def _getTempFolder(self, type_name):
factory_info = self.REQUEST.get(FACTORY_INFO, {})
tempFolder = factory_info.get(type_name, None)
if tempFolder:
tempFolder = aq_inner(tempFolder).__of__(self)
return tempFolder
# make sure we can add an object of this type to the temp folder
types_tool = getToolByName(self, 'portal_types')
if not type_name in types_tool.TempFolder.allowed_content_types:
# update allowed types for tempfolder
types_tool.TempFolder.allowed_content_types=(types_tool.listContentTypes())
tempFolder = TempFolder(type_name).__of__(self)
intended_parent = aq_parent(self)
portal = getToolByName(self, 'portal_url').getPortalObject()
folder_roles = {} # mapping from permission name to list or tuple of roles
# list if perm is acquired; tuple if not
n_acquired = 0 # number of permissions that are acquired
# build initial folder_roles dictionary
for p in intended_parent.ac_inherited_permissions(1):
name, value = p[:2]
p=Permission(name,value,intended_parent)
roles = p.getRoles()
folder_roles[name] = roles
if isinstance(roles, list):
n_acquired += 1
# If intended_parent is not the portal, walk up the acquisition hierarchy and
# acquire permissions explicitly so we can assign the acquired version to the
# temp_folder. In addition to being cumbersome, this is undoubtedly very slow.
if intended_parent != portal:
parent = aq_parent(aq_inner(intended_parent))
while(n_acquired and parent!=portal):
n_acquired = 0
for p in parent.ac_inherited_permissions(1):
name, value = p[:2]
roles = folder_roles[name]
if isinstance(roles, list):
p=Permission(name,value,parent)
aq_roles=p.getRoles()
for r in aq_roles:
if not r in roles:
roles.append(r)
if isinstance(aq_roles, list):
n_acquired += 1
else:
roles = tuple(roles)
folder_roles[name] = roles
parent = aq_parent(aq_inner(parent))
for name, roles in folder_roles.items():
tempFolder.manage_permission(name, roles, acquire=isinstance(roles, list))
factory_info[type_name] = tempFolder
self.REQUEST.set(FACTORY_INFO, factory_info)
return tempFolder
def permission_settings(self, permission=None):
"""Return user-role permission settings.
If 'permission' is passed to the method then only the settings for
'permission' is returned.
"""
result = []
valid = self.valid_roles()
indexes = range(len(valid))
ip = 0
permissions = self.ac_inherited_permissions(1)
# Filter permissions
if permission:
permissions = [p for p in permissions if p[0] == permission]
for p in permissions:
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles(default=[])
d = {
'name':
name,
'acquire':
isinstance(roles, list) and 'CHECKED' or '',
'roles':
map(lambda ir, roles=roles, valid=valid, ip=ip: {
'name': "p%dr%d" % (ip, ir),
'checked': (valid[ir] in roles) and 'CHECKED' or '',
},
indexes)
}
ip = ip + 1
result.append(d)
return result
def tryMethodCallWithTemporaryPermission(context, permission, method,
method_argv, method_kw, exception):
# we want to catch the explicit security check done in manage_renameObject
# and bypass it. for this, we temporarily give the Copy or Move right to the
# user. We assume that if the user has enough rights to pass the
# "declareProtected" check around "setId", he should be really able to
# rename the object.
try:
return method(*method_argv, **method_kw)
except exception:
user = getSecurityManager().getUser()
user_role_list = user.getRolesInContext(context)
if len(user_role_list) > 0:
perm_list = context.ac_inherited_permissions()
for p in perm_list:
if p[0] == permission:
name, value = p[:2]
break
else:
name, value = (permission, ())
p = Permission(name,value,context)
old_role_list = p.getRoles(default=[])
p.setRoles(user_role_list)
result = method(*method_argv, **method_kw)
p.setRoles(old_role_list)
return result
def getPermissionMapping(self):
""" Return the permission mapping for the parent """
ret = {}
for zope_perm in self.permissions:
permission = Permission(zope_perm, (), self.aq_parent)
ret[zope_perm] = permission.getRoles()
return ret
def permission_settings(self, permission=None):
"""Return user-role permission settings.
If 'permission' is passed to the method then only the settings for
'permission' is returned.
"""
result=[]
valid=self.valid_roles()
indexes=range(len(valid))
ip=0
permissions = self.ac_inherited_permissions(1)
# Filter permissions
if permission:
permissions = [p for p in permissions if p[0] == permission]
for p in permissions:
name, value = p[:2]
p=Permission(name, value, self)
roles = p.getRoles(default=[])
d={'name': name,
'acquire': isinstance(roles, list) and 'CHECKED' or '',
'roles': map(
lambda ir, roles=roles, valid=valid, ip=ip:
{
'name': "p%dr%d" % (ip, ir),
'checked': (valid[ir] in roles) and 'CHECKED' or '',
},
indexes)
}
ip = ip + 1
result.append(d)
return result
def resetPublishPermission(context):
from AccessControl.Permission import Permission
siteroot = aq_parent(context)
permission = Permission("Euphorie: Publish a Survey", (), siteroot)
if "CountryManager" not in permission.getRoles(default=[]):
permission.setRole("CountryManager", True)
log.info("Adding publish permission for country managers")
def allowed(context, permission=None):
"""
Roles that have `permission` and why.
Returns {PERM_NAME: {'Role': (REASON, META), ..}, ..}
where `REASON` in ('assigned', 'inherited').
`META` can be None or dict supplying extra info, like `source` of
permission inheritance.
"""
out = {}
all_roles = context.valid_roles()
permissions = context.ac_inherited_permissions(1)
if permission:
permissions = [x for x in permissions if x[0] == permission]
for perm in permissions:
name, value = perm[:2]
maps = out[name] = {}
perm = Permission(name, value, context)
roles = perm.getRoles(default=[])
for role in roles:
maps[role] = ('assigned', None)
if isinstance(roles, list):
for role in set(all_roles) - set(roles):
from_parent = allowed(context.aq_parent, name)
parent_permission = from_parent[name].get(role)
if parent_permission:
reason, meta = parent_permission
if reason == 'assigned':
maps[role] = ('inherited',
{'source': ofs_path(context.aq_parent)})
elif reason == 'inherited':
maps[role] = parent_permission
return out
def update(app):
catalog = getattr(app, 'Catalog')
brains = catalog(meta_type='Report Document')
for brain in brains:
doc = brain.getObject()
valid_roles = doc.valid_roles()
if 'Auditor' in valid_roles:
permissions = doc.ac_inherited_permissions(1)
for perm in permissions:
name, value = perm[:2]
if name == 'View':
p = Permission(name, value, doc)
roles = list(p.getRoles())
if 'Auditor' not in roles:
roles.append('Auditor')
roles = tuple(roles)
try:
p.setRoles(roles)
print "Added Auditor to View permission for %s" % doc.absolute_url()
except:
print "Failed"
transaction.commit()
def listPermissions(self):
""" List permissions for export.
o Returns a sqeuence of mappings describing locally-modified
permission / role settings. Keys include:
'permission' -- the name of the permission
'acquire' -- a flag indicating whether to acquire roles from the
site's container
'roles' -- the list of roles which have the permission.
o Do not include permissions which both acquire and which define
no local changes to the acquired policy.
"""
permissions = []
valid_roles = self.listRoles()
for perm in self._site.ac_inherited_permissions(1):
name = perm[0]
p = Permission(name, perm[1], self._site)
roles = p.getRoles(default=[])
acquire = isinstance(roles, list) # tuple means don't acquire
roles = [r for r in roles if r in valid_roles]
if roles or not acquire:
permissions.append({
'name': name,
'acquire': acquire,
'roles': roles
})
return permissions
def allowed(context, permission=None):
"""
Roles that have `permission` and why.
Returns {PERM_NAME: {'Role': (REASON, META), ..}, ..}
where `REASON` in ('assigned', 'inherited').
`META` can be None or dict supplying extra info, like `source` of
permission inheritance.
"""
out = {}
all_roles = context.valid_roles()
permissions = context.ac_inherited_permissions(1)
if permission:
permissions = [x for x in permissions if x[0] == permission]
for perm in permissions:
name, value = perm[:2]
maps = out[name] = {}
perm = Permission(name, value, context)
roles = perm.getRoles(default=[])
for role in roles:
maps[role] = ('assigned', None)
if isinstance(roles, list):
from_parent = allowed(context.aq_parent, name)
for role in set(all_roles) - set(roles):
parent_permission = from_parent[name].get(role)
if parent_permission:
reason, meta = parent_permission
if reason == 'assigned':
maps[role] = ('inherited',
{'source': ofs_path(context.aq_parent)})
elif reason == 'inherited':
maps[role] = parent_permission
return out
def listPermissions( self ):
""" List permissions for export.
o Returns a sqeuence of mappings describing locally-modified
permission / role settings. Keys include:
'permission' -- the name of the permission
'acquire' -- a flag indicating whether to acquire roles from the
site's container
'roles' -- the list of roles which have the permission.
o Do not include permissions which both acquire and which define
no local changes to the acquired policy.
"""
permissions = []
valid_roles = self.listRoles()
for perm in self._site.ac_inherited_permissions( 1 ):
name = perm[ 0 ]
p = Permission( name, perm[ 1 ], self._site )
roles = p.getRoles( default=[] )
acquire = isinstance( roles, list ) # tuple means don't acquire
roles = [ r for r in roles if r in valid_roles ]
roles.sort()
if roles or not acquire:
permissions.append( { 'name' : name
, 'acquire' : acquire
, 'roles' : roles
} )
return permissions
def tryMethodCallWithTemporaryPermission(context, permission, method,
method_argv, method_kw, exception):
# we want to catch the explicit security check done in manage_renameObject
# and bypass it. for this, we temporarily give the Copy or Move right to the
# user. We assume that if the user has enough rights to pass the
# "declareProtected" check around "setId", he should be really able to
# rename the object.
try:
return method(*method_argv, **method_kw)
except exception:
user = getSecurityManager().getUser()
user_role_list = user.getRolesInContext(context)
if len(user_role_list) > 0:
perm_list = context.ac_inherited_permissions()
for p in perm_list:
if p[0] == permission:
name, value = p[:2]
break
else:
name, value = (permission, ())
p = Permission(name,value,context)
old_role_list = p.getRoles(default=[])
p.setRoles(user_role_list)
result = method(*method_argv, **method_kw)
p.setRoles(old_role_list)
return result
def manage_doCustomize(self, folder_path, RESPONSE=None):
"""Makes a ZODB Based clone with the same data.
Calls _createZODBClone for the actual work.
"""
obj = self._createZODBClone()
parent = aq_parent(aq_inner(self))
# Preserve cache manager associations
cachemgr_id = self.ZCacheable_getManagerId()
if ( cachemgr_id and
getattr(obj, 'ZCacheable_setManagerId', None) is not None ):
obj.ZCacheable_setManagerId(cachemgr_id)
# If there are proxy roles we preserve them
proxy_roles = getattr(aq_base(self), '_proxy_roles', None)
if proxy_roles is not None and isinstance(proxy_roles, tuple):
obj._proxy_roles = tuple(self._proxy_roles)
# Also, preserve any permission settings that might have come
# from a metadata file or from fiddling in the ZMI
old_info = [x[:2] for x in self.ac_inherited_permissions(1)]
for old_perm, value in old_info:
p = Permission(old_perm, value, self)
acquired = int(isinstance(p.getRoles(default=[]), list))
rop_info = self.rolesOfPermission(old_perm)
roles = [x['name'] for x in rop_info if x['selected'] != '']
try:
# if obj is based on OFS.ObjectManager an acquisition context is
# required for _subobject_permissions()
obj.__of__(parent).manage_permission(old_perm, roles=roles,
acquire=acquired)
except ValueError:
# The permission was invalid, never mind
pass
id = obj.getId()
fpath = tuple( folder_path.split('/') )
portal_skins = getUtility(ISkinsTool)
folder = portal_skins.restrictedTraverse(fpath)
if id in folder.objectIds():
# we cant catch the badrequest so
# we'll that to check before hand
obj = folder._getOb(id)
if RESPONSE is not None:
RESPONSE.redirect('%s/manage_main?manage_tabs_message=%s' % (
obj.absolute_url(), html_quote("An object with this id already exists")
))
else:
folder._verifyObjectPaste(obj, validate_src=0)
folder._setObject(id, obj)
if RESPONSE is not None:
RESPONSE.redirect('%s/%s/manage_main' % (
folder.absolute_url(), id))
if RESPONSE is not None:
RESPONSE.redirect('%s/%s/manage_main' % (
folder.absolute_url(), id))
def getPermissionsWithAcquiredRoles(self):
""" Return the permissions which acquire roles from their parents """
ret = []
for zope_perm in self.permissions:
permission = Permission(zope_perm, (), self.aq_parent)
if isinstance(permission.getRoles(), list):
ret.append(zope_perm)
return ret
def getPermissionMapping(self):
""" Return the permission mapping for the object """
mapping = {}
for permission in self.permissions:
permission_object = Permission(permission, (), self.getObject())
mapping[permission] = permission_object.getRoles()
return mapping
def getPermissionsWithAcquiredRoles(self):
""" Return the permissions which acquire roles from their parents """
ret = []
for permission in self.permissions:
permission_object = Permission(permission, (), self.getObject())
if isinstance(permission_object.getRoles(), list):
ret.append(permission)
return ret
def _update(self, portal):
permissions = ["Naaya - Add Naaya Photo Folder", "Naaya - Add Naaya Photo Gallery"]
for permission in permissions:
p = Permission(permission, (), portal)
if "Administrator" not in p.getRoles():
permission_add_role(portal, permission, "Administrator")
self.log.debug("Added %s permission", permission)
return True
def _update(self, portal):
view_perm = Permission(view, (), portal)
roles_with_view = view_perm.getRoles()
if tuple is type(roles_with_view):
self.log.debug('No need to update')
else:
view_perm.setRoles(tuple(roles_with_view))
self.log.debug('Removed view permission inheritance for the site')
return True
def _update(self, portal):
layout_tool = portal.getLayoutTool()
view_perm = Permission(view, (), layout_tool)
if 'Anonymous' not in view_perm.getRoles():
view_perm.setRoles(['Anonymous',])
self.log.info("View Permission set for Anonymous on portal_layout.")
else:
self.log.info("Already has it, nothing to do.")
return True
def _update(self, portal):
permission = "Naaya - Create user"
p = Permission(permission, (), portal)
if 'Administrator' not in p.getRoles():
permission_add_role(portal, permission, 'Administrator')
permission_add_role(portal, permission, 'Anonymous')
self.log.debug('Added %s permission', permission)
return True
def _update(self, portal):
permission = "Naaya - Create user"
p = Permission(permission, (), portal)
if "Administrator" not in p.getRoles():
permission_add_role(portal, permission, "Administrator")
permission_add_role(portal, permission, "Anonymous")
self.log.debug("Added %s permission", permission)
return True
def _update(self, portal):
skip_captcha_perm = Permission('Naaya - Skip Captcha', (), portal)
roles_with_skip_captcha = skip_captcha_perm.getRoles()
if 'Authenticated' not in roles_with_skip_captcha:
roles_with_skip_captcha.append('Authenticated')
skip_captcha_perm.setRoles(roles_with_skip_captcha)
self.log.debug('Skip Captcha permission assigned to Authenticated')
else:
self.log.debug('Authenticated already has the permission')
return True
def _update(self, portal):
catalog = portal.getCatalogTool()
for brain in catalog(approved=0):
obj = brain.getObject()
permission = Permission(view, (), obj)
roles = permission.getRoles()
if isinstance(roles, list):
obj.dont_inherit_view_permission()
self.log.debug("restricted view permission for %s", obj.absolute_url())
return True
def _update(self, portal):
skip_captcha_perm = Permission('Naaya - Skip Captcha', (), portal)
roles_with_skip_captcha = skip_captcha_perm.getRoles()
if 'Authenticated' not in roles_with_skip_captcha:
roles_with_skip_captcha.append('Authenticated')
skip_captcha_perm.setRoles(roles_with_skip_captcha)
self.log.debug('Skip Captcha permission assigned to Authenticated')
else:
self.log.debug('Authenticated already has the permission')
return True
def _update(self, portal):
permissions = ["Naaya - Add Naaya Photo Folder",
"Naaya - Add Naaya Photo Gallery"]
for permission in permissions:
p = Permission(permission, (), portal)
if 'Administrator' not in p.getRoles():
permission_add_role(portal, permission, 'Administrator')
self.log.debug('Added %s permission', permission)
return True
def roles_of_permission(context, permission):
"""Return all roles which have the given permission
on the current context."""
role_manager = IRoleManager(context)
for p in role_manager.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
p = Permission(name, value, role_manager)
roles = p.getRoles()
return roles
def roles_of_permission(context, permission):
"""Return all roles which have the given permission
on the current context."""
role_manager = IRoleManager(context)
for p in role_manager.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
p = Permission(name, value, role_manager)
roles = p.getRoles()
return roles
def _update(self, portal):
catalog = portal.getCatalogTool()
for brain in catalog(approved=0):
obj = brain.getObject()
permission = Permission(view, (), obj)
roles = permission.getRoles()
if isinstance(roles, list):
obj.dont_inherit_view_permission()
self.log.debug('restricted view permission for %s',
obj.absolute_url())
return True
def _update(self, portal):
review_perm = Permission('Naaya - Review TalkBack Consultation',
(), portal)
for role in ['Administrator', 'Owner', 'Reviewer']:
roles = review_perm.getRoles()
if role not in roles:
roles.append(role)
review_perm.setRoles(roles)
self.log.info("Review Permission set for %s on %s" %
(role, portal.absolute_url()))
return True
def set_acl_for_roles(ob, roles):
permission_object = Permission(view, (), ob)
current_roles = permission_object.getRoles()
is_tuple = isinstance(current_roles, tuple)
current_roles = list(current_roles)
new_roles = set(roles + current_roles)
if is_tuple:
new_roles = tuple(new_roles)
else:
new_roles = list(new_roles)
permission_object.setRoles(new_roles)
def acquiredRolesAreUsedBy(self, permission):
"""
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
p = Permission(name, value, self)
roles = p.getRoles()
return isinstance(roles, list) and 'CHECKED' or ''
raise ValueError(
"The permission <em>%s</em> is invalid." % escape(permission))
def _update(self, portal):
meetings = portal.getCatalogedObjects(meta_type='Naaya Meeting')
for meeting in meetings:
view_perm = Permission('View', (), meeting)
for role in [OBSERVER_ROLE, WAITING_ROLE, PARTICIPANT_ROLE]:
roles = view_perm.getRoles()
if role not in roles:
roles.append(role)
view_perm.setRoles(roles)
self.log.info("View Permission set for %s on %s" %
(role, meeting.absolute_url()))
return True
def acquiredRolesAreUsedBy(self, permission):
"""
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
p = Permission(name, value, self)
roles = p.getRoles()
return isinstance(roles, list) and 'CHECKED' or ''
raise ValueError("The permission <em>%s</em> is invalid." %
escape(permission))
def _update(self, portal):
meetings = portal.getCatalogedObjects(meta_type='Naaya Meeting')
for meeting in meetings:
view_perm = Permission('View', (), meeting)
for role in [OBSERVER_ROLE, WAITING_ROLE, PARTICIPANT_ROLE]:
roles = view_perm.getRoles()
if role not in roles:
roles.append(role)
view_perm.setRoles(roles)
self.log.info("View Permission set for %s on %s" %
(role, meeting.absolute_url()))
return True
def permissionsOfRole(self, role):
"""Returns a role to permission mapping.
"""
r = []
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles()
r.append({'name': name,
'selected': role in roles and 'SELECTED' or '',
})
return r
def _update(self, portal):
layout_tool = portal.getLayoutTool()
view_perm = Permission(view, (), layout_tool)
if 'Anonymous' not in view_perm.getRoles():
view_perm.setRoles([
'Anonymous',
])
self.log.info(
"View Permission set for Anonymous on portal_layout.")
else:
self.log.info("Already has it, nothing to do.")
return True
def updateRolesForPermission(permission, roles, obj):
'''Adds roles from list p_roles to the list of roles that are granted
p_permission on p_obj.'''
from AccessControl.Permission import Permission
# Find existing roles that were granted p_permission on p_obj
existingRoles = ()
for p in obj.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
perm = Permission(name, value, obj)
existingRoles = perm.getRoles()
allRoles = set(existingRoles).union(roles)
obj.manage_permission(permission, tuple(allRoles), acquire=0)
def updateRolesForPermission(permission, roles, obj):
'''Adds roles from list p_roles to the list of roles that are granted
p_permission on p_obj.'''
from AccessControl.Permission import Permission
# Find existing roles that were granted p_permission on p_obj
existingRoles = ()
for p in obj.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
perm = Permission(name, value, obj)
existingRoles = perm.getRoles()
allRoles = set(existingRoles).union(roles)
obj.manage_permission(permission, tuple(allRoles), acquire=0)
def manage_acquiredPermissions(self, permissions=[]):
"""Change the permissions that acquire.
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles()
if roles is None:
continue
if name in permissions:
p.setRoles(list(roles))
else:
p.setRoles(tuple(roles))
def manage_acquiredPermissions(self, permissions=[]):
"""Change the permissions that acquire.
"""
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles()
if roles is None:
continue
if name in permissions:
p.setRoles(list(roles))
else:
p.setRoles(tuple(roles))
def permissionsOfRole(self, role):
"""Returns a role to permission mapping.
"""
r = []
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
p = Permission(name, value, self)
roles = p.getRoles()
r.append({
'name': name,
'selected': role in roles and 'SELECTED' or '',
})
return r
def allowMembersToAddCenter(obj):
perms = [p for p in obj.ac_inherited_permissions(1) if p[0] == AddSoftwareCenter]
p = perms[0]
name, value = perms[0][:2]
p = Permission(name, value, obj)
roles = p.getRoles()
if 'Member' not in roles:
if type(roles) == type(()):
roles = list(roles)
roles.append('Member')
roles = tuple(roles)
else:
roles.append('Member')
p.setRoles(roles)
def _update(self, portal):
portal_catalog = portal.getCatalogTool()
set_roles = ['Administrator', 'Manager']
for brain in portal_catalog(meta_type='Naaya Forum'):
forum = brain.getObject()
for permission_name in (PERMISSION_MODIFY_FORUMTOPIC,
PERMISSION_SKIP_CAPTCHA):
perm = Permission(permission_name, (), forum)
roles = perm.getRoles()
if 'Manager' not in roles or 'Administrator' not in roles:
perm.setRoles(list(set(roles + set_roles)))
self.log.debug('Default permissions added for %s', forum.absolute_url())
return True
def _update(self, portal):
permission = Permission('Naaya - Add comments for content', (), portal)
roles = permission.getRoles()
if 'Authenticated' in roles:
self.log.debug("Portal doesn't need update")
self.log.debug("Authenticated users can already add comments")
return True
if isinstance(roles, tuple):
roles = tuple(list(roles) + ['Authenticated'])
else:
roles = roles + ['Authenticated']
permission.setRoles(roles)
return True
def migrate_permission_settings(self):
"""Migrate permission settings (permission <-> role)
The acquire flag is coded into the type of the sequence. If roles is a list
than the roles are also acquire. If roles is a tuple the roles aren't
acquired.
"""
oldmap = getPermissionMapping(self.old.ac_inherited_permissions(1))
newmap = getPermissionMapping(self.new.ac_inherited_permissions(1))
for key, values in oldmap.items():
old_p = Permission(key, values, self.old)
old_roles = old_p.getRoles()
new_values = newmap.get(key, ())
new_p = Permission(key, new_values, self.new)
new_p.setRoles(old_roles)
def migrate_permission_settings(self):
"""Migrate permission settings (permission <-> role)
The acquire flag is coded into the type of the sequence. If roles is a list
than the roles are also acquire. If roles is a tuple the roles aren't
acquired.
"""
oldmap = getPermissionMapping(self.old.ac_inherited_permissions(1))
newmap = getPermissionMapping(self.new.ac_inherited_permissions(1))
for key, values in oldmap.items():
old_p = Permission(key, values, self.old)
old_roles = old_p.getRoles()
new_values = newmap.get(key, ())
new_p = Permission(key, new_values, self.new)
new_p.setRoles(old_roles)
def allowMembersToAddCenter(obj):
perms = [p for p in obj.ac_inherited_permissions(1) if p[0] == AddSoftwareCenter]
p = perms[0]
name, value = perms[0][:2]
p = Permission(name, value, obj)
roles = p.getRoles()
if 'Member' not in roles:
if type(roles) == type(()):
roles = list(roles)
roles.append('Member')
roles = tuple(roles)
else:
roles.append('Member')
p.setRoles(roles)
def _update(self, portal):
portal_catalog = portal.getCatalogTool()
set_roles = ['Administrator', 'Manager']
for brain in portal_catalog(meta_type='Naaya Forum'):
forum = brain.getObject()
for permission_name in (PERMISSION_MODIFY_FORUMTOPIC,
PERMISSION_SKIP_CAPTCHA):
perm = Permission(permission_name, (), forum)
roles = perm.getRoles()
if 'Manager' not in roles or 'Administrator' not in roles:
perm.setRoles(list(set(roles + set_roles)))
self.log.debug('Default permissions added for %s',
forum.absolute_url())
return True
def setUp(self):
super(UserWithRolesOnlyOnFolderTestSetup, self).setUp()
# get&save roles with view
view_perm = Permission(view, (), self.portal)
self.site_roles_with_view = view_perm.getRoles()
view_perm.setRoles(('Manager'))
roles = ['Administrator', 'Manager', 'Contributor']
self.auth_tool.manage_addUsersRoles(name=self.user_obj.name,
roles=roles,
location='/portal/info')
transaction.commit()
self.browser_do_login(self.user_name, self.user_password)
def rolesOfPermission(self, permission):
"""Returns a permission to role mapping.
"""
valid_roles = self.valid_roles()
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name == permission:
p = Permission(name, value, self)
roles = p.getRoles()
return map(lambda role, roles=roles: {
'name': role,
'selected': role in roles and 'SELECTED' or '',
},
valid_roles)
raise ValueError("The permission <em>%s</em> is invalid." %
escape(permission))
def modifyRolesForPermission(ob, pname, roles):
'''
Modifies multiple role to permission mappings. roles is a list to
acquire, a tuple to not acquire.
'''
# This mimics what AccessControl/Role.py does.
data = ()
for perm in ac_inherited_permissions(ob, 1):
name, value = perm[:2]
if name == pname:
data = value
break
p = Permission(pname, data, ob)
if p.getRoles() != roles:
p.setRoles(roles)
return 1
return 0
def _update(self, portal):
view_reports_perm = Permission(PERMISSION_VIEW_REPORTS, (), portal)
roles_with_view_reports = view_reports_perm.getRoles()
if isinstance(roles_with_view_reports, list):
acquire = 1
else:
acquire = 0
if 'Anonymous' in roles_with_view_reports:
corrected_roles = set(role for role in roles_with_view_reports
if role != 'Anonymous')
corrected_roles.update(['Administrator', 'Manager', 'Owner'])
portal.manage_permission(PERMISSION_VIEW_REPORTS,
list(corrected_roles),
acquire=acquire)
self.log.debug('Anonymous role removed from permission')
else:
self.log.debug('Anonymous does not have the permission')
return True
def _update(self, portal):
webex_perm = Permission(PERMISSION_REQUEST_WEBEX, (), portal)
roles_with_webex = webex_perm.getRoles()
if isinstance(roles_with_webex, list):
acquire = 1
else:
acquire = 0
if 'Contributor' not in roles_with_webex:
roles = set(roles_with_webex)
roles.update(['Administrator', 'Manager', 'Contributor'])
portal.manage_permission(PERMISSION_REQUEST_WEBEX,
list(roles),
acquire=acquire)
self.log.debug(
'Contributor added to the "Request WebEx permission"')
else:
self.log.debug('Contributor already has the permission')
return True
def _checkSettings(self, object, permissionname, acquire=0, roles=[]):
# check the roles and acquire settings for a permission on an
# object are as expected
happy = 0
for pstuff in object.ac_inherited_permissions(1):
name, value = pstuff[:2]
if name == permissionname:
p = Permission(name, value, object)
groles = p.getRoles(default=[])
acquired = isinstance(groles, list)
expected = {}
for role in roles:
expected[role] = 1
got = {}
for role in groles:
got[role] = 1
self.assertEqual((acquire, expected), (acquired, got))
happy = 1
if not happy:
raise ValueError("'%s' not found in inherited permissions." %
permissionname)
