def test__checkPermission(self):
from AccessControl import getSecurityManager
from AccessControl.ImplPython import ZopeSecurityPolicy
from AccessControl.Permission import Permission
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.utils import _checkPermission
setSecurityPolicy(ZopeSecurityPolicy())
site = self._makeSite()
newSecurityManager(None, site.acl_users.user_foo)
o = site.bar_dummy
Permission('View', (), o).setRoles(('Anonymous',))
Permission('WebDAV access', (), o).setRoles(('Authenticated',))
Permission('Manage users', (), o).setRoles(('Manager',))
eo = site.foo_dummy
eo._owner = (['acl_users'], 'all_powerful_Oz')
getSecurityManager().addContext(eo)
self.assertTrue(_checkPermission('View', o))
self.assertTrue(_checkPermission('WebDAV access', o))
self.assertFalse(_checkPermission('Manage users', o))
eo._proxy_roles = ('Authenticated',)
self.assertFalse(_checkPermission('View', o))
self.assertTrue(_checkPermission('WebDAV access', o))
self.assertFalse(_checkPermission('Manage users', o))
eo._proxy_roles = ('Manager',)
self.assertFalse(_checkPermission('View', o))
self.assertFalse(_checkPermission('WebDAV access', o))
self.assertTrue(_checkPermission('Manage users', o))
def allowed(context, permission=None):
"""
Roles that have `permission` and why.
Returns {PERM_NAME: {'Role': (REASON, META), ..}, ..}
where `REASON` in ('assigned', 'inherited').
`META` can be None or dict supplying extra info, like `source` of
permission inheritance.
"""
out = {}
all_roles = context.valid_roles()
permissions = context.ac_inherited_permissions(1)
if permission:
permissions = [x for x in permissions if x[0] == permission]
for perm in permissions:
name, value = perm[:2]
maps = out[name] = {}
perm = Permission(name, value, context)
roles = perm.getRoles(default=[])
for role in roles:
maps[role] = ('assigned', None)
if isinstance(roles, list):
for role in set(all_roles) - set(roles):
from_parent = allowed(context.aq_parent, name)
parent_permission = from_parent[name].get(role)
if parent_permission:
reason, meta = parent_permission
if reason == 'assigned':
maps[role] = ('inherited',
{'source': ofs_path(context.aq_parent)})
elif reason == 'inherited':
maps[role] = parent_permission
return out
def _modifyPermissionMappings(ob, map):
"""
Modifies multiple role to permission mappings.
"""
# This mimics what AccessControl/Role.py does.
# Needless to say, it's crude. :-(
something_changed = 0
perm_info = _ac_inherited_permissions(ob, 1)
for name, settings in map.items():
cur_roles = rolesForPermissionOn(name, ob)
if isinstance(cur_roles, basestring):
cur_roles = [cur_roles]
else:
cur_roles = list(cur_roles)
changed = 0
for (role, allow) in settings.items():
if not allow:
if role in cur_roles:
changed = 1
cur_roles.remove(role)
else:
if role not in cur_roles:
changed = 1
cur_roles.append(role)
if changed:
data = () # The list of methods using this permission.
for perm in perm_info:
n, d = perm[:2]
if n == name:
data = d
break
p = Permission(name, data, ob)
p.setRoles(tuple(cur_roles))
something_changed = 1
return something_changed
def update(app):
catalog = getattr(app, 'Catalog')
brains = catalog(meta_type='Report Document')
for brain in brains:
doc = brain.getObject()
valid_roles = doc.valid_roles()
if 'Auditor' in valid_roles:
permissions = doc.ac_inherited_permissions(1)
for perm in permissions:
name, value = perm[:2]
if name == 'View':
p = Permission(name, value, doc)
roles = list(p.getRoles())
if 'Auditor' not in roles:
roles.append('Auditor')
roles = tuple(roles)
try:
p.setRoles(roles)
print "Added Auditor to View permission for %s" % doc.absolute_url()
except:
print "Failed"
transaction.commit()
def manage_permission_for(brain_or_object, permission, roles, acquire=0):
"""Change the settings for the given permission.
Code extracted from `IRoleManager.manage_permission`
:param brain_or_object: Catalog brain or object
:param permission: The permission to be granted
:param roles: The roles the permission to be granted to
:param acquire: Flag to acquire the permission
"""
obj = api.get_object(brain_or_object)
if isinstance(roles, basestring):
roles = [roles]
for item in obj.ac_inherited_permissions(1):
name, value = item[:2]
if name == permission:
permission = Permission(name, value, obj)
if acquire:
roles = list(roles)
else:
roles = tuple(roles)
permission.setRoles(roles)
return
# Raise an error if the permission is invalid
raise ValueError("The permission {} is invalid.".format(permission))
def testChangeUseOpenFlowPermission(self):
from AccessControl.Permission import Permission
perms = self.of.ac_inherited_permissions(1)
name, value = [p for p in perms if p[0]=='Use OpenFlow'][0][:2]
p=Permission(name,value,self.of)
roles = ['Authenticated']
p.setRoles(roles)
def resetPublishPermission(context):
from AccessControl.Permission import Permission
siteroot = aq_parent(context)
permission = Permission("Euphorie: Publish a Survey", (), siteroot)
if "CountryManager" not in permission.getRoles(default=[]):
permission.setRole("CountryManager", True)
log.info("Adding publish permission for country managers")
def manage_changePermissions(self, REQUEST):
"""Change all permissions settings, called by management screen.
"""
valid_roles=self.valid_roles()
indexes=range(len(valid_roles))
have=REQUEST.has_key
permissions=self.ac_inherited_permissions(1)
fails = []
for ip in range(len(permissions)):
roles = []
for ir in indexes:
if have("p%dr%d" % (ip, ir)):
roles.append(valid_roles[ir])
name, value = permissions[ip][:2]
try:
p = Permission(name, value, self)
if not have('a%d' % ip):
roles=tuple(roles)
p.setRoles(roles)
except:
fails.append(name)
if fails:
return MessageDialog(title="Warning!",
message="Some permissions had errors: "
+ escape(', '.join(fails)),
action='manage_access')
return MessageDialog(
title = 'Success!',
message = 'Your changes have been saved',
action = 'manage_access')
def listPermissions( self ):
""" List permissions for export.
o Returns a sqeuence of mappings describing locally-modified
permission / role settings. Keys include:
'permission' -- the name of the permission
'acquire' -- a flag indicating whether to acquire roles from the
site's container
'roles' -- the list of roles which have the permission.
o Do not include permissions which both acquire and which define
no local changes to the acquired policy.
"""
permissions = []
valid_roles = self.listRoles()
for perm in self._site.ac_inherited_permissions( 1 ):
name = perm[ 0 ]
p = Permission( name, perm[ 1 ], self._site )
roles = p.getRoles( default=[] )
acquire = isinstance( roles, list ) # tuple means don't acquire
roles = [ r for r in roles if r in valid_roles ]
roles.sort()
if roles or not acquire:
permissions.append( { 'name' : name
, 'acquire' : acquire
, 'roles' : roles
} )
return permissions
def listPermissions(self):
""" List permissions for export.
o Returns a sqeuence of mappings describing locally-modified
permission / role settings. Keys include:
'permission' -- the name of the permission
'acquire' -- a flag indicating whether to acquire roles from the
site's container
'roles' -- the list of roles which have the permission.
o Do not include permissions which both acquire and which define
no local changes to the acquired policy.
"""
permissions = []
valid_roles = self.listRoles()
for perm in self._site.ac_inherited_permissions(1):
name = perm[0]
p = Permission(name, perm[1], self._site)
roles = p.getRoles(default=[])
acquire = isinstance(roles, list) # tuple means don't acquire
roles = [r for r in roles if r in valid_roles]
if roles or not acquire:
permissions.append({
'name': name,
'acquire': acquire,
'roles': roles
})
return permissions
def manage_changePermissions(self, REQUEST):
"""Change all permissions settings, called by management screen."""
valid_roles = self.valid_roles()
have = REQUEST.__contains__
permissions = self.ac_inherited_permissions(1)
fails = []
for ip in range(len(permissions)):
permission_name = permissions[ip][0]
permission_hash = _string_hash(permission_name)
roles = []
for role in valid_roles:
role_name = role
role_hash = _string_hash(role_name)
if have("permission_%srole_%s" % (permission_hash, role_hash)):
roles.append(role)
name, value = permissions[ip][:2]
try:
p = Permission(name, value, self)
if not have('acquire_%s' % permission_hash):
roles = tuple(roles)
p.setRoles(roles)
except Exception:
fails.append(name)
if fails:
raise BadRequest('Some permissions had errors: ' +
html.escape(', '.join(fails), True))
if REQUEST is not None:
return self.manage_access(REQUEST)
def _modifyPermissionMappings(ob, map):
"""
Modifies multiple role to permission mappings.
"""
# This mimics what AccessControl/Role.py does.
# Needless to say, it's crude. :-(
something_changed = 0
perm_info = _ac_inherited_permissions(ob, 1)
for name, settings in map.items():
cur_roles = rolesForPermissionOn(name, ob)
if isinstance(cur_roles, basestring):
cur_roles = [cur_roles]
else:
cur_roles = list(cur_roles)
changed = 0
for (role, allow) in settings.items():
if not allow:
if role in cur_roles:
changed = 1
cur_roles.remove(role)
else:
if role not in cur_roles:
changed = 1
cur_roles.append(role)
if changed:
data = () # The list of methods using this permission.
for perm in perm_info:
n, d = perm[:2]
if n == name:
data = d
break
p = Permission(name, data, ob)
p.setRoles(tuple(cur_roles))
something_changed = 1
return something_changed
def manage_doCustomize(self, folder_path, RESPONSE=None):
"""Makes a ZODB Based clone with the same data.
Calls _createZODBClone for the actual work.
"""
obj = self._createZODBClone()
parent = aq_parent(aq_inner(self))
# Preserve cache manager associations
cachemgr_id = self.ZCacheable_getManagerId()
if ( cachemgr_id and
getattr(obj, 'ZCacheable_setManagerId', None) is not None ):
obj.ZCacheable_setManagerId(cachemgr_id)
# If there are proxy roles we preserve them
proxy_roles = getattr(aq_base(self), '_proxy_roles', None)
if proxy_roles is not None and isinstance(proxy_roles, tuple):
obj._proxy_roles = tuple(self._proxy_roles)
# Also, preserve any permission settings that might have come
# from a metadata file or from fiddling in the ZMI
old_info = [x[:2] for x in self.ac_inherited_permissions(1)]
for old_perm, value in old_info:
p = Permission(old_perm, value, self)
acquired = int(isinstance(p.getRoles(default=[]), list))
rop_info = self.rolesOfPermission(old_perm)
roles = [x['name'] for x in rop_info if x['selected'] != '']
try:
# if obj is based on OFS.ObjectManager an acquisition context is
# required for _subobject_permissions()
obj.__of__(parent).manage_permission(old_perm, roles=roles,
acquire=acquired)
except ValueError:
# The permission was invalid, never mind
pass
id = obj.getId()
fpath = tuple( folder_path.split('/') )
portal_skins = getUtility(ISkinsTool)
folder = portal_skins.restrictedTraverse(fpath)
if id in folder.objectIds():
# we cant catch the badrequest so
# we'll that to check before hand
obj = folder._getOb(id)
if RESPONSE is not None:
RESPONSE.redirect('%s/manage_main?manage_tabs_message=%s' % (
obj.absolute_url(), html_quote("An object with this id already exists")
))
else:
folder._verifyObjectPaste(obj, validate_src=0)
folder._setObject(id, obj)
if RESPONSE is not None:
RESPONSE.redirect('%s/%s/manage_main' % (
folder.absolute_url(), id))
if RESPONSE is not None:
RESPONSE.redirect('%s/%s/manage_main' % (
folder.absolute_url(), id))
def manage_changePermissions(self, REQUEST):
"""Change all permissions settings, called by management screen."""
valid_roles = self.valid_roles()
have = REQUEST.__contains__
permissions = self.ac_inherited_permissions(1)
fails = []
for ip in range(len(permissions)):
permission_name = permissions[ip][0]
permission_hash = _string_hash(permission_name)
roles = []
for role in valid_roles:
role_name = role
role_hash = _string_hash(role_name)
if have("permission_%srole_%s" % (permission_hash, role_hash)):
roles.append(role)
name, value = permissions[ip][:2]
try:
p = Permission(name, value, self)
if not have('acquire_%s' % permission_hash):
roles = tuple(roles)
p.setRoles(roles)
except Exception:
fails.append(name)
if fails:
raise BadRequest('Some permissions had errors: '
+ escape(', '.join(fails), True))
if REQUEST is not None:
return self.manage_access(REQUEST)
def manage_changePermissions(self, REQUEST):
"""Change all permissions settings, called by management screen.
"""
valid_roles = self.valid_roles()
indexes = range(len(valid_roles))
have = REQUEST.has_key
permissions = self.ac_inherited_permissions(1)
fails = []
for ip in range(len(permissions)):
roles = []
for ir in indexes:
if have("p%dr%d" % (ip, ir)):
roles.append(valid_roles[ir])
name, value = permissions[ip][:2]
try:
p = Permission(name, value, self)
if not have('a%d' % ip):
roles = tuple(roles)
p.setRoles(roles)
except:
fails.append(name)
if fails:
return MessageDialog(title="Warning!",
message="Some permissions had errors: " +
escape(', '.join(fails)),
action='manage_access')
return MessageDialog(title='Success!',
message='Your changes have been saved',
action='manage_access')
def allowed(context, permission=None):
"""
Roles that have `permission` and why.
Returns {PERM_NAME: {'Role': (REASON, META), ..}, ..}
where `REASON` in ('assigned', 'inherited').
`META` can be None or dict supplying extra info, like `source` of
permission inheritance.
"""
out = {}
all_roles = context.valid_roles()
permissions = context.ac_inherited_permissions(1)
if permission:
permissions = [x for x in permissions if x[0] == permission]
for perm in permissions:
name, value = perm[:2]
maps = out[name] = {}
perm = Permission(name, value, context)
roles = perm.getRoles(default=[])
for role in roles:
maps[role] = ('assigned', None)
if isinstance(roles, list):
from_parent = allowed(context.aq_parent, name)
for role in set(all_roles) - set(roles):
parent_permission = from_parent[name].get(role)
if parent_permission:
reason, meta = parent_permission
if reason == 'assigned':
maps[role] = ('inherited',
{'source': ofs_path(context.aq_parent)})
elif reason == 'inherited':
maps[role] = parent_permission
return out
def permission_settings(self, permission=None):
"""Return user-role permission settings.
If 'permission' is passed to the method then only the settings for
'permission' is returned.
"""
result=[]
valid=self.valid_roles()
indexes=range(len(valid))
ip=0
permissions = self.ac_inherited_permissions(1)
# Filter permissions
if permission:
permissions = [p for p in permissions if p[0] == permission]
for p in permissions:
name, value = p[:2]
p=Permission(name, value, self)
roles = p.getRoles(default=[])
d={'name': name,
'acquire': isinstance(roles, list) and 'CHECKED' or '',
'roles': map(
lambda ir, roles=roles, valid=valid, ip=ip:
{
'name': "p%dr%d" % (ip, ir),
'checked': (valid[ir] in roles) and 'CHECKED' or '',
},
indexes)
}
ip = ip + 1
result.append(d)
return result
def manage_role(self, role_to_manage, permissions=[]):
"""Change the permissions given to the given role.
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
p.setRole(role_to_manage, name in permissions)
def getPermissionMapping(self):
""" Return the permission mapping for the parent """
ret = {}
for zope_perm in self.permissions:
permission = Permission(zope_perm, (), self.aq_parent)
ret[zope_perm] = permission.getRoles()
return ret
def permission_settings(self, permission=None):
"""Return user-role permission settings.
If 'permission' is passed to the method then only the settings for
'permission' is returned.
"""
result = []
valid = self.valid_roles()
indexes = range(len(valid))
ip = 0
permissions = self.ac_inherited_permissions(1)
# Filter permissions
if permission:
permissions = [p for p in permissions if p[0] == permission]
for p in permissions:
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles(default=[])
d = {
'name':
name,
'acquire':
isinstance(roles, list) and 'CHECKED' or '',
'roles':
map(lambda ir, roles=roles, valid=valid, ip=ip: {
'name': "p%dr%d" % (ip, ir),
'checked': (valid[ir] in roles) and 'CHECKED' or '',
},
indexes)
}
ip = ip + 1
result.append(d)
return result
def manage_role(self, role_to_manage, permissions=[]):
"""Change the permissions given to the given role.
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
p.setRole(role_to_manage, name in permissions)
def getPermissionsWithAcquiredRoles(self):
""" Return the permissions which acquire roles from their parents """
ret = []
for zope_perm in self.permissions:
permission = Permission(zope_perm, (), self.aq_parent)
if isinstance(permission.getRoles(), list):
ret.append(zope_perm)
return ret
def getPermissionMapping(self):
""" Return the permission mapping for the object """
mapping = {}
for permission in self.permissions:
permission_object = Permission(permission, (), self.getObject())
mapping[permission] = permission_object.getRoles()
return mapping
def _getTempFolder(self, type_name):
factory_info = self.REQUEST.get(FACTORY_INFO, {})
tempFolder = factory_info.get(type_name, None)
if tempFolder:
tempFolder = aq_inner(tempFolder).__of__(self)
return tempFolder
# make sure we can add an object of this type to the temp folder
types_tool = getToolByName(self, 'portal_types')
if not type_name in types_tool.TempFolder.allowed_content_types:
# update allowed types for tempfolder
types_tool.TempFolder.allowed_content_types=(types_tool.listContentTypes())
tempFolder = TempFolder(type_name).__of__(self)
intended_parent = aq_parent(self)
portal = getToolByName(self, 'portal_url').getPortalObject()
folder_roles = {} # mapping from permission name to list or tuple of roles
# list if perm is acquired; tuple if not
n_acquired = 0 # number of permissions that are acquired
# build initial folder_roles dictionary
for p in intended_parent.ac_inherited_permissions(1):
name, value = p[:2]
p=Permission(name,value,intended_parent)
roles = p.getRoles()
folder_roles[name] = roles
if isinstance(roles, list):
n_acquired += 1
# If intended_parent is not the portal, walk up the acquisition hierarchy and
# acquire permissions explicitly so we can assign the acquired version to the
# temp_folder. In addition to being cumbersome, this is undoubtedly very slow.
if intended_parent != portal:
parent = aq_parent(aq_inner(intended_parent))
while(n_acquired and parent!=portal):
n_acquired = 0
for p in parent.ac_inherited_permissions(1):
name, value = p[:2]
roles = folder_roles[name]
if isinstance(roles, list):
p=Permission(name,value,parent)
aq_roles=p.getRoles()
for r in aq_roles:
if not r in roles:
roles.append(r)
if isinstance(aq_roles, list):
n_acquired += 1
else:
roles = tuple(roles)
folder_roles[name] = roles
parent = aq_parent(aq_inner(parent))
for name, roles in folder_roles.items():
tempFolder.manage_permission(name, roles, acquire=isinstance(roles, list))
factory_info[type_name] = tempFolder
self.REQUEST.set(FACTORY_INFO, factory_info)
return tempFolder
def _update(self, portal):
permission = "Naaya - Create user"
p = Permission(permission, (), portal)
if 'Administrator' not in p.getRoles():
permission_add_role(portal, permission, 'Administrator')
permission_add_role(portal, permission, 'Anonymous')
self.log.debug('Added %s permission', permission)
return True
def _update(self, portal):
view_perm = Permission(view, (), portal)
roles_with_view = view_perm.getRoles()
if tuple is type(roles_with_view):
self.log.debug('No need to update')
else:
view_perm.setRoles(tuple(roles_with_view))
self.log.debug('Removed view permission inheritance for the site')
return True
def _update(self, portal):
layout_tool = portal.getLayoutTool()
view_perm = Permission(view, (), layout_tool)
if 'Anonymous' not in view_perm.getRoles():
view_perm.setRoles(['Anonymous',])
self.log.info("View Permission set for Anonymous on portal_layout.")
else:
self.log.info("Already has it, nothing to do.")
return True
def _update(self, portal):
permissions = ["Naaya - Add Naaya Photo Folder", "Naaya - Add Naaya Photo Gallery"]
for permission in permissions:
p = Permission(permission, (), portal)
if "Administrator" not in p.getRoles():
permission_add_role(portal, permission, "Administrator")
self.log.debug("Added %s permission", permission)
return True
def _update(self, portal):
permission = "Naaya - Create user"
p = Permission(permission, (), portal)
if "Administrator" not in p.getRoles():
permission_add_role(portal, permission, "Administrator")
permission_add_role(portal, permission, "Anonymous")
self.log.debug("Added %s permission", permission)
return True
def getPermissionsWithAcquiredRoles(self):
""" Return the permissions which acquire roles from their parents """
ret = []
for permission in self.permissions:
permission_object = Permission(permission, (), self.getObject())
if isinstance(permission_object.getRoles(), list):
ret.append(permission)
return ret
def setPermissionMapping(self, mapping):
"""
Change the permission mapping for the object.
This leaves the other permissions (not in mapping.keys()) unchanged
"""
for permission in mapping:
permission_object = Permission(permission, (), self.getObject())
permission_object.setRoles(mapping[permission])
def _update(self, portal):
skip_captcha_perm = Permission('Naaya - Skip Captcha', (), portal)
roles_with_skip_captcha = skip_captcha_perm.getRoles()
if 'Authenticated' not in roles_with_skip_captcha:
roles_with_skip_captcha.append('Authenticated')
skip_captcha_perm.setRoles(roles_with_skip_captcha)
self.log.debug('Skip Captcha permission assigned to Authenticated')
else:
self.log.debug('Authenticated already has the permission')
return True
def setPermissionMapping(self, mapping):
"""
Change the permission mapping for the parent.
This leaves the other permissions (not in mapping.keys()) unchanged
"""
for zope_perm in mapping:
permission = Permission(zope_perm, (), self.aq_parent)
permission.setRoles(mapping[zope_perm])
transaction.commit()
def _update(self, portal):
skip_captcha_perm = Permission('Naaya - Skip Captcha', (), portal)
roles_with_skip_captcha = skip_captcha_perm.getRoles()
if 'Authenticated' not in roles_with_skip_captcha:
roles_with_skip_captcha.append('Authenticated')
skip_captcha_perm.setRoles(roles_with_skip_captcha)
self.log.debug('Skip Captcha permission assigned to Authenticated')
else:
self.log.debug('Authenticated already has the permission')
return True
def _update(self, portal):
permissions = ["Naaya - Add Naaya Photo Folder",
"Naaya - Add Naaya Photo Gallery"]
for permission in permissions:
p = Permission(permission, (), portal)
if 'Administrator' not in p.getRoles():
permission_add_role(portal, permission, 'Administrator')
self.log.debug('Added %s permission', permission)
return True
def manage_addLayoutTool(self, REQUEST=None):
""" """
ob = LayoutTool(ID_LAYOUTTOOL, TITLE_LAYOUTTOOL)
self._setObject(ID_LAYOUTTOOL, ob)
ob_aq = self._getOb(ID_LAYOUTTOOL)
ob_aq.loadDefaultData()
view_perm = Permission(view, (), ob_aq)
view_perm.setRoles(['Anonymous',])
if REQUEST:
return self.manage_main(self, REQUEST, update_menu=1)
def _update(self, portal):
catalog = portal.getCatalogTool()
for brain in catalog(approved=0):
obj = brain.getObject()
permission = Permission(view, (), obj)
roles = permission.getRoles()
if isinstance(roles, list):
obj.dont_inherit_view_permission()
self.log.debug("restricted view permission for %s", obj.absolute_url())
return True
def roles_of_permission(context, permission):
"""Return all roles which have the given permission
on the current context."""
role_manager = IRoleManager(context)
for p in role_manager.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
p = Permission(name, value, role_manager)
roles = p.getRoles()
return roles
def _update(self, portal):
catalog = portal.getCatalogTool()
for brain in catalog(approved=0):
obj = brain.getObject()
permission = Permission(view, (), obj)
roles = permission.getRoles()
if isinstance(roles, list):
obj.dont_inherit_view_permission()
self.log.debug('restricted view permission for %s',
obj.absolute_url())
return True
def roles_of_permission(context, permission):
"""Return all roles which have the given permission
on the current context."""
role_manager = IRoleManager(context)
for p in role_manager.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
p = Permission(name, value, role_manager)
roles = p.getRoles()
return roles
def set_acl_for_roles(ob, roles):
permission_object = Permission(view, (), ob)
current_roles = permission_object.getRoles()
is_tuple = isinstance(current_roles, tuple)
current_roles = list(current_roles)
new_roles = set(roles + current_roles)
if is_tuple:
new_roles = tuple(new_roles)
else:
new_roles = list(new_roles)
permission_object.setRoles(new_roles)
def _update(self, portal):
review_perm = Permission('Naaya - Review TalkBack Consultation',
(), portal)
for role in ['Administrator', 'Owner', 'Reviewer']:
roles = review_perm.getRoles()
if role not in roles:
roles.append(role)
review_perm.setRoles(roles)
self.log.info("Review Permission set for %s on %s" %
(role, portal.absolute_url()))
return True
def _update(self, portal):
meetings = portal.getCatalogedObjects(meta_type='Naaya Meeting')
for meeting in meetings:
view_perm = Permission('View', (), meeting)
for role in [OBSERVER_ROLE, WAITING_ROLE, PARTICIPANT_ROLE]:
roles = view_perm.getRoles()
if role not in roles:
roles.append(role)
view_perm.setRoles(roles)
self.log.info("View Permission set for %s on %s" %
(role, meeting.absolute_url()))
return True
def acquiredRolesAreUsedBy(self, permission):
"""
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
p = Permission(name, value, self)
roles = p.getRoles()
return isinstance(roles, list) and 'CHECKED' or ''
raise ValueError("The permission <em>%s</em> is invalid." %
escape(permission))
def _update(self, portal):
meetings = portal.getCatalogedObjects(meta_type='Naaya Meeting')
for meeting in meetings:
view_perm = Permission('View', (), meeting)
for role in [OBSERVER_ROLE, WAITING_ROLE, PARTICIPANT_ROLE]:
roles = view_perm.getRoles()
if role not in roles:
roles.append(role)
view_perm.setRoles(roles)
self.log.info("View Permission set for %s on %s" %
(role, meeting.absolute_url()))
return True
def _update(self, portal):
layout_tool = portal.getLayoutTool()
view_perm = Permission(view, (), layout_tool)
if 'Anonymous' not in view_perm.getRoles():
view_perm.setRoles([
'Anonymous',
])
self.log.info(
"View Permission set for Anonymous on portal_layout.")
else:
self.log.info("Already has it, nothing to do.")
return True
def manage_addLayoutTool(self, REQUEST=None):
""" """
ob = LayoutTool(ID_LAYOUTTOOL, TITLE_LAYOUTTOOL)
self._setObject(ID_LAYOUTTOOL, ob)
ob_aq = self._getOb(ID_LAYOUTTOOL)
ob_aq.loadDefaultData()
view_perm = Permission(view, (), ob_aq)
view_perm.setRoles([
'Anonymous',
])
if REQUEST:
return self.manage_main(self, REQUEST, update_menu=1)
def acquiredRolesAreUsedBy(self, permission):
"""
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
p = Permission(name, value, self)
roles = p.getRoles()
return isinstance(roles, list) and 'CHECKED' or ''
raise ValueError(
"The permission <em>%s</em> is invalid." % escape(permission))
def permissionsOfRole(self, role):
"""Returns a role to permission mapping.
"""
r = []
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles()
r.append({
'name': name,
'selected': role in roles and 'SELECTED' or '',
})
return r
def updateRolesForPermission(permission, roles, obj):
'''Adds roles from list p_roles to the list of roles that are granted
p_permission on p_obj.'''
from AccessControl.Permission import Permission
# Find existing roles that were granted p_permission on p_obj
existingRoles = ()
for p in obj.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
perm = Permission(name, value, obj)
existingRoles = perm.getRoles()
allRoles = set(existingRoles).union(roles)
obj.manage_permission(permission, tuple(allRoles), acquire=0)
def tearDown(self):
self.browser_do_logout()
self.auth_tool.manage_revokeUserRole(user=self.user_obj.name,
location='/portal/info')
# reset portal roles with view
view_perm = Permission(view, (), self.portal)
view_perm.setRoles(self.site_roles_with_view)
transaction.commit()
super(UserWithRolesOnlyOnFolderTestSetup, self).tearDown()
def _update(self, portal):
permission = Permission('Naaya - Add comments for content', (), portal)
roles = permission.getRoles()
if 'Authenticated' in roles:
self.log.debug("Portal doesn't need update")
self.log.debug("Authenticated users can already add comments")
return True
if isinstance(roles, tuple):
roles = tuple(list(roles) + ['Authenticated'])
else:
roles = roles + ['Authenticated']
permission.setRoles(roles)
return True
def allowMembersToAddCenter(obj):
perms = [p for p in obj.ac_inherited_permissions(1) if p[0] == AddSoftwareCenter]
p = perms[0]
name, value = perms[0][:2]
p = Permission(name, value, obj)
roles = p.getRoles()
if 'Member' not in roles:
if type(roles) == type(()):
roles = list(roles)
roles.append('Member')
roles = tuple(roles)
else:
roles.append('Member')
p.setRoles(roles)
def _update(self, portal):
layout_permission = Permission(view, (), portal.portal_layout)
layout_permission.setRoles(portal.validRoles())
dyn_permission = Permission(view, (), portal.portal_dynamicproperties)
dyn_permission.setRoles(portal.validRoles())
self.log.info('Done')
return True
