Commit dd4f5983 authored by 's avatar

*** empty log message ***

parent 6432f4ef
"""Access control support"""
__version__='$Revision: 1.11 $'[11:-2]
__version__='$Revision: 1.12 $'[11:-2]
from Globals import HTMLFile, MessageDialog
......@@ -17,13 +17,13 @@ class RoleManager:
('Add properties', []),
('Change properties', []),
('Delete properties', []),
('Default permission',['']),
('Shared permission',['']),
)
__ac_types__=(('Full Access', map(lambda x: x[0], __ac_permissions__)),
)
__ac_roles__=('Manager', 'Anonymous')
__ac_roles__=('Manager', 'Anonymous', 'Shared')
def access_info(self):
# Return access summary info
......@@ -32,8 +32,6 @@ class RoleManager:
name=t.name
for role in t.getRoles():
data[role]=name
# try: del data['Manager']
# except: pass
keys=data.keys()
for i in range(len(keys)):
key=keys[i]
......
"""Access control package"""
__version__='$Revision: 1.32 $'[11:-2]
__version__='$Revision: 1.33 $'[11:-2]
from PersistentMapping import PersistentMapping
......@@ -25,14 +25,36 @@ class User(Implicit, Persistent):
def authenticate(self, password):
return password==self.__
def hasRole(self,inst,roles=None):
if roles is None:
def hasRole(self,parent,roles=None):
obj=parent
obj_roles=roles
usr_roles=self.roles
while 1:
if (obj_roles is None) or ('Anonymous' in obj_roles):
return 1
for role in roles:
if role in self.roles:
for role in obj_roles:
if role in usr_roles:
return 1
if 'Shared' in obj_roles:
if not hasattr(obj, 'aq_parent'):
return 0
obj=obj.aq_parent
if hasattr(obj, '__roles__'):
obj_roles=obj.__roles__
else:
obj_roles=['Shared',]
continue
return 0
# if (roles is None) or ('Anonymous' in roles):
# return 1
# for role in roles:
# if role in self.roles:
# return 1
# return 0
def __len__(self): return 1
def __str__(self): return self.name
__repr__=__str__
......@@ -87,24 +109,34 @@ class UserFolder(Implicit, Persistent, Navigation, Tabs, Item,
return keys
def validate(self,request,auth='',roles=None):
parent=request['PARENTS'][0]
# If no authorization, only nobody can match
if not auth:
if roles is None:
if nobody.hasRole(parent, roles):
return nobody
return None
# Only do basic authentication
if lower(auth[:6])!='basic ':
return None
name,password=tuple(split(decodestring(split(auth)[-1]), ':'))
# Check for superuser
if self._isTop() and (name==super.name) and \
super.authenticate(password):
return super
# Try to get user
try: user=self.data[name]
except: return None
# Try to authenticate user
if not user.authenticate(password):
return None
if roles is None:
return user
for role in roles:
if role in user.roles:
# Try to authorize user
if user.hasRole(parent, roles):
return user
return None
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment