def portletManagerDirective(
_context, name, title, for_=None, description=u'',
class_=None, schema=None, layer=IDefaultBrowserLayer,
provides=(), portlettype=IPortlet, **kw):
# Build a new class
ManagerClass = PortletManager(
name, class_, provides, title, description, schema, portlettype, **kw)
# Set up permission mapping for various accessible attributes
required = {'__call__': CheckerPublic,
'browserDefault': CheckerPublic,
'publishTraverse': CheckerPublic}
for iname in IPortletManager:
required[iname] = CheckerPublic
# security checker
defineChecker(ManagerClass, Checker(required))
# security for schema fields
for iface in (IPortletManagerConfiguration, schema):
if iface is None:
continue
for f_id in iface:
field = iface[f_id]
if IField.providedBy(field) and not field.readonly:
protectSetAttribute(ManagerClass, f_id, 'zojax.ManagePortlets')
protectName(ManagerClass, f_id, 'zope.Public')
# register the portlet manager
adapter(_context, (ManagerClass,),
IPortletManager, (for_, layer, None), name=name)
def ApplySecurity( ctx ):
# setup security
#
for c in ctx.domain_model.__bases__:
if c is object:
continue
protectLikeUnto( ctx.domain_model, c )
attributes = set([n for n,d in \
ctx.domain_interface.namesAndDescriptions(1)])
attributes = attributes.union(
set( [ f.get('name') for f in ctx.descriptor.fields] )
)
descriptor = ctx.descriptor
for n in attributes:
model_field = descriptor.get(n)
p = model_field and model_field.view_permission or 'zope.Public'
protectName( ctx.domain_model, n, p )
for n in attributes:
model_field = descriptor.get(n)
p = model_field and model_field.edit_permission or 'zope.Public' # 'zope.ManageContent'
protectSetAttribute( ctx.domain_model, n, p)
for k, v in ctx.domain_model.__dict__.items():
if isinstance( v, ManagedContainerDescriptor ):
protectName( ctx.domain_model, k, "zope.Public" )
def __new__(cls, name, klass, schema, fields, module):
cname = 'ContentRevision<%s>'%name
# generate bases
if klass is None:
klass = ContentRevision
if issubclass(klass, ContentRevision):
bases = (klass,)
else:
bases = (klass, ContentRevision)
# generate fields
attrs = {'__module__': module}
for f_id in getFields(schema):
if f_id in fields:
attrs[f_id] = fields[f_id]
else:
attrs[f_id] = FieldProperty(schema[f_id])
# create type
tp = type.__new__(cls, cname, bases, attrs)
# set schema and implements
tp.__schema__ = SchemaProperty(schema)
component.getSiteManager().registerAdapter(
getContentRevision, (tp,), schema)
# set class to module
setattr(sys.modules[module], cname, tp)
# create security checker
for n, d in schema.namesAndDescriptions(1):
protectName(tp, n, 'zope.View')
for n, d in IContentRevision.namesAndDescriptions(1):
protectName(tp, n, 'zope.View')
protectName(tp, '__schema__', 'zope.Public')
for name, field in getFields(schema).items() + \
getFields(IContentRevision).items():
if not field.readonly:
protectSetAttribute(tp, name, 'zojax.ModifyContent')
return tp
def portletDirective(
_context, name, title, for_=None, template=u'',
description=u'', class_=None, provides=IPortlet,
schema=None, type=IPortlet, manager=None, **kw):
# Make sure that the template exists
if template:
template = os.path.abspath(str(_context.path(template)))
if not os.path.isfile(template):
raise ConfigurationError("No such file", template)
# Build a new class.
PortletClass = Portlet(
name, class_, title, description, template, schema, **kw)
if provides is not IPortlet:
interface.classImplements(PortletClass, provides)
# Set up permission mapping for various accessible attributes
required = {'__call__': CheckerPublic,
'browserDefault': CheckerPublic,
'publishTraverse': CheckerPublic}
for iface in (IPortlet, provides):
for iname in iface:
required[iname] = CheckerPublic
# security checker
defineChecker(PortletClass, Checker(required))
# portlet schema
if schema is not None:
# security for configuration
for f_id in schema:
field = schema[f_id]
if IField.providedBy(field) and not field.readonly:
protectSetAttribute(PortletClass, f_id, 'zojax.ManagePortlets')
protectName(PortletClass, f_id, CheckerPublic)
# register the portlet
adapter(_context, (PortletClass,), type,
(for_, None, manager, None), name=name)
def viewModelDirective(
_context, name, title, for_=interface.Interface, description=u'',
class_=None, schema=None, layer=IDefaultBrowserLayer, provides=(), **kw):
# Build a new class
ViewModelClass = ViewModelType(
name, class_, provides, title, description, schema, **kw)
# Set up permission mapping for various accessible attributes
required = {'__call__': CheckerPublic,
'context': CheckerPublic,
'request': CheckerPublic}
for iname in IViewModel:
required[iname] = CheckerPublic
# security checker
defineChecker(ViewModelClass, Checker(required))
ifaces = list(provides)
if schema is not None:
ifaces.append(schema)
# security for schema fields
for iface in ifaces:
for f_id in iface:
field = iface[f_id]
if IField.providedBy(field) and not field.readonly:
protectSetAttribute(ViewModelClass, f_id, 'zojax.ManageViewModels')
protectName(ViewModelClass, f_id, 'zope.Public')
# register pagelet manager
_context.action(
discriminator = ('zojax:contentextensions.dynamic', name),
callable = handler,
args = ('registerAdapter',
ViewModelClass, (for_, layer),
IViewModel, name, _context.info))
def apply_security(ti):
domain_model, descriptor_model = ti.domain_model, ti.descriptor_model
type_key = naming.polymorphic_identity(domain_model)
log.debug("APPLY SECURITY: %s %s", type_key, domain_model)
# first, "inherit" security settings of super classes i.e. equivalent of
# something like <require like_class=".domain.Doc" />
for c in domain_model.__bases__:
if c is object:
continue
log.debug(" LIKE_CLASS: %s", c)
protectLikeUnto(domain_model, c)
# !+DECL permissions here--for CUSTOM types only, and SINCE r9946--override
# what is defined in domain.zcml, as opposed to vice-versa (probably
# because CUSTOM types are setup at a later stage).
# So (for CUSTOM types only?) we use the parametrized
# bungeni.{type_key}.{Mode} as the view/edit permission:
pv_type = "zope.Public" # view permission, for type
pe_type = "zope.Public" # edit permission, for type
if descriptor_model.scope == "custom":
pv_type = "bungeni.%s.View" % (type_key)
pe_type = "bungeni.%s.Edit" % (type_key)
# !+SCHEMA_FIELDS(mr, oct-2012) all this seems superfluous anyway, as is
# (always?) overwritten further down? Switch to base loop on superset of
# names (dir(cls)?) and then decide ONCE on various criteria how to
# protect the name.
_view_protected = set() # remember names protected for view
_edit_protected = set() # remember names protected for edit
# sorted (for clearer logging) list of attr names that are BOTH defined
# by the db mapped-table schema AND have a dedicated UI Field.
dts_attrs = [ n for n in ti.derived_table_schema.names(all=True) ]
df_attrs = [ f.get("name") for f in descriptor_model.fields ]
attrs = sorted(set(dts_attrs).union(set(df_attrs)))
log.debug(" DTS+Fields: %s, %s",
ti.derived_table_schema.__name__, descriptor_model.__name__)
for n in attrs:
# !+DECL special cases, do not override domain.zcml...
if n in ("response_text",):
continue
_view_protected.add(n); _edit_protected.add(n)
pv = pv_type
pe = pe_type
model_field = descriptor_model.get(n)
if model_field:
if descriptor_model.scope != "custom":
# !+DECL proceed as before for now
pv = model_field.view_permission # always "zope.Public"
pe = model_field.edit_permission # always "zope.ManageContent"
# !+DECL parametrize all permissions by type AND mode, ensure to grant
# to appropriate roles. What about non-workflows or non-catalyzed types?
protectName(domain_model, n, pv)
protectSetAttribute(domain_model, n, pe)
DTS = n in dts_attrs and "dts" or " "
DF = n in df_attrs and "df" or " "
log.debug(" %s %s [%s] view:%s edit:%s %x",
DTS, DF, n, pv, pe, id(model_field))
if n not in domain_model.__dict__:
log.debug(" ---- [%s] !+SCHEMA_FIELDS not in %s.__dict__",
n, domain_model)
# container attributes (never a UI Field for these)
log.debug(" __dict__: %s" % (domain_model))
for k in sorted(domain_model.__dict__.keys()):
# !+ if IManagedContainer.providedBy(v): ?
v = domain_model.__dict__[k]
if isinstance(v, ManagedContainerDescriptor):
if k in _view_protected:
log.debug(" ---- %s RESETTING...", k)
_view_protected.add(k)
log.debug(" managed %s view:%s" % (k, "zope.Public"))
elif isinstance(v, orm.attributes.InstrumentedAttribute):
if k in _view_protected:
log.debug(" ---- %s RESETTING...", k)
_view_protected.add(k)
log.debug(" instrumented [%s] view:%s", k, "zope.Public")
else:
log.debug(" ---- [%s] !+SCHEMA_FIELD IN __dict__ but NOT "
"instrumented OR managed", k)
continue
if k not in attrs:
log.debug(" ---- [%s] !+SCHEMA_FIELDS not in attrs", k)
protectName(domain_model, k, "zope.Public") #!+pv_type
# Dump permission_id required to getattr/setattr for "custom" types.
# We only dump the security settings for "custom" types as it only these
# are processed AFTER that domain.zcml has been executed (for other types,
# loaded earlier during app startup, it is the settings in domain.zcml
# (executed later during app startup) that ends up applying.
if descriptor_model.scope == "custom":
from zope.security import proxy, checker
dmc = checker.getChecker(proxy.ProxyFactory(domain_model()))
log.debug(" checker: %s", dmc)
for n in sorted(_view_protected.union(["response_text"])):
g = dmc.get_permissions.get(n)
s = dmc.set_permissions.get(n) #dmc.setattr_permission_id(n)
log.debug(" [%s] get:%s set:%s",
n, getattr(g, "__name__", g), s)
def apply_security(ti):
domain_model, descriptor_model = ti.domain_model, ti.descriptor_model
type_key = naming.polymorphic_identity(domain_model)
log.debug("APPLY SECURITY: %s %s", type_key, domain_model)
# first, "inherit" security settings of super classes i.e. equivalent of
# something like <require like_class=".domain.Doc" />
for c in domain_model.__bases__:
if c is object:
continue
log.debug(" LIKE_CLASS: %s", c)
protectLikeUnto(domain_model, c)
# !+DECL permissions here--for CUSTOM types only, and SINCE r9946--override
# what is defined in domain.zcml, as opposed to vice-versa (probably
# because CUSTOM types are setup at a later stage).
# So (for CUSTOM types only?) we use the parametrized
# bungeni.{type_key}.{Mode} as the view/edit permission:
pv_type = "zope.Public" # view permission, for type
pe_type = "zope.Public" # edit permission, for type
if descriptor_model.scope == "custom":
pv_type = "bungeni.%s.View" % (type_key)
pe_type = "bungeni.%s.Edit" % (type_key)
# !+SCHEMA_FIELDS(mr, oct-2012) all this seems superfluous anyway, as is
# (always?) overwritten further down? Switch to base loop on superset of
# names (dir(cls)?) and then decide ONCE on various criteria how to
# protect the name.
_view_protected = set() # remember names protected for view
_edit_protected = set() # remember names protected for edit
# sorted (for clearer logging) list of attr names that are BOTH defined
# by the db mapped-table schema AND have a dedicated UI Field.
dts_attrs = [ n for n in ti.derived_table_schema.names(all=True) ]
df_attrs = [ f.get("name") for f in descriptor_model.fields ]
attrs = sorted(set(dts_attrs).union(set(df_attrs)))
log.debug(" DTS+Fields: %s, %s",
ti.derived_table_schema.__name__, descriptor_model.__name__)
for n in attrs:
# !+DECL special cases, do not override domain.zcml...
if n in ("response_text",):
continue
_view_protected.add(n); _edit_protected.add(n)
pv = pv_type
pe = pe_type
model_field = descriptor_model.get(n)
if model_field:
if descriptor_model.scope != "custom":
# !+DECL proceed as before for now
pv = model_field.view_permission # always "zope.Public"
pe = model_field.edit_permission # always "zope.ManageContent"
# !+DECL parametrize all permissions by type AND mode, ensure to grant
# to appropriate roles. What about non-workflows or non-catalyzed types?
protectName(domain_model, n, pv)
protectSetAttribute(domain_model, n, pe)
DTS = n in dts_attrs and "dts" or " "
DF = n in df_attrs and "df" or " "
log.debug(" %s %s [%s] view:%s edit:%s %x",
DTS, DF, n, pv, pe, id(model_field))
if n not in domain_model.__dict__:
log.debug(" ---- [%s] !+SCHEMA_FIELDS not in %s.__dict__",
n, domain_model)
# container attributes (never a UI Field for these)
log.debug(" __dict__: %s" % (domain_model))
for k in sorted(domain_model.__dict__.keys()):
# !+ if IManagedContainer.providedBy(v): ?
v = domain_model.__dict__[k]
if isinstance(v, ManagedContainerDescriptor):
if k in _view_protected:
log.debug(" ---- %s RESETTING...", k)
_view_protected.add(k)
log.debug(" managed %s view:%s" % (k, "zope.Public"))
elif isinstance(v, orm.attributes.InstrumentedAttribute):
if k in _view_protected:
log.debug(" ---- %s RESETTING...", k)
_view_protected.add(k)
log.debug(" instrumented [%s] view:%s", k, "zope.Public")
else:
log.debug(" ---- [%s] !+SCHEMA_FIELD IN __dict__ but NOT "
"instrumented OR managed", k)
continue
if k not in attrs:
log.debug(" ---- [%s] !+SCHEMA_FIELDS not in attrs", k)
protectName(domain_model, k, "zope.Public") #!+pv_type
# Dump permission_id required to getattr/setattr for "custom" types.
# We only dump the security settings for "custom" types as it only these
# are processed AFTER that domain.zcml has been executed (for other types,
# loaded earlier during app startup, it is the settings in domain.zcml
# (executed later during app startup) that ends up applying.
if descriptor_model.scope == "custom":
from zope.security import proxy, checker
dmc = checker.getChecker(proxy.ProxyFactory(domain_model()))
log.debug(" checker: %s", dmc)
for n in sorted(_view_protected.union(["response_text"])):
g = dmc.get_permissions.get(n)
s = dmc.set_permissions.get(n) #dmc.setattr_permission_id(n)
log.debug(" [%s] get:%s set:%s",
n, getattr(g, "__name__", g), s)
