def settings_for_object(ob):
"""Analysis tool to show all of the grants to a process
"""
result = []
while ob is not None:
data = {}
result.append({getattr(ob, '__name__', None) or '(no name)': data})
principal_permissions = IPrincipalPermissionMap(ob, None)
if principal_permissions is not None:
settings = principal_permissions.get_principals_and_permissions()
settings.sort()
data['prinperm'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
principal_roles = IPrincipalRoleMap(ob, None)
if principal_roles is not None:
settings = principal_roles.get_principals_and_roles()
data['prinrole'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
role_permissions = IRolePermissionMap(ob, None)
if role_permissions is not None:
settings = role_permissions.get_roles_and_permissions()
data['roleperm'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
ob = getattr(ob, '__parent__', None)
data = {}
result.append({'system': data})
settings = principal_permission_manager.get_principals_and_permissions()
settings.sort()
data['prinperm'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
settings = principal_role_manager.get_principals_and_roles()
data['prinrole'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
settings = role_permission_manager.get_roles_and_permissions()
data['roleperm'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
return result
async def grantinfo(context, request):
""" principals -> roles """
search = request.query.get("search")
if search is not None:
search = search.lower()
result = {"available_roles": [], "entries": []}
# Inherit
inheritMap = IInheritPermissionMap(context)
permissions = inheritMap.get_locked_permissions()
if len(permissions) > 0:
blocked_permissions = permissions
result["inherit"] = False
else:
result["inherit"] = True
# Roles
roles = local_roles()
valid_roles = [
role for role in roles
if role in app_settings.get("available_roles", [])
]
for role in valid_roles:
role_obj = get_utility(IRole, name=role)
result["available_roles"].append({
"id": role,
"title": role_obj.title,
"description": role_obj.description
})
prinrole = IPrincipalRoleMap(context)
settings = [
setting for setting in prinrole.get_principals_and_roles()
if setting[0] in valid_roles
]
valid_settings = {}
default_roles = {role: None for role in valid_roles}
try:
container = get_current_container()
users = await container.async_get("users")
groups = await container.async_get("groups")
except (AttributeError, KeyError, ContainerNotFound):
return None
for data in settings:
if data[1] not in valid_settings:
user = await users.async_get(data[1])
if user:
valid_settings[data[1]] = {
"id": data[1],
"disabled": user.disabled,
"login": None,
"roles": deepcopy(default_roles),
"title": user.name,
"type": "user",
"origin": "dbusers",
}
else:
group = await groups.async_get(data[1])
if group:
valid_settings[data[1]] = {
"id": data[1],
"disabled": group.disabled,
"login": None,
"roles": deepcopy(default_roles),
"title": group.name,
"type": "group",
"origin": "dbusers",
}
else:
valid_settings[data[1]] = {
"id": data[1],
"disabled": False,
"login": None,
"roles": deepcopy(default_roles),
"title": data[1],
"type": "user",
"origin": "system",
}
valid_settings[data[1]]["roles"].update({data[0]: data[2]})
result["entries"] = list(valid_settings.values())
if search is not None:
catalog = query_utility(ICatalogUtility)
query_result = await catalog.search(container,
{"type_name": ["User", "Group"]})
for obj in query_result["items"]:
ident = obj.get("id", "")
if search in ident.lower() and ident not in valid_settings:
result["entries"].append({
"id": ident,
"disabled": False,
"login": None,
"roles": deepcopy(default_roles),
"title": obj.get("title", ""),
"type": obj.get("type_name").lower(),
})
return result
def settings_for_object(ob):
"""Analysis tool to show all of the grants to a process
"""
result = []
locked_permissions = []
while ob is not None:
data = {}
result.append({getattr(ob, "__name__", None) or "(no name)": data})
principal_permissions = IPrincipalPermissionMap(ob, None)
if principal_permissions is not None:
settings = principal_permissions.get_principals_and_permissions()
settings.sort()
data["prinperm"] = [{
"principal": pr,
"permission": p,
"setting": s
} for (p, pr, s) in settings]
principal_roles = IPrincipalRoleMap(ob, None)
if principal_roles is not None:
settings = principal_roles.get_principals_and_roles()
data["prinrole"] = [{
"principal": p,
"role": r,
"setting": s
} for (r, p, s) in settings]
role_permissions = IRolePermissionMap(ob, None)
if role_permissions is not None:
settings = role_permissions.get_roles_and_permissions()
data["roleperm"] = [{
"permission": p,
"role": r,
"setting": s
} for (p, r, s) in settings if p not in locked_permissions]
inherit_permissions = IInheritPermissionMap(ob)
if inherit_permissions is not None:
settings = inherit_permissions.get_locked_permissions()
data["perminhe"] = []
for (p, s) in settings:
if s is Deny:
locked_permissions.append(p)
data["perminhe"].append({"permission": p, "setting": s})
ob = getattr(ob, "__parent__", None)
data = {}
result.append({"system": data})
settings = principal_permission_manager.get_principals_and_permissions()
settings.sort()
data["prinperm"] = [{
"principal": pr,
"permission": p,
"setting": s
} for (p, pr, s) in settings]
settings = principal_role_manager.get_principals_and_roles()
data["prinrole"] = [{
"principal": p,
"role": r,
"setting": s
} for (r, p, s) in settings]
settings = role_permission_manager.get_roles_and_permissions()
data["roleperm"] = [{
"permission": p,
"role": r,
"setting": s
} for (p, r, s) in settings if p not in locked_permissions]
return result
def settings_for_object(ob):
"""Analysis tool to show all of the grants to a process
"""
result = []
locked_permissions = []
while ob is not None:
data = {}
result.append({getattr(ob, '__name__', None) or '(no name)': data})
principal_permissions = IPrincipalPermissionMap(ob, None)
if principal_permissions is not None:
settings = principal_permissions.get_principals_and_permissions()
settings.sort()
data['prinperm'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
principal_roles = IPrincipalRoleMap(ob, None)
if principal_roles is not None:
settings = principal_roles.get_principals_and_roles()
data['prinrole'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
role_permissions = IRolePermissionMap(ob, None)
if role_permissions is not None:
settings = role_permissions.get_roles_and_permissions()
data['roleperm'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings if p not in locked_permissions]
inherit_permissions = IInheritPermissionMap(ob)
if inherit_permissions is not None:
settings = inherit_permissions.get_locked_permissions()
data['perminhe'] = []
for (p, s) in settings:
if s is Deny:
locked_permissions.append(p)
data['perminhe'].append({'permission': p, 'setting': s})
ob = getattr(ob, '__parent__', None)
data = {}
result.append({'system': data})
settings = principal_permission_manager.get_principals_and_permissions()
settings.sort()
data['prinperm'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
settings = principal_role_manager.get_principals_and_roles()
data['prinrole'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
settings = role_permission_manager.get_roles_and_permissions()
data['roleperm'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings if p not in locked_permissions]
return result
