def cached_roles(self, parent, permission):
cache = self.cache(parent)
try:
cache_roles = cache.roles
except AttributeError:
cache_roles = cache.roles = {}
try:
return cache_roles[permission]
except KeyError:
pass
if parent is None:
roles = dict(
[(role, 1)
for (role, setting) in globalRolesForPermission(permission)
if setting is Allow])
cache_roles[permission] = roles
return roles
roles = self.cached_roles(
removeSecurityProxy(getattr(parent, '__parent__', None)),
permission)
roleper = IRolePermissionMap(parent, None)
if roleper:
roles = roles.copy()
for role, setting in roleper.getRolesForPermission(permission):
if setting is Allow:
roles[role] = 1
elif role in roles:
del roles[role]
cache_roles[permission] = roles
return roles
def get_roles_with_access_content(obj):
if obj is None:
return {}
active_roles = get_roles_with_access_content(
removeSecurityProxy(getattr(obj, '__parent__', None)))
roleperm = IRolePermissionMap(obj)
for role, permission in roleperm.getRow('plone.AccessContent'):
active_roles[role] = permission
return active_roles
def settingsForObject(ob):
"""Analysis tool to show all of the grants to a process
"""
result = []
while ob is not None:
data = {}
result.append((getattr(ob, '__name__', '(no name)'), data))
principalPermissions = IPrincipalPermissionMap(ob, None)
if principalPermissions is not None:
settings = principalPermissions.getPrincipalsAndPermissions()
settings.sort()
data['principalPermissions'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
principalRoles = IPrincipalRoleMap(ob, None)
if principalRoles is not None:
settings = principalRoles.getPrincipalsAndRoles()
data['principalRoles'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
rolePermissions = IRolePermissionMap(ob, None)
if rolePermissions is not None:
settings = rolePermissions.getRolesAndPermissions()
data['rolePermissions'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
ob = getattr(ob, '__parent__', None)
data = {}
result.append(('global settings', data))
settings = principalPermissionManager.getPrincipalsAndPermissions()
settings.sort()
data['principalPermissions'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
settings = principalRoleManager.getPrincipalsAndRoles()
data['principalRoles'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
settings = rolePermissionManager.getRolesAndPermissions()
data['rolePermissions'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
return result
async def sharing_get(context, request):
roleperm = IRolePermissionMap(context)
prinperm = IPrincipalPermissionMap(context)
prinrole = IPrincipalRoleMap(context)
result = {'local': {}, 'inherit': []}
result['local']['role_permission'] = roleperm._byrow
result['local']['principal_permission'] = prinperm._byrow
result['local']['principal_role'] = prinrole._byrow
for obj in iter_parents(context):
roleperm = IRolePermissionMap(obj)
prinperm = IPrincipalPermissionMap(obj)
prinrole = IPrincipalRoleMap(obj)
result['inherit'].append({
'@id': IAbsoluteURL(obj, request)(),
'role_permission': roleperm._byrow,
'principal_permission': prinperm._byrow,
'principal_role': prinrole._byrow,
})
await notify(ObjectPermissionsViewEvent(context))
return result
def cached_roles(self, parent, permission):
cache = self.cache(parent)
try:
cache_roles = cache.roles
except AttributeError:
cache_roles = cache.roles = {}
try:
return cache_roles[permission]
except KeyError:
pass
if parent is None:
roles = dict([(role, 1)
for (role,
setting) in globalRolesForPermission(permission)
if setting is Allow])
cache_roles[permission] = roles
return roles
if getattr(parent, 'inherit_permissions', False):
roles = self.cached_roles(
removeSecurityProxy(getattr(parent, '__parent__', None)),
permission)
else:
roles = dict([(role, 1)
for (role,
setting) in globalRolesForPermission(permission)
if setting is Allow])
roleper = IRolePermissionMap(parent, None)
if roleper:
for role, setting in roleper.getRolesForPermission(permission):
if setting is Allow:
roles[role] = 1
elif role in roles:
del roles[role]
cache_roles[permission] = roles
return roles