Ejemplo n.º 1
0
def clean_roles(context, role_id, setting=Allow):
    """Remove given role for all principals"""
    prinrole = IPrincipalRoleManager(context)
    old = prinrole.getPrincipalsForRole(role_id)
    for x in old:
        if x[1] == setting:
            prinrole.unsetRoleForPrincipal(role_id, x[0])
Ejemplo n.º 2
0
class PrincipalRoles(grok.Adapter):
    """Grant a role to a principal.
    """
    grok.context(IPrincipal)
    grok.implements(IPrincipalRoles)

    def __init__(self, context):
        site = getSite()
        self.userid = context.id
        self.manager = IPrincipalRoleManager(site)

    @apply
    def roles():
        """Writable property for roles.
        """
        def get(self):
            setting = self.manager.getRolesForPrincipal(self.userid)
            return [role[0] for role in setting if role[1] is Allow]

        def set(self, roles):
            # removing undefined roles
            setting = self.manager.getRolesForPrincipal(self.userid)
            for role in setting:
                if role[0] not in roles and role[1] is Allow:
                    self.manager.unsetRoleForPrincipal(role[0], self.userid)

            # setting new roles
            for role in roles:
                self.manager.assignRoleToPrincipal(role, self.userid)

        return property(get, set)
Ejemplo n.º 3
0
def clean_roles(context, role_id, setting=Allow):
    """Remove given role for all principals"""
    prinrole = IPrincipalRoleManager(context)
    old = prinrole.getPrincipalsForRole(role_id)
    for x in old:
        if x[1] == setting:
            prinrole.unsetRoleForPrincipal(role_id, x[0])
Ejemplo n.º 4
0
 def rolesFromAccount(self):
     ''' Populate the managed roles for this principal from self.roles
     '''
     roleMgr = IPrincipalRoleManager(grok.getSite())
     if self.login == 'admin':
         self.roles.add('gfn.Administrator')
     for rid, _setting in roleMgr.getRolesForPrincipal('gfn.'+self.login):
         roleMgr.unsetRoleForPrincipal(rid, 'gfn.'+self.login)
     for role in self.roles:
         roleMgr.assignRoleToPrincipal(role, 'gfn.'+self.login)
Ejemplo n.º 5
0
    def roles(self, value):
        principal_id = self.__principal__.id
        rolemanager = IPrincipalRoleManager(getSite())

        for role, setting in value.items():
            if role not in self._roles:
                continue

            if setting is Allow:
                rolemanager.assignRoleToPrincipal(role, principal_id)
            elif setting is Deny:
                rolemanager.removeRoleFromPrincipal(role, principal_id)
            else:
                rolemanager.unsetRoleForPrincipal(role, principal_id)
Ejemplo n.º 6
0
    def __init__(self, *args, **kwargs):
        ''' Create an administrator with default login and password
        '''
        super(AuthenticatorPlugin, self).__init__(*args, **kwargs)

        su = InternalPrincipal(login='******', password='******', title=u'Administrator', 
                               description=u'The SuperUser')
        self['admin'] = su

        roleMgr = IPrincipalRoleManager(grok.getSite())
        for uid, _setting in roleMgr.getPrincipalsForRole('gfn.Administrator'):
            roleMgr.unsetRoleForPrincipal('gfn.Administrator', 'gfn.'+uid)

        uid = self.getIdByLogin('admin')
        roleMgr.assignRoleToPrincipal('gfn.Administrator', 'gfn.'+uid)
Ejemplo n.º 7
0
 def roles(self, values):
     prmanager = IPrincipalRoleManager(self.context)
     for role_id in self.roles:
         prmanager.unsetRoleForPrincipal(role_id, self.principal_id)
     for role_id in values:
         prmanager.assignRoleToPrincipal(role_id, self.principal_id)
Ejemplo n.º 8
0
 def roles(self, values):
     prmanager = IPrincipalRoleManager(self.context)
     for role_id in self.roles:
         prmanager.unsetRoleForPrincipal(role_id, self.principal_id)
     for role_id in values:
         prmanager.assignRoleToPrincipal(role_id, self.principal_id)
Ejemplo n.º 9
0
 def unset_role(self, role_id, pids):
     if isinstance(pids, basestring): pids = [pids]
     role_id = ROLE_MAP[role_id]
     prinrole = IPrincipalRoleManager(self.context)
     for pid in pids:
        prinrole.unsetRoleForPrincipal(role_id, pid)
Ejemplo n.º 10
0
 def unset_role(self, role_id, pids):
     if isinstance(pids, basestring): pids = [pids]
     role_id = ROLE_MAP[role_id]
     prinrole = IPrincipalRoleManager(self.context)
     for pid in pids:
         prinrole.unsetRoleForPrincipal(role_id, pid)
Ejemplo n.º 11
0
    def status(self):
        setUpWidget(self, 'principal', self.principal_field, IInputWidget)
        if not self.principal_widget.hasInput():
            return u''
        try:
            principal = self.principal_widget.getInputValue()
        except MissingInputError:
            return u''

        self.principal = principal

        # Make sure we can use the principal id in a form by base64ing it
        principal_token = unicode(principal).encode('base64').strip().replace(
            '=', '_')

        roles = [role for name, role in getUtilitiesFor(IRole)]
        roles.sort(lambda x, y: cmp(x.title, y.title))
        principal_roles = IPrincipalRoleManager(self.context)

        self.roles = []
        for role in roles:
            name = principal_token + '.role.'+role.id
            field = zope.schema.Choice(__name__= name,
                                       title=role.title,
                                       vocabulary=settings_vocabulary)
            setUpWidget(self, name, field, IInputWidget,
                        principal_roles.getSetting(role.id, principal))
            self.roles.append(getattr(self, name+'_widget'))

        perms = [perm for name, perm in getUtilitiesFor(IPermission)]
        perms.sort(lambda x, y: cmp(x.title, y.title))
        principal_perms = IPrincipalPermissionManager(self.context)

        self.permissions = []
        for perm in perms:
            if perm.id == 'zope.Public':
                continue
            name = principal_token + '.permission.'+perm.id
            field = zope.schema.Choice(__name__=name,
                                       title=perm.title,
                                       vocabulary=settings_vocabulary)
            setUpWidget(self, name, field, IInputWidget,
                        principal_perms.getSetting(perm.id, principal))
            self.permissions.append(
                getattr(self, name+'_widget'))

        if 'GRANT_SUBMIT' not in self.request:
            return u''

        for role in roles:
            name = principal_token + '.role.'+role.id
            role_widget = getattr(self, name+'_widget')
            if role_widget.hasInput():
                try:
                    setting = role_widget.getInputValue()
                except MissingInputError:
                    pass
                else:
                    # Arrgh!
                    if setting is Allow:
                        principal_roles.assignRoleToPrincipal(
                            role.id, principal)
                    elif setting is Deny:
                        principal_roles.removeRoleFromPrincipal(
                            role.id, principal)
                    else:
                        principal_roles.unsetRoleForPrincipal(
                            role.id, principal)

        for perm in perms:
            if perm.id == 'zope.Public':
                continue
            name = principal_token + '.permission.'+perm.id
            perm_widget = getattr(self, name+'_widget')
            if perm_widget.hasInput():
                try:
                    setting = perm_widget.getInputValue()
                except MissingInputError:
                    pass
                else:
                    # Arrgh!
                    if setting is Allow:
                        principal_perms.grantPermissionToPrincipal(
                            perm.id, principal)
                    elif setting is Deny:
                        principal_perms.denyPermissionToPrincipal(
                            perm.id, principal)
                    else:
                        principal_perms.unsetPermissionForPrincipal(
                            perm.id, principal)

        return _('Grants updated.')
Ejemplo n.º 12
0
class Ownership(object):

    adapts(IOwnerAware)
    implements(IOwnership)

    def __init__(self, context):
        self._rolemanager = IPrincipalRoleManager(context)
        self.context = context

    def _getCurrentOwnerId(self):
        settings = self._rolemanager.getPrincipalsForRole(OWNER_ROLE)
        principals = [
            principal_id for (principal_id, setting) in settings
            if sameProxiedObjects(setting, Allow)
        ]
        if not principals:
            return None
        if len(principals) > 1:
            raise RuntimeError(
                'Object has multiple owners. This should not happen')
        return principals[0]

    @apply
    def owner():
        def fget(self):
            principal_id = self._getCurrentOwnerId()
            if principal_id is None:
                return None
            try:
                return getUtility(IAuthentication).getPrincipal(principal_id)
            except PrincipalLookupError:
                return None

        def fset(self, new_owner):
            if not (new_owner is None or IPrincipal.providedBy(new_owner)):
                raise ValueError('IPrincipal object or None required')

            if new_owner is None:
                new_owner_id = None
            else:
                new_owner_id = new_owner.id

            current_owner_id = self._getCurrentOwnerId()

            if new_owner_id == current_owner_id:
                return

            if current_owner_id is not None:
                self._rolemanager.unsetRoleForPrincipal(
                    OWNER_ROLE, current_owner_id)
                current_owner = getUtility(IAuthentication).getPrincipal(
                    current_owner_id)
            else:
                current_owner = None

            if new_owner_id:
                self._rolemanager.assignRoleToPrincipal(
                    OWNER_ROLE, new_owner_id)

            notify(OwnerChangedEvent(self.context, new_owner, current_owner))

        return property(fget, fset)