new permission machinery

lib/python/AccessControl/Permission.py

+#!/bin/env python
+############################################################################## 
+#
+#     Copyright 
+#
+#       Copyright 1998 Digital Creations, Inc., 910 Princess Anne
+#       Street, Suite 300, Fredericksburg, Virginia 22401 U.S.A. All
+#       rights reserved.
+#
+############################################################################## 
+__doc__='''short description
+
+
+$Id: Permission.py,v 1.1 1998/05/08 14:45:20 jim Exp $'''
+__version__='$Revision: 1.1 $'[11:-2]
+
+from Globals import HTMLFile, MessageDialog
+from string import join, strip, split, find
+from Acquisition import Implicit
+import Globals, string
+
+ListType=type([])
+
+
+name_trans=filter(lambda c, an=string.letters+string.digits+'_': c not in an,
+		  map(chr,range(256)))
+name_trans=string.maketrans(string.join(name_trans,''), '_'*len(name_trans))
+
+
+class Permission:
+    # A Permission maps a named logical permission to a set
+    # of attribute names. Attribute names which appear in a
+    # permission may not appear in any other permission defined
+    # by the object.
+
+    def __init__(self,name,data,obj):
+	self.name=name
+	self._p='_'+string.translate(name,name_trans)+"_Permission"
+	self.data=data
+	if hasattr(obj, 'aq_base'): obj=obj.aq_base
+	self.obj=obj
+
+    def getRoles(self):
+	# Return the list of role names which have been given
+	# this permission for the object in question. To do
+	# this, we try to get __roles__ from all of the object
+	# attributes that this permission represents.
+	obj=self.obj
+	name=self._p
+	if hasattr(obj, name): return getattr(obj, name)
+	roles=[]
+	for name in self.data:
+	    if name:
+		if hasattr(obj, name):
+		    attr=getattr(obj, name)
+		    if hasattr(attr,'im_self'):
+			attr=attr.im_self
+			if hasattr(attr, '__dict__'):
+			    attr=attr.__dict__
+			    name=name+'__roles__'
+			    if attr.has_key(name):
+				roles=attr[name]
+				break
+	    elif hasattr(obj, '__dict__'):
+		attr=obj.__dict__
+		if attr.has_key('__roles__'):
+		    roles=attr['__roles__']
+		    break
+
+	if roles:
+	    try:
+		if 'Shared' not in roles: return tuple(roles)
+		roles=list(roles)
+		roles.remove('Shared')
+		return roles
+	    except: return []
+
+	if roles is None: return ['Manager','Anonymous']
+				
+	return roles
+
+    def setRoles(self, roles):
+	if type(roles) is ListType and not roles:
+	    if hasattr(self.obj, self._p): delattr(self.obj, self._p)
+	else:
+	    setattr(self.obj, self._p, roles)
+	
+	for name in self.data:
+	    if name=='': attr=self.obj
+	    else: attr=getattr(self.obj, name)
+	    try: del attr.__roles__
+	    except: pass
+
+    def setRole(self, role, present):
+	roles=self.getRoles()
+	if role in roles:
+	    if present: return
+	    if type(roles) is ListType: roles.remove(role)
+	    else:
+		roles=list(roles)
+		roles.remove(role)
+		roles=tuple(roles)
+	elif not present: return
+	else:
+	    if type(roles) is ListType: roles.append(role)
+	    else: roles=roles+(role,)
+	self.setRoles(roles)
+		
+    def __len__(self): return 1
+    def __str__(self): return self.name
+
+
+############################################################################## 
+#
+# $Log: Permission.py,v $
+# Revision 1.1  1998/05/08 14:45:20  jim
+# new permission machinery
+#
+#

lib/python/AccessControl/PermissionRole.py

+#!/bin/env python
+############################################################################## 
+#
+#     Copyright 
+#
+#       Copyright 1998 Digital Creations, Inc., 910 Princess Anne
+#       Street, Suite 300, Fredericksburg, Virginia 22401 U.S.A. All
+#       rights reserved.
+#
+############################################################################## 
+__doc__='''Objects that implement Permission-based roles.
+
+
+$Id: PermissionRole.py,v 1.1 1998/05/08 14:45:20 jim Exp $'''
+__version__='$Revision: 1.1 $'[11:-2]
+
+import sys
+
+from ExtensionClass import Base
+
+import string
+
+name_trans=filter(lambda c, an=string.letters+string.digits+'_': c not in an,
+		  map(chr,range(256)))
+name_trans=string.maketrans(string.join(name_trans,''), '_'*len(name_trans))
+
+class PermissionRole(Base):
+    """Implement permission-based roles.
+
+    Under normal circumstances, our __of__ method will be
+    called with an unwrapped object.  The result will then be called
+    with a wrapped object, if the original object was wrapped.
+    To deal with this, we have to create an intermediate object.
+    
+    """
+
+    def __init__(self, name, default=('Manager',)):
+	self.__name__=name
+	self._p='_'+string.translate(name,name_trans)+"_Permission"
+	self._d=default
+
+    def __of__(self, parent):
+	r=imPermissionRole()
+	n=r._p=self._p
+	if hasattr(parent, n): r._d=getattr(parent,n)
+	else: r._d=self._d
+	return r
+
+class imPermissionRole(Base):
+    """Implement permission-based roles
+    """
+    
+    def __of__(self, parent):
+	obj=parent
+	n=self._p
+	r=None
+	while 1:
+	    if hasattr(obj,n):
+		roles=getattr(obj, n)
+                if roles is None: return 'Anonymous',
+		if type(roles) is type(()):
+		    if r is None: return roles
+		    return r+list(roles)
+		if r is None: r=list(roles)
+		else: r=r+list(roles)
+	    if hasattr(obj,'aq_parent'):
+		obj=obj.aq_parent
+	    else:
+		break
+
+	if r is None: r=self._d
+	    
+	return r
+	    
+    # The following methods are needed in the unlikely case that an unwrapped
+    # object is accessed:
+    def __getitem__(self, i): return self._d[i]
+    def __len__(self): return len(self._d)
+
+
+############################################################################## 
+# Test functions:
+#
+
+def main():
+    # The "main" program for this module
+
+    import sys
+    sys.path.append('/projects/_/ExtensionClass')
+
+    from Acquisition import Implicit
+    class I(Implicit):
+	x__roles__=PermissionRole('x')
+	y__roles__=PermissionRole('y')
+	z__roles__=PermissionRole('z')
+	def x(self): pass
+	def y(self): pass
+	def z(self): pass
+
+
+
+    a=I()
+    a.b=I()
+    a.b.c=I()
+    a.q=I()
+    a.q._x_Permission=('foo',)
+    a._y_Permission=('bar',)
+    a._z_Permission=('zee',)
+    a.b.c._y_Permission=('Manage',)
+    a.b._z_Permission=['also']
+    
+    print a.x.__roles__, list(a.x.__roles__)
+    print a.b.x.__roles__
+    print a.b.c.x.__roles__
+    print a.q.x.__roles__
+    print a.b.q.x.__roles__
+    print a.b.c.q.x.__roles__
+    print
+    
+    print a.y.__roles__, list(a.y.__roles__)
+    print a.b.y.__roles__
+    print a.b.c.y.__roles__
+    print a.q.y.__roles__
+    print a.b.q.y.__roles__
+    print a.b.c.q.y.__roles__
+    print
+    
+    print a.z.__roles__, list(a.z.__roles__)
+    print a.b.z.__roles__
+    print a.b.c.z.__roles__
+    print a.q.z.__roles__
+    print a.b.q.z.__roles__
+    print a.b.c.q.z.__roles__
+    print
+
+if __name__ == "__main__": main()
+
+############################################################################## 
+#
+# $Log: PermissionRole.py,v $
+# Revision 1.1  1998/05/08 14:45:20  jim
+# new permission machinery
+#
+#

lib/python/AccessControl/mainAccess.dtml → lib/python/AccessControl/access.dtml

@@ -9,49 +9,65 @@
 
 <P>
 The listing below shows the current security settings for this item. 
-Each permission is listed along with the roles which have been given 
-that permission. To change the permissions for a role, click on the 
-name of the role.
+Permissions are rows and roles are columns.  Checkboxes are used to
+indicate where roles are assigned permissions.  
 
-
-<FORM ACTION="manage_access" METHOD="POST">
+<!--#with expr="_.namespace(valid_roles=valid_roles())"-->
+<FORM ACTION="manage_changePermissions" METHOD="POST">
 <TABLE>
-<TR>
-<TD ALIGN="LEFT" VALIGN="TOP">
-<STRONG>Permission</STRONG>
-</TD>
-<TD ALIGN="LEFT" VALIGN="TOP">
-<STRONG>Roles</STRONG>
-</TD>
-</TR>
-<!--#in access_permissions-->
-<TR>
-<TD ALIGN="LEFT" VALIGN="TOP">
-<!--#var sequence-var-name-->
-</TD>
-<TD ALIGN="LEFT" VALIGN="TOP">
-<!--#in sequence-var-getRoles-->
-<A HREF="manage_access?role=<!--#var sequence-item fmt=url-quote-->&submit=Edit"><!--#var sequence-item--></A><!--#else sequence-end-->, <!--#/else-->
-<!--#/in-->
-<!--#else sequence-var-getRoles-->
-<I>None Defined</I>
-<!--#/else-->
-</TD>
-</TR>
-<!--#/in-->
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add...">
-  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Remove...">
-  </TD>
-</TR>
-</TABLE>
-</FORM>
+<tr>
+  <!--#unless isTopLevelPrincipiaApplicationObject-->
+  <td> </td>
+  <!--#/unless-->
+  <td> </td>
+  <td aligh=left colspan=<!--#var expr="_.len(valid_roles)"-->>
+  <strong>Roles:</strong></th>
+</tr>
+<tr>
+  <!--#unless isTopLevelPrincipiaApplicationObject-->
+  <th>Acquire permission settings</th>
+  <!--#/unless-->
+  <th>Permission</th>
+  <!--#in valid_roles-->
+  <th><a href="manage_roleForm?role_to_manage=<!--#
+               var sequence-item url_quote-->">
+      <!--#var sequence-item--></a></th>
+  <!--#/in valid_roles-->
+</tr>
+<!--#in permission_settings mapping-->
+  <tr>
+    <!--#unless isTopLevelPrincipiaApplicationObject-->
+    <td align=center>
+        <input type=checkbox
+               name=a<!--#var sequence-index-->
+               <!--#var acquire-->>
+    </td>
+    <!--#/unless-->
+    <th align=left>
+        <a href="manage_permissionForm?permission_to_manage=<!--#
+               var name url_quote-->">
+        <!--#var name--></a></th>
+    <!--#in roles mapping-->
+    <td align=center>
+       <input type=checkbox name=<!--#var name--> <!--#var checked-->>
+    </td>
+    <!--#/in-->
+  </tr>
+<!--#/in permission_settings-->
+<tr>
+<!--#if isTopLevelPrincipiaApplicationObject-->
+<td colspan=<!--#var expr="_.len(valid_roles)+1"--> align=center>
+<!--#else-->
+<td colspan=<!--#var expr="_.len(valid_roles)+2"--> align=center>
+<!--#/if-->
+<input type=submit value="Change">
+</td></tr>
+</table>
+</form>
+<!--#/with-->
 
 <P> 
-<FORM ACTION="manage_access" METHOD="POST">
+<FORM ACTION="manage_defined_roles" METHOD="POST">
 <TABLE CELLPADDING="2">
 <TR>
   <TD ALIGN="LEFT" VALIGN="TOP">
@@ -87,34 +103,5 @@ name of the role.
 </TABLE>
 </FORM>
 
-<!--#if view_access_control_debug_info-->
-<BR><BR>
-<BR><BR>
-<BR><BR>
-<TABLE BORDER="0" CELLPADDING="2">
-<!--#in access_debug_info mapping-->
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#if sequence-var-class-->
-  <FONT COLOR="RED">
-  <!--#/if-->
-  <!--#var sequence-var-name-->
-  <!--#if sequence-var-class-->
-  </FONT>
-  <!--#/if-->
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#if sequence-var-class-->
-  <FONT COLOR="RED">
-  <!--#/if-->
-  <!--#var sequence-var-value-->
-  <!--#if sequence-var-class-->
-  </FONT>
-  <!--#/if-->
-  </TD>
-</TR>
-<!--#/in access_debug_info-->
-</TABLE>
-<!--#/if view_access_control_debug_info-->
 </BODY>
 </HTML>

lib/python/AccessControl/addAccess.dtml

-<HTML>
-<HEAD>
-<TITLE>Security</TITLE>
-</HEAD>
-<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
-<!--#if manage_tabs-->
-<!--#var manage_tabs-->
-<!--#/if manage_tabs-->
-<P>
-Select one or more roles below, and the permissions that should be
-given to those roles.
-
-
-<FORM ACTION="manage_access" METHOD="POST">
-<TABLE CELLPADDING="2">
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Roles</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <SELECT NAME="roles:list" SIZE="4" MULTIPLE>
-  <!--#in valid_roles-->
-  <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
-  <!--#/in valid_roles-->
-  </SELECT>
-  </TD>
-</TR>
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Permissions</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <FONT SIZE="-1">
-  <!--#in access_permissions-->
-  <INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"><!--#var sequence-var-name--><BR>
-  <!--#/in access_permissions-->
-  </FONT>
-  </TD>
-</TR>
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add">
-  </TD>
-</TR>
-
-</TABLE>
-</FORM>
-</BODY>
-</HTML>

lib/python/AccessControl/delAccess.dtml

-<HTML>
-<HEAD>
-<TITLE>Security</TITLE>
-</HEAD>
-<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
-<!--#if manage_tabs-->
-<!--#var manage_tabs-->
-<!--#/if manage_tabs-->
-<P>
-To remove all permissions for one or more roles, select the roles 
-below and click the &quot;Remove&quot; button.
-
-<FORM ACTION="manage_access" METHOD="POST">
-<TABLE CELLPADDING="2">
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Remove permissions for</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <SELECT NAME="roles:list" SIZE="4" MULTIPLE>
-  <!--#in valid_roles-->
-  <OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
-  <!--#/in valid_roles-->
-  </SELECT>
-  </TD>
-</TR>
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Remove">
-  </TD>
-</TR>
-</TABLE>
-</FORM>
-</BODY>
-</HTML>

lib/python/AccessControl/editAccess.dtml

-<HTML>
-<HEAD>
-<TITLE>Security</TITLE>
-</HEAD>
-<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
-<!--#if manage_tabs-->
-<!--#var manage_tabs-->
-<!--#/if manage_tabs-->
-
-<FORM ACTION="manage_access" METHOD="POST">
-<TABLE CELLPADDING="2">
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Role</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <!--#var role-->
-  </TD>
-</TR>
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <STRONG>Permissions</STRONG>
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <FONT SIZE="-1">
-  <!--#in access_permissions-->
-  <INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"<!--#if expr="role in _vars['sequence-item'].getRoles()"-->  CHECKED<!--#/if-->>
-  <!--#var sequence-var-name--><BR>
-  <!--#/in access_permissions-->
-  </FONT>
-  </TD>
-</TR>
-<TR>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  </TD>
-  <TD ALIGN="LEFT" VALIGN="TOP">
-  <INPUT TYPE="HIDDEN" NAME="role" VALUE="<!--#var role-->">
-  <INPUT TYPE="SUBMIT" NAME="submit" VALUE="Change">
-  </TD>
-</TR>
-
-</TABLE>
-</FORM>
-</BODY>
-</HTML>

lib/python/AccessControl/permissionEdit.dtml

+<html><head><title>Manage Permission</title></head>
+<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
+<!--#if manage_tabs-->
+<!--#var manage_tabs-->
+<!--#/if manage_tabs-->
+
+<FORM ACTION="manage_permission" METHOD="POST">
+
+<input type=hidden name=permission_to_manage
+       value="<!--#var permission_to_manage-->">
+Roles assigned to permission
+<strong><em><!--#var permission_to_manage--></em></strong>:<br>
+<select name=roles:list multiple size=10>
+<!--#in expr="rolesOfPermission(permission_to_manage)" mapping=1-->
+    <option <!--#var selected-->><!--#var name--></option>
+<!--#/in-->
+</select>
+<!--#unless isTopLevelPrincipiaApplicationObject-->
+  <br>Also use roles acquired from folders containing this object:
+        <input type=checkbox name=acquire
+           <!--#var expr="acquiredRolesAreUsedBy(permission_to_manage)"-->>
+<!--#/unless-->
+<p><input type=submit value="Change">
+</form></body></html>

lib/python/AccessControl/roleEdit.dtml

+<html><head><title>Manage Role</title></head>
+<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
+<!--#if manage_tabs-->
+<!--#var manage_tabs-->
+<!--#/if manage_tabs-->
+
+<FORM ACTION="manage_role" METHOD="POST">
+
+<input type=hidden name=role_to_manage
+       value="<!--#var role_to_manage-->">
+Permissions assigned to role
+<strong><em><!--#var role_to_manage--></em></strong>:<br>
+<select name=permissions:list multiple size=10>
+<!--#in expr="permissionsOfRole(role_to_manage)" mapping=1-->
+    <option <!--#var selected-->><!--#var name--></option>
+<!--#/in-->
+</select><p>
+<input type=submit value="Change">
+</form></body></html>