def revoke_roles(user=None, roles=(), root=None):
if not roles:
return
if user is None:
user = get_current()
if isinstance(user, Anonymous):
return #TODO use cookies to revoke roles
normalized_roles = []
if root is None:
root = getSite()
for role in roles:
if isinstance(role, basestring):
normalized_roles.append((role, root))
else:
normalized_roles.append(role)
for role in normalized_roles:
obj = role[1]
opts = {u'source_id': get_oid(user), u'target_id': get_oid(obj)}
opts[u'relation_id'] = role[0]
opts[u'reftype'] = 'Role'
relations = [r for r in find_relations(obj, opts).all()]
if not (obj is root):
opts[u'target_id'] = get_oid(root)
relations.extend([r for r in find_relations(obj, opts).all()])
for relation in relations:
disconnect(relation)
if hasattr(user, 'reindex'):
user.reindex()
def test_disconnect_relation(self):
before = len(get_relations_container(self.app))
source, target, relation = self._create_relation()
self.assertEqual(len(get_relations_container(source)), before + 1)
results = find_relations(source, {'target_id': get_oid(target)})
before = len(get_relations_container(self.app))
disconnect(relation)
self.assertEqual(len(get_relations_container(source)), before - 1)
results = find_relations(source, {'target_id': get_oid(target)})
self.assertEqual(len(list(results)), 0)
def test_disconnect_relation(self):
before = len(get_relations_container(self.app))
source, target, relation = self._create_relation()
self.assertEqual(len(get_relations_container(source)), before + 1)
results = find_relations(source, {'target_id': get_oid(target)})
before = len(get_relations_container(self.app))
disconnect(relation)
self.assertEqual(len(get_relations_container(source)), before - 1)
results = find_relations(source, {'target_id': get_oid(target)})
self.assertEqual(len(list(results)), 0)
def test_remove_target(self):
before = len(get_relations_container(self.app))
source, target, relation = self._create_relation()
self.assertEqual(len(get_relations_container(source)), before + 1)
results = find_relations(source, {'target_id': get_oid(target)})
self.assertEqual(len(list(results)), 1)
before = len(get_relations_container(self.app))
del target.__parent__[target.__name__]
self.assertEqual(len(get_relations_container(source)), before - 1)
results = find_relations(source, {'target_id': get_oid(target)})
self.assertEqual(len(list(results)), 0)
def test_remove_target(self):
before = len(get_relations_container(self.app))
source, target, relation = self._create_relation()
self.assertEqual(len(get_relations_container(source)), before + 1)
results = find_relations(source, {'target_id': get_oid(target)})
self.assertEqual(len(list(results)), 1)
before = len(get_relations_container(self.app))
del target.__parent__[target.__name__]
self.assertEqual(len(get_relations_container(source)), before - 1)
results = find_relations(source, {'target_id': get_oid(target)})
self.assertEqual(len(list(results)), 0)
def get_roles(user=None, obj=None,
root=None, ignore_groups=False):
if user is None:
user = get_current()
if isinstance(user, Anonymous):
return [RoleAnonymous.name]
if root is None:
root = getSite()
if obj is None:
obj = root
opts = {u'source_id': get_oid(user),
u'target_id': get_oid(obj)}
opts[u'reftype'] = 'Role'
roles = [r.relation_id for r in find_relations(obj, opts).all()]
principals = find_service(root, 'principals')
sd_admin = principals['users']['admin']
if sd_admin is user and 'Admin' not in roles:
roles.append('Admin')
groups = []
if not ignore_groups:
groups.extend(getattr(user, 'groups', []))
for group in groups:
roles.extend(get_roles(group, obj, root))
return list(set(roles))
def get_roles(user=None, obj=None,
root=None, ignore_groups=False):
if user is None:
user = get_current()
if isinstance(user, Anonymous):
return [RoleAnonymous.name]
if root is None:
root = getSite()
if obj is None:
obj = root
opts = {u'source_id': get_oid(user),
u'target_id': get_oid(obj)}
opts[u'reftype'] = 'Role'
roles = [r.relation_id for r in find_relations(obj, opts).all()]
principals = find_service('principals')
sd_admin = principals['users']['admin']
if sd_admin is user and 'Admin' not in roles:
roles.append('Admin')
groups = []
if not ignore_groups:
groups.extend(getattr(user, 'user_groups', []))
for group in groups:
roles.extend(get_roles(group, obj, root))
return list(set(roles))
def get_access_keys(user, root=None, to_exclude=[]):
if isinstance(user, Anonymous):
return ['anonymous']
principals = find_service('principals')
sd_admin = principals['users']['admin']
pricipal_root = getSite()
if root is None:
root = pricipal_root
root_oid = get_oid(root)
principal_root_oid = get_oid(pricipal_root)
if sd_admin is user:
return list(set([('admin'+'_'+str(root_oid)).lower(),
('admin'+'_'+str(principal_root_oid)).lower()]))
groups = list(getattr(user, 'user_groups', []))
groups.append(user)
relations = []
for group in groups:
opts = {u'source_id': get_oid(group)}
opts[u'reftype'] = 'Role'
relations.extend(list(find_relations(group, opts).all()))
result = [(t.relation_id+'_'+str(t.target_id)).lower() \
for t in relations if t.target_id not in to_exclude]
for relation in relations:
if relation.relation_id == 'Admin':
result.append(('admin'+'_'+str(principal_root_oid)).lower())
break
return list(set(result))
def get_objects_with_role(user=None, role=None, root=None):
if role is None:
return []
if user is None:
user = get_current()
if isinstance(user, Anonymous):
return False
#TODO use cookies to find objects
if root is None:
root = getSite()
groups = list(getattr(user, 'user_groups', []))
groups.append(user)
objects = []
for principal in groups:
opts = {u'source_id': get_oid(principal)}
opts[u'relation_id'] = role
opts[u'reftype'] = 'Role'
objects.extend([r.target for r in find_relations(root, opts).all()])
objects = list(set(objects))
if root in objects:
objects.remove(root)
return objects
def get_objects_with_role(user=None, role=None, root=None):
if role is None:
return []
if user is None:
user = get_current()
if isinstance(user, Anonymous):
return False
#TODO use cookies to find objects
if root is None:
root = getSite()
groups = list(getattr(user, 'user_groups', []))
groups.append(user)
objects = []
for principal in groups:
opts = {u'source_id': get_oid(principal)}
opts[u'relation_id'] = role
opts[u'reftype'] = 'Role'
objects.extend([r.target for r in find_relations(root, opts).all()])
objects = list(set(objects))
if root in objects:
objects.remove(root)
return objects
def get_access_keys(user, root=None, to_exclude=[]):
if isinstance(user, Anonymous):
return ['anonymous']
principals = find_service(user, 'principals')
sd_admin = principals['users']['admin']
pricipal_root = getSite()
if root is None:
root = pricipal_root
root_oid = get_oid(root)
principal_root_oid = get_oid(pricipal_root)
if sd_admin is user:
return list(set([('admin'+'_'+str(root_oid)).lower(),
('admin'+'_'+str(principal_root_oid)).lower()]))
groups = list(getattr(user, 'groups', []))
groups.append(user)
relations = []
for group in groups:
opts = {u'source_id': get_oid(group)}
opts[u'reftype'] = 'Role'
relations.extend(list(find_relations(group, opts).all()))
result = [(t.relation_id+'_'+str(t.target_id)).lower() \
for t in relations if t.target_id not in to_exclude]
for relation in relations:
if relation.relation_id == 'Admin':
result.append(('admin'+'_'+str(principal_root_oid)).lower())
break
return list(set(result))
def revoke_roles(user=None, roles=(), root=None):
if not roles:
return
if user is None:
user = get_current()
if isinstance(user, Anonymous):
return #TODO use cookies to revoke roles
normalized_roles = []
if root is None:
root = getSite()
for role in roles:
if isinstance(role, basestring):
normalized_roles.append((role, root))
else:
normalized_roles.append(role)
for role in normalized_roles:
obj = role[1]
opts = {u'source_id': get_oid(user),
u'target_id': get_oid(obj)}
opts[u'relation_id'] = role[0]
opts[u'reftype'] = 'Role'
relations = [r for r in find_relations(obj, opts).all()]
if not(obj is root):
opts[u'target_id'] = get_oid(root)
relations.extend([r for r in find_relations(obj, opts).all()])
for relation in relations:
disconnect(relation)
if hasattr(user, 'reindex'):
user.reindex()
def has_any_roles(user=None,
roles=(),
ignore_superiors=False,
root=None):
if not roles:
return True
normalized_roles = {}
if root is None:
root = getSite()
for role in roles:
if isinstance(role, basestring):
normalized_roles[role] = root
if not ignore_superiors:
normalized_roles.update(dict(_get_allsuperiors(role, root)))
else:
normalized_roles[role[0]] = role[1]
if not ignore_superiors:
normalized_roles.update(dict(_get_allsuperiors(role[0], root)))
if user is None:
user = get_current()
if isinstance(user, Anonymous):
return RoleAnonymous.name in normalized_roles
if 'Admin' in normalized_roles:
principals = find_service('principals')
sd_admin = principals['users']['admin']
if sd_admin is user:
return True
groups = list(getattr(user, 'user_groups', []))
groups.append(user)
for role in normalized_roles:
context = normalized_roles[role]
opts = {u'source_id': (
'any', tuple(sorted([get_oid(g) for g in groups]))),
u'target_id': get_oid(context)}
opts[u'relation_id'] = role
opts[u'reftype'] = 'Role'
if find_relations(root, opts):
return True
return False
def has_any_roles(user=None,
roles=(),
ignore_superiors=False,
root=None):
if not roles:
return True
normalized_roles = {}
if root is None:
root = getSite()
for role in roles:
if isinstance(role, basestring):
normalized_roles[role] = root
if not ignore_superiors:
normalized_roles.update(dict(_get_allsuperiors(role, root)))
else:
normalized_roles[role[0]] = role[1]
if not ignore_superiors:
normalized_roles.update(dict(_get_allsuperiors(role[0], root)))
if user is None:
user = get_current()
if isinstance(user, Anonymous):
return RoleAnonymous.name in normalized_roles
if 'Admin' in normalized_roles:
principals = find_service(root, 'principals')
sd_admin = principals['users']['admin']
if sd_admin is user:
return True
groups = list(getattr(user, 'groups', []))
groups.append(user)
for role in normalized_roles:
context = normalized_roles[role]
opts = {u'source_id': (
'any', tuple(sorted([get_oid(g) for g in groups]))),
u'target_id': get_oid(context)}
opts[u'relation_id'] = role
opts[u'reftype'] = 'Role'
if find_relations(root, opts):
return True
return False
def get_users_with_role(role=None, root=None):
if role is None:
return []
if root is None:
root = getSite()
normalized_role = role
if isinstance(role, basestring):
normalized_role = (role, root)
opts = {u'target_id': get_oid(normalized_role[1])}
opts[u'relation_id'] = normalized_role[0]
opts[u'reftype'] = 'Role'
users = list(set([r.source for r in find_relations(normalized_role[1], opts).all()]))
result = [u for u in users if isinstance(u, User)]
groups = [g.members for g in users if isinstance(g, Group)]
groups = [item for sublist in groups for item in sublist]
result.extend(groups)
return list(set(result))
def get_users_with_role(role=None, root=None):
if role is None:
return []
if root is None:
root = getSite()
normalized_role = role
if isinstance(role, basestring):
normalized_role = (role, root)
opts = {u'target_id': get_oid(normalized_role[1])}
opts[u'relation_id'] = normalized_role[0]
opts[u'reftype'] = 'Role'
users = list(set([r.source for r in find_relations(normalized_role[1], opts).all()]))
result = [u for u in users if isinstance(u, User)]
groups = [g.members for g in users if isinstance(g, Group)]
groups = [item for sublist in groups for item in sublist]
result.extend(groups)
return list(set(result))
def get_objects_with_role(user=None, role=None, root=None):
if role is None:
return []
if user is None:
user = get_current()
if isinstance(user, Anonymous):
return False
#TODO use cookies to find objects
if root is None:
root = getSite()
opts = {u'source_id': get_oid(user)}
opts[u'relation_id'] = role
opts[u'reftype'] = 'Role'
objects = [r.target for r in find_relations(root, opts).all()]
objects = list(set(objects))
if root in objects:
objects.remove(root)
return objects
def test_find_relations(self):
source, target, relation = self._create_relation()
results = list(find_relations(source, {'source_id': get_oid(source)}))
self.assertEqual(len(results), 1)
self.assertTrue(isinstance(results[0], RelationValue))
self.assertIs(results[0].source, source)
self.assertIs(results[0].target, target)
results = find_relations(source, {'target_id': get_oid(target)})
self.assertEqual(len(list(results)), 1)
results = find_relations(source, {'tags': ('any', (u'created', u'involved'))})
self.assertEqual(len(list(results)), 1)
results = find_relations(source, {'tags': ('all', (u'created', u'involved'))})
self.assertEqual(len(list(results)), 0)
results = find_relations(source, {'tags': u'created'})
self.assertEqual(len(list(results)), 1)
results = find_relations(source, {'tags': u'involved'})
self.assertEqual(len(list(results)), 0)
def test_find_relations(self):
source, target, relation = self._create_relation()
results = list(find_relations(source, {'source_id': get_oid(source)}))
self.assertEqual(len(results), 1)
self.assertTrue(isinstance(results[0], RelationValue))
self.assertIs(results[0].source, source)
self.assertIs(results[0].target, target)
results = find_relations(source, {'target_id': get_oid(target)})
self.assertEqual(len(list(results)), 1)
results = find_relations(source,
{'tags': ('any', (u'created', u'involved'))})
self.assertEqual(len(list(results)), 1)
results = find_relations(source,
{'tags': ('all', (u'created', u'involved'))})
self.assertEqual(len(list(results)), 0)
results = find_relations(source, {'tags': u'created'})
self.assertEqual(len(list(results)), 1)
results = find_relations(source, {'tags': u'involved'})
self.assertEqual(len(list(results)), 0)
def copy(obj,
container,
new_name=None,
shared_properties=False,
composite_properties=False,
roles=False,
omit=OMIT_ATTRIBUTES,
select=None):
"""Return a copy of obj
If you need a deepcopy of the object, set composite_properties to True
To copy the roles, set roles to True
container can be a folder or a tuple (folder, propertyname)
If this is a tuple, the new object will be set via propertyname.
(Pdb) pp obj.__dict__
{'__name__': u'object1',
'__oid__': 4368702640781270144,
'__parent__': <substanced.root.Root object None at 0x407cb18>,
'__property__': None,
'_composition_u_valuekey': u'object2',
'_num_objects': <BTrees.Length.Length object at 0x4950758>,
'created_at': datetime.datetime(2014, 9, 8, 13, 0, 11, 351214),
'data': <BTrees.OOBTree.OOBTree object at 0x49513d0>,
'dynamic_properties_def': {},
'modified_at': datetime.datetime(2014, 9, 8, 13, 0, 11, 351227)}
(Pdb) pp new.__dict__
{'__property__': None,
'_num_objects': <BTrees.Length.Length object at 0x46a6140>,
'created_at': datetime.datetime(2014, 9, 8, 13, 6, 48, 635835),
'data': <BTrees.OOBTree.OOBTree object at 0x46a1bd0>,
'dynamic_properties_def': {},
'modified_at': datetime.datetime(2014, 9, 8, 13, 6, 48, 635852)}
"""
if omit is not OMIT_ATTRIBUTES:
omit = set(omit) | set(OMIT_ATTRIBUTES)
new = obj.__class__()
# wake up object to have obj.__dict__ populated
obj._p_activate()
for key, value in obj.__dict__.items():
if key.startswith('_') or key in omit:
continue
new_value = zope.copy.clone(value)
# this does a new pickle for primitive value
setattr(new, key, new_value)
if new_name is None:
new_name = 'copy_of_%s' % obj.__name__
# we need to add it to a container so the object is indexed
# and has a __oid__ attribute
if isinstance(container, tuple):
container, propertyname = container
new.__name__ = name_chooser(container, new_name)
container.addtoproperty(propertyname, new)
else:
new_name = name_chooser(container, new_name)
container.add(new_name, new)
seen = set()
# We can have descriptors inherited,
# so take care to not get descriptor of above classes if it has been
# overriden in a subclass. This is what the seen variable is for here.
for klass in obj.__class__.__mro__:
for descriptor_id, descriptor in klass.__dict__.items():
if descriptor_id in seen:
continue
seen.add(descriptor_id)
if descriptor_id in omit:
continue
if select is not None and descriptor_id not in select:
continue
if isinstance(descriptor, Descriptor):
value = descriptor.__get__(obj)
if not value:
continue
# if isinstance(descriptor, (SharedUniqueProperty, SharedMultipleProperty)) and shared_properties:
# descriptor.__set__(new, value) # this can have the side effect of moving value to a different container!
# TODO do we really want to copy shared properties?
if isinstance(
descriptor,
(CompositeUniqueProperty,
CompositeMultipleProperty)) and composite_properties:
if isinstance(descriptor, CompositeUniqueProperty):
value = [value]
for item in value:
copy(item, (new, descriptor_id),
new_name=item.__name__,
shared_properties=shared_properties,
composite_properties=composite_properties,
roles=roles,
omit=omit,
select=select)
# copy roles
if roles:
relations = find_relations(obj, {'target_id': get_oid(obj)})
for rel in relations:
source = rel.source
target = new
opts = {
'reftype': rel.reftype,
'relation_id': rel.relation_id,
'tags': list(rel.tags)
}
connect(source, target, **opts)
return new
def copy(obj, container, new_name=None, shared_properties=False,
composite_properties=False, roles=False,
omit=OMIT_ATTRIBUTES, select=None):
"""Return a copy of obj
If you need a deepcopy of the object, set composite_properties to True
To copy the roles, set roles to True
container can be a folder or a tuple (folder, propertyname)
If this is a tuple, the new object will be set via propertyname.
(Pdb) pp obj.__dict__
{'__name__': u'object1',
'__oid__': 4368702640781270144,
'__parent__': <substanced.root.Root object None at 0x407cb18>,
'__property__': None,
'_composition_u_valuekey': u'object2',
'_num_objects': <BTrees.Length.Length object at 0x4950758>,
'created_at': datetime.datetime(2014, 9, 8, 13, 0, 11, 351214),
'data': <BTrees.OOBTree.OOBTree object at 0x49513d0>,
'dynamic_properties_def': {},
'modified_at': datetime.datetime(2014, 9, 8, 13, 0, 11, 351227)}
(Pdb) pp new.__dict__
{'__property__': None,
'_num_objects': <BTrees.Length.Length object at 0x46a6140>,
'created_at': datetime.datetime(2014, 9, 8, 13, 6, 48, 635835),
'data': <BTrees.OOBTree.OOBTree object at 0x46a1bd0>,
'dynamic_properties_def': {},
'modified_at': datetime.datetime(2014, 9, 8, 13, 6, 48, 635852)}
"""
if omit is not OMIT_ATTRIBUTES:
omit = set(omit) | set(OMIT_ATTRIBUTES)
new = obj.__class__()
# wake up object to have obj.__dict__ populated
obj._p_activate()
for key, value in obj.__dict__.items():
if key.startswith('_') or key in omit:
continue
new_value = zope.copy.clone(value)
# this does a new pickle for primitive value
setattr(new, key, new_value)
if new_name is None:
new_name = 'copy_of_%s' % obj.__name__
# we need to add it to a container so the object is indexed
# and has a __oid__ attribute
if isinstance(container, tuple):
container, propertyname = container
new.__name__ = name_chooser(container, new_name)
container.addtoproperty(propertyname, new)
else:
new_name = name_chooser(container, new_name)
container.add(new_name, new)
seen = set()
# We can have descriptors inherited,
# so take care to not get descriptor of above classes if it has been
# overriden in a subclass. This is what the seen variable is for here.
for klass in obj.__class__.__mro__:
for descriptor_id, descriptor in klass.__dict__.items():
if descriptor_id in seen:
continue
seen.add(descriptor_id)
if descriptor_id in omit:
continue
if select is not None and descriptor_id not in select:
continue
if isinstance(descriptor, Descriptor):
value = descriptor.__get__(obj)
if not value:
continue
# if isinstance(descriptor, (SharedUniqueProperty, SharedMultipleProperty)) and shared_properties:
# descriptor.__set__(new, value) # this can have the side effect of moving value to a different container!
# TODO do we really want to copy shared properties?
if isinstance(descriptor, (CompositeUniqueProperty, CompositeMultipleProperty)) and composite_properties:
if isinstance(descriptor, CompositeUniqueProperty):
value = [value]
for item in value:
copy(item, (new, descriptor_id), new_name=item.__name__,
shared_properties=shared_properties,
composite_properties=composite_properties,
roles=roles,
omit=omit, select=select)
# copy roles
if roles:
relations = find_relations(obj, {'target_id': get_oid(obj)})
for rel in relations:
source = rel.source
target = new
opts = {'reftype': rel.reftype, 'relation_id':
rel.relation_id, 'tags': list(rel.tags)}
connect(source, target, **opts)
return new
