def cached_principals(self, parent, roles, permission, level):
"""Get the roles for a specific permission.
Global + Local + Code
"""
cache = self.cache(parent)
try:
cache_principals = cache.principals
except AttributeError:
cache_principals = cache.principals = {}
try:
return cache_principals[permission]
except KeyError:
pass
if parent is None:
principals = dict([
(role, 1)
for (role,
setting) in code_principals_for_permission(permission)
if setting is Allow
])
cache_principals[permission] = principals
return principals
principals = self.cached_principals(
getattr(parent, '__parent__', None), roles, permission, 'p')
prinperm = IPrincipalPermissionMap(parent, None)
if prinperm:
principals = principals.copy()
for principal, setting in prinperm.get_principals_for_permission(
permission):
if setting is Allow:
principals[principal] = 1
elif setting is AllowSingle and level == 'o':
principals[principal] = 1
elif setting is Deny and principal in principals:
del principals[principal]
prinrole = IPrincipalRoleMap(parent, None)
if prinrole:
for role in roles:
for principal, setting in prinrole.get_principals_for_role(
role):
if setting is Allow:
principals[principal] = 1
elif setting is AllowSingle and level == 'o':
principals[principal] = 1
elif setting is Deny and principal in principals:
del principals[principal]
if level != 'o':
# Only cache on non 1rst level queries needs new way
cache_principals[permission] = principals
return principals
def cached_principals(parent: IBaseObject, roles: typing.List[str],
permission: str, level: str) -> typing.Dict[str, int]:
"""Get the roles for a specific permission.
Global + Local + Code
"""
try:
cache = parent.__volatile__.setdefault('security_cache', {})
except AttributeError:
cache = {}
try:
cache_principals = cache['principals']
except KeyError:
cache_principals = cache['principals'] = {}
try:
return cache_principals[permission + level]
except KeyError:
pass
if parent is None:
principals = dict([
(role, 1)
for (role, setting) in code_principals_for_permission(permission)
if setting is Allow
])
cache_principals[permission + level] = principals
return principals
principals = cached_principals(getattr(parent, '__parent__', None), roles,
permission, 'p')
prinperm = IPrincipalPermissionMap(parent, None)
if prinperm:
principals = principals.copy()
for principal, setting in prinperm.get_principals_for_permission(
permission):
if setting is Allow:
principals[principal] = 1
elif setting is AllowSingle and level == 'o':
principals[principal] = 1
elif setting is Deny and principal in principals:
del principals[principal]
prinrole = IPrincipalRoleMap(parent, None)
if prinrole:
for role in roles:
for principal, setting in prinrole.get_principals_for_role(role):
if setting is Allow:
principals[principal] = 1
elif setting is AllowSingle and level == 'o':
principals[principal] = 1
elif setting is Deny and principal in principals:
del principals[principal]
cache_principals[permission + level] = principals
return principals
def cached_principals(self, parent, roles, permission, level):
"""Get the roles for a specific permission.
Global + Local + Code
"""
cache = self.cache(parent)
try:
cache_principals = cache.principals
except AttributeError:
cache_principals = cache.principals = {}
try:
return cache_principals[permission]
except KeyError:
pass
if parent is None:
principals = dict(
[(role, 1)
for (role, setting) in code_principals_for_permission(permission)
if setting is Allow])
cache_principals[permission] = principals
return principals
principals = self.cached_principals(
getattr(parent, '__parent__', None),
roles,
permission, 'p')
prinperm = IPrincipalPermissionMap(parent, None)
if prinperm:
principals = principals.copy()
for principal, setting in prinperm.get_principals_for_permission(permission):
if setting is Allow:
principals[principal] = 1
elif setting is AllowSingle and level == 'o':
principals[principal] = 1
elif setting is Deny and principal in principals:
del principals[principal]
prinrole = IPrincipalRoleMap(parent, None)
if prinrole:
for role in roles:
for principal, setting in prinrole.get_principals_for_role(role):
if setting is Allow:
principals[principal] = 1
elif setting is AllowSingle and level == 'o':
principals[principal] = 1
elif setting is Deny and principal in principals:
del principals[principal]
if level != 'o':
# Only cache on non 1rst level queries needs new way
cache_principals[permission] = principals
return principals
