Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
8121aef8
Commit
8121aef8
authored
Jun 05, 2010
by
Hanno Schlichting
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Some PEP8 cleanup
parent
85c9193b
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
198 additions
and
138 deletions
+198
-138
src/AccessControl/Permission.py
src/AccessControl/Permission.py
+74
-48
src/AccessControl/Role.py
src/AccessControl/Role.py
+124
-90
No files found.
src/AccessControl/Permission.py
View file @
8121aef8
...
@@ -20,110 +20,135 @@ import string
...
@@ -20,110 +20,135 @@ import string
from
Acquisition
import
aq_base
from
Acquisition
import
aq_base
name_trans
=
filter
(
lambda
c
,
an
=
string
.
letters
+
string
.
digits
+
'_'
:
c
not
in
an
,
name_trans
=
filter
(
lambda
c
,
an
=
string
.
letters
+
string
.
digits
+
'_'
:
c
not
in
an
,
map
(
chr
,
range
(
256
)))
map
(
chr
,
range
(
256
)))
name_trans
=
string
.
maketrans
(
''
.
join
(
name_trans
),
'_'
*
len
(
name_trans
))
name_trans
=
string
.
maketrans
(
''
.
join
(
name_trans
),
'_'
*
len
(
name_trans
))
def
pname
(
name
,
translate
=
string
.
translate
,
name_trans
=
name_trans
):
def
pname
(
name
,
translate
=
string
.
translate
,
name_trans
=
name_trans
):
return
'_'
+
translate
(
name
,
name_trans
)
+
"_Permission"
return
'_'
+
translate
(
name
,
name_trans
)
+
"_Permission"
_marker
=
[]
_marker
=
[]
class
Permission
:
class
Permission
:
# A Permission maps a named logical permission to a set
# A Permission maps a named logical permission to a set
# of attribute names. Attribute names which appear in a
# of attribute names. Attribute names which appear in a
# permission may not appear in any other permission defined
# permission may not appear in any other permission defined
# by the object.
# by the object.
def
__init__
(
self
,
name
,
data
,
obj
,
default
=
None
):
def
__init__
(
self
,
name
,
data
,
obj
,
default
=
None
):
self
.
name
=
name
self
.
name
=
name
self
.
_p
=
'_'
+
string
.
translate
(
name
,
name_trans
)
+
"_Permission"
self
.
_p
=
'_'
+
string
.
translate
(
name
,
name_trans
)
+
"_Permission"
self
.
data
=
data
self
.
data
=
data
self
.
obj
=
aq_base
(
obj
)
self
.
obj
=
aq_base
(
obj
)
self
.
default
=
default
self
.
default
=
default
def
getRoles
(
self
,
default
=
_marker
):
def
getRoles
(
self
,
default
=
_marker
):
# Return the list of role names which have been given
# Return the list of role names which have been given
# this permission for the object in question. To do
# this permission for the object in question. To do
# this, we try to get __roles__ from all of the object
# this, we try to get __roles__ from all of the object
# attributes that this permission represents.
# attributes that this permission represents.
obj
=
self
.
obj
obj
=
self
.
obj
name
=
self
.
_p
name
=
self
.
_p
if
hasattr
(
obj
,
name
):
return
getattr
(
obj
,
name
)
if
hasattr
(
obj
,
name
):
roles
=
default
return
getattr
(
obj
,
name
)
roles
=
default
for
name
in
self
.
data
:
for
name
in
self
.
data
:
if
name
:
if
name
:
if
hasattr
(
obj
,
name
):
if
hasattr
(
obj
,
name
):
attr
=
getattr
(
obj
,
name
)
attr
=
getattr
(
obj
,
name
)
if
hasattr
(
attr
,
'im_self'
):
if
hasattr
(
attr
,
'im_self'
):
attr
=
attr
.
im_self
attr
=
attr
.
im_self
if
hasattr
(
attr
,
'__dict__'
):
if
hasattr
(
attr
,
'__dict__'
):
attr
=
attr
.
__dict__
attr
=
attr
.
__dict__
name
=
name
+
'__roles__'
name
=
name
+
'__roles__'
if
attr
.
has_key
(
name
)
:
if
name
in
attr
:
roles
=
attr
[
name
]
roles
=
attr
[
name
]
break
break
elif
hasattr
(
obj
,
'__dict__'
):
elif
hasattr
(
obj
,
'__dict__'
):
attr
=
obj
.
__dict__
attr
=
obj
.
__dict__
if
attr
.
has_key
(
'__roles__'
)
:
if
'__roles__'
in
attr
:
roles
=
attr
[
'__roles__'
]
roles
=
attr
[
'__roles__'
]
break
break
if
roles
:
if
roles
:
try
:
try
:
if
'Shared'
not
in
roles
:
return
tuple
(
roles
)
if
'Shared'
not
in
roles
:
roles
=
list
(
roles
)
return
tuple
(
roles
)
roles
=
list
(
roles
)
roles
.
remove
(
'Shared'
)
roles
.
remove
(
'Shared'
)
return
roles
return
roles
except
:
return
[]
except
:
return
[]
if
roles
is
None
:
return
[
'Manager'
,
'Anonymous'
]
if
roles
is
None
:
if
roles
is
_marker
:
return
[
'Manager'
]
return
[
'Manager'
,
'Anonymous'
]
if
roles
is
_marker
:
return
[
'Manager'
]
return
roles
return
roles
def
setRoles
(
self
,
roles
):
def
setRoles
(
self
,
roles
):
obj
=
self
.
obj
obj
=
self
.
obj
if
isinstance
(
roles
,
list
)
and
not
roles
:
if
isinstance
(
roles
,
list
)
and
not
roles
:
if
hasattr
(
obj
,
self
.
_p
):
delattr
(
obj
,
self
.
_p
)
if
hasattr
(
obj
,
self
.
_p
):
delattr
(
obj
,
self
.
_p
)
else
:
else
:
setattr
(
obj
,
self
.
_p
,
roles
)
setattr
(
obj
,
self
.
_p
,
roles
)
for
name
in
self
.
data
:
for
name
in
self
.
data
:
if
name
==
''
:
attr
=
obj
if
name
==
''
:
else
:
attr
=
getattr
(
obj
,
name
)
attr
=
obj
try
:
del
attr
.
__roles__
else
:
except
:
pass
attr
=
getattr
(
obj
,
name
)
try
:
delattr
(
obj
,
name
+
'__roles__'
)
try
:
except
:
pass
del
attr
.
__roles__
except
:
pass
try
:
delattr
(
obj
,
name
+
'__roles__'
)
except
:
pass
def
setRole
(
self
,
role
,
present
):
def
setRole
(
self
,
role
,
present
):
roles
=
self
.
getRoles
()
roles
=
self
.
getRoles
()
if
role
in
roles
:
if
role
in
roles
:
if
present
:
return
if
present
:
if
isinstance
(
roles
,
list
):
roles
.
remove
(
role
)
return
if
isinstance
(
roles
,
list
):
roles
.
remove
(
role
)
else
:
else
:
roles
=
list
(
roles
)
roles
=
list
(
roles
)
roles
.
remove
(
role
)
roles
.
remove
(
role
)
roles
=
tuple
(
roles
)
roles
=
tuple
(
roles
)
elif
not
present
:
return
elif
not
present
:
return
else
:
else
:
if
isinstance
(
roles
,
list
):
roles
.
append
(
role
)
if
isinstance
(
roles
,
list
):
else
:
roles
=
roles
+
(
role
,)
roles
.
append
(
role
)
else
:
roles
=
roles
+
(
role
,
)
self
.
setRoles
(
roles
)
self
.
setRoles
(
roles
)
def
__len__
(
self
):
return
1
def
__len__
(
self
):
def
__str__
(
self
):
return
self
.
name
return
1
def
__str__
(
self
):
return
self
.
name
_registeredPermissions
=
{}
_registeredPermissions
=
{}
_registerdPermission
=
_registeredPermissions
.
has_key
_registerdPermission
=
_registeredPermissions
.
has_key
def
registerPermissions
(
permissions
,
defaultDefault
=
(
'Manager'
,)):
def
registerPermissions
(
permissions
,
defaultDefault
=
(
'Manager'
,
)):
"""Register an __ac_permissions__ sequence.
"""Register an __ac_permissions__ sequence.
"""
"""
import
Products
import
Products
for
setting
in
permissions
:
for
setting
in
permissions
:
if
_registerdPermission
(
setting
[
0
]):
continue
if
_registerdPermission
(
setting
[
0
]):
continue
if
len
(
setting
)
==
2
:
if
len
(
setting
)
==
2
:
perm
,
methods
=
setting
perm
,
methods
=
setting
default
=
defaultDefault
default
=
defaultDefault
...
@@ -132,12 +157,13 @@ def registerPermissions(permissions, defaultDefault=('Manager',)):
...
@@ -132,12 +157,13 @@ def registerPermissions(permissions, defaultDefault=('Manager',)):
_registeredPermissions
[
perm
]
=
1
_registeredPermissions
[
perm
]
=
1
Products_permissions
=
getattr
(
Products
,
'__ac_permissions__'
,
())
Products_permissions
=
getattr
(
Products
,
'__ac_permissions__'
,
())
Products
.
__ac_permissions__
=
(
Products
.
__ac_permissions__
=
(
Products_permissions
+
((
perm
,
(),
default
),))
Products_permissions
+
((
perm
,
(),
default
),
))
mangled
=
pname
(
perm
)
# get mangled permission name
mangled
=
pname
(
perm
)
# get mangled permission name
if
not
hasattr
(
ApplicationDefaultPermissions
,
mangled
):
if
not
hasattr
(
ApplicationDefaultPermissions
,
mangled
):
setattr
(
ApplicationDefaultPermissions
,
setattr
(
ApplicationDefaultPermissions
,
mangled
,
default
)
mangled
,
default
)
class
ApplicationDefaultPermissions
:
class
ApplicationDefaultPermissions
:
_View_Permission
=
(
'Manager'
,
'Anonymous'
)
_View_Permission
=
(
'Manager'
,
'Anonymous'
)
_Access_contents_information_Permission
=
(
'Manager'
,
'Anonymous'
)
_Access_contents_information_Permission
=
(
'Manager'
,
'Anonymous'
)
src/AccessControl/Role.py
View file @
8121aef8
...
@@ -19,25 +19,27 @@ from cgi import escape
...
@@ -19,25 +19,27 @@ from cgi import escape
from
Acquisition
import
Acquired
from
Acquisition
import
Acquired
from
Acquisition
import
aq_base
from
Acquisition
import
aq_base
from
Acquisition
import
aq_get
from
Acquisition
import
aq_get
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.SecurityManagement
import
newSecurityManager
from
AccessControl.Permissions
import
change_permissions
from
App.Dialogs
import
MessageDialog
from
App.Dialogs
import
MessageDialog
from
App.special_dtml
import
DTMLFile
from
App.special_dtml
import
DTMLFile
from
ExtensionClass
import
Base
from
ExtensionClass
import
Base
from
PermissionMapping
import
RoleManager
from
PermissionMapping
import
RoleManager
from
zope.interface
import
implements
from
zope.interface
import
implements
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.interfaces
import
IRoleManager
from
AccessControl.interfaces
import
IRoleManager
from
AccessControl.Permission
import
Permission
from
AccessControl.Permission
import
Permission
from
AccessControl.Permissions
import
change_permissions
from
AccessControl.requestmethod
import
requestmethod
from
AccessControl.requestmethod
import
requestmethod
from
AccessControl.SecurityManagement
import
newSecurityManager
DEFAULTMAXLISTUSERS
=
250
DEFAULTMAXLISTUSERS
=
250
def
_isBeingUsedAsAMethod
(
self
):
def
_isBeingUsedAsAMethod
(
self
):
return
aq_get
(
self
,
'_isBeingUsedAsAMethod_'
,
0
)
return
aq_get
(
self
,
'_isBeingUsedAsAMethod_'
,
0
)
def
_isNotBeingUsedAsAMethod
(
self
):
def
_isNotBeingUsedAsAMethod
(
self
):
return
not
aq_get
(
self
,
'_isBeingUsedAsAMethod_'
,
0
)
return
not
aq_get
(
self
,
'_isBeingUsedAsAMethod_'
,
0
)
...
@@ -51,8 +53,8 @@ class RoleManager(Base, RoleManager):
...
@@ -51,8 +53,8 @@ class RoleManager(Base, RoleManager):
security
=
ClassSecurityInfo
()
security
=
ClassSecurityInfo
()
manage_options
=
(
manage_options
=
(
{
'label'
:
'Security'
,
'action'
:
'manage_access'
,
{
'label'
:
'Security'
,
'action'
:
'manage_access'
,
'help'
:
(
'OFSP'
,
'Security.stx'
),
'help'
:
(
'OFSP'
,
'Security.stx'
),
},
},
)
)
...
@@ -67,20 +69,21 @@ class RoleManager(Base, RoleManager):
...
@@ -67,20 +69,21 @@ class RoleManager(Base, RoleManager):
# Get all permissions not defined in ourself that are inherited
# Get all permissions not defined in ourself that are inherited
# This will be a sequence of tuples with a name as the first item and
# This will be a sequence of tuples with a name as the first item and
# an empty tuple as the second.
# an empty tuple as the second.
d
=
{}
d
=
{}
perms
=
self
.
__ac_permissions__
perms
=
self
.
__ac_permissions__
for
p
in
perms
:
d
[
p
[
0
]]
=
None
for
p
in
perms
:
d
[
p
[
0
]]
=
None
r
=
gather_permissions
(
self
.
__class__
,
[],
d
)
r
=
gather_permissions
(
self
.
__class__
,
[],
d
)
if
all
:
if
all
:
if
hasattr
(
self
,
'_subobject_permissions'
):
if
hasattr
(
self
,
'_subobject_permissions'
):
for
p
in
self
.
_subobject_permissions
():
for
p
in
self
.
_subobject_permissions
():
pname
=
p
[
0
]
pname
=
p
[
0
]
if
not
d
.
has_key
(
pname
)
:
if
not
pname
in
d
:
d
[
pname
]
=
1
d
[
pname
]
=
1
r
.
append
(
p
)
r
.
append
(
p
)
r
=
list
(
perms
)
+
r
r
=
list
(
perms
)
+
r
r
.
sort
()
r
.
sort
()
return
tuple
(
r
)
return
tuple
(
r
)
...
@@ -104,19 +107,19 @@ class RoleManager(Base, RoleManager):
...
@@ -104,19 +107,19 @@ class RoleManager(Base, RoleManager):
for
p
in
permissions
:
for
p
in
permissions
:
name
,
value
=
p
[:
2
]
name
,
value
=
p
[:
2
]
p
=
Permission
(
name
,
value
,
self
)
p
=
Permission
(
name
,
value
,
self
)
roles
=
p
.
getRoles
(
default
=
[])
roles
=
p
.
getRoles
(
default
=
[])
d
=
{
'name'
:
name
,
d
=
{
'name'
:
name
,
'acquire'
:
isinstance
(
roles
,
list
)
and
'CHECKED'
or
''
,
'acquire'
:
isinstance
(
roles
,
list
)
and
'CHECKED'
or
''
,
'roles'
:
map
(
'roles'
:
map
(
lambda
ir
,
roles
=
roles
,
valid
=
valid
,
ip
=
ip
:
lambda
ir
,
roles
=
roles
,
valid
=
valid
,
ip
=
ip
:
{
{
'name'
:
"p%dr%d"
%
(
ip
,
ir
),
'name'
:
"p%dr%d"
%
(
ip
,
ir
),
'checked'
:
(
valid
[
ir
]
in
roles
)
and
'CHECKED'
or
''
,
'checked'
:
(
valid
[
ir
]
in
roles
)
and
'CHECKED'
or
''
,
},
},
indexes
)
indexes
)
}
}
ip
=
ip
+
1
ip
=
ip
+
1
result
.
append
(
d
)
result
.
append
(
d
)
return
result
return
result
...
@@ -133,10 +136,11 @@ class RoleManager(Base, RoleManager):
...
@@ -133,10 +136,11 @@ class RoleManager(Base, RoleManager):
"""
"""
for
p
in
self
.
ac_inherited_permissions
(
1
):
for
p
in
self
.
ac_inherited_permissions
(
1
):
name
,
value
=
p
[:
2
]
name
,
value
=
p
[:
2
]
p
=
Permission
(
name
,
value
,
self
)
p
=
Permission
(
name
,
value
,
self
)
p
.
setRole
(
role_to_manage
,
name
in
permissions
)
p
.
setRole
(
role_to_manage
,
name
in
permissions
)
if
REQUEST
is
not
None
:
return
self
.
manage_access
(
REQUEST
)
if
REQUEST
is
not
None
:
return
self
.
manage_access
(
REQUEST
)
security
.
declareProtected
(
change_permissions
,
'manage_acquiredForm'
)
security
.
declareProtected
(
change_permissions
,
'manage_acquiredForm'
)
manage_acquiredForm
=
DTMLFile
(
'dtml/acquiredEdit'
,
globals
(),
manage_acquiredForm
=
DTMLFile
(
'dtml/acquiredEdit'
,
globals
(),
...
@@ -151,13 +155,17 @@ class RoleManager(Base, RoleManager):
...
@@ -151,13 +155,17 @@ class RoleManager(Base, RoleManager):
"""
"""
for
p
in
self
.
ac_inherited_permissions
(
1
):
for
p
in
self
.
ac_inherited_permissions
(
1
):
name
,
value
=
p
[:
2
]
name
,
value
=
p
[:
2
]
p
=
Permission
(
name
,
value
,
self
)
p
=
Permission
(
name
,
value
,
self
)
roles
=
p
.
getRoles
()
roles
=
p
.
getRoles
()
if
roles
is
None
:
continue
if
roles
is
None
:
if
name
in
permissions
:
p
.
setRoles
(
list
(
roles
))
continue
else
:
p
.
setRoles
(
tuple
(
roles
))
if
name
in
permissions
:
p
.
setRoles
(
list
(
roles
))
else
:
p
.
setRoles
(
tuple
(
roles
))
if
REQUEST
is
not
None
:
return
self
.
manage_access
(
REQUEST
)
if
REQUEST
is
not
None
:
return
self
.
manage_access
(
REQUEST
)
def
manage_getUserRolesAndPermissions
(
self
,
user_id
):
def
manage_getUserRolesAndPermissions
(
self
,
user_id
):
""" Used for permission/role reporting for a given user_id.
""" Used for permission/role reporting for a given user_id.
...
@@ -167,9 +175,9 @@ class RoleManager(Base, RoleManager):
...
@@ -167,9 +175,9 @@ class RoleManager(Base, RoleManager):
'roles' -> global roles,
'roles' -> global roles,
'roles_in_context' -> roles in context of the current object,
'roles_in_context' -> roles in context of the current object,
'allowed_permissions' -> permissions allowed for the user,
'allowed_permissions' -> permissions allowed for the user,
'disallowed_permissions' -> all other permissions
'disallowed_permissions' -> all other permissions
"""
"""
d
=
{}
d
=
{}
current
=
self
current
=
self
...
@@ -189,7 +197,7 @@ class RoleManager(Base, RoleManager):
...
@@ -189,7 +197,7 @@ class RoleManager(Base, RoleManager):
newSecurityManager
(
None
,
userObj
)
# necessary?
newSecurityManager
(
None
,
userObj
)
# necessary?
userObj
=
userObj
.
__of__
(
uf
)
userObj
=
userObj
.
__of__
(
uf
)
d
=
{
'user_defined_in'
:
'/'
+
uf
.
absolute_url
(
1
)}
d
=
{
'user_defined_in'
:
'/'
+
uf
.
absolute_url
(
1
)}
# roles
# roles
roles
=
list
(
userObj
.
getRoles
())
roles
=
list
(
userObj
.
getRoles
())
...
@@ -237,26 +245,30 @@ class RoleManager(Base, RoleManager):
...
@@ -237,26 +245,30 @@ class RoleManager(Base, RoleManager):
"""
"""
for
p
in
self
.
ac_inherited_permissions
(
1
):
for
p
in
self
.
ac_inherited_permissions
(
1
):
name
,
value
=
p
[:
2
]
name
,
value
=
p
[:
2
]
if
name
==
permission_to_manage
:
if
name
==
permission_to_manage
:
p
=
Permission
(
name
,
value
,
self
)
p
=
Permission
(
name
,
value
,
self
)
if
acquire
:
roles
=
list
(
roles
)
if
acquire
:
else
:
roles
=
tuple
(
roles
)
roles
=
list
(
roles
)
else
:
roles
=
tuple
(
roles
)
p
.
setRoles
(
roles
)
p
.
setRoles
(
roles
)
if
REQUEST
is
not
None
:
return
self
.
manage_access
(
REQUEST
)
if
REQUEST
is
not
None
:
return
self
.
manage_access
(
REQUEST
)
return
return
raise
ValueError
,
(
raise
ValueError
(
"The permission <em>%s</em> is invalid."
%
"The permission <em>%s</em> is invalid."
%
escape
(
permission_to_manage
))
escape
(
permission_to_manage
))
_normal_manage_access
=
DTMLFile
(
'dtml/access'
,
globals
())
_normal_manage_access
=
DTMLFile
(
'dtml/access'
,
globals
())
manage_reportUserPermissions
=
DTMLFile
(
'dtml/reportUserPermissions'
,
globals
())
manage_reportUserPermissions
=
DTMLFile
(
'dtml/reportUserPermissions'
,
globals
())
security
.
declareProtected
(
change_permissions
,
'manage_access'
)
security
.
declareProtected
(
change_permissions
,
'manage_access'
)
def
manage_access
(
self
,
REQUEST
,
**
kw
):
def
manage_access
(
self
,
REQUEST
,
**
kw
):
"""Return an interface for making permissions settings.
"""Return an interface for making permissions settings.
"""
"""
return
apply
(
self
.
_normal_manage_access
,(),
kw
)
return
apply
(
self
.
_normal_manage_access
,
(),
kw
)
security
.
declareProtected
(
change_permissions
,
'manage_changePermissions'
)
security
.
declareProtected
(
change_permissions
,
'manage_changePermissions'
)
@
requestmethod
(
'POST'
)
@
requestmethod
(
'POST'
)
...
@@ -269,13 +281,15 @@ class RoleManager(Base, RoleManager):
...
@@ -269,13 +281,15 @@ class RoleManager(Base, RoleManager):
permissions
=
self
.
ac_inherited_permissions
(
1
)
permissions
=
self
.
ac_inherited_permissions
(
1
)
fails
=
[]
fails
=
[]
for
ip
in
range
(
len
(
permissions
)):
for
ip
in
range
(
len
(
permissions
)):
roles
=
[]
roles
=
[]
for
ir
in
indexes
:
for
ir
in
indexes
:
if
have
(
"p%dr%d"
%
(
ip
,
ir
)):
roles
.
append
(
valid_roles
[
ir
])
if
have
(
"p%dr%d"
%
(
ip
,
ir
)):
roles
.
append
(
valid_roles
[
ir
])
name
,
value
=
permissions
[
ip
][:
2
]
name
,
value
=
permissions
[
ip
][:
2
]
try
:
try
:
p
=
Permission
(
name
,
value
,
self
)
p
=
Permission
(
name
,
value
,
self
)
if
not
have
(
'a%d'
%
ip
):
roles
=
tuple
(
roles
)
if
not
have
(
'a%d'
%
ip
):
roles
=
tuple
(
roles
)
p
.
setRoles
(
roles
)
p
.
setRoles
(
roles
)
except
:
except
:
fails
.
append
(
name
)
fails
.
append
(
name
)
...
@@ -286,19 +300,19 @@ class RoleManager(Base, RoleManager):
...
@@ -286,19 +300,19 @@ class RoleManager(Base, RoleManager):
+
escape
(
', '
.
join
(
fails
)),
+
escape
(
', '
.
join
(
fails
)),
action
=
'manage_access'
)
action
=
'manage_access'
)
return
MessageDialog
(
return
MessageDialog
(
title
=
'Success!'
,
title
=
'Success!'
,
message
=
'Your changes have been saved'
,
message
=
'Your changes have been saved'
,
action
=
'manage_access'
)
action
=
'manage_access'
)
security
.
declareProtected
(
change_permissions
,
'permissionsOfRole'
)
security
.
declareProtected
(
change_permissions
,
'permissionsOfRole'
)
def
permissionsOfRole
(
self
,
role
):
def
permissionsOfRole
(
self
,
role
):
"""Used by management screen.
"""Used by management screen.
"""
"""
r
=
[]
r
=
[]
for
p
in
self
.
ac_inherited_permissions
(
1
):
for
p
in
self
.
ac_inherited_permissions
(
1
):
name
,
value
=
p
[:
2
]
name
,
value
=
p
[:
2
]
p
=
Permission
(
name
,
value
,
self
)
p
=
Permission
(
name
,
value
,
self
)
roles
=
p
.
getRoles
()
roles
=
p
.
getRoles
()
r
.
append
({
'name'
:
name
,
r
.
append
({
'name'
:
name
,
'selected'
:
role
in
roles
and
'SELECTED'
or
''
,
'selected'
:
role
in
roles
and
'SELECTED'
or
''
,
})
})
...
@@ -308,12 +322,12 @@ class RoleManager(Base, RoleManager):
...
@@ -308,12 +322,12 @@ class RoleManager(Base, RoleManager):
def
rolesOfPermission
(
self
,
permission
):
def
rolesOfPermission
(
self
,
permission
):
"""Used by management screen.
"""Used by management screen.
"""
"""
valid_roles
=
self
.
valid_roles
()
valid_roles
=
self
.
valid_roles
()
for
p
in
self
.
ac_inherited_permissions
(
1
):
for
p
in
self
.
ac_inherited_permissions
(
1
):
name
,
value
=
p
[:
2
]
name
,
value
=
p
[:
2
]
if
name
==
permission
:
if
name
==
permission
:
p
=
Permission
(
name
,
value
,
self
)
p
=
Permission
(
name
,
value
,
self
)
roles
=
p
.
getRoles
()
roles
=
p
.
getRoles
()
return
map
(
return
map
(
lambda
role
,
roles
=
roles
:
lambda
role
,
roles
=
roles
:
{
'name'
:
role
,
{
'name'
:
role
,
...
@@ -321,7 +335,7 @@ class RoleManager(Base, RoleManager):
...
@@ -321,7 +335,7 @@ class RoleManager(Base, RoleManager):
},
},
valid_roles
)
valid_roles
)
raise
ValueError
,
(
raise
ValueError
(
"The permission <em>%s</em> is invalid."
%
escape
(
permission
))
"The permission <em>%s</em> is invalid."
%
escape
(
permission
))
security
.
declareProtected
(
change_permissions
,
'acquiredRolesAreUsedBy'
)
security
.
declareProtected
(
change_permissions
,
'acquiredRolesAreUsedBy'
)
...
@@ -331,14 +345,13 @@ class RoleManager(Base, RoleManager):
...
@@ -331,14 +345,13 @@ class RoleManager(Base, RoleManager):
for
p
in
self
.
ac_inherited_permissions
(
1
):
for
p
in
self
.
ac_inherited_permissions
(
1
):
name
,
value
=
p
[:
2
]
name
,
value
=
p
[:
2
]
if
name
==
permission
:
if
name
==
permission
:
p
=
Permission
(
name
,
value
,
self
)
p
=
Permission
(
name
,
value
,
self
)
roles
=
p
.
getRoles
()
roles
=
p
.
getRoles
()
return
isinstance
(
roles
,
list
)
and
'CHECKED'
or
''
return
isinstance
(
roles
,
list
)
and
'CHECKED'
or
''
raise
ValueError
,
(
raise
ValueError
(
"The permission <em>%s</em> is invalid."
%
escape
(
permission
))
"The permission <em>%s</em> is invalid."
%
escape
(
permission
))
# Local roles support
# Local roles support
# -------------------
# -------------------
#
#
...
@@ -390,8 +403,10 @@ class RoleManager(Base, RoleManager):
...
@@ -390,8 +403,10 @@ class RoleManager(Base, RoleManager):
aclu
=
getattr
(
aq_base
(
item
),
'__allow_groups__'
,
_notfound
)
aclu
=
getattr
(
aq_base
(
item
),
'__allow_groups__'
,
_notfound
)
if
aclu
is
not
_notfound
:
if
aclu
is
not
_notfound
:
mlu
=
getattr
(
aclu
,
'maxlistusers'
,
_notfound
)
mlu
=
getattr
(
aclu
,
'maxlistusers'
,
_notfound
)
if
not
isinstance
(
mlu
,
int
):
mlu
=
DEFAULTMAXLISTUSERS
if
not
isinstance
(
mlu
,
int
):
if
mlu
<
0
:
raise
OverflowError
mlu
=
DEFAULTMAXLISTUSERS
if
mlu
<
0
:
raise
OverflowError
un
=
getattr
(
aclu
,
'user_names'
,
_notfound
)
un
=
getattr
(
aclu
,
'user_names'
,
_notfound
)
if
un
is
not
_notfound
:
if
un
is
not
_notfound
:
un
=
aclu
.
__of__
(
item
).
user_names
# rewrap
un
=
aclu
.
__of__
(
item
).
user_names
# rewrap
...
@@ -417,8 +432,8 @@ class RoleManager(Base, RoleManager):
...
@@ -417,8 +432,8 @@ class RoleManager(Base, RoleManager):
def
manage_addLocalRoles
(
self
,
userid
,
roles
,
REQUEST
=
None
):
def
manage_addLocalRoles
(
self
,
userid
,
roles
,
REQUEST
=
None
):
"""Set local roles for a user."""
"""Set local roles for a user."""
if
not
roles
:
if
not
roles
:
raise
ValueError
,
'One or more roles must be given!'
raise
ValueError
(
'One or more roles must be given!'
)
dict
=
self
.
__ac_local_roles__
dict
=
self
.
__ac_local_roles__
if
dict
is
None
:
if
dict
is
None
:
self
.
__ac_local_roles__
=
dict
=
{}
self
.
__ac_local_roles__
=
dict
=
{}
local_roles
=
list
(
dict
.
get
(
userid
,
[]))
local_roles
=
list
(
dict
.
get
(
userid
,
[]))
...
@@ -436,12 +451,12 @@ class RoleManager(Base, RoleManager):
...
@@ -436,12 +451,12 @@ class RoleManager(Base, RoleManager):
def
manage_setLocalRoles
(
self
,
userid
,
roles
,
REQUEST
=
None
):
def
manage_setLocalRoles
(
self
,
userid
,
roles
,
REQUEST
=
None
):
"""Set local roles for a user."""
"""Set local roles for a user."""
if
not
roles
:
if
not
roles
:
raise
ValueError
,
'One or more roles must be given!'
raise
ValueError
(
'One or more roles must be given!'
)
dict
=
self
.
__ac_local_roles__
dict
=
self
.
__ac_local_roles__
if
dict
is
None
:
if
dict
is
None
:
self
.
__ac_local_roles__
=
dict
=
{}
self
.
__ac_local_roles__
=
dict
=
{}
dict
[
userid
]
=
roles
dict
[
userid
]
=
roles
self
.
_p_changed
=
True
self
.
_p_changed
=
True
if
REQUEST
is
not
None
:
if
REQUEST
is
not
None
:
stat
=
'Your changes have been saved.'
stat
=
'Your changes have been saved.'
return
self
.
manage_listLocalRoles
(
self
,
REQUEST
,
stat
=
stat
)
return
self
.
manage_listLocalRoles
(
self
,
REQUEST
,
stat
=
stat
)
...
@@ -450,11 +465,11 @@ class RoleManager(Base, RoleManager):
...
@@ -450,11 +465,11 @@ class RoleManager(Base, RoleManager):
@
requestmethod
(
'POST'
)
@
requestmethod
(
'POST'
)
def
manage_delLocalRoles
(
self
,
userids
,
REQUEST
=
None
):
def
manage_delLocalRoles
(
self
,
userids
,
REQUEST
=
None
):
"""Remove all local roles for a user."""
"""Remove all local roles for a user."""
dict
=
self
.
__ac_local_roles__
dict
=
self
.
__ac_local_roles__
if
dict
is
None
:
if
dict
is
None
:
self
.
__ac_local_roles__
=
dict
=
{}
self
.
__ac_local_roles__
=
dict
=
{}
for
userid
in
userids
:
for
userid
in
userids
:
if
dict
.
has_key
(
userid
)
:
if
userid
in
dict
:
del
dict
[
userid
]
del
dict
[
userid
]
self
.
_p_changed
=
True
self
.
_p_changed
=
True
if
REQUEST
is
not
None
:
if
REQUEST
is
not
None
:
...
@@ -479,7 +494,7 @@ class RoleManager(Base, RoleManager):
...
@@ -479,7 +494,7 @@ class RoleManager(Base, RoleManager):
'class'
:
0
})
'class'
:
0
})
for
key
,
value
in
clas
.
items
():
for
key
,
value
in
clas
.
items
():
if
key
.
find
(
'__roles__'
)
>=
0
:
if
key
.
find
(
'__roles__'
)
>=
0
:
_add
({
'name'
:
key
,
'value'
:
value
,
'class'
:
1
})
_add
({
'name'
:
key
,
'value'
:
value
,
'class'
:
1
})
if
hasattr
(
value
,
'__roles__'
):
if
hasattr
(
value
,
'__roles__'
):
_add
({
'name'
:
'%s.__roles__'
%
key
,
'value'
:
value
.
__roles__
,
_add
({
'name'
:
'%s.__roles__'
%
key
,
'value'
:
value
.
__roles__
,
'class'
:
1
})
'class'
:
1
})
...
@@ -519,10 +534,12 @@ class RoleManager(Base, RoleManager):
...
@@ -519,10 +534,12 @@ class RoleManager(Base, RoleManager):
def
userdefined_roles
(
self
):
def
userdefined_roles
(
self
):
"""Return list of user-defined roles.
"""Return list of user-defined roles.
"""
"""
roles
=
list
(
self
.
__ac_roles__
)
roles
=
list
(
self
.
__ac_roles__
)
for
role
in
classattr
(
self
.
__class__
,
'__ac_roles__'
):
for
role
in
classattr
(
self
.
__class__
,
'__ac_roles__'
):
try
:
roles
.
remove
(
role
)
try
:
except
:
pass
roles
.
remove
(
role
)
except
:
pass
return
tuple
(
roles
)
return
tuple
(
roles
)
security
.
declareProtected
(
change_permissions
,
'manage_defined_roles'
)
security
.
declareProtected
(
change_permissions
,
'manage_defined_roles'
)
...
@@ -544,15 +561,15 @@ class RoleManager(Base, RoleManager):
...
@@ -544,15 +561,15 @@ class RoleManager(Base, RoleManager):
def
_addRole
(
self
,
role
,
REQUEST
=
None
):
def
_addRole
(
self
,
role
,
REQUEST
=
None
):
if
not
role
:
if
not
role
:
return
MessageDialog
(
return
MessageDialog
(
title
=
'Incomplete'
,
title
=
'Incomplete'
,
message
=
'You must specify a role name'
,
message
=
'You must specify a role name'
,
action
=
'manage_access'
)
action
=
'manage_access'
)
if
role
in
self
.
__ac_roles__
:
if
role
in
self
.
__ac_roles__
:
return
MessageDialog
(
return
MessageDialog
(
title
=
'Role Exists'
,
title
=
'Role Exists'
,
message
=
'The given role is already defined'
,
message
=
'The given role is already defined'
,
action
=
'manage_access'
)
action
=
'manage_access'
)
data
=
list
(
self
.
__ac_roles__
)
data
=
list
(
self
.
__ac_roles__
)
data
.
append
(
role
)
data
.
append
(
role
)
self
.
__ac_roles__
=
tuple
(
data
)
self
.
__ac_roles__
=
tuple
(
data
)
if
REQUEST
is
not
None
:
if
REQUEST
is
not
None
:
...
@@ -562,14 +579,16 @@ class RoleManager(Base, RoleManager):
...
@@ -562,14 +579,16 @@ class RoleManager(Base, RoleManager):
def
_delRoles
(
self
,
roles
,
REQUEST
=
None
):
def
_delRoles
(
self
,
roles
,
REQUEST
=
None
):
if
not
roles
:
if
not
roles
:
return
MessageDialog
(
return
MessageDialog
(
title
=
'Incomplete'
,
title
=
'Incomplete'
,
message
=
'You must specify a role name'
,
message
=
'You must specify a role name'
,
action
=
'manage_access'
)
action
=
'manage_access'
)
data
=
list
(
self
.
__ac_roles__
)
data
=
list
(
self
.
__ac_roles__
)
for
role
in
roles
:
for
role
in
roles
:
try
:
data
.
remove
(
role
)
try
:
except
:
pass
data
.
remove
(
role
)
self
.
__ac_roles__
=
tuple
(
data
)
except
:
pass
self
.
__ac_roles__
=
tuple
(
data
)
if
REQUEST
is
not
None
:
if
REQUEST
is
not
None
:
return
self
.
manage_access
(
REQUEST
)
return
self
.
manage_access
(
REQUEST
)
...
@@ -606,30 +625,43 @@ InitializeClass(RoleManager)
...
@@ -606,30 +625,43 @@ InitializeClass(RoleManager)
def
reqattr
(
request
,
attr
):
def
reqattr
(
request
,
attr
):
try
:
return
request
[
attr
]
try
:
except
:
return
None
return
request
[
attr
]
except
:
return
None
def
classattr
(
cls
,
attr
):
def
classattr
(
cls
,
attr
):
if
hasattr
(
cls
,
attr
):
if
hasattr
(
cls
,
attr
):
return
getattr
(
cls
,
attr
)
return
getattr
(
cls
,
attr
)
try
:
bases
=
cls
.
__bases__
try
:
except
:
bases
=
()
bases
=
cls
.
__bases__
except
:
bases
=
()
for
base
in
bases
:
for
base
in
bases
:
if
classattr
(
base
,
attr
):
if
classattr
(
base
,
attr
):
return
attr
return
attr
return
None
return
None
def
instance_dict
(
inst
):
def
instance_dict
(
inst
):
try
:
return
inst
.
__dict__
try
:
except
:
return
{}
return
inst
.
__dict__
except
:
return
{}
def
class_dict
(
_class
):
def
class_dict
(
_class
):
try
:
return
_class
.
__dict__
try
:
except
:
return
{}
return
_class
.
__dict__
except
:
return
{}
def
instance_attrs
(
inst
):
def
instance_attrs
(
inst
):
return
instance_dict
(
inst
)
return
instance_dict
(
inst
)
def
class_attrs
(
inst
,
_class
=
None
,
data
=
None
):
def
class_attrs
(
inst
,
_class
=
None
,
data
=
None
):
if
_class
is
None
:
if
_class
is
None
:
_class
=
inst
.
__class__
_class
=
inst
.
__class__
...
@@ -645,13 +677,15 @@ def class_attrs(inst, _class=None, data=None):
...
@@ -645,13 +677,15 @@ def class_attrs(inst, _class=None, data=None):
data
=
class_attrs
(
inst
,
base
,
data
)
data
=
class_attrs
(
inst
,
base
,
data
)
return
data
return
data
def
gather_permissions
(
klass
,
result
,
seen
):
def
gather_permissions
(
klass
,
result
,
seen
):
for
base
in
klass
.
__bases__
:
for
base
in
klass
.
__bases__
:
if
base
.
__dict__
.
has_key
(
'__ac_permissions__'
)
:
if
'__ac_permissions__'
in
base
.
__dict__
:
for
p
in
base
.
__ac_permissions__
:
for
p
in
base
.
__ac_permissions__
:
name
=
p
[
0
]
name
=
p
[
0
]
if
seen
.
has_key
(
name
):
continue
if
name
in
seen
:
continue
result
.
append
((
name
,
()))
result
.
append
((
name
,
()))
seen
[
name
]
=
None
seen
[
name
]
=
None
gather_permissions
(
base
,
result
,
seen
)
gather_permissions
(
base
,
result
,
seen
)
return
result
return
result
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment