def test_deny_dublincore_view(self):
"""Tests the denial of dublincore view permissions to anonymous.
Users who can view a folder contents page but cannot view dublin core
should still be able to see the folder items' names, but not their
title, modified, and created info.
"""
# add an item that can be viewed from the root folder
obj = OrderedContainer()
alsoProvides(obj, IAttributeAnnotatable)
self.getRootFolder()['obj'] = obj
IZopeDublinCore(obj).title = u'My object'
# deny zope.app.dublincore.view to zope.Anonymous
prm = IRolePermissionManager(self.getRootFolder())
prm.denyPermissionToRole('zope.dublincore.view', 'zope.Anonymous')
# Try both spellings just in case we are used with an older zope.dc
prm.denyPermissionToRole('zope.app.dublincore.view', 'zope.Anonymous')
transaction.commit()
response = self.publish('/')
self.assertEquals(response.getStatus(), 200)
body = response.getBody()
# confirm we can see the file name
self.assert_(body.find('<a href="obj">obj</a>') != -1)
# confirm we *cannot* see the metadata title
self.assert_(body.find('My object') == -1)
def test_deny_dublincore_view(self):
"""Tests the denial of dublincore view permissions to anonymous.
Users who can view a folder contents page but cannot view dublin core
should still be able to see the folder items' names, but not their
title, modified, and created info.
"""
# add an item that can be viewed from the root folder
obj = OrderedContainer()
alsoProvides(obj, IAttributeAnnotatable)
self.getRootFolder()['obj'] = obj
IZopeDublinCore(obj).title = u'My object'
# deny zope.app.dublincore.view to zope.Anonymous
prm = IRolePermissionManager(self.getRootFolder())
prm.denyPermissionToRole('zope.dublincore.view', 'zope.Anonymous')
# Try both spellings just in case we are used with an older zope.dc
prm.denyPermissionToRole('zope.app.dublincore.view', 'zope.Anonymous')
transaction.commit()
response = self.publish('/')
self.assertEquals(response.getStatus(), 200)
body = response.getBody()
# confirm we can see the file name
self.assert_(body.find('<a href="obj">obj</a>') != -1)
# confirm we *cannot* see the metadata title
self.assert_(body.find('My object') == -1)
def joining(self, value):
roles = IRolePermissionManager(self.__parent__)
for rid in value:
role = queryUtility(IRole, rid)
if IPublicRole.providedBy(role):
roles.grantPermissionToRole('zojax.JoinGroup', rid)
else:
roles.denyPermissionToRole('zojax.JoinGroup', rid)
def test_deny_view(self):
"""Tests the denial of view permissions to anonymous.
This test uses the ZMI interface to deny anonymous zope.View permission
to the root folder.
"""
# deny zope.View to zope.Anonymous
prm = IRolePermissionManager(self.getRootFolder())
prm.denyPermissionToRole('zope.View', 'zope.Anonymous')
transaction.commit()
# confirm Unauthorized when viewing root folder
self.assertRaises(Unauthorized, self.publish, '/')
def test_deny_view(self):
"""Tests the denial of view permissions to anonymous.
This test uses the ZMI interface to deny anonymous zope.View permission
to the root folder.
"""
# deny zope.View to zope.Anonymous
prm = IRolePermissionManager(self.getRootFolder())
prm.denyPermissionToRole('zope.View', 'zope.Anonymous')
transaction.commit()
# confirm Unauthorized when viewing root folder
self.assertRaises(Unauthorized, self.publish, '/')
def change_permissions(event):
if event.destination == Workflow.states.PUBLISHED:
try:
principal = uvcsite.utils.shorties.getPrincipal()
except zope.security.interfaces.NoInteraction:
return
else:
if not uvcsite.auth.interfaces.ICOUser.providedBy(principal):
return
prinper = IPrincipalPermissionManager(event.object)
roleper = IRolePermissionManager(event.object)
roleper.denyPermissionToRole(named(uvcsite.permissions.View),
named(uvcsite.permissions.Editor))
prinper.grantPermissionToPrincipal(named(uvcsite.permissions.View),
event.object.principal.id)
def status(self, value):
context = removeAllProxies(self.context)
roleper = IRolePermissionManager(context)
if value == 4:
roleper.grantPermissionToRole('zojax.AddComment', 'zope.Anonymous')
else:
roleper.denyPermissionToRole('zojax.AddComment', 'zope.Anonymous')
if value == 3:
if IContentDiscussionAware.providedBy(context):
interface.noLongerProvides(context, IContentDiscussionAware)
else:
if not IContentDiscussionAware.providedBy(context):
interface.alsoProvides(context, IContentDiscussionAware)
discussibleAdded(context, None)
self.data.status = value
def init_application(event):
application = event.object
if not IDatashackle.providedBy(application):
# no datashackle grok application
return
# Site needs to be setted manually at this point.
# Otherwise the framework does not notify the catalog to index the newly
# created propertyform
setSite(application)
configfolder = Folder()
configfolder.title = _(u'Configuration')
application['configuration'] = configfolder
# Deny view, edit permission to role dolmen.Owner (which is the default role for our restricted users).
role_permission = IRolePermissionManager(configfolder)
role_permission.denyPermissionToRole('dolmen.content.View', 'dolmen.Owner')
#role_permission.grantPermissionToRole('dolmen.content.View', 'zope.Manager')
role_permission.denyPermissionToRole('dolmen.content.Edit', 'dolmen.Owner')
#role_permission.grantPermissionToRole('dolmen.content.Edit', 'zope.Manager')
metaconfig = Folder()
metaconfig.title = _(u'Meta configuration')
configfolder['meta'] = metaconfig
ignore_enumeration(metaconfig, 'zope.Everybody')
#users = Users()
#users.title = _(u'Users')
#configfolder['users'] = users
set_ = GenericSet()
set_.title = u'p2_model'
set_.plan_identifier = 'p2_model'
set_.table_identifier = 'p2_model'
set_.table_key_field = 'plan_identifier'
metaconfig['p2_model'] = set_
set_ = GenericSet()
set_.title = u'p2_form'
set_.plan_identifier = 'p2_form'
set_.table_identifier = 'p2_form'
set_.table_key_field = 'form_identifier'
metaconfig['p2_form'] = set_
archetypes = GenericSet()
archetypes.title = _(u'p2_archetype')
archetypes.plan_identifier = 'p2_archetype'
archetypes.table_identifier = 'p2_archetype'
archetypes.table_key_field = 'id'
metaconfig['p2_archetypes'] = archetypes
linkageforms = GenericSet()
linkageforms.title = u'p2_linkage'
linkageforms.plan_identifier = 'p2_linkage'
linkageforms.table_identifier = 'p2_linkage'
linkageforms.table_key_field = 'id'
metaconfig['p2_linkage'] = linkageforms
set_ = GenericSet()
set_.title = u'p2_relation'
set_.plan_identifier = 'p2_relation'
set_.table_identifier = 'p2_relation'
set_.table_key_field = 'id'
metaconfig['p2_relation'] = set_
widget = GenericSet()
widget.title = u'p2_widget'
widget.plan_identifier = 'p2_widget'
widget.table_identifier = 'p2_widget'
widget.table_key_field = 'widget_identifier'
metaconfig['p2_widget'] = widget
set_ = GenericSet()
set_.title = u'p2_span'
set_.plan_identifier = 'p2_span'
set_.table_identifier = 'p2_span'
set_.table_key_field = 'span_identifier'
metaconfig['p2_span'] = set_
set_ = GenericSet()
set_.title = u'p2_span_embeddedform'
set_.plan_identifier = 'p2_span_embeddedform'
set_.table_identifier = 'p2_span_embeddedform'
set_.table_key_field = 'span_identifier'
metaconfig['p2_span_embeddedform'] = set_
set_ = GenericSet()
set_.title = u'p2_span_fileupload'
set_.plan_identifier = 'p2_span_fileupload'
set_.table_identifier = 'p2_span_fileupload'
set_.table_key_field = 'span_identifier'
metaconfig['p2_span_fileupload'] = set_
set_ = GenericSet()
set_.title = u'p2_span_alphanumeric'
set_.plan_identifier = 'p2_span_alphanumeric'
set_.table_identifier = 'p2_span_alphanumeric'
set_.table_key_field = 'span_identifier'
metaconfig['p2_span_alphanumeric'] = set_
set_ = GenericSet()
set_.title = u'p2_span_checkbox'
set_.plan_identifier = 'p2_span_checkbox'
set_.table_identifier = 'p2_span_checkbox'
set_.table_key_field = 'span_identifier'
metaconfig['p2_span_checkbox'] = set_
set_ = GenericSet()
set_.title = u'p2_span_dropdown'
set_.plan_identifier = 'p2_span_dropdown'
set_.table_identifier = 'p2_span_dropdown'
set_.table_key_field = 'span_identifier'
metaconfig['p2_span_dropdown'] = set_
set_ = GenericSet()
set_.title = u'p2_countries'
set_.plan_identifier = 'p2_countries'
set_.table_identifier = 'p2_country'
set_.table_key_field = 'id'
metaconfig['p2_span_countries'] = set_
