-
Notifications
You must be signed in to change notification settings - Fork 96
/
owner.py
91 lines (77 loc) · 3.45 KB
/
owner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Support for owned objects
"""
from AccessControl.class_init import InitializeClass
from AccessControl.owner import Owned as BaseOwned
from AccessControl.owner import ownableFilter
from AccessControl.owner import UnownableOwner
from AccessControl.Permissions import view_management_screens
from AccessControl.Permissions import take_ownership
from AccessControl.requestmethod import requestmethod
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.unauthorized import Unauthorized
from Acquisition import aq_get
from Acquisition import aq_parent
from six.moves.urllib import parse
from App.special_dtml import DTMLFile
class Owned(BaseOwned):
security = ClassSecurityInfo()
security.setPermissionDefault(take_ownership, ('Owner', ))
manage_options = (
{'label': 'Ownership', 'action': 'manage_owner',
'filter': ownableFilter},
)
security.declareProtected(view_management_screens, 'manage_owner')
manage_owner = DTMLFile('dtml/owner', globals())
security.declareProtected(take_ownership, 'manage_takeOwnership')
@requestmethod('POST')
def manage_takeOwnership(self, REQUEST, RESPONSE, recursive=0):
"""Take ownership (responsibility) for an object.
If 'recursive' is true, then also take ownership of all sub-objects.
"""
security = getSecurityManager()
want_referer = REQUEST['URL1'] + '/manage_owner'
got_referer = ("%s://%s%s" %
parse.urlparse(REQUEST['HTTP_REFERER'])[:3])
__traceback_info__ = want_referer, got_referer
if (want_referer != got_referer or security.calledByExecutable()):
raise Unauthorized(
'manage_takeOwnership was called from an invalid context')
self.changeOwnership(security.getUser(), recursive)
if RESPONSE is not None:
RESPONSE.redirect(REQUEST['HTTP_REFERER'])
security.declareProtected(take_ownership, 'manage_changeOwnershipType')
@requestmethod('POST')
def manage_changeOwnershipType(self, explicit=1,
RESPONSE=None, REQUEST=None):
"""Change the type (implicit or explicit) of ownership.
"""
old = getattr(self, '_owner', None)
if explicit:
if old is not None:
return
owner = self.getOwnerTuple()
if owner is not None and owner is not UnownableOwner:
self._owner = owner
else:
if old is None:
return
new = aq_get(aq_parent(self), '_owner', None, 1)
_m = object()
if old is new and (self.__dict__.get('_owner', _m) is not _m):
del self._owner
if RESPONSE is not None:
RESPONSE.redirect(REQUEST['HTTP_REFERER'])
InitializeClass(Owned)