-
Notifications
You must be signed in to change notification settings - Fork 20
/
PermissionMapping.py
165 lines (127 loc) · 5.08 KB
/
PermissionMapping.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Permission Mapping
Sometimes, we need an object's permissions to be remapped to other permissions
when the object is used in special ways. This is rather hard, since we
need the object's ordinary permissions intact so we can manage it.
"""
from html import escape
from Acquisition import ImplicitAcquisitionWrapper
from ExtensionClass import Base
from zope.interface import implementer
from AccessControl.class_init import InitializeClass
from AccessControl.interfaces import IPermissionMappingSupport
from AccessControl.owner import UnownableOwner
from AccessControl.Permission import getPermissionIdentifier
from AccessControl.requestmethod import requestmethod
@implementer(IPermissionMappingSupport)
class RoleManager:
# XXX: No security declarations?
def manage_getPermissionMapping(self):
"""Return the permission mapping for the object
This is a list of dictionaries with:
permission_name -- The name of the native object permission
class_permission -- The class permission the permission is
mapped to.
"""
wrapper = getattr(self, '_permissionMapper', None)
if wrapper is None:
wrapper = PM()
perms = {}
for p in self.possible_permissions():
perms[getPermissionIdentifier(p)] = p
r = []
a = r.append
for ac_perms in self.ac_inherited_permissions(1):
p = perms.get(getPermissionMapping(ac_perms[0], wrapper), '')
a({'permission_name': ac_perms[0], 'class_permission': p})
return r
@requestmethod('POST')
def manage_setPermissionMapping(self,
permission_names=[],
class_permissions=[],
REQUEST=None):
"""Change the permission mapping
"""
wrapper = getattr(self, '_permissionMapper', None)
if wrapper is None:
wrapper = PM()
perms = self.possible_permissions()
for i in range(len(permission_names)):
name = permission_names[i]
p = class_permissions[i]
if p and (p not in perms):
__traceback_info__ = perms, p, i
raise ValueError(
"""Attempted to map a permission to a permission, %s,
that is not valid. This should never happen. (Waaa).
""" % escape(p))
setPermissionMapping(name, wrapper, p)
self._permissionMapper = wrapper
if REQUEST is not None:
return self.manage_access(
REQUEST,
manage_tabs_message='The permission mapping has been updated')
def _isBeingUsedAsAMethod(self, REQUEST=None, wannaBe=0):
try:
if hasattr(self, 'aq_self'):
r = self.aq_acquire('_isBeingUsedAsAMethod_')
else:
r = self._isBeingUsedAsAMethod_
except BaseException:
r = 0
if REQUEST is not None:
if not r != (not wannaBe):
REQUEST.response.notFoundError()
return r
InitializeClass(RoleManager)
def getPermissionMapping(name, obj, st=str):
obj = getattr(obj, 'aq_base', obj)
name = getPermissionIdentifier(name)
r = getattr(obj, name, '')
if not isinstance(r, st):
r = ''
return r
def setPermissionMapping(name, obj, v):
name = getPermissionIdentifier(name)
if v:
setattr(obj, name, getPermissionIdentifier(v))
elif name in obj.__dict__:
delattr(obj, name)
class PM(Base):
_owner = UnownableOwner
_View_Permission = '_View_Permission'
_is_wrapperish = 1
def __getattr__(self, name):
# We want to make sure that any non-explicitly set methods are
# private!
if name.startswith('_') and name.endswith("_Permission"):
return ''
raise AttributeError(escape(name))
PermissionMapper = PM
def aqwrap(object, wrapper, parent):
r = Rewrapper()
r._ugh = wrapper, object, parent
return r
class Rewrapper(Base):
def __of__(self, parent):
w, m, p = self._ugh
return m.__of__(ImplicitAcquisitionWrapper(w, parent))
def __getattr__(self, name):
w, m, parent = self._ugh
self = m.__of__(ImplicitAcquisitionWrapper(w, parent))
return getattr(self, name)
def __call__(self, *args, **kw):
w, m, parent = self._ugh
self = m.__of__(ImplicitAcquisitionWrapper(w, parent))
return self(*args, **kw)