Commit 0632686f authored by Jean-Paul Smets's avatar Jean-Paul Smets

New security scripts which are able to handle share.here, share.up and...

New security scripts which are able to handle share.here, share.up and share.down rules in large trees as well as generate cartesian products for security groups whenever multiple values are defined for a given base category.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@12985 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 2da4f704
...@@ -104,9 +104,6 @@ to a Person instance. This is useful to implement user based local role assignme ...@@ -104,9 +104,6 @@ to a Person instance. This is useful to implement user based local role assignme
instead of abstract security based local roles.\n instead of abstract security based local roles.\n
"""\n """\n
\n \n
code_list = []\n
user_list = []\n
\n
# sort the category list lexicographically\n # sort the category list lexicographically\n
# this prevents us to choose the exact order we want,\n # this prevents us to choose the exact order we want,\n
# but also prevents some human mistake to break everything by creating site_function instead of function_site\n # but also prevents some human mistake to break everything by creating site_function instead of function_site\n
...@@ -116,34 +113,51 @@ if category_order not in (None, \'\'):\n ...@@ -116,34 +113,51 @@ if category_order not in (None, \'\'):\n
else:\n else:\n
category_order = []\n category_order = []\n
\n \n
# Prepare a cartesian product\n
from Products.ERP5Type.Utils import cartesianProduct\n
list_of_list = []\n
user_list = []\n
for base_category in category_order:\n for base_category in category_order:\n
# It is acceptable for a category not to be defined\n
if kw.has_key(base_category):\n
category_list = kw[base_category]\n category_list = kw[base_category]\n
associative_list = []\n
if same_type(category_list, \'\'):\n if same_type(category_list, \'\'):\n
category_list = [category_list]\n category_list = [category_list]\n
for category in category_list:\n for category in category_list:\n
if category.endswith(\'*\'):\n
category = category[:-1]\n
is_child_category = 1\n
else:\n
is_child_category = 0\n
category_path = \'%s/%s\' % (base_category, category)\n category_path = \'%s/%s\' % (base_category, category)\n
category_object = context.portal_categories.getCategoryValue(category_path)\n category_object = context.portal_categories.getCategoryValue(category_path)\n
if category_object in (None, \'\'):\n if category_object in (None, \'\'):\n
raise "SecurityRoleDefinitionError", "Category \'%s\' doesn\'t exist" % (category_path)\n raise "SecurityRoleDefinitionError", "Category \'%s\' doesn\'t exist" % (category_path)\n
if category_object.getPortalType() == \'Person\':\n portal_type = category_object.getPortalType()\n
if portal_type == \'Person\':\n
# We define a person here\n # We define a person here\n
user_name = category_object.getReference()\n user_name = category_object.getReference()\n
if user_name is not None: user_list.append(user_name)\n if user_name is not None: user_list.append(user_name)\n
else:\n else:\n
# We define a group item here based on codification or reference is possible\n if portal_type == \'Category\':\n
# ID, else\n
try:\n
category_code = category_object.getCodification() or category_object.getId()\n category_code = category_object.getCodification() or category_object.getId()\n
except AttributeError:\n else:\n
try:\n try:\n
category_code = category_object.getReference() or category_object.getId()\n category_code = category_object.getReference() or category_object.getId()\n
except AttributeError:\n except AttributeError:\n
category_code = category_object.getId()\n category_code = category_object.getId()\n
code_list.append(category_code)\n if is_child_category: category_code += \'*\'\n
associative_list.append(category_code)\n
# Prevent making a cartesian product with an empty set\n
if associative_list:\n
list_of_list.append(associative_list)\n
\n \n
# Return a list of users or a single group\n # Return a list of users if any was defined\n
if user_list: return user_list\n if user_list: return user_list\n
return \'_\'.join(code_list)\n \n
# Compute the cartesian product and return the codes\n
return filter(lambda x: x, map(lambda x: \'_\'.join(x), cartesianProduct(list_of_list)))\n
</string> </value> </string> </value>
</item> </item>
<item> <item>
...@@ -188,23 +202,30 @@ return \'_\'.join(code_list)\n ...@@ -188,23 +202,30 @@ return \'_\'.join(code_list)\n
<tuple> <tuple>
<string>category_order</string> <string>category_order</string>
<string>kw</string> <string>kw</string>
<string>code_list</string>
<string>user_list</string>
<string>None</string> <string>None</string>
<string>list</string> <string>list</string>
<string>_getattr_</string> <string>_getattr_</string>
<string>Products.ERP5Type.Utils</string>
<string>cartesianProduct</string>
<string>list_of_list</string>
<string>user_list</string>
<string>_getiter_</string> <string>_getiter_</string>
<string>base_category</string> <string>base_category</string>
<string>_getitem_</string> <string>_getitem_</string>
<string>category_list</string> <string>category_list</string>
<string>associative_list</string>
<string>same_type</string> <string>same_type</string>
<string>category</string> <string>category</string>
<string>is_child_category</string>
<string>category_path</string> <string>category_path</string>
<string>context</string> <string>context</string>
<string>category_object</string> <string>category_object</string>
<string>portal_type</string>
<string>user_name</string> <string>user_name</string>
<string>category_code</string> <string>category_code</string>
<string>AttributeError</string> <string>AttributeError</string>
<string>filter</string>
<string>map</string>
</tuple> </tuple>
</value> </value>
</item> </item>
......
...@@ -70,19 +70,33 @@ ...@@ -70,19 +70,33 @@
<key> <string>_body</string> </key> <key> <string>_body</string> </key>
<value> <string encoding="cdata"><![CDATA[ <value> <string encoding="cdata"><![CDATA[
# XXX For now, this script requires proxy manager to retrieve the Person object in all cases\n """\n
This script returns a list of dictionaries which represent\n
the security groups which a person is member of. It extracts\n
the categories from the current user assignment.\n
It is useful in the following cases:\n
\n \n
# base_category_list : list of category values we need to retrieve\n - associate a document (ex. an accounting transaction)\n
# user_name : string obtained from getSecurityManager().getUser().getUserName() [NuxUserGroup]\n to the division which the user was assigned to\n
# or from getSecurityManager().getUser().getId() [PluggableAuthService with ERP5GroupManager]\n at the time it was created\n
# object : object which we want to assign roles to.\n
# portal_type : portal type of object\n
\n \n
# must always return a list of dicts\n - calculate security membership of a user\n
\n
The parameters are\n
\n
base_category_list -- list of category values we need to retrieve\n
user_name -- string obtained from getSecurityManager().getUser().getId()\n
object -- object which we want to assign roles to\n
portal_type -- portal type of object\n
\n
NOTE: for now, this script requires proxy manager\n
"""\n
\n \n
category_list = []\n category_list = []\n
\n \n
# Get the Person module\n
person_module = context.portal_url.getPortalObject().getDefaultModule(\'Person\')\n person_module = context.portal_url.getPortalObject().getDefaultModule(\'Person\')\n
\n
# It is better to keep getObject(), in this script this\n # It is better to keep getObject(), in this script this\n
# prevent a very strange bug, sometimes without getObject the\n # prevent a very strange bug, sometimes without getObject the\n
# assignment is not found\n # assignment is not found\n
...@@ -98,16 +112,23 @@ if len(person_object_list) != 1:\n ...@@ -98,16 +112,23 @@ if len(person_object_list) != 1:\n
return []\n return []\n
person_object = person_object_list[0]\n person_object = person_object_list[0]\n
\n \n
# We look for valid assignments of this user\n # We look for every valid assignments of this user\n
for assignment in person_object.contentValues(filter={\'portal_type\': \'Assignment\'}):\n for assignment in person_object.contentValues(filter={\'portal_type\': \'Assignment\'}):\n
if assignment.getValidationState() == \'open\':\n if assignment.getValidationState() == \'open\':\n
category_dict = {}\n category_dict = {}\n
for base_category in base_category_list:\n for base_category in base_category_list:\n
category_value = assignment.getProperty(base_category)\n category_value_list = assignment.getValueList(base_category)\n
if category_value not in (None, \'\'):\n if category_value_list:\n
category_dict[base_category] = category_value\n for category_value in category_value_list:\n
if child:\n
if category_value.getPortalType() == \'Category\':\n
while category_value.getPortalType() == \'Category\':\n
category_dict.setdefault(base_category, []).append(\'%s*\' % category_value.getRelativeUrl())\n
category_value = category_value.getParentValue()\n
else:\n else:\n
raise RuntimeError, "Error: \'%s\' property is required in order to update person security group" % (base_category)\n category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())\n
else:\n
category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())\n
category_list.append(category_dict)\n category_list.append(category_dict)\n
\n \n
return category_list\n return category_list\n
...@@ -129,7 +150,7 @@ return category_list\n ...@@ -129,7 +150,7 @@ return category_list\n
</item> </item>
<item> <item>
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type</string> </value> <value> <string>base_category_list, user_name, object, portal_type, child=0</string> </value>
</item> </item>
<item> <item>
<key> <string>_proxy_roles</string> </key> <key> <string>_proxy_roles</string> </key>
...@@ -157,7 +178,7 @@ return category_list\n ...@@ -157,7 +178,7 @@ return category_list\n
<dictionary> <dictionary>
<item> <item>
<key> <string>co_argcount</string> </key> <key> <string>co_argcount</string> </key>
<value> <int>4</int> </value> <value> <int>5</int> </value>
</item> </item>
<item> <item>
<key> <string>co_varnames</string> </key> <key> <string>co_varnames</string> </key>
...@@ -167,6 +188,7 @@ return category_list\n ...@@ -167,6 +188,7 @@ return category_list\n
<string>user_name</string> <string>user_name</string>
<string>object</string> <string>object</string>
<string>portal_type</string> <string>portal_type</string>
<string>child</string>
<string>category_list</string> <string>category_list</string>
<string>_getattr_</string> <string>_getattr_</string>
<string>context</string> <string>context</string>
...@@ -183,10 +205,8 @@ return category_list\n ...@@ -183,10 +205,8 @@ return category_list\n
<string>assignment</string> <string>assignment</string>
<string>category_dict</string> <string>category_dict</string>
<string>base_category</string> <string>base_category</string>
<string>category_value_list</string>
<string>category_value</string> <string>category_value</string>
<string>None</string>
<string>_write_</string>
<string>RuntimeError</string>
</tuple> </tuple>
</value> </value>
</item> </item>
...@@ -198,7 +218,9 @@ return category_list\n ...@@ -198,7 +218,9 @@ return category_list\n
<item> <item>
<key> <string>func_defaults</string> </key> <key> <string>func_defaults</string> </key>
<value> <value>
<none/> <tuple>
<int>0</int>
</tuple>
</value> </value>
</item> </item>
<item> <item>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.PythonScripts.PythonScript</string>
<string>PythonScript</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Python_magic</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>__ac_local_roles__</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>return context.ERP5Type_getSecurityCategoryFromAssignment(base_category_list,\n
user_name, object, portal_type, child=1)\n
</string> </value>
</item>
<item>
<key> <string>_code</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_filepath</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type</string> </value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>4</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>base_category_list</string>
<string>user_name</string>
<string>object</string>
<string>portal_type</string>
<string>_getattr_</string>
<string>context</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryFromAssignmentParent</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.PythonScripts.PythonScript</string>
<string>PythonScript</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Python_magic</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>__ac_local_roles__</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
This script returns a list of dictionaries which represent\n
the security groups which a person is member of. It extracts\n
the categories from the current content. It is useful in the\n
following cases:\n
\n
- calculate a security group based on a given\n
category of the current object (ex. group). This\n
is used for example in ERP5 DMS to calculate\n
document security.\n
\n
- assign local roles to a document based on\n
the person which the object related to through\n
a given base category (ex. destination). This\n
is used for example in ERP5 Project to calculate\n
Task / Task Report security.\n
\n
The parameters are\n
\n
base_category_list -- list of category values we need to retrieve\n
user_name -- string obtained from getSecurityManager().getUser().getId()\n
object -- object which we want to assign roles to\n
portal_type -- portal type of object\n
\n
NOTE: for now, this script requires proxy manager\n
"""\n
\n
category_list = []\n
\n
if object is None:\n
return []\n
\n
for base_category in base_category_list:\n
category_list.append({base_category: object.getCategoryMembershipList(base_category)})\n
\n
return category_list\n
</string> </value>
</item>
<item>
<key> <string>_code</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_filepath</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type</string> </value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>4</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>base_category_list</string>
<string>user_name</string>
<string>object</string>
<string>portal_type</string>
<string>category_list</string>
<string>None</string>
<string>_getiter_</string>
<string>base_category</string>
<string>_getattr_</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryFromContent</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.PythonScripts.PythonScript</string>
<string>PythonScript</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Python_magic</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>__ac_local_roles__</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string encoding="cdata"><![CDATA[
"""\n
This script returns a list of dictionaries which represent\n
the security groups which a person is member of. It extracts\n
the categories from the current user assignment.\n
It is useful in the following cases:\n
\n
- associate a document (ex. an accounting transaction)\n
to the division which the user was assigned to\n
at the time it was created\n
\n
- calculate security membership of a user\n
\n
The parameters are\n
\n
base_category_list -- list of category values we need to retrieve\n
user_name -- string obtained from getSecurityManager().getUser().getId()\n
object -- object which we want to assign roles to\n
portal_type -- portal type of object\n
\n
NOTE: for now, this script requires proxy manager\n
"""\n
\n
category_list = []\n
\n
# Get the Person module\n
person_module = context.portal_url.getPortalObject().getDefaultModule(\'Person\')\n
\n
# It is better to keep getObject(), in this script this\n
# prevent a very strange bug, sometimes without getObject the\n
# assignment is not found\n
person_object_list = [x.getObject() for x in person_module.searchFolder(portal_type=\'Person\', reference=user_name)]\n
\n
if len(person_object_list) != 1:\n
if len(person_object_list) > 1:\n
raise ConsistencyError, "Error: There is more than one Person with reference \'%s\'" % user_name\n
else:\n
# if a person_object was not found in the module, we do nothing more\n
# this happens for example when a manager with no associated person object\n
# creates a person_object for a new user\n
return []\n
person_object = person_object_list[0]\n
\n
# We look for every valid assignments of this user\n
for assignment in person_object.contentValues(filter={\'portal_type\': \'Assignment\'}):\n
if assignment.getValidationState() == \'open\':\n
category_dict = {}\n
for base_category in base_category_list:\n
category_value_list = assignment.getValueList(base_category)\n
if category_value_list:\n
for category_value in category_value_list:\n
category_dict.setdefault(base_category, []).append(\'%s*\' % category_value.getRelativeUrl())\n
category_list.append(category_dict)\n
\n
return category_list\n
]]></string> </value>
</item>
<item>
<key> <string>_code</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_filepath</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type</string> </value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>4</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>base_category_list</string>
<string>user_name</string>
<string>object</string>
<string>portal_type</string>
<string>category_list</string>
<string>_getattr_</string>
<string>context</string>
<string>person_module</string>
<string>append</string>
<string>$append0</string>
<string>_getiter_</string>
<string>x</string>
<string>person_object_list</string>
<string>len</string>
<string>ConsistencyError</string>
<string>_getitem_</string>
<string>person_object</string>
<string>assignment</string>
<string>category_dict</string>
<string>base_category</string>
<string>category_value_list</string>
<string>category_value</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityChildCategoryFromAssignment</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.PythonScripts.PythonScript</string>
<string>PythonScript</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Python_magic</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>__ac_local_roles__</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
This script returns a list of dictionaries which represent\n
the security groups which a person is member of. It extracts\n
the categories from the current content. It is useful in the\n
following cases:\n
\n
- calculate a security group based on a given\n
category of the current object (ex. group). This\n
is used for example in ERP5 DMS to calculate\n
document security.\n
\n
- assign local roles to a document based on\n
the person which the object related to through\n
a given base category (ex. destination). This\n
is used for example in ERP5 Project to calculate\n
Task / Task Report security.\n
\n
The parameters are\n
\n
base_category_list -- list of category values we need to retrieve\n
user_name -- string obtained from getSecurityManager().getUser().getId()\n
object -- object which we want to assign roles to\n
portal_type -- portal type of object\n
\n
NOTE: for now, this script requires proxy manager\n
"""\n
\n
category_list = []\n
\n
if object is None:\n
return []\n
\n
for base_category in base_category_list:\n
membership_list = map(lambda x: \'%s*\' % x, object.getCategoryMembershipList(base_category))\n
category_list.append({base_category: membership_list})\n
\n
return category_list\n
</string> </value>
</item>
<item>
<key> <string>_code</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_filepath</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type</string> </value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>4</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>base_category_list</string>
<string>user_name</string>
<string>object</string>
<string>portal_type</string>
<string>category_list</string>
<string>None</string>
<string>_getiter_</string>
<string>base_category</string>
<string>map</string>
<string>_getattr_</string>
<string>membership_list</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityChildCategoryFromContent</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.PythonScripts.PythonScript</string>
<string>PythonScript</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Python_magic</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>__ac_local_roles__</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string encoding="cdata"><![CDATA[
"""\n
This script returns a list of dictionaries which represent\n
the security groups which a person is member of. It extracts\n
the categories from the current user assignment and from\n
all its parent assignments. It is useful in the following cases:\n
\n
- associate a document (ex. an accounting transaction)\n
to the division which the user was assigned to\n
at the time it was created and to all the\n
parent divisions. This is useful to get\n
a document reviewed by the managers of user\n
\n
The parameters are\n
\n
base_category_list -- list of category values we need to retrieve\n
user_name -- string obtained from getSecurityManager().getUser().getId()\n
object -- object which we want to assign roles to\n
portal_type -- portal type of object\n
\n
NOTE: for now, this script requires proxy manager\n
"""\n
\n
category_list = []\n
\n
# Get the Person module\n
person_module = context.portal_url.getPortalObject().getDefaultModule(\'Person\')\n
\n
# It is better to keep getObject(), in this script this\n
# prevent a very strange bug, sometimes without getObject the\n
# assignment is not found\n
person_object_list = [x.getObject() for x in person_module.searchFolder(portal_type=\'Person\', reference=user_name)]\n
\n
if len(person_object_list) != 1:\n
if len(person_object_list) > 1:\n
raise ConsistencyError, "Error: There is more than one Person with reference \'%s\'" % user_name\n
else:\n
# if a person_object was not found in the module, we do nothing more\n
# this happens for example when a manager with no associated person object\n
# creates a person_object for a new user\n
return []\n
person_object = person_object_list[0]\n
\n
# We look for every valid assignments of this user\n
for assignment in person_object.contentValues(filter={\'portal_type\': \'Assignment\'}):\n
if assignment.getValidationState() == \'open\':\n
category_dict = {}\n
for base_category in base_category_list:\n
category_value_list = assignment.getValueList(base_category)\n
if category_value_list:\n
for category_value in category_value_list:\n
if category_value.getPortalType() == \'Category\':\n
while category_value.getPortalType() == \'Category\':\n
category_dict.setdefault(base_category, []).append(\'category_value.getRelativeUrl())\n
category_value = category_value.getParentValue()\n
else:\n
category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())\n
category_list.append(category_dict)\n
\n
return category_list\n
]]></string> </value>
</item>
<item>
<key> <string>_code</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_filepath</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type</string> </value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple>
<string>EOL while scanning single-quoted string (Script (Python), line 53)</string>
</tuple>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityParentCategoryFromAssignment</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.PythonScripts.PythonScript</string>
<string>PythonScript</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Python_magic</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>__ac_local_roles__</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
This script returns a list of dictionaries which represent\n
the security groups which a person is member of. It extracts\n
the categories from the current content. It is useful in the\n
following cases:\n
\n
- calculate a security group based on a given\n
category of the current object (ex. group). This\n
is used for example in ERP5 DMS to calculate\n
document security.\n
\n
- assign local roles to a document based on\n
the person which the object related to through\n
a given base category (ex. destination). This\n
is used for example in ERP5 Project to calculate\n
Task / Task Report security.\n
\n
The parameters are\n
\n
base_category_list -- list of category values we need to retrieve\n
user_name -- string obtained from getSecurityManager().getUser().getId()\n
object -- object which we want to assign roles to\n
portal_type -- portal type of object\n
\n
NOTE: for now, this script requires proxy manager\n
"""\n
\n
category_list = []\n
\n
if object is None:\n
return []\n
\n
# Consider all parents of all categories\n
for base_category in base_category_list:\n
member_list = []\n
for category in object.getValueList(base_category):\n
if category.getPortalType() == \'Category\':\n
while category.getPortalType() == \'Category\':\n
member_list.append(category.getRelativeUrl())\n
category = category.getParentValue()\n
else:\n
member_list.append(category.getRelativeUrl())\n
category_list.append({base_category: member_list})\n
\n
return category_list\n
</string> </value>
</item>
<item>
<key> <string>_code</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_filepath</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type</string> </value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>4</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>base_category_list</string>
<string>user_name</string>
<string>object</string>
<string>portal_type</string>
<string>category_list</string>
<string>None</string>
<string>_getiter_</string>
<string>base_category</string>
<string>member_list</string>
<string>_getattr_</string>
<string>category</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityParentCategoryFromContent</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment