def settings_for_object(ob): """Analysis tool to show all of the grants to a process """ result = [] while ob is not None: data = {} result.append({getattr(ob, '__name__', None) or '(no name)': data}) principal_permissions = IPrincipalPermissionMap(ob, None) if principal_permissions is not None: settings = principal_permissions.get_principals_and_permissions() settings.sort() data['prinperm'] = [ {'principal': pr, 'permission': p, 'setting': s} for (p, pr, s) in settings] principal_roles = IPrincipalRoleMap(ob, None) if principal_roles is not None: settings = principal_roles.get_principals_and_roles() data['prinrole'] = [ {'principal': p, 'role': r, 'setting': s} for (r, p, s) in settings] role_permissions = IRolePermissionMap(ob, None) if role_permissions is not None: settings = role_permissions.get_roles_and_permissions() data['roleperm'] = [ {'permission': p, 'role': r, 'setting': s} for (p, r, s) in settings] ob = getattr(ob, '__parent__', None) data = {} result.append({'system': data}) settings = principal_permission_manager.get_principals_and_permissions() settings.sort() data['prinperm'] = [ {'principal': pr, 'permission': p, 'setting': s} for (p, pr, s) in settings] settings = principal_role_manager.get_principals_and_roles() data['prinrole'] = [ {'principal': p, 'role': r, 'setting': s} for (r, p, s) in settings] settings = role_permission_manager.get_roles_and_permissions() data['roleperm'] = [ {'permission': p, 'role': r, 'setting': s} for (p, r, s) in settings] return result
async def grantinfo(context, request): """ principals -> roles """ search = request.query.get("search") if search is not None: search = search.lower() result = {"available_roles": [], "entries": []} # Inherit inheritMap = IInheritPermissionMap(context) permissions = inheritMap.get_locked_permissions() if len(permissions) > 0: blocked_permissions = permissions result["inherit"] = False else: result["inherit"] = True # Roles roles = local_roles() valid_roles = [ role for role in roles if role in app_settings.get("available_roles", []) ] for role in valid_roles: role_obj = get_utility(IRole, name=role) result["available_roles"].append({ "id": role, "title": role_obj.title, "description": role_obj.description }) prinrole = IPrincipalRoleMap(context) settings = [ setting for setting in prinrole.get_principals_and_roles() if setting[0] in valid_roles ] valid_settings = {} default_roles = {role: None for role in valid_roles} try: container = get_current_container() users = await container.async_get("users") groups = await container.async_get("groups") except (AttributeError, KeyError, ContainerNotFound): return None for data in settings: if data[1] not in valid_settings: user = await users.async_get(data[1]) if user: valid_settings[data[1]] = { "id": data[1], "disabled": user.disabled, "login": None, "roles": deepcopy(default_roles), "title": user.name, "type": "user", "origin": "dbusers", } else: group = await groups.async_get(data[1]) if group: valid_settings[data[1]] = { "id": data[1], "disabled": group.disabled, "login": None, "roles": deepcopy(default_roles), "title": group.name, "type": "group", "origin": "dbusers", } else: valid_settings[data[1]] = { "id": data[1], "disabled": False, "login": None, "roles": deepcopy(default_roles), "title": data[1], "type": "user", "origin": "system", } valid_settings[data[1]]["roles"].update({data[0]: data[2]}) result["entries"] = list(valid_settings.values()) if search is not None: catalog = query_utility(ICatalogUtility) query_result = await catalog.search(container, {"type_name": ["User", "Group"]}) for obj in query_result["items"]: ident = obj.get("id", "") if search in ident.lower() and ident not in valid_settings: result["entries"].append({ "id": ident, "disabled": False, "login": None, "roles": deepcopy(default_roles), "title": obj.get("title", ""), "type": obj.get("type_name").lower(), }) return result
def settings_for_object(ob): """Analysis tool to show all of the grants to a process """ result = [] locked_permissions = [] while ob is not None: data = {} result.append({getattr(ob, "__name__", None) or "(no name)": data}) principal_permissions = IPrincipalPermissionMap(ob, None) if principal_permissions is not None: settings = principal_permissions.get_principals_and_permissions() settings.sort() data["prinperm"] = [{ "principal": pr, "permission": p, "setting": s } for (p, pr, s) in settings] principal_roles = IPrincipalRoleMap(ob, None) if principal_roles is not None: settings = principal_roles.get_principals_and_roles() data["prinrole"] = [{ "principal": p, "role": r, "setting": s } for (r, p, s) in settings] role_permissions = IRolePermissionMap(ob, None) if role_permissions is not None: settings = role_permissions.get_roles_and_permissions() data["roleperm"] = [{ "permission": p, "role": r, "setting": s } for (p, r, s) in settings if p not in locked_permissions] inherit_permissions = IInheritPermissionMap(ob) if inherit_permissions is not None: settings = inherit_permissions.get_locked_permissions() data["perminhe"] = [] for (p, s) in settings: if s is Deny: locked_permissions.append(p) data["perminhe"].append({"permission": p, "setting": s}) ob = getattr(ob, "__parent__", None) data = {} result.append({"system": data}) settings = principal_permission_manager.get_principals_and_permissions() settings.sort() data["prinperm"] = [{ "principal": pr, "permission": p, "setting": s } for (p, pr, s) in settings] settings = principal_role_manager.get_principals_and_roles() data["prinrole"] = [{ "principal": p, "role": r, "setting": s } for (r, p, s) in settings] settings = role_permission_manager.get_roles_and_permissions() data["roleperm"] = [{ "permission": p, "role": r, "setting": s } for (p, r, s) in settings if p not in locked_permissions] return result
def settings_for_object(ob): """Analysis tool to show all of the grants to a process """ result = [] locked_permissions = [] while ob is not None: data = {} result.append({getattr(ob, '__name__', None) or '(no name)': data}) principal_permissions = IPrincipalPermissionMap(ob, None) if principal_permissions is not None: settings = principal_permissions.get_principals_and_permissions() settings.sort() data['prinperm'] = [ {'principal': pr, 'permission': p, 'setting': s} for (p, pr, s) in settings] principal_roles = IPrincipalRoleMap(ob, None) if principal_roles is not None: settings = principal_roles.get_principals_and_roles() data['prinrole'] = [ {'principal': p, 'role': r, 'setting': s} for (r, p, s) in settings] role_permissions = IRolePermissionMap(ob, None) if role_permissions is not None: settings = role_permissions.get_roles_and_permissions() data['roleperm'] = [ {'permission': p, 'role': r, 'setting': s} for (p, r, s) in settings if p not in locked_permissions] inherit_permissions = IInheritPermissionMap(ob) if inherit_permissions is not None: settings = inherit_permissions.get_locked_permissions() data['perminhe'] = [] for (p, s) in settings: if s is Deny: locked_permissions.append(p) data['perminhe'].append({'permission': p, 'setting': s}) ob = getattr(ob, '__parent__', None) data = {} result.append({'system': data}) settings = principal_permission_manager.get_principals_and_permissions() settings.sort() data['prinperm'] = [ {'principal': pr, 'permission': p, 'setting': s} for (p, pr, s) in settings] settings = principal_role_manager.get_principals_and_roles() data['prinrole'] = [ {'principal': p, 'role': r, 'setting': s} for (r, p, s) in settings] settings = role_permission_manager.get_roles_and_permissions() data['roleperm'] = [ {'permission': p, 'role': r, 'setting': s} for (p, r, s) in settings if p not in locked_permissions] return result