Commit 4257dbfe authored by Hanno Schlichting's avatar Hanno Schlichting

Deal with circular import problems and do some real deprecation

parent d561f077
......@@ -165,10 +165,8 @@ Mail Host
o Change configuration
To support the architecture, developers must derive an
object from the AccessControl.RoleManager mixin class,
object from the AccessControl.rolemanager.BaseRoleManager mixin class,
and define in their class an __ac_permissions__ attribute.
This should be a tuple of tuples, where each tuple represents
......@@ -192,8 +190,6 @@ Example:
('Default permission', ['']),
)
The developer may also predefine useful types of access, by
specifying an __ac_types__ attribute. This should be a tuple of
tuples, where each tuple represents a type of access and contains
......@@ -214,8 +210,6 @@ Example:
)
Developers may also provide pre-defined role names that are
not deletable via the interface by specifying an __ac_roles__
attribute. This is probably not something we'll ever use under
......@@ -224,29 +218,3 @@ the new architecture, but it's there if you need it.
Example:
__ac_roles__=('Manager', 'Anonymous')
......@@ -12,509 +12,23 @@
##############################################################################
"""Access control support
"""
from cgi import escape
from Acquisition import Acquired
from Acquisition import aq_base
from Acquisition import aq_get
from ExtensionClass import Base
from zope.interface import implements
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from AccessControl.interfaces import IRoleManager
from AccessControl.Permission import getPermissions
from AccessControl.Permission import Permission
from AccessControl.PermissionMapping import RoleManager
from AccessControl.Permissions import change_permissions
from AccessControl.SecurityManagement import newSecurityManager
DEFAULTMAXLISTUSERS = 250
def _isBeingUsedAsAMethod(self):
return aq_get(self, '_isBeingUsedAsAMethod_', 0)
def _isNotBeingUsedAsAMethod(self):
return not aq_get(self, '_isBeingUsedAsAMethod_', 0)
class BaseRoleManager(Base, RoleManager):
"""An object that has configurable permissions"""
implements(IRoleManager)
permissionMappingPossibleValues=Acquired
security = ClassSecurityInfo()
__ac_roles__ = ('Manager', 'Owner', 'Anonymous', 'Authenticated')
__ac_local_roles__ = None
security.declareProtected(change_permissions, 'ac_inherited_permissions')
def ac_inherited_permissions(self, all=0):
# Get all permissions not defined in ourself that are inherited
# This will be a sequence of tuples with a name as the first item and
# an empty tuple as the second.
d = {}
perms = self.__ac_permissions__
for p in perms:
d[p[0]] = None
r = gather_permissions(self.__class__, [], d)
if all:
if hasattr(self, '_subobject_permissions'):
for p in self._subobject_permissions():
pname=p[0]
if not pname in d:
d[pname] = 1
r.append(p)
r = list(perms) + r
r.sort()
return tuple(r)
security.declareProtected(change_permissions, 'permission_settings')
def permission_settings(self, permission=None):
"""Return user-role permission settings.
If 'permission' is passed to the method then only the settings for
'permission' is returned.
"""
result=[]
valid=self.valid_roles()
indexes=range(len(valid))
ip=0
permissions = self.ac_inherited_permissions(1)
# Filter permissions
if permission:
permissions = [p for p in permissions if p[0] == permission]
for p in permissions:
name, value = p[:2]
p=Permission(name, value, self)
roles = p.getRoles(default=[])
d={'name': name,
'acquire': isinstance(roles, list) and 'CHECKED' or '',
'roles': map(
lambda ir, roles=roles, valid=valid, ip=ip:
{
'name': "p%dr%d" % (ip, ir),
'checked': (valid[ir] in roles) and 'CHECKED' or '',
},
indexes)
}
ip = ip + 1
result.append(d)
return result
security.declareProtected(change_permissions, 'manage_role')
def manage_role(self, role_to_manage, permissions=[]):
"""Change the permissions given to the given role.
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p=Permission(name, value, self)
p.setRole(role_to_manage, name in permissions)
security.declareProtected(change_permissions, 'manage_acquiredPermissions')
def manage_acquiredPermissions(self, permissions=[]):
"""Change the permissions that acquire.
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles()
if roles is None:
continue
if name in permissions:
p.setRoles(list(roles))
else:
p.setRoles(tuple(roles))
def manage_getUserRolesAndPermissions(self, user_id):
""" Used for permission/role reporting for a given user_id.
Returns a dict mapping
'user_defined_in' -> path where the user account is defined
'roles' -> global roles,
'roles_in_context' -> roles in context of the current object,
'allowed_permissions' -> permissions allowed for the user,
'disallowed_permissions' -> all other permissions
"""
d = {}
current = self
while 1:
try:
uf = current.acl_users
except AttributeError:
raise ValueError('User %s could not be found' % user_id)
userObj = uf.getUser(user_id)
if userObj:
break
else:
current = current.__parent__
newSecurityManager(None, userObj) # necessary?
userObj = userObj.__of__(uf)
d = {'user_defined_in': '/' + uf.absolute_url(1)}
# roles
roles = list(userObj.getRoles())
roles.sort()
d['roles'] = roles
# roles in context
roles = list(userObj.getRolesInContext(self))
roles.sort()
d['roles_in_context'] = roles
# permissions
allowed = []
disallowed = []
permMap = self.manage_getPermissionMapping()
for item in permMap:
p = item['permission_name']
if userObj.has_permission(p, self):
allowed.append(p)
else:
disallowed.append(p)
d['allowed_permissions'] = allowed
d['disallowed_permissions'] = disallowed
return d
security.declareProtected(change_permissions, 'manage_permission')
def manage_permission(self, permission_to_manage, roles=[], acquire=0):
"""Change the settings for the given permission.
If optional arg acquire is true, then the roles for the permission
are acquired, in addition to the ones specified, otherwise the
permissions are restricted to only the designated roles.
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission_to_manage:
p = Permission(name, value, self)
if acquire:
roles=list(roles)
else:
roles=tuple(roles)
p.setRoles(roles)
return
raise ValueError(
"The permission <em>%s</em> is invalid." %
escape(permission_to_manage))
security.declareProtected(change_permissions, 'permissionsOfRole')
def permissionsOfRole(self, role):
"""Returns a role to permission mapping.
"""
r = []
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles()
r.append({'name': name,
'selected': role in roles and 'SELECTED' or '',
})
return r
security.declareProtected(change_permissions, 'rolesOfPermission')
def rolesOfPermission(self, permission):
"""Returns a permission to role mapping.
"""
valid_roles = self.valid_roles()
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name==permission:
p = Permission(name, value, self)
roles = p.getRoles()
return map(
lambda role, roles=roles:
{'name': role,
'selected': role in roles and 'SELECTED' or '',
},
valid_roles)
raise ValueError(
"The permission <em>%s</em> is invalid." % escape(permission))
security.declareProtected(change_permissions, 'acquiredRolesAreUsedBy')
def acquiredRolesAreUsedBy(self, permission):
"""
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name==permission:
p=Permission(name, value, self)
roles = p.getRoles()
return isinstance(roles, list) and 'CHECKED' or ''
raise ValueError(
"The permission <em>%s</em> is invalid." % escape(permission))
# Local roles support
# -------------------
#
# Local roles allow a user to be given extra roles in the context
# of a particular object (and its children). When a user is given
# extra roles in a particular object, an entry for that user is made
# in the __ac_local_roles__ dict containing the extra roles.
def has_local_roles(self):
dict=self.__ac_local_roles__ or {}
return len(dict)
def get_local_roles(self):
dict=self.__ac_local_roles__ or {}
keys=dict.keys()
keys.sort()
info=[]
for key in keys:
value=tuple(dict[key])
info.append((key, value))
return tuple(info)
def users_with_local_role(self, role):
got = {}
for user, roles in self.get_local_roles():
if role in roles:
got[user] = 1
return got.keys()
def get_valid_userids(self):
item=self
dict={}
_notfound = []
while 1:
aclu = getattr(aq_base(item), '__allow_groups__', _notfound)
if aclu is not _notfound:
mlu = getattr(aclu, 'maxlistusers', _notfound)
if not isinstance(mlu, int):
mlu = DEFAULTMAXLISTUSERS
if mlu < 0:
raise OverflowError
un = getattr(aclu, 'user_names', _notfound)
if un is not _notfound:
un = aclu.__of__(item).user_names # rewrap
unl = un()
# maxlistusers of 0 is list all
if len(unl) > mlu and mlu != 0:
raise OverflowError
for name in unl:
dict[name]=1
item = getattr(item, '__parent__', _notfound)
if item is _notfound:
break
keys=dict.keys()
keys.sort()
return tuple(keys)
def get_local_roles_for_userid(self, userid):
dict=self.__ac_local_roles__ or {}
return tuple(dict.get(userid, []))
security.declareProtected(change_permissions, 'manage_addLocalRoles')
def manage_addLocalRoles(self, userid, roles):
"""Set local roles for a user."""
if not roles:
raise ValueError('One or more roles must be given!')
dict = self.__ac_local_roles__
if dict is None:
self.__ac_local_roles__ = dict = {}
local_roles = list(dict.get(userid, []))
for r in roles:
if r not in local_roles:
local_roles.append(r)
dict[userid] = local_roles
self._p_changed=True
security.declareProtected(change_permissions, 'manage_setLocalRoles')
def manage_setLocalRoles(self, userid, roles):
"""Set local roles for a user."""
if not roles:
raise ValueError('One or more roles must be given!')
dict = self.__ac_local_roles__
if dict is None:
self.__ac_local_roles__ = dict = {}
dict[userid]=roles
self._p_changed = True
security.declareProtected(change_permissions, 'manage_delLocalRoles')
def manage_delLocalRoles(self, userids):
"""Remove all local roles for a user."""
dict = self.__ac_local_roles__
if dict is None:
self.__ac_local_roles__ = dict = {}
for userid in userids:
if userid in dict:
del dict[userid]
self._p_changed=True
#------------------------------------------------------------
security.declarePrivate('access_debug_info')
def access_debug_info(self):
"""Return debug info.
"""
clas=class_attrs(self)
inst=instance_attrs(self)
data=[]
_add=data.append
for key, value in inst.items():
if key.find('__roles__') >= 0:
_add({'name': key, 'value': value, 'class': 0})
if hasattr(value, '__roles__'):
_add({'name': '%s.__roles__' % key, 'value': value.__roles__,
'class': 0})
for key, value in clas.items():
if key.find('__roles__') >= 0:
_add({'name': key, 'value': value, 'class': 1})
if hasattr(value, '__roles__'):
_add({'name': '%s.__roles__' % key, 'value': value.__roles__,
'class': 1})
return data
def valid_roles(self):
"""Return list of valid roles.
"""
obj=self
dict={}
dup =dict.has_key
x=0
while x < 100:
if hasattr(obj, '__ac_roles__'):
roles=obj.__ac_roles__
for role in roles:
if not dup(role):
dict[role]=1
if getattr(obj, '__parent__', None) is None:
break
obj=obj.__parent__
x=x+1
roles=dict.keys()
roles.sort()
return tuple(roles)
def validate_roles(self, roles):
"""Return true if all given roles are valid.
"""
valid=self.valid_roles()
for role in roles:
if role not in valid:
return 0
return 1
security.declareProtected(change_permissions, 'userdefined_roles')
def userdefined_roles(self):
"""Return list of user-defined roles.
"""
roles = list(self.__ac_roles__)
for role in classattr(self.__class__, '__ac_roles__'):
try:
roles.remove(role)
except:
pass
return tuple(roles)
def possible_permissions(self):
d = {}
permissions = getPermissions()
for p in permissions:
d[p[0]] = 1
for p in self.ac_inherited_permissions(1):
d[p[0]] = 1
d = d.keys()
d.sort()
return d
InitializeClass(BaseRoleManager)
def reqattr(request, attr):
try:
return request[attr]
except:
return None
def classattr(cls, attr):
if hasattr(cls, attr):
return getattr(cls, attr)
try:
bases = cls.__bases__
except:
bases = ()
for base in bases:
if classattr(base, attr):
return attr
return None
def instance_dict(inst):
try:
return inst.__dict__
except:
return {}
def class_dict(_class):
try:
return _class.__dict__
except:
return {}
def instance_attrs(inst):
return instance_dict(inst)
def class_attrs(inst, _class=None, data=None):
if _class is None:
_class=inst.__class__
data={}
clas_dict=class_dict(_class)
inst_dict=instance_dict(inst)
inst_attr=inst_dict.has_key
for key, value in clas_dict.items():
if not inst_attr(key):
data[key]=value
for base in _class.__bases__:
data=class_attrs(inst, base, data)
return data
def gather_permissions(klass, result, seen):
for base in klass.__bases__:
if '__ac_permissions__' in base.__dict__:
for p in base.__ac_permissions__:
name=p[0]
if name in seen:
continue
result.append((name, ()))
seen[name] = None
gather_permissions(base, result, seen)
return result
# BBB - this is a bit odd, but the class variable RoleManager.manage_options
# is used by a lot of code and this isn't available on the deferredimport
# wrapper
try:
from OFS.role import RoleManager
RoleManager # pyflakes
except ImportError:
from zope.deferredimport import deprecated
deprecated("RoleManager is no longer part of AccessControl, please "
"depend on Zope2 and import from OFS.role",
# BBB
from .rolemanager import DEFAULTMAXLISTUSERS
from .rolemanager import _isBeingUsedAsAMethod
from .rolemanager import _isNotBeingUsedAsAMethod
from .rolemanager import BaseRoleManager
from .rolemanager import reqattr
from .rolemanager import classattr
from .rolemanager import instance_dict
from .rolemanager import class_dict
from .rolemanager import instance_attrs
from .rolemanager import class_attrs
from .rolemanager import gather_permissions
from zope.deferredimport import deprecated
deprecated("RoleManager is no longer part of AccessControl, please "
"depend on Zope2 and import from OFS.role or use the "
"BaseRoleManager class from AccessControl.rolemanager.",
RoleManager = 'OFS.role:RoleManager',
)
)
......@@ -35,18 +35,20 @@ from App.Management import Navigation
from App.Management import Tabs
from App.special_dtml import DTMLFile
from App.Dialogs import MessageDialog
from OFS.role import RoleManager
from OFS.SimpleItem import Item
import AuthEncoding
import SpecialUsers
from interfaces import IStandardUserFolder
from requestmethod import requestmethod
from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
from Role import RoleManager, DEFAULTMAXLISTUSERS
from SecurityManagement import getSecurityManager
from SecurityManagement import newSecurityManager
from SecurityManagement import noSecurityManager
from ZopeSecurityPolicy import _noroles
from AccessControl import AuthEncoding
from AccessControl import SpecialUsers
from .interfaces import IStandardUserFolder
from .requestmethod import requestmethod
from .PermissionRole import _what_not_even_god_should_do
from .PermissionRole import rolesForPermissionOn
from .rolemanager import DEFAULTMAXLISTUSERS
from .SecurityManagement import getSecurityManager
from .SecurityManagement import newSecurityManager
from .SecurityManagement import noSecurityManager
from .ZopeSecurityPolicy import _noroles
_marker=[]
......
##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Access control support
"""
from cgi import escape
from Acquisition import Acquired
from Acquisition import aq_base
from Acquisition import aq_get
from ExtensionClass import Base
from zope.interface import implements
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from AccessControl.interfaces import IRoleManager
from AccessControl.Permission import getPermissions
from AccessControl.Permission import Permission
from AccessControl.PermissionMapping import RoleManager
from AccessControl.Permissions import change_permissions
from AccessControl.SecurityManagement import newSecurityManager
DEFAULTMAXLISTUSERS = 250
def _isBeingUsedAsAMethod(self):
return aq_get(self, '_isBeingUsedAsAMethod_', 0)
def _isNotBeingUsedAsAMethod(self):
return not aq_get(self, '_isBeingUsedAsAMethod_', 0)
class BaseRoleManager(Base, RoleManager):
"""An object that has configurable permissions"""
implements(IRoleManager)
permissionMappingPossibleValues=Acquired
security = ClassSecurityInfo()
__ac_roles__ = ('Manager', 'Owner', 'Anonymous', 'Authenticated')
__ac_local_roles__ = None
security.declareProtected(change_permissions, 'ac_inherited_permissions')
def ac_inherited_permissions(self, all=0):
# Get all permissions not defined in ourself that are inherited
# This will be a sequence of tuples with a name as the first item and
# an empty tuple as the second.
d = {}
perms = self.__ac_permissions__
for p in perms:
d[p[0]] = None
r = gather_permissions(self.__class__, [], d)
if all:
if hasattr(self, '_subobject_permissions'):
for p in self._subobject_permissions():
pname=p[0]
if not pname in d:
d[pname] = 1
r.append(p)
r = list(perms) + r
r.sort()
return tuple(r)
security.declareProtected(change_permissions, 'permission_settings')
def permission_settings(self, permission=None):
"""Return user-role permission settings.
If 'permission' is passed to the method then only the settings for
'permission' is returned.
"""
result=[]
valid=self.valid_roles()
indexes=range(len(valid))
ip=0
permissions = self.ac_inherited_permissions(1)
# Filter permissions
if permission:
permissions = [p for p in permissions if p[0] == permission]
for p in permissions:
name, value = p[:2]
p=Permission(name, value, self)
roles = p.getRoles(default=[])
d={'name': name,
'acquire': isinstance(roles, list) and 'CHECKED' or '',
'roles': map(
lambda ir, roles=roles, valid=valid, ip=ip:
{
'name': "p%dr%d" % (ip, ir),
'checked': (valid[ir] in roles) and 'CHECKED' or '',
},
indexes)
}
ip = ip + 1
result.append(d)
return result
security.declareProtected(change_permissions, 'manage_role')
def manage_role(self, role_to_manage, permissions=[]):
"""Change the permissions given to the given role.
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p=Permission(name, value, self)
p.setRole(role_to_manage, name in permissions)
security.declareProtected(change_permissions, 'manage_acquiredPermissions')
def manage_acquiredPermissions(self, permissions=[]):
"""Change the permissions that acquire.
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles()
if roles is None:
continue
if name in permissions:
p.setRoles(list(roles))
else:
p.setRoles(tuple(roles))
def manage_getUserRolesAndPermissions(self, user_id):
""" Used for permission/role reporting for a given user_id.
Returns a dict mapping
'user_defined_in' -> path where the user account is defined
'roles' -> global roles,
'roles_in_context' -> roles in context of the current object,
'allowed_permissions' -> permissions allowed for the user,
'disallowed_permissions' -> all other permissions
"""
d = {}
current = self
while 1:
try:
uf = current.acl_users
except AttributeError:
raise ValueError('User %s could not be found' % user_id)
userObj = uf.getUser(user_id)
if userObj:
break
else:
current = current.__parent__
newSecurityManager(None, userObj) # necessary?
userObj = userObj.__of__(uf)
d = {'user_defined_in': '/' + uf.absolute_url(1)}
# roles
roles = list(userObj.getRoles())
roles.sort()
d['roles'] = roles
# roles in context
roles = list(userObj.getRolesInContext(self))
roles.sort()
d['roles_in_context'] = roles
# permissions
allowed = []
disallowed = []
permMap = self.manage_getPermissionMapping()
for item in permMap:
p = item['permission_name']
if userObj.has_permission(p, self):
allowed.append(p)
else:
disallowed.append(p)
d['allowed_permissions'] = allowed
d['disallowed_permissions'] = disallowed
return d
security.declareProtected(change_permissions, 'manage_permission')
def manage_permission(self, permission_to_manage, roles=[], acquire=0):
"""Change the settings for the given permission.
If optional arg acquire is true, then the roles for the permission
are acquired, in addition to the ones specified, otherwise the
permissions are restricted to only the designated roles.
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission_to_manage:
p = Permission(name, value, self)
if acquire:
roles=list(roles)
else:
roles=tuple(roles)
p.setRoles(roles)
return
raise ValueError(
"The permission <em>%s</em> is invalid." %
escape(permission_to_manage))
security.declareProtected(change_permissions, 'permissionsOfRole')
def permissionsOfRole(self, role):
"""Returns a role to permission mapping.
"""
r = []
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles()
r.append({'name': name,
'selected': role in roles and 'SELECTED' or '',
})
return r
security.declareProtected(change_permissions, 'rolesOfPermission')
def rolesOfPermission(self, permission):
"""Returns a permission to role mapping.
"""
valid_roles = self.valid_roles()
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name==permission:
p = Permission(name, value, self)
roles = p.getRoles()
return map(
lambda role, roles=roles:
{'name': role,
'selected': role in roles and 'SELECTED' or '',
},
valid_roles)
raise ValueError(
"The permission <em>%s</em> is invalid." % escape(permission))
security.declareProtected(change_permissions, 'acquiredRolesAreUsedBy')
def acquiredRolesAreUsedBy(self, permission):
"""
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name==permission:
p=Permission(name, value, self)
roles = p.getRoles()
return isinstance(roles, list) and 'CHECKED' or ''
raise ValueError(
"The permission <em>%s</em> is invalid." % escape(permission))
# Local roles support
# -------------------
#
# Local roles allow a user to be given extra roles in the context
# of a particular object (and its children). When a user is given
# extra roles in a particular object, an entry for that user is made
# in the __ac_local_roles__ dict containing the extra roles.
def has_local_roles(self):
dict=self.__ac_local_roles__ or {}
return len(dict)
def get_local_roles(self):
dict=self.__ac_local_roles__ or {}
keys=dict.keys()
keys.sort()
info=[]
for key in keys:
value=tuple(dict[key])
info.append((key, value))
return tuple(info)
def users_with_local_role(self, role):
got = {}
for user, roles in self.get_local_roles():
if role in roles:
got[user] = 1
return got.keys()
def get_valid_userids(self):
item=self
dict={}
_notfound = []
while 1:
aclu = getattr(aq_base(item), '__allow_groups__', _notfound)
if aclu is not _notfound:
mlu = getattr(aclu, 'maxlistusers', _notfound)
if not isinstance(mlu, int):
mlu = DEFAULTMAXLISTUSERS
if mlu < 0:
raise OverflowError
un = getattr(aclu, 'user_names', _notfound)
if un is not _notfound:
un = aclu.__of__(item).user_names # rewrap
unl = un()
# maxlistusers of 0 is list all
if len(unl) > mlu and mlu != 0:
raise OverflowError
for name in unl:
dict[name]=1
item = getattr(item, '__parent__', _notfound)
if item is _notfound:
break
keys=dict.keys()
keys.sort()
return tuple(keys)
def get_local_roles_for_userid(self, userid):
dict=self.__ac_local_roles__ or {}
return tuple(dict.get(userid, []))
security.declareProtected(change_permissions, 'manage_addLocalRoles')
def manage_addLocalRoles(self, userid, roles):
"""Set local roles for a user."""
if not roles:
raise ValueError('One or more roles must be given!')
dict = self.__ac_local_roles__
if dict is None:
self.__ac_local_roles__ = dict = {}
local_roles = list(dict.get(userid, []))
for r in roles:
if r not in local_roles:
local_roles.append(r)
dict[userid] = local_roles
self._p_changed=True
security.declareProtected(change_permissions, 'manage_setLocalRoles')
def manage_setLocalRoles(self, userid, roles):
"""Set local roles for a user."""
if not roles:
raise ValueError('One or more roles must be given!')
dict = self.__ac_local_roles__
if dict is None:
self.__ac_local_roles__ = dict = {}
dict[userid]=roles
self._p_changed = True
security.declareProtected(change_permissions, 'manage_delLocalRoles')
def manage_delLocalRoles(self, userids):
"""Remove all local roles for a user."""
dict = self.__ac_local_roles__
if dict is None:
self.__ac_local_roles__ = dict = {}
for userid in userids:
if userid in dict:
del dict[userid]
self._p_changed=True
#------------------------------------------------------------
security.declarePrivate('access_debug_info')
def access_debug_info(self):
"""Return debug info.
"""
clas=class_attrs(self)
inst=instance_attrs(self)
data=[]
_add=data.append
for key, value in inst.items():
if key.find('__roles__') >= 0:
_add({'name': key, 'value': value, 'class': 0})
if hasattr(value, '__roles__'):
_add({'name': '%s.__roles__' % key, 'value': value.__roles__,
'class': 0})
for key, value in clas.items():
if key.find('__roles__') >= 0:
_add({'name': key, 'value': value, 'class': 1})
if hasattr(value, '__roles__'):
_add({'name': '%s.__roles__' % key, 'value': value.__roles__,
'class': 1})
return data
def valid_roles(self):
"""Return list of valid roles.
"""
obj=self
dict={}
dup =dict.has_key
x=0
while x < 100:
if hasattr(obj, '__ac_roles__'):
roles=obj.__ac_roles__
for role in roles:
if not dup(role):
dict[role]=1
if getattr(obj, '__parent__', None) is None:
break
obj=obj.__parent__
x=x+1
roles=dict.keys()
roles.sort()
return tuple(roles)
def validate_roles(self, roles):
"""Return true if all given roles are valid.
"""
valid=self.valid_roles()
for role in roles:
if role not in valid:
return 0
return 1
security.declareProtected(change_permissions, 'userdefined_roles')
def userdefined_roles(self):
"""Return list of user-defined roles.
"""
roles = list(self.__ac_roles__)
for role in classattr(self.__class__, '__ac_roles__'):
try:
roles.remove(role)
except:
pass
return tuple(roles)
def possible_permissions(self):
d = {}
permissions = getPermissions()
for p in permissions:
d[p[0]] = 1
for p in self.ac_inherited_permissions(1):
d[p[0]] = 1
d = d.keys()
d.sort()
return d
InitializeClass(BaseRoleManager)
def reqattr(request, attr):
try:
return request[attr]
except:
return None
def classattr(cls, attr):
if hasattr(cls, attr):
return getattr(cls, attr)
try:
bases = cls.__bases__
except:
bases = ()
for base in bases:
if classattr(base, attr):
return attr
return None
def instance_dict(inst):
try:
return inst.__dict__
except:
return {}
def class_dict(_class):
try:
return _class.__dict__
except:
return {}
def instance_attrs(inst):
return instance_dict(inst)
def class_attrs(inst, _class=None, data=None):
if _class is None:
_class=inst.__class__
data={}
clas_dict=class_dict(_class)
inst_dict=instance_dict(inst)
inst_attr=inst_dict.has_key
for key, value in clas_dict.items():
if not inst_attr(key):
data[key]=value
for base in _class.__bases__:
data=class_attrs(inst, base, data)
return data
def gather_permissions(klass, result, seen):
for base in klass.__bases__:
if '__ac_permissions__' in base.__dict__:
for p in base.__ac_permissions__:
name=p[0]
if name in seen:
continue
result.append((name, ()))
seen[name] = None
gather_permissions(base, result, seen)
return result
......@@ -5,7 +5,7 @@ class TestRoleManager(unittest.TestCase):
def test_interfaces(self):
from AccessControl.interfaces import IRoleManager
from AccessControl.Role import BaseRoleManager
from AccessControl.rolemanager import BaseRoleManager
from zope.interface.verify import verifyClass
verifyClass(IRoleManager, BaseRoleManager)
......
......@@ -15,9 +15,9 @@
from AccessControl.class_init import InitializeClass
from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Implicit
from OFS.role import RoleManager
from OFS.SimpleItem import Item
from Persistence import Persistent
......
......@@ -16,7 +16,6 @@ from urllib import quote
from AccessControl.class_init import InitializeClass
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.Role import RoleManager
from Acquisition import Implicit
from App.special_dtml import DTMLFile
from App.special_dtml import HTML
......@@ -33,6 +32,7 @@ from DocumentTemplate.security import RestrictedDTML
from OFS.Cache import Cacheable
from OFS.History import Historical
from OFS.History import html_diff
from OFS.role import RoleManager
from OFS.SimpleItem import Item_w__name__
from OFS.ZDOM import ElementWithTitle
from webdav.Lockable import ResourceLockedError
......
......@@ -20,7 +20,6 @@ $Id$
from AccessControl.class_init import InitializeClass
from AccessControl.Permissions import add_page_templates
from AccessControl.Permissions import add_user_folders
from AccessControl.Role import RoleManager
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.unauthorized import Unauthorized
from App.special_dtml import DTMLFile
......@@ -31,6 +30,7 @@ from OFS.FindSupport import FindSupport
from OFS.interfaces import IFolder
from OFS.ObjectManager import ObjectManager
from OFS.PropertyManager import PropertyManager
from OFS.role import RoleManager
from OFS.SimpleItem import Item
......
......@@ -25,7 +25,6 @@ from AccessControl.Permissions import view_management_screens
from AccessControl.Permissions import view as View
from AccessControl.Permissions import ftp_access
from AccessControl.Permissions import delete_objects
from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Implicit
from App.special_dtml import DTMLFile
......@@ -44,6 +43,7 @@ from zope.interface import implements
from OFS.Cache import Cacheable
from OFS.PropertyManager import PropertyManager
from OFS.role import RoleManager
from OFS.SimpleItem import Item_w__name__
from zope.event import notify
......
......@@ -30,7 +30,6 @@ from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.Owned import Owned
from AccessControl.Permissions import view as View
from AccessControl.Role import RoleManager
from AccessControl.unauthorized import Unauthorized
from AccessControl.ZopeSecurityPolicy import getRoles
from Acquisition import Acquired
......@@ -58,6 +57,7 @@ from OFS.interfaces import IItem
from OFS.interfaces import IItemWithName
from OFS.interfaces import ISimpleItem
from OFS.CopySupport import CopySource
from OFS.role import RoleManager
from OFS.Traversable import Traversable
from OFS.ZDOM import Element
......
......@@ -19,8 +19,8 @@ from App.special_dtml import DTMLFile
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from AccessControl.Role import BaseRoleManager
from AccessControl.Role import reqattr
from AccessControl.rolemanager import BaseRoleManager
from AccessControl.rolemanager import reqattr
from AccessControl.Permission import Permission
from AccessControl.Permissions import change_permissions
from AccessControl.requestmethod import requestmethod
......
......@@ -26,7 +26,6 @@ from AccessControl.class_init import InitializeClass
from AccessControl.Permissions import change_external_methods
from AccessControl.Permissions import view_management_screens
from AccessControl.Permissions import view as View
from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Acquired
from Acquisition import Explicit
......@@ -36,6 +35,7 @@ from App.Extensions import getPath
from App.Extensions import FuncCode
from App.special_dtml import DTMLFile
from App.special_dtml import HTML
from OFS.role import RoleManager
from OFS.SimpleItem import Item
from OFS.SimpleItem import pretty_tb
from Persistence import Persistent
......
......@@ -40,11 +40,11 @@ from AccessControl.class_init import InitializeClass
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.Permissions import change_configuration, view
from AccessControl.Permissions import use_mailhost_services
from AccessControl.Role import RoleManager
from Acquisition import Implicit
from App.special_dtml import DTMLFile
from DateTime.DateTime import DateTime
from Persistence import Persistent
from OFS.role import RoleManager
from OFS.SimpleItem import Item
from zope.interface import implements
......
......@@ -24,7 +24,6 @@ from urlparse import urlunparse
from AccessControl.class_init import InitializeClass
from AccessControl.Owned import Owned
from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Implicit
from Acquisition import aq_parent
......@@ -33,6 +32,7 @@ from App.Management import Tabs
from App.special_dtml import DTMLFile
from Persistence import Persistent
from persistent import TimeStamp
from OFS.role import RoleManager
from OFS.SimpleItem import Item
from ZPublisher.BeforeTraverse import registerBeforeTraverse
from ZPublisher.BeforeTraverse import unregisterBeforeTraverse
......
......@@ -16,11 +16,11 @@ import sys
from AccessControl.class_init import InitializeClass
from AccessControl.Owned import Owned
from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Implicit
from App.special_dtml import DTMLFile
from App.Management import Tabs
from OFS.role import RoleManager
from OFS.SimpleItem import Item
from Persistence import Persistent
from ZPublisher.BeforeTraverse import registerBeforeTraverse
......
......@@ -21,12 +21,12 @@ import os
import re
import string
from AccessControl.Role import RoleManager
from Acquisition import Implicit
from App.Common import package_home
from DateTime.DateTime import DateTime
from DocumentTemplate import File
from DocumentTemplate import HTML
from OFS.role import RoleManager
from OFS.SimpleItem import Item
from Persistence import Persistent
from zExceptions import Redirect
......
......@@ -26,13 +26,13 @@ from AccessControl.Permissions import view_management_screens
from AccessControl.Permissions import change_database_connections
from AccessControl.Permissions import test_database_connections
from AccessControl.Permissions import open_close_database_connection
from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Implicit
from App.Dialogs import MessageDialog
from App.special_dtml import DTMLFile
from DateTime.DateTime import DateTime
from DocumentTemplate import HTML
from OFS.role import RoleManager
from OFS.SimpleItem import Item
from Persistence import Persistent
from zExceptions import BadRequest
......
......@@ -23,7 +23,6 @@ from AccessControl.class_init import InitializeClass
from AccessControl.Permissions import change_database_methods
from AccessControl.Permissions import use_database_methods
from AccessControl.Permissions import view_management_screens
from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.SecurityManagement import getSecurityManager
from Acquisition import Implicit
......@@ -35,6 +34,7 @@ from DocumentTemplate.security import RestrictedDTML
from DateTime.DateTime import DateTime
from ExtensionClass import Base
from BTrees.OOBTree import OOBucket as Bucket
from OFS.role import RoleManager
from OFS.SimpleItem import Item
from Persistence import Persistent
from webdav.Resource import Resource
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment