def test_deny_dublincore_view(self):
"""Tests the denial of dublincore view permissions to anonymous.
Users who can view a folder contents page but cannot view dublin core
should still be able to see the folder items' names, but not their
title, modified, and created info.
"""
# add an item that can be viewed from the root folder
file = File()
self.getRootFolder()['file'] = file
IZopeDublinCore(file).title = u'My File'
# deny zope.app.dublincore.view to zope.Anonymous
prm = IRolePermissionManager(self.getRootFolder())
prm.denyPermissionToRole('zope.app.dublincore.view', 'zope.Anonymous')
transaction.commit()
response = self.publish('/')
self.assertEquals(response.getStatus(), 200)
body = response.getBody()
# confirm we can see the file name
self.assert_(body.find('<a href="file">file</a>') != -1)
# confirm we *cannot* see the metadata title
self.assert_(body.find('My File') == -1)
def test_deny_view(self):
"""Tests the denial of view permissions to anonymous.
This test uses the ZMI interface to deny anonymous zope.View permission
to the root folder.
"""
# deny zope.View to zope.Anonymous
prm = IRolePermissionManager(self.getRootFolder())
prm.denyPermissionToRole('zope.View', 'zope.Anonymous')
transaction.commit()
# confirm Unauthorized when viewing root folder
self.assertRaises(Unauthorized, self.publish, '/')
def setPermissionRoles(self):
"""Set permissions of roles.
"""
prm = IRolePermissionManager(self.context)
permissions = [perm.id for perm in self.permissions]
for perm in permissions:
rperm = self.request.get(u'perm%s' % perm)
if rperm not in permissions:
continue
for role in self.roles:
rrole = self.request.get('role%s' % role)
if rrole not in self.roles:
continue
setting = self.request.get(u'prole%s%s' % (perm, role))
if setting is None:
continue
if setting == Unset.getName():
prm.unsetPermissionFromRole(rperm, rrole)
elif setting == Allow.getName():
prm.grantPermissionToRole(rperm, rrole)
elif setting == Deny.getName():
prm.denyPermissionToRole(rperm, rrole)
else:
# Unknown value. Ignore it.
pass
self.msg = u"Permissions successfully updated."
def getPermissionRoles(self):
"""Get a dict of dicts containing the current role->permission
mappings.
"""
prm = IRolePermissionManager(self.context)
result = {}
for perm in self.permissions:
proles = prm.getRolesForPermission(perm.id)
settings = {}
for role, setting in proles:
settings[role] = setting.getName()
nosetting = Unset.getName()
result[perm.id] = {}
for role in self.roles:
result[perm.id][role] = settings.get(role, nosetting)
return result
def setQreatureFolderUtilities(event):
""" This is a handler for custom event.
All object hierarchies and site-level utilities are created here"""
site = event.object
sm = site.getSiteManager()
internal_principal = InternalPrincipal(site.login, site.password, u'owner')
quiz_site = site.__parent__
quiz_site_manager = quiz_site.getSiteManager()
quiz_site_pau = quiz_site_manager['pau']
quiz_site_pf = quiz_site_pau['PrincipalFolder']
quiz_site_pf.__setitem__(site.__name__, internal_principal)
role = LocalRole(u'Quiz Creator',u'Registerde user, able to create and edit quizes')
sm['role'] = role
sm.registerUtility(role, IRole, site.__name__)
role_perm_manager = IRolePermissionManager(site)
role_perm_manager.grantPermissionToRole("qreature.edit_quiz", site.__name__)
