-
Notifications
You must be signed in to change notification settings - Fork 96
/
role.py
234 lines (199 loc) · 9.03 KB
/
role.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Role manager
"""
from cgi import escape
from App.Dialogs import MessageDialog
from App.special_dtml import DTMLFile
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from AccessControl.rolemanager import RoleManager as BaseRoleManager
from AccessControl.rolemanager import reqattr
from AccessControl.Permission import Permission
from AccessControl.Permissions import change_permissions
from AccessControl.requestmethod import requestmethod
from AccessControl.rolemanager import _string_hash
class RoleManager(BaseRoleManager):
"""An object that has configurable permissions"""
security = ClassSecurityInfo()
manage_options=(
{'label': 'Security', 'action': 'manage_access'},
)
security.declareProtected(change_permissions, 'manage_roleForm')
manage_roleForm=DTMLFile('dtml/roleEdit', globals(),
management_view='Security')
security.declareProtected(change_permissions, 'manage_role')
@requestmethod('POST')
def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
"""Change the permissions given to the given role.
"""
BaseRoleManager.manage_role(
self, role_to_manage, permissions=permissions)
if REQUEST is not None:
return self.manage_access(REQUEST)
security.declareProtected(change_permissions, 'manage_acquiredForm')
manage_acquiredForm=DTMLFile('dtml/acquiredEdit', globals(),
management_view='Security')
security.declareProtected(change_permissions, 'manage_acquiredPermissions')
@requestmethod('POST')
def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
"""Change the permissions that acquire.
"""
BaseRoleManager.manage_acquiredPermissions(
self, permissions=permissions)
if REQUEST is not None:
return self.manage_access(REQUEST)
security.declareProtected(change_permissions, 'manage_permissionForm')
manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(),
management_view='Security')
security.declareProtected(change_permissions, 'manage_permission')
@requestmethod('POST')
def manage_permission(self, permission_to_manage,
roles=[], acquire=0, REQUEST=None):
"""Change the settings for the given permission.
If optional arg acquire is true, then the roles for the permission
are acquired, in addition to the ones specified, otherwise the
permissions are restricted to only the designated roles.
"""
BaseRoleManager.manage_permission(
self, permission_to_manage, roles=roles, acquire=acquire)
if REQUEST is not None:
return self.manage_access(REQUEST)
_normal_manage_access=DTMLFile('dtml/access', globals())
manage_reportUserPermissions=DTMLFile(
'dtml/reportUserPermissions', globals())
security.declareProtected(change_permissions, 'manage_access')
def manage_access(self, REQUEST, **kw):
"""Return an interface for making permissions settings.
"""
return apply(self._normal_manage_access, (), kw)
security.declareProtected(change_permissions, 'manage_changePermissions')
@requestmethod('POST')
def manage_changePermissions(self, REQUEST):
"""Change all permissions settings, called by management screen.
"""
valid_roles=self.valid_roles()
indexes=range(len(valid_roles))
have=REQUEST.has_key
permissions=self.ac_inherited_permissions(1)
fails = []
for ip in range(len(permissions)):
permission_name = permissions[ip][0]
permission_hash = _string_hash(permission_name)
roles = []
for role in valid_roles:
role_name = role
role_hash = _string_hash(role_name)
if have("permission_%srole_%s" % (permission_hash, role_hash)):
roles.append(role)
name, value = permissions[ip][:2]
try:
p = Permission(name, value, self)
if not have('acquire_%s' % permission_hash):
roles=tuple(roles)
p.setRoles(roles)
except:
fails.append(name)
if fails:
return MessageDialog(title="Warning!",
message="Some permissions had errors: "
+ escape(', '.join(fails)),
action='manage_access')
return MessageDialog(
title = 'Success!',
message = 'Your changes have been saved',
action = 'manage_access')
security.declareProtected(change_permissions, 'manage_listLocalRoles')
manage_listLocalRoles=DTMLFile('dtml/listLocalRoles', globals(),
management_view='Security')
security.declareProtected(change_permissions, 'manage_editLocalRoles')
manage_editLocalRoles=DTMLFile('dtml/editLocalRoles', globals(),
management_view='Security')
security.declareProtected(change_permissions, 'manage_addLocalRoles')
@requestmethod('POST')
def manage_addLocalRoles(self, userid, roles, REQUEST=None):
"""Set local roles for a user."""
BaseRoleManager.manage_addLocalRoles(self, userid, roles)
if REQUEST is not None:
stat='Your changes have been saved.'
return self.manage_listLocalRoles(self, REQUEST, stat=stat)
security.declareProtected(change_permissions, 'manage_setLocalRoles')
@requestmethod('POST')
def manage_setLocalRoles(self, userid, roles, REQUEST=None):
"""Set local roles for a user."""
BaseRoleManager.manage_setLocalRoles(self, userid, roles)
if REQUEST is not None:
stat='Your changes have been saved.'
return self.manage_listLocalRoles(self, REQUEST, stat=stat)
security.declareProtected(change_permissions, 'manage_delLocalRoles')
@requestmethod('POST')
def manage_delLocalRoles(self, userids, REQUEST=None):
"""Remove all local roles for a user."""
BaseRoleManager.manage_delLocalRoles(self, userids)
if REQUEST is not None:
stat='Your changes have been saved.'
return self.manage_listLocalRoles(self, REQUEST, stat=stat)
security.declareProtected(change_permissions, 'manage_defined_roles')
def manage_defined_roles(self, submit=None, REQUEST=None):
"""Called by management screen.
"""
if submit=='Add Role':
role=reqattr(REQUEST, 'role').strip()
return self._addRole(role, REQUEST)
if submit=='Delete Role':
roles=reqattr(REQUEST, 'roles')
return self._delRoles(roles, REQUEST)
return self.manage_access(REQUEST)
@requestmethod('POST')
def _addRole(self, role, REQUEST=None):
if not role:
return MessageDialog(
title='Incomplete',
message='You must specify a role name',
action='manage_access')
if role in self.__ac_roles__:
return MessageDialog(
title='Role Exists',
message='The given role is already defined',
action='manage_access')
data = list(self.__ac_roles__)
data.append(role)
self.__ac_roles__=tuple(data)
if REQUEST is not None:
return self.manage_access(REQUEST)
@requestmethod('POST')
def _delRoles(self, roles, REQUEST=None):
if not roles:
return MessageDialog(
title='Incomplete',
message='You must specify a role name',
action='manage_access')
data = list(self.__ac_roles__)
for role in roles:
try:
data.remove(role)
except:
pass
self.__ac_roles__ = tuple(data)
if REQUEST is not None:
return self.manage_access(REQUEST)
def _has_user_defined_role(self, role):
return role in self.__ac_roles__
# Compatibility names only!!
smallRolesWidget=selectedRoles=aclAChecked=aclPChecked=aclEChecked=''
validRoles=BaseRoleManager.valid_roles
def manage_editRoles(self, REQUEST, acl_type='A', acl_roles=[]):
pass
def _setRoles(self, acl_type, acl_roles):
pass
InitializeClass(RoleManager)