-
-
Notifications
You must be signed in to change notification settings - Fork 50
/
utils.py
106 lines (85 loc) · 3.56 KB
/
utils.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
from guillotina.auth import role
from guillotina.interfaces import IInteraction
from guillotina.interfaces import IPrincipalPermissionMap
from guillotina.interfaces import IPrincipalRoleMap
from guillotina.interfaces import IRolePermissionMap
from guillotina.security.security_code import principal_permission_manager
from guillotina.security.security_code import principal_role_manager
from guillotina.security.security_code import role_permission_manager
from guillotina.utils import get_current_request
_view_permissions = {}
def protect_view(cls, permission):
_view_permissions[cls] = permission
def get_view_permission(cls):
return _view_permissions.get(cls, None)
def get_roles_with_access_content(obj, request=None):
""" Return the roles that has access to the content that are global roles"""
if obj is None:
return []
if request is None:
request = get_current_request()
interaction = IInteraction(request)
roles = interaction.cached_roles(obj, 'guillotina.AccessContent', 'o')
result = []
all_roles = role.global_roles() + role.local_roles()
for r in roles.keys():
if r in all_roles:
result.append(r)
return result
def get_principals_with_access_content(obj, request=None):
if obj is None:
return {}
if request is None:
request = get_current_request()
interaction = IInteraction(request)
roles = interaction.cached_roles(obj, 'guillotina.AccessContent', 'o')
result = []
all_roles = role.global_roles() + role.local_roles()
for r in roles.keys():
if r in all_roles:
result.append(r)
users = interaction.cached_principals(obj, result, 'guillotina.AccessContent', 'o')
return list(users.keys())
def settings_for_object(ob):
"""Analysis tool to show all of the grants to a process
"""
result = []
while ob is not None:
data = {}
result.append({getattr(ob, '__name__', None) or '(no name)': data})
principal_permissions = IPrincipalPermissionMap(ob, None)
if principal_permissions is not None:
settings = principal_permissions.get_principals_and_permissions()
settings.sort()
data['prinperm'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
principal_roles = IPrincipalRoleMap(ob, None)
if principal_roles is not None:
settings = principal_roles.get_principals_and_roles()
data['prinrole'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
role_permissions = IRolePermissionMap(ob, None)
if role_permissions is not None:
settings = role_permissions.get_roles_and_permissions()
data['roleperm'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
ob = getattr(ob, '__parent__', None)
data = {}
result.append({'system': data})
settings = principal_permission_manager.get_principals_and_permissions()
settings.sort()
data['prinperm'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
settings = principal_role_manager.get_principals_and_roles()
data['prinrole'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
settings = role_permission_manager.get_roles_and_permissions()
data['roleperm'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
return result