Commit 5c08879d authored by Yoshinori Okuji's avatar Yoshinori Okuji

Add an optional parameter user_name to assignRoleToSecurityGroup


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@5804 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 557a78f5
...@@ -240,13 +240,14 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ): ...@@ -240,13 +240,14 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
security.declareProtected(ERP5Permissions.ModifyPortalContent, security.declareProtected(ERP5Permissions.ModifyPortalContent,
'assignRoleToSecurityGroup') 'assignRoleToSecurityGroup')
def assignRoleToSecurityGroup(self, object): def assignRoleToSecurityGroup(self, object, user_name = None):
""" """
Assign Local Roles to Groups on object, based on Portal Type Assign Local Roles to Groups on object, based on Portal Type
Role Definitions Role Definitions
""" """
#FIXME We should check the type of the acl_users folder instead of #FIXME We should check the type of the acl_users folder instead of
# checking which product is installed. # checking which product is installed.
if user_name is None:
if ERP5UserManager is not None: if ERP5UserManager is not None:
# We use id for roles in ERP5Security # We use id for roles in ERP5Security
user_name = getSecurityManager().getUser().getId() user_name = getSecurityManager().getUser().getId()
...@@ -257,121 +258,113 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ): ...@@ -257,121 +258,113 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
'your setup. '\ 'your setup. '\
'Please install it to benefit from group-based security' 'Please install it to benefit from group-based security'
# Retrieve applicable roles # Retrieve applicable roles
# kw provided in order to take any appropriate action role_mapping = self.getFilteredRoleListFor(object=object) # kw provided in order to take any appropriate action
role_mapping = self.getFilteredRoleListFor(object=object) role_category_list_dict = {}
role_category_list = {} for role, definition_list in role_mapping.items():
for role, definition_list in role_mapping.items(): # For each role definition, we look for the base_category_script
if not role_category_list.has_key(role): # and try to use it to retrieve the values for the base_category list
role_category_list[role] = [] for definition in definition_list:
# For each role definition, we look for the base_category_script # get the list of base_categories that are statically defined
# and try to use it to retrieve the values for static_base_category_list = [x.split('/', 1)[0] for x in definition['category']]
# the base_category list # get the list of base_categories that are to be fetched through the script
for definition in definition_list: dynamic_base_category_list = [x for x in definition['base_category'] if x not in static_base_category_list]
# get the list of base_categories that are statically defined # get the aggregated list of base categories, to preserve the order
category_base_list = [x.split('/')[0] category_order_list = []
for x in definition['category']] category_order_list.extend(definition['base_category'])
# get the list of base_categories that are to be fetched through the script for bc in static_base_category_list:
actual_base_category_list = [x for x in definition['base_category'] if x not in category_base_list] if bc not in category_order_list:
# get the aggregated list of base categories, to preserve the order category_order_list.append(bc)
category_order_list = []
category_order_list.extend(definition['base_category']) # get the script and apply it if dynamic_base_category_list is not empty
for bc in category_base_list: if len(dynamic_base_category_list) > 0:
if bc not in category_order_list: base_category_script_id = definition['base_category_script']
category_order_list.append(bc) base_category_script = getattr(object, base_category_script_id, None)
if base_category_script is not None:
# get the script and apply it if actual_base_category_list is not empty # call the script, which should return either a dict or a list of dicts
if len(actual_base_category_list) > 0: category_result = base_category_script(dynamic_base_category_list, user_name, object, object.getPortalType())
base_category_script_id = definition['base_category_script'] # If we decide in the script that we don't want to update the security for this object,
base_category_script = getattr(object, base_category_script_id, None) # we can just have it return None instead of a dict or list of dicts
if base_category_script is not None: if category_result is None:
# call the script, which should return either a dict or a list of dicts continue
category_result = base_category_script(actual_base_category_list, user_name, object, object.getPortalType()) elif isinstance(category_result, dict):
# If we decide in the script that we don't want to update the security for this object, category_result = [category_result]
# we can just have it return None instead of a dict or list of dicts else:
if category_result is None: raise RuntimeError, 'Script %s was not found to fetch values for'\
continue ' base categories : %s' % (base_category_script_id,
if type(category_result) is type({}): ', '.join(dynamic_base_category_list))
category_result = [category_result] else:
else: category_result = [{}]
raise RuntimeError, 'Script %s was not found to fetch values for'\ # add the result to role_category_list_dict, aggregated with category_order and statically defined categories
' base categories : %s' % (base_category_script_id, role_category_list = role_category_list_dict.setdefault(role, [])
', '.join(actual_base_category_list)) for category_dict in category_result:
else: category_value_dict = {'category_order':category_order_list}
category_result = [{}] category_value_dict.update(category_dict)
# add the result to role_category_list, aggregated with category_order and statically defined categories for c in definition['category']:
for category_dict in category_result: bc, value = c.split('/', 1)
category_value_dict = {'category_order':category_order_list} category_value_dict[bc] = value
category_value_dict.update(category_dict) role_category_list.append(category_value_dict)
for c in definition['category']:
bc, value = c.split('/', 1) # Generate security group ids from category_value_dicts
category_value_dict[bc] = value role_group_id_dict = {}
role_category_list[role].append(category_value_dict) group_id_generator = getattr(object, ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT, None)
if group_id_generator is None:
# Generate security group ids from category_value_dicts raise RuntimeError, '%s script was not found' % ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT
role_group_id_dict = {} for role, value_list in role_category_list_dict.items():
group_id_generator = getattr(object, ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT, None) role_group_dict = {}
if group_id_generator is None: for category_dict in value_list:
raise RuntimeError, '%s script was not found' % ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT group_id = group_id_generator(**category_dict)
for role, value_list in role_category_list.items(): # If group_id is not defined, do not use it
if not role_group_id_dict.has_key(role): if group_id not in (None, ''):
role_group_id_dict[role] = [] if isinstance(group_id, str):
role_group_dict = {} # Single group is defined (this is usually for group membership)
for category_dict in value_list: role_group_dict[group_id] = 1
group_id = group_id_generator(**category_dict) else:
# If group_id is not defined, do not use it # Multiple groups are defined (this is usually for users)
if group_id not in (None, ''): # but it could be extended to ad hoc groups
if type(group_id) is type('a'): for user_id in group_id:
# Single group is defined (this is usually for group membership) role_group_dict[user_id] = 1
role_group_dict[group_id] = 1 role_group_id_dict.setdefault(role, []).extend(role_group_dict.keys())
else:
# Multiple groups are defined (this is usually for users) # Switch index from role to group id
# but it could be extended to ad hoc groups group_id_role_dict = {}
for user_id in group_id: for role, group_list in role_group_id_dict.items():
role_group_dict[user_id] = 1 for group_id in group_list:
role_group_id_dict[role].extend(role_group_dict.keys()) group_id_role_dict.setdefault(group_id, []).append(role)
# Switch index from role to group id # Update role assignments to groups
group_id_role_dict = {} if ERP5UserManager is not None: # Default implementation
for role, group_list in role_group_id_dict.items(): # Clean old group roles
for group_id in group_list: old_group_list = object.get_local_roles()
if not group_id_role_dict.has_key(group_id): object.manage_delLocalRoles([x[0] for x in old_group_list])
group_id_role_dict[group_id] = [] # Save the owner
group_id_role_dict[group_id].append(role) for group, role_list in old_group_list:
if 'Owner' in role_list:
# Update role assignments to groups if not group_id_role_dict.has_key(group):
if ERP5UserManager is not None: # Default implementation group_id_role_dict[group] = ('Owner',)
# Clean old group roles else:
old_group_list = object.get_local_roles() group_id_role_dict[group].append('Owner')
object.manage_delLocalRoles([x[0] for x in old_group_list]) # Assign new roles
# Save the owner for group, role_list in group_id_role_dict.items():
for group, role_list in old_group_list: object.manage_addLocalRoles(group, role_list)
if 'Owner' in role_list: else: # NuxUserGroups implementation
if not group_id_role_dict.has_key(group): # Clean old group roles
group_id_role_dict[group] = ('Owner',) old_group_list = object.get_local_group_roles()
else: # We duplicate role settings to mimic PAS
group_id_role_dict[group].append('Owner') object.manage_delLocalGroupRoles([x[0] for x in old_group_list])
# Assign new roles object.manage_delLocalRoles([x[0] for x in old_group_list])
for group, role_list in group_id_role_dict.items(): # Save the owner
object.manage_addLocalRoles(group, role_list) for group, role_list in old_group_list:
else: # NuxUserGroups implementation if 'Owner' in role_list:
# Clean old group roles if not group_id_role_dict.has_key(group):
old_group_list = object.get_local_group_roles() group_id_role_dict[group] = ('Owner',)
else:
group_id_role_dict[group].append('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.items():
# We duplicate role settings to mimic PAS # We duplicate role settings to mimic PAS
object.manage_delLocalGroupRoles([x[0] for x in old_group_list]) object.manage_addLocalGroupRoles(group, role_list)
object.manage_delLocalRoles([x[0] for x in old_group_list]) object.manage_addLocalRoles(group, role_list)
# Save the owner
for group, role_list in old_group_list:
if 'Owner' in role_list:
if not group_id_role_dict.has_key(group):
group_id_role_dict[group] = ('Owner',)
else:
group_id_role_dict[group].append('Owner')
# Assign new roles
for group, role_list in group_id_role_dict.items():
# We duplicate role settings to mimic PAS
object.manage_addLocalGroupRoles(group, role_list)
object.manage_addLocalRoles(group, role_list)
security.declarePublic('getFilteredRoleListFor') security.declarePublic('getFilteredRoleListFor')
def getFilteredRoleListFor(self, object=None, **kw): def getFilteredRoleListFor(self, object=None, **kw):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment