=self.data[name]
user.__=password user.__=password
user.roles=roles user.roles=roles
......
...@@ -7,9 +7,9 @@ ...@@ -7,9 +7,9 @@
<!--#var manage_tabs--> <!--#var manage_tabs-->
<!--#/if manage_tabs--> <!--#/if manage_tabs-->
<P> <P>
Select one or more roles below, and a type of access that will given Select one or more roles below, and the permissions that should be
to users who have those roles. Select &quot;Special Access...&quot; given to those roles.
if you would like to define a new type of access.
<FORM ACTION="manage_access" METHOD="POST"> <FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2"> <TABLE CELLPADDING="2">
...@@ -27,19 +27,24 @@ if you would like to define a new type of access. ...@@ -27,19 +27,24 @@ if you would like to define a new type of access.
</TR> </TR>
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Type of access</STRONG> <STRONG>Permissions</STRONG>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<SELECT NAME="access"> <FONT SIZE="-1">
<!--#in access_types--> <!--#in access_permissions-->
<OPTION VALUE="<!--#var sequence-var-name-->"><!--#var sequence-var-name--> <INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"><!--#var sequence-var-name--><BR>
<!--#/in access_types--> <!--#/in access_permissions-->
<OPTION VALUE="Special Access...">Special Access... </FONT>
</SELECT>
<BR>
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add">
</TD> </TD>
</TR> </TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add">
</TD>
</TR>
</TABLE> </TABLE>
</FORM> </FORM>
</BODY> </BODY>
......
...@@ -41,7 +41,9 @@ roles for the new user and click &quot;Add&quot;. ...@@ -41,7 +41,9 @@ roles for the new user and click &quot;Add&quot;.
<TD VALIGN="TOP"> <TD VALIGN="TOP">
<SELECT NAME="roles:list" SIZE="5" MULTIPLE> <SELECT NAME="roles:list" SIZE="5" MULTIPLE>
<!--#in valid_roles--> <!--#in valid_roles-->
<!--#if expr="_vars['sequence-item'] != 'Shared'"-->
<OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item--> <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
<!--#/if-->
<!--#/in valid_roles--> <!--#/in valid_roles-->
</SELECT> </SELECT>
<BR> <BR>
......
...@@ -7,33 +7,28 @@ ...@@ -7,33 +7,28 @@
<!--#var manage_tabs--> <!--#var manage_tabs-->
<!--#/if manage_tabs--> <!--#/if manage_tabs-->
<P> <P>
To remove all permissions for one or more roles, select the roles
below and click the &quot;Remove&quot; button.
<FORM ACTION="manage_access" METHOD="POST"> <FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2"> <TABLE CELLPADDING="2">
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Roles</STRONG> <STRONG>Remove permissions for</STRONG>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<SELECT NAME="roles:list" SIZE="4" MULTIPLE> <SELECT NAME="roles:list" SIZE="4" MULTIPLE>
<!--#in valid_roles--> <!--#in valid_roles-->
<OPTION VALUE="<!--#var sequence-item-->" <!--#if expr="_vars['sequence-item'] in roles"-->SELECTED<!--#/if-->><!--#var sequence-item--> <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
<!--#/in valid_roles--> <!--#/in valid_roles-->
</SELECT> </SELECT>
</TD> </TD>
</TR> </TR>
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Special access</STRONG>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="TEXT" NAME="access" SIZE="25"> <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Remove">
<BR>
<!--#in access_permissions-->
<INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"> <EM><!--#var sequence-var-name--></EM>
<BR>
<!--#/in access_permissions-->
<BR>
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="OK">
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
<!--#if manage_tabs--> <!--#if manage_tabs-->
<!--#var manage_tabs--> <!--#var manage_tabs-->
<!--#/if manage_tabs--> <!--#/if manage_tabs-->
<P>
<FORM ACTION="manage_access" METHOD="POST"> <FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2"> <TABLE CELLPADDING="2">
<TR> <TR>
...@@ -14,25 +14,31 @@ ...@@ -14,25 +14,31 @@
<STRONG>Role</STRONG> <STRONG>Role</STRONG>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<EM><!--#var role--></EM> <!--#var role-->
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Permissions</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<FONT SIZE="-1">
<!--#in access_permissions-->
<INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"<!--#if expr="role in _vars['sequence-item'].getRoles()"--> CHECKED<!--#/if-->>
<!--#var sequence-var-name--><BR>
<!--#/in access_permissions-->
</FONT>
</TD> </TD>
</TR> </TR>
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Type of access</STRONG>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="HIDDEN" NAME="role" VALUE="<!--#var role-->"> <INPUT TYPE="HIDDEN" NAME="role" VALUE="<!--#var role-->">
<SELECT NAME="access"> <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Change">
<!--#in access_types-->
<OPTION VALUE="<!--#var sequence-var-name-->"<!--#if expr="role in _vars['sequence-item'].getRoles()"-->SELECTED<!--#/if-->><!--#var sequence-var-name-->
<!--#/in access_types-->
<OPTION VALUE="Special Access...">Special Access...
</SELECT>
<BR>
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Change">
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</FORM> </FORM>
</BODY> </BODY>
......
...@@ -38,11 +38,13 @@ ...@@ -38,11 +38,13 @@
<TD VALIGN="TOP"> <TD VALIGN="TOP">
<SELECT NAME="roles:list" SIZE="5" MULTIPLE> <SELECT NAME="roles:list" SIZE="5" MULTIPLE>
<!--#in valid_roles--> <!--#in valid_roles-->
<!--#if expr="_vars['sequence-item'] != 'Shared'"-->
<!--#if expr="_vars['sequence-item'] in user.roles"--> <!--#if expr="_vars['sequence-item'] in user.roles"-->
<OPTION VALUE="<!--#var sequence-item-->" SELECTED><!--#var sequence-item--> <OPTION VALUE="<!--#var sequence-item-->" SELECTED><!--#var sequence-item-->
<!--#else--> <!--#else-->
<OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item--> <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
<!--#/if--> <!--#/if-->
<!--#/if-->
<!--#/in valid_roles--> <!--#/in valid_roles-->
</SELECT> </SELECT>
<INPUT TYPE="HIDDEN" NAME="name" VALUE="<!--#var expr="user.name"-->"> <INPUT TYPE="HIDDEN" NAME="name" VALUE="<!--#var expr="user.name"-->">
......
<HTML>
<HEAD>
<TITLE>Security</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<!--#if manage_tabs-->
<!--#var manage_tabs-->
<!--#/if manage_tabs-->
<FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2">
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Users with the role</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var role-->
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>have type of access</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var expr="access_type_for(role)"-->,
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>which corresponds to</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<FONT SIZE="-1">
<!--#in access_permissions-->
<INPUT TYPE="CHECKBOX" NAME="p" VALUE=""<!--#if
expr="_vars['sequence-item'].name in access_type_for(role).data"-->
CHECKED<!--#/if-->>
<!--#var sequence-var-name--><BR>
<!--#/in access_permissions-->
</FONT>
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
...@@ -6,70 +6,49 @@ ...@@ -6,70 +6,49 @@
<!--#if manage_tabs--> <!--#if manage_tabs-->
<!--#var manage_tabs--> <!--#var manage_tabs-->
<!--#/if manage_tabs--> <!--#/if manage_tabs-->
<P> <P>
<!--#if access_info-->
The listing below shows the current security settings for this item. The listing below shows the current security settings for this item.
Each role listed has been given a type of access which represents Each permission is listed along with the roles which have been given
a specific set of permissions. Click on the name of a role for details that permission. To change the permissions for a role, click on the
on the specific permissions granted to that role. name of the role.
<FORM ACTION="manage_access" METHOD="POST"> <FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2"> <TABLE>
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<STRONG> <STRONG>Permission</STRONG>
Role </TD>
</STRONG> <TD ALIGN="LEFT" VALIGN="TOP">
</TD> <STRONG>Roles</STRONG>
<TD ALIGN="LEFT" VALIGN="TOP"> </TD>
<STRONG>Type of access</STRONG>
</TD>
</TR> </TR>
<!--#in access_info mapping--> <!--#in access_permissions-->
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="CHECKBOX" NAME="roles:list" <!--#var sequence-var-name-->
VALUE="<!--#var sequence-var-name-->"> </TD>
<A HREF="manage_access?role=<!--#var sequence-var-name fmt=url-quote-->&SUBMIT=List"><!--#var sequence-var-name--></A> <TD ALIGN="LEFT" VALIGN="TOP">
</TD> <!--#in sequence-var-getRoles-->
<TD ALIGN="LEFT" VALIGN="TOP"> <A HREF="manage_access?role=<!--#var sequence-item fmt=url-quote-->&submit=Edit"><!--#var sequence-item--></A><!--#else sequence-end-->, <!--#/else-->
<!--#var sequence-var-value--> <!--#/in-->
</TD> <!--#else sequence-var-getRoles-->
<I>None Defined</I>
<!--#/else-->
</TD>
</TR> </TR>
<!--#/in access_info--> <!--#/in-->
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add..."> <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add...">
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Remove"> <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Remove...">
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</FORM> </FORM>
<P>
<!--#if access_defaults-->
Users having roles defined at this level and above that have been
given the &quot;Default permission&quot; have the following
permissions to this object: <EM>
<!--#in access_defaults-->
<!--#var sequence-var-name-->
<!--#if sequence-end--><!--#else-->, <!--#/if-->
<!--#/in access_defaults-->
</EM>
<!--#/if access_defaults-->
<!--#/if access_info-->
<!--#else access_info-->
This object is using default security. Users having roles defined at
this level and above that have been given the &quot;Default permission&quot;
have access to this object.
<P>
To set explicit security on this item, click the &quot;Add...&quot; button.
<BR>
<FORM ACTION="manage_access" METHOD="POST">
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add...">
</FORM>
<!--#/else access_info-->
<P> <P>
<FORM ACTION="manage_access" METHOD="POST"> <FORM ACTION="manage_access" METHOD="POST">
...@@ -88,7 +67,7 @@ To set explicit security on this item, click the &quot;Add...&quot; button. ...@@ -88,7 +67,7 @@ To set explicit security on this item, click the &quot;Add...&quot; button.
<INPUT TYPE="TEXT" NAME="role" SIZE="16"> <INPUT TYPE="TEXT" NAME="role" SIZE="16">
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add Role"> <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add Role">
</TD> </TD>
</TR> </TR>
<!--#if userdefined_roles--> <!--#if userdefined_roles-->
...@@ -101,7 +80,7 @@ To set explicit security on this item, click the &quot;Add...&quot; button. ...@@ -101,7 +80,7 @@ To set explicit security on this item, click the &quot;Add...&quot; button.
</SELECT> </SELECT>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Delete Role"> <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Delete Role">
</TD> </TD>
</TR> </TR>
<!--#/if userdefined_roles--> <!--#/if userdefined_roles-->
...@@ -112,35 +91,6 @@ To set explicit security on this item, click the &quot;Add...&quot; button. ...@@ -112,35 +91,6 @@ To set explicit security on this item, click the &quot;Add...&quot; button.
<BR><BR> <BR><BR>
<BR><BR> <BR><BR>
<BR><BR> <BR><BR>
Access Types:
<TABLE BORDER="0" CELLPADDING="2">
<!--#in access_types-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var sequence-var-name-->
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var sequence-var-getRoles-->
</TD>
</TR>
<!--#/in access_types-->
</TABLE>
<P>
Permissions:
<TABLE BORDER="0" CELLPADDING="2">
<!--#in access_permissions-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var sequence-var-name-->
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var sequence-var-getRoles-->
</TD>
</TR>
<!--#/in access_permissions-->
</TABLE>
<P>
Attributes:
<TABLE BORDER="0" CELLPADDING="2"> <TABLE BORDER="0" CELLPADDING="2">
<!--#in access_debug_info mapping--> <!--#in access_debug_info mapping-->
<TR> <TR>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment