Commit 85c34358 authored by Sebastien Robin's avatar Sebastien Robin

added permission management


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@1139 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent aeff0fb8
......@@ -149,5 +149,6 @@ CPSBaseDocument.getProperty = Base.getProperty
CPSBaseDocument._setProperty = Base._setProperty
CPSBaseDocument._edit = Base._edit
CPSBaseDocument.asXML = Base.asXML
CPSBaseDocument.get_local_permissions = Base.get_local_permissions
CPSBaseDocument._propertyMap = PatchedCPSBaseDocument._propertyMap
......@@ -249,5 +249,6 @@ CPSDocument.setLayoutAndSchema = PatchedCPSDocument.setLayoutAndSchema
CPSDocument._propertyMap = PatchedCPSDocument._propertyMap
CPSDocument.setProperty = Base.setProperty
CPSDocument._setProperty = PatchedCPSDocument._setProperty
CPSDocument.get_local_permissions = Base.get_local_permissions
CPSDocument.asXML = Base.asXML
CPSDocument._edit = PatchedCPSDocument._edit
......@@ -39,6 +39,7 @@ from DateTime.DateTime import DateTime
from email.MIMEBase import MIMEBase
from email import Encoders
from AccessControl import ClassSecurityInfo
from AccessControl.PermissionMapping import setPermissionMapping
from Products.ERP5Type import Permissions
import pickle
import string
......@@ -184,6 +185,8 @@ class ERP5Conduit(XMLSyncUtilsMixin):
#elif xml.nodeName in self.local_role_list or self.isLocalRole(xml)>0 and not simulate:
elif xml.nodeName in self.local_role_list:
conflict_list += self.addLocalRoleNode(object, xml)
elif xml.nodeName in self.local_permission_list:
conflict_list += self.addLocalPermissionNode(object, xml)
else:
conflict_list += self.updateNode(xml=xml,object=object, force=force,
simulate=simulate, **kw)
......@@ -238,6 +241,9 @@ class ERP5Conduit(XMLSyncUtilsMixin):
object.manage_delLocalRoles([user])
elif xml.nodeName.find(self.local_group_tag)>=0:
object.manage_delLocalGroupRoles([user])
if xml.nodeName in self.local_permission_list and not simulate:
permission = self.getAttribute(xml,'id')
setPermissionMapping(permission,object)
return conflict_list
security.declareProtected(Permissions.ModifyPortalContent, 'updateNode')
......@@ -355,8 +361,8 @@ class ERP5Conduit(XMLSyncUtilsMixin):
LOG('updateNode',0,'we will add history')
conflict_list += self.addNode(xml=subnode,object=object,force=force,
simulate=simulate,**kw)
elif keyword == self.local_role_tag and not simulate:
# This is the case where we have to update Roles
elif keyword in (self.local_role_tag,self.permission_role_tag) and not simulate:
# This is the case where we have to update Roles or update permission
LOG('updateNode',0,'we will add a local role')
#user = self.getSubObjectId(xml)
#roles = self.convertXmlValue(data,data_type='tokens')
......@@ -1026,6 +1032,24 @@ class ERP5Conduit(XMLSyncUtilsMixin):
object.manage_setLocalGroupRoles(user,roles)
return conflict_list
security.declareProtected(Permissions.ModifyPortalContent, 'addLocalPermissionNode')
def addLocalPermissionNode(self, object, xml):
"""
This allows to specify how to handle the local permision informations.
This is really usefull if you want to write your own Conduit.
"""
conflict_list = []
# We want to add a local role
roles = self.convertXmlValue(xml.childNodes[0].data,data_type='tokens')
permission = self.getAttribute(xml,'id')
roles = list(roles) # Needed for CPS, or we have a CPS error
LOG('local_role: ',0,'permission: %s roles: %s' % (repr(permission),repr(roles)))
#user = roles[0]
#roles = roles[1:]
if xml.nodeName.find(self.local_permission_tag)>=0:
setPermissionMapping(permission,object,roles)
return conflict_list
security.declareProtected(Permissions.ModifyPortalContent, 'editDocument')
def editDocument(self, object=None, **kw):
"""
......
......@@ -28,6 +28,7 @@
from Globals import InitializeClass, DTMLFile
from AccessControl import ClassSecurityInfo
from AccessControl.Permission import pname
from Acquisition import aq_base, aq_inner, aq_acquire, aq_chain
from Products.CMFCore.WorkflowCore import WorkflowMethod
......@@ -1273,6 +1274,20 @@ class Base( CopyContainer, PortalContent, Base18, ActiveObject, ERP5PropertyMana
"""
return getattr(self,'guid',None)
security.declareProtected(Permissions.View, 'get_local_permissions')
def get_local_permissions(self):
"""
This works like get_local_roles. It allows to get all
permissions defined locally
"""
local_permission_list = ()
for permission in self.possible_permissions():
permission_role = getattr(self,pname(permission),None)
if permission_role is not None:
local_permission_list += ((permission,permission_role),)
return local_permission_list
class TempBase(Base):
"""
If we need Base services (categories, edit, etc) in temporary objects
......
......@@ -157,6 +157,11 @@ def Base_asXML(object, ident=0):
xml += ident_string + ' <local_role id="%s" type="tokens">' % user_role[0]
xml += '@@@'.join(user_role[1])
xml += '</local_role>\n'
if hasattr(self,'get_local_permissions'):
for user_permission in self.get_local_permissions():
xml += ident_string + ' <local_permission id="%s" type="tokens">' % user_permission[0]
xml += '@@@'.join(user_permission[1])
xml += '</local_permission>\n'
# Sometimes theres is roles specified for groups, like with CPS
if hasattr(self,'get_local_group_roles'):
for group_role in self.get_local_group_roles():
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment