def test__checkPermission(self): from AccessControl import getSecurityManager from AccessControl.ImplPython import ZopeSecurityPolicy from AccessControl.Permission import Permission from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.utils import _checkPermission setSecurityPolicy(ZopeSecurityPolicy()) site = self._makeSite() newSecurityManager(None, site.acl_users.user_foo) o = site.bar_dummy Permission('View', (), o).setRoles(('Anonymous',)) Permission('WebDAV access', (), o).setRoles(('Authenticated',)) Permission('Manage users', (), o).setRoles(('Manager',)) eo = site.foo_dummy eo._owner = (['acl_users'], 'all_powerful_Oz') getSecurityManager().addContext(eo) self.assertTrue(_checkPermission('View', o)) self.assertTrue(_checkPermission('WebDAV access', o)) self.assertFalse(_checkPermission('Manage users', o)) eo._proxy_roles = ('Authenticated',) self.assertFalse(_checkPermission('View', o)) self.assertTrue(_checkPermission('WebDAV access', o)) self.assertFalse(_checkPermission('Manage users', o)) eo._proxy_roles = ('Manager',) self.assertFalse(_checkPermission('View', o)) self.assertFalse(_checkPermission('WebDAV access', o)) self.assertTrue(_checkPermission('Manage users', o))
def allowed(context, permission=None): """ Roles that have `permission` and why. Returns {PERM_NAME: {'Role': (REASON, META), ..}, ..} where `REASON` in ('assigned', 'inherited'). `META` can be None or dict supplying extra info, like `source` of permission inheritance. """ out = {} all_roles = context.valid_roles() permissions = context.ac_inherited_permissions(1) if permission: permissions = [x for x in permissions if x[0] == permission] for perm in permissions: name, value = perm[:2] maps = out[name] = {} perm = Permission(name, value, context) roles = perm.getRoles(default=[]) for role in roles: maps[role] = ('assigned', None) if isinstance(roles, list): for role in set(all_roles) - set(roles): from_parent = allowed(context.aq_parent, name) parent_permission = from_parent[name].get(role) if parent_permission: reason, meta = parent_permission if reason == 'assigned': maps[role] = ('inherited', {'source': ofs_path(context.aq_parent)}) elif reason == 'inherited': maps[role] = parent_permission return out
def _modifyPermissionMappings(ob, map): """ Modifies multiple role to permission mappings. """ # This mimics what AccessControl/Role.py does. # Needless to say, it's crude. :-( something_changed = 0 perm_info = _ac_inherited_permissions(ob, 1) for name, settings in map.items(): cur_roles = rolesForPermissionOn(name, ob) if isinstance(cur_roles, basestring): cur_roles = [cur_roles] else: cur_roles = list(cur_roles) changed = 0 for (role, allow) in settings.items(): if not allow: if role in cur_roles: changed = 1 cur_roles.remove(role) else: if role not in cur_roles: changed = 1 cur_roles.append(role) if changed: data = () # The list of methods using this permission. for perm in perm_info: n, d = perm[:2] if n == name: data = d break p = Permission(name, data, ob) p.setRoles(tuple(cur_roles)) something_changed = 1 return something_changed
def update(app): catalog = getattr(app, 'Catalog') brains = catalog(meta_type='Report Document') for brain in brains: doc = brain.getObject() valid_roles = doc.valid_roles() if 'Auditor' in valid_roles: permissions = doc.ac_inherited_permissions(1) for perm in permissions: name, value = perm[:2] if name == 'View': p = Permission(name, value, doc) roles = list(p.getRoles()) if 'Auditor' not in roles: roles.append('Auditor') roles = tuple(roles) try: p.setRoles(roles) print "Added Auditor to View permission for %s" % doc.absolute_url() except: print "Failed" transaction.commit()
def manage_permission_for(brain_or_object, permission, roles, acquire=0): """Change the settings for the given permission. Code extracted from `IRoleManager.manage_permission` :param brain_or_object: Catalog brain or object :param permission: The permission to be granted :param roles: The roles the permission to be granted to :param acquire: Flag to acquire the permission """ obj = api.get_object(brain_or_object) if isinstance(roles, basestring): roles = [roles] for item in obj.ac_inherited_permissions(1): name, value = item[:2] if name == permission: permission = Permission(name, value, obj) if acquire: roles = list(roles) else: roles = tuple(roles) permission.setRoles(roles) return # Raise an error if the permission is invalid raise ValueError("The permission {} is invalid.".format(permission))
def testChangeUseOpenFlowPermission(self): from AccessControl.Permission import Permission perms = self.of.ac_inherited_permissions(1) name, value = [p for p in perms if p[0]=='Use OpenFlow'][0][:2] p=Permission(name,value,self.of) roles = ['Authenticated'] p.setRoles(roles)
def resetPublishPermission(context): from AccessControl.Permission import Permission siteroot = aq_parent(context) permission = Permission("Euphorie: Publish a Survey", (), siteroot) if "CountryManager" not in permission.getRoles(default=[]): permission.setRole("CountryManager", True) log.info("Adding publish permission for country managers")
def manage_changePermissions(self, REQUEST): """Change all permissions settings, called by management screen. """ valid_roles=self.valid_roles() indexes=range(len(valid_roles)) have=REQUEST.has_key permissions=self.ac_inherited_permissions(1) fails = [] for ip in range(len(permissions)): roles = [] for ir in indexes: if have("p%dr%d" % (ip, ir)): roles.append(valid_roles[ir]) name, value = permissions[ip][:2] try: p = Permission(name, value, self) if not have('a%d' % ip): roles=tuple(roles) p.setRoles(roles) except: fails.append(name) if fails: return MessageDialog(title="Warning!", message="Some permissions had errors: " + escape(', '.join(fails)), action='manage_access') return MessageDialog( title = 'Success!', message = 'Your changes have been saved', action = 'manage_access')
def listPermissions( self ): """ List permissions for export. o Returns a sqeuence of mappings describing locally-modified permission / role settings. Keys include: 'permission' -- the name of the permission 'acquire' -- a flag indicating whether to acquire roles from the site's container 'roles' -- the list of roles which have the permission. o Do not include permissions which both acquire and which define no local changes to the acquired policy. """ permissions = [] valid_roles = self.listRoles() for perm in self._site.ac_inherited_permissions( 1 ): name = perm[ 0 ] p = Permission( name, perm[ 1 ], self._site ) roles = p.getRoles( default=[] ) acquire = isinstance( roles, list ) # tuple means don't acquire roles = [ r for r in roles if r in valid_roles ] roles.sort() if roles or not acquire: permissions.append( { 'name' : name , 'acquire' : acquire , 'roles' : roles } ) return permissions
def listPermissions(self): """ List permissions for export. o Returns a sqeuence of mappings describing locally-modified permission / role settings. Keys include: 'permission' -- the name of the permission 'acquire' -- a flag indicating whether to acquire roles from the site's container 'roles' -- the list of roles which have the permission. o Do not include permissions which both acquire and which define no local changes to the acquired policy. """ permissions = [] valid_roles = self.listRoles() for perm in self._site.ac_inherited_permissions(1): name = perm[0] p = Permission(name, perm[1], self._site) roles = p.getRoles(default=[]) acquire = isinstance(roles, list) # tuple means don't acquire roles = [r for r in roles if r in valid_roles] if roles or not acquire: permissions.append({ 'name': name, 'acquire': acquire, 'roles': roles }) return permissions
def manage_changePermissions(self, REQUEST): """Change all permissions settings, called by management screen.""" valid_roles = self.valid_roles() have = REQUEST.__contains__ permissions = self.ac_inherited_permissions(1) fails = [] for ip in range(len(permissions)): permission_name = permissions[ip][0] permission_hash = _string_hash(permission_name) roles = [] for role in valid_roles: role_name = role role_hash = _string_hash(role_name) if have("permission_%srole_%s" % (permission_hash, role_hash)): roles.append(role) name, value = permissions[ip][:2] try: p = Permission(name, value, self) if not have('acquire_%s' % permission_hash): roles = tuple(roles) p.setRoles(roles) except Exception: fails.append(name) if fails: raise BadRequest('Some permissions had errors: ' + html.escape(', '.join(fails), True)) if REQUEST is not None: return self.manage_access(REQUEST)
def manage_doCustomize(self, folder_path, RESPONSE=None): """Makes a ZODB Based clone with the same data. Calls _createZODBClone for the actual work. """ obj = self._createZODBClone() parent = aq_parent(aq_inner(self)) # Preserve cache manager associations cachemgr_id = self.ZCacheable_getManagerId() if ( cachemgr_id and getattr(obj, 'ZCacheable_setManagerId', None) is not None ): obj.ZCacheable_setManagerId(cachemgr_id) # If there are proxy roles we preserve them proxy_roles = getattr(aq_base(self), '_proxy_roles', None) if proxy_roles is not None and isinstance(proxy_roles, tuple): obj._proxy_roles = tuple(self._proxy_roles) # Also, preserve any permission settings that might have come # from a metadata file or from fiddling in the ZMI old_info = [x[:2] for x in self.ac_inherited_permissions(1)] for old_perm, value in old_info: p = Permission(old_perm, value, self) acquired = int(isinstance(p.getRoles(default=[]), list)) rop_info = self.rolesOfPermission(old_perm) roles = [x['name'] for x in rop_info if x['selected'] != ''] try: # if obj is based on OFS.ObjectManager an acquisition context is # required for _subobject_permissions() obj.__of__(parent).manage_permission(old_perm, roles=roles, acquire=acquired) except ValueError: # The permission was invalid, never mind pass id = obj.getId() fpath = tuple( folder_path.split('/') ) portal_skins = getUtility(ISkinsTool) folder = portal_skins.restrictedTraverse(fpath) if id in folder.objectIds(): # we cant catch the badrequest so # we'll that to check before hand obj = folder._getOb(id) if RESPONSE is not None: RESPONSE.redirect('%s/manage_main?manage_tabs_message=%s' % ( obj.absolute_url(), html_quote("An object with this id already exists") )) else: folder._verifyObjectPaste(obj, validate_src=0) folder._setObject(id, obj) if RESPONSE is not None: RESPONSE.redirect('%s/%s/manage_main' % ( folder.absolute_url(), id)) if RESPONSE is not None: RESPONSE.redirect('%s/%s/manage_main' % ( folder.absolute_url(), id))
def manage_changePermissions(self, REQUEST): """Change all permissions settings, called by management screen.""" valid_roles = self.valid_roles() have = REQUEST.__contains__ permissions = self.ac_inherited_permissions(1) fails = [] for ip in range(len(permissions)): permission_name = permissions[ip][0] permission_hash = _string_hash(permission_name) roles = [] for role in valid_roles: role_name = role role_hash = _string_hash(role_name) if have("permission_%srole_%s" % (permission_hash, role_hash)): roles.append(role) name, value = permissions[ip][:2] try: p = Permission(name, value, self) if not have('acquire_%s' % permission_hash): roles = tuple(roles) p.setRoles(roles) except Exception: fails.append(name) if fails: raise BadRequest('Some permissions had errors: ' + escape(', '.join(fails), True)) if REQUEST is not None: return self.manage_access(REQUEST)
def manage_changePermissions(self, REQUEST): """Change all permissions settings, called by management screen. """ valid_roles = self.valid_roles() indexes = range(len(valid_roles)) have = REQUEST.has_key permissions = self.ac_inherited_permissions(1) fails = [] for ip in range(len(permissions)): roles = [] for ir in indexes: if have("p%dr%d" % (ip, ir)): roles.append(valid_roles[ir]) name, value = permissions[ip][:2] try: p = Permission(name, value, self) if not have('a%d' % ip): roles = tuple(roles) p.setRoles(roles) except: fails.append(name) if fails: return MessageDialog(title="Warning!", message="Some permissions had errors: " + escape(', '.join(fails)), action='manage_access') return MessageDialog(title='Success!', message='Your changes have been saved', action='manage_access')
def allowed(context, permission=None): """ Roles that have `permission` and why. Returns {PERM_NAME: {'Role': (REASON, META), ..}, ..} where `REASON` in ('assigned', 'inherited'). `META` can be None or dict supplying extra info, like `source` of permission inheritance. """ out = {} all_roles = context.valid_roles() permissions = context.ac_inherited_permissions(1) if permission: permissions = [x for x in permissions if x[0] == permission] for perm in permissions: name, value = perm[:2] maps = out[name] = {} perm = Permission(name, value, context) roles = perm.getRoles(default=[]) for role in roles: maps[role] = ('assigned', None) if isinstance(roles, list): from_parent = allowed(context.aq_parent, name) for role in set(all_roles) - set(roles): parent_permission = from_parent[name].get(role) if parent_permission: reason, meta = parent_permission if reason == 'assigned': maps[role] = ('inherited', {'source': ofs_path(context.aq_parent)}) elif reason == 'inherited': maps[role] = parent_permission return out
def permission_settings(self, permission=None): """Return user-role permission settings. If 'permission' is passed to the method then only the settings for 'permission' is returned. """ result=[] valid=self.valid_roles() indexes=range(len(valid)) ip=0 permissions = self.ac_inherited_permissions(1) # Filter permissions if permission: permissions = [p for p in permissions if p[0] == permission] for p in permissions: name, value = p[:2] p=Permission(name, value, self) roles = p.getRoles(default=[]) d={'name': name, 'acquire': isinstance(roles, list) and 'CHECKED' or '', 'roles': map( lambda ir, roles=roles, valid=valid, ip=ip: { 'name': "p%dr%d" % (ip, ir), 'checked': (valid[ir] in roles) and 'CHECKED' or '', }, indexes) } ip = ip + 1 result.append(d) return result
def manage_role(self, role_to_manage, permissions=[]): """Change the permissions given to the given role. """ for p in self.ac_inherited_permissions(1): name, value = p[:2] p = Permission(name, value, self) p.setRole(role_to_manage, name in permissions)
def getPermissionMapping(self): """ Return the permission mapping for the parent """ ret = {} for zope_perm in self.permissions: permission = Permission(zope_perm, (), self.aq_parent) ret[zope_perm] = permission.getRoles() return ret
def permission_settings(self, permission=None): """Return user-role permission settings. If 'permission' is passed to the method then only the settings for 'permission' is returned. """ result = [] valid = self.valid_roles() indexes = range(len(valid)) ip = 0 permissions = self.ac_inherited_permissions(1) # Filter permissions if permission: permissions = [p for p in permissions if p[0] == permission] for p in permissions: name, value = p[:2] p = Permission(name, value, self) roles = p.getRoles(default=[]) d = { 'name': name, 'acquire': isinstance(roles, list) and 'CHECKED' or '', 'roles': map(lambda ir, roles=roles, valid=valid, ip=ip: { 'name': "p%dr%d" % (ip, ir), 'checked': (valid[ir] in roles) and 'CHECKED' or '', }, indexes) } ip = ip + 1 result.append(d) return result
def getPermissionsWithAcquiredRoles(self): """ Return the permissions which acquire roles from their parents """ ret = [] for zope_perm in self.permissions: permission = Permission(zope_perm, (), self.aq_parent) if isinstance(permission.getRoles(), list): ret.append(zope_perm) return ret
def getPermissionMapping(self): """ Return the permission mapping for the object """ mapping = {} for permission in self.permissions: permission_object = Permission(permission, (), self.getObject()) mapping[permission] = permission_object.getRoles() return mapping
def _getTempFolder(self, type_name): factory_info = self.REQUEST.get(FACTORY_INFO, {}) tempFolder = factory_info.get(type_name, None) if tempFolder: tempFolder = aq_inner(tempFolder).__of__(self) return tempFolder # make sure we can add an object of this type to the temp folder types_tool = getToolByName(self, 'portal_types') if not type_name in types_tool.TempFolder.allowed_content_types: # update allowed types for tempfolder types_tool.TempFolder.allowed_content_types=(types_tool.listContentTypes()) tempFolder = TempFolder(type_name).__of__(self) intended_parent = aq_parent(self) portal = getToolByName(self, 'portal_url').getPortalObject() folder_roles = {} # mapping from permission name to list or tuple of roles # list if perm is acquired; tuple if not n_acquired = 0 # number of permissions that are acquired # build initial folder_roles dictionary for p in intended_parent.ac_inherited_permissions(1): name, value = p[:2] p=Permission(name,value,intended_parent) roles = p.getRoles() folder_roles[name] = roles if isinstance(roles, list): n_acquired += 1 # If intended_parent is not the portal, walk up the acquisition hierarchy and # acquire permissions explicitly so we can assign the acquired version to the # temp_folder. In addition to being cumbersome, this is undoubtedly very slow. if intended_parent != portal: parent = aq_parent(aq_inner(intended_parent)) while(n_acquired and parent!=portal): n_acquired = 0 for p in parent.ac_inherited_permissions(1): name, value = p[:2] roles = folder_roles[name] if isinstance(roles, list): p=Permission(name,value,parent) aq_roles=p.getRoles() for r in aq_roles: if not r in roles: roles.append(r) if isinstance(aq_roles, list): n_acquired += 1 else: roles = tuple(roles) folder_roles[name] = roles parent = aq_parent(aq_inner(parent)) for name, roles in folder_roles.items(): tempFolder.manage_permission(name, roles, acquire=isinstance(roles, list)) factory_info[type_name] = tempFolder self.REQUEST.set(FACTORY_INFO, factory_info) return tempFolder
def _update(self, portal): permission = "Naaya - Create user" p = Permission(permission, (), portal) if 'Administrator' not in p.getRoles(): permission_add_role(portal, permission, 'Administrator') permission_add_role(portal, permission, 'Anonymous') self.log.debug('Added %s permission', permission) return True
def _update(self, portal): view_perm = Permission(view, (), portal) roles_with_view = view_perm.getRoles() if tuple is type(roles_with_view): self.log.debug('No need to update') else: view_perm.setRoles(tuple(roles_with_view)) self.log.debug('Removed view permission inheritance for the site') return True
def _update(self, portal): layout_tool = portal.getLayoutTool() view_perm = Permission(view, (), layout_tool) if 'Anonymous' not in view_perm.getRoles(): view_perm.setRoles(['Anonymous',]) self.log.info("View Permission set for Anonymous on portal_layout.") else: self.log.info("Already has it, nothing to do.") return True
def _update(self, portal): permissions = ["Naaya - Add Naaya Photo Folder", "Naaya - Add Naaya Photo Gallery"] for permission in permissions: p = Permission(permission, (), portal) if "Administrator" not in p.getRoles(): permission_add_role(portal, permission, "Administrator") self.log.debug("Added %s permission", permission) return True
def _update(self, portal): permission = "Naaya - Create user" p = Permission(permission, (), portal) if "Administrator" not in p.getRoles(): permission_add_role(portal, permission, "Administrator") permission_add_role(portal, permission, "Anonymous") self.log.debug("Added %s permission", permission) return True
def getPermissionsWithAcquiredRoles(self): """ Return the permissions which acquire roles from their parents """ ret = [] for permission in self.permissions: permission_object = Permission(permission, (), self.getObject()) if isinstance(permission_object.getRoles(), list): ret.append(permission) return ret
def setPermissionMapping(self, mapping): """ Change the permission mapping for the object. This leaves the other permissions (not in mapping.keys()) unchanged """ for permission in mapping: permission_object = Permission(permission, (), self.getObject()) permission_object.setRoles(mapping[permission])
def _update(self, portal): skip_captcha_perm = Permission('Naaya - Skip Captcha', (), portal) roles_with_skip_captcha = skip_captcha_perm.getRoles() if 'Authenticated' not in roles_with_skip_captcha: roles_with_skip_captcha.append('Authenticated') skip_captcha_perm.setRoles(roles_with_skip_captcha) self.log.debug('Skip Captcha permission assigned to Authenticated') else: self.log.debug('Authenticated already has the permission') return True
def setPermissionMapping(self, mapping): """ Change the permission mapping for the parent. This leaves the other permissions (not in mapping.keys()) unchanged """ for zope_perm in mapping: permission = Permission(zope_perm, (), self.aq_parent) permission.setRoles(mapping[zope_perm]) transaction.commit()
def _update(self, portal): permissions = ["Naaya - Add Naaya Photo Folder", "Naaya - Add Naaya Photo Gallery"] for permission in permissions: p = Permission(permission, (), portal) if 'Administrator' not in p.getRoles(): permission_add_role(portal, permission, 'Administrator') self.log.debug('Added %s permission', permission) return True
def manage_addLayoutTool(self, REQUEST=None): """ """ ob = LayoutTool(ID_LAYOUTTOOL, TITLE_LAYOUTTOOL) self._setObject(ID_LAYOUTTOOL, ob) ob_aq = self._getOb(ID_LAYOUTTOOL) ob_aq.loadDefaultData() view_perm = Permission(view, (), ob_aq) view_perm.setRoles(['Anonymous',]) if REQUEST: return self.manage_main(self, REQUEST, update_menu=1)
def _update(self, portal): catalog = portal.getCatalogTool() for brain in catalog(approved=0): obj = brain.getObject() permission = Permission(view, (), obj) roles = permission.getRoles() if isinstance(roles, list): obj.dont_inherit_view_permission() self.log.debug("restricted view permission for %s", obj.absolute_url()) return True
def roles_of_permission(context, permission): """Return all roles which have the given permission on the current context.""" role_manager = IRoleManager(context) for p in role_manager.ac_inherited_permissions(1): name, value = p[:2] if name == permission: p = Permission(name, value, role_manager) roles = p.getRoles() return roles
def _update(self, portal): catalog = portal.getCatalogTool() for brain in catalog(approved=0): obj = brain.getObject() permission = Permission(view, (), obj) roles = permission.getRoles() if isinstance(roles, list): obj.dont_inherit_view_permission() self.log.debug('restricted view permission for %s', obj.absolute_url()) return True
def set_acl_for_roles(ob, roles): permission_object = Permission(view, (), ob) current_roles = permission_object.getRoles() is_tuple = isinstance(current_roles, tuple) current_roles = list(current_roles) new_roles = set(roles + current_roles) if is_tuple: new_roles = tuple(new_roles) else: new_roles = list(new_roles) permission_object.setRoles(new_roles)
def _update(self, portal): review_perm = Permission('Naaya - Review TalkBack Consultation', (), portal) for role in ['Administrator', 'Owner', 'Reviewer']: roles = review_perm.getRoles() if role not in roles: roles.append(role) review_perm.setRoles(roles) self.log.info("Review Permission set for %s on %s" % (role, portal.absolute_url())) return True
def _update(self, portal): meetings = portal.getCatalogedObjects(meta_type='Naaya Meeting') for meeting in meetings: view_perm = Permission('View', (), meeting) for role in [OBSERVER_ROLE, WAITING_ROLE, PARTICIPANT_ROLE]: roles = view_perm.getRoles() if role not in roles: roles.append(role) view_perm.setRoles(roles) self.log.info("View Permission set for %s on %s" % (role, meeting.absolute_url())) return True
def acquiredRolesAreUsedBy(self, permission): """ """ for p in self.ac_inherited_permissions(1): name, value = p[:2] if name == permission: p = Permission(name, value, self) roles = p.getRoles() return isinstance(roles, list) and 'CHECKED' or '' raise ValueError("The permission <em>%s</em> is invalid." % escape(permission))
def _update(self, portal): layout_tool = portal.getLayoutTool() view_perm = Permission(view, (), layout_tool) if 'Anonymous' not in view_perm.getRoles(): view_perm.setRoles([ 'Anonymous', ]) self.log.info( "View Permission set for Anonymous on portal_layout.") else: self.log.info("Already has it, nothing to do.") return True
def manage_addLayoutTool(self, REQUEST=None): """ """ ob = LayoutTool(ID_LAYOUTTOOL, TITLE_LAYOUTTOOL) self._setObject(ID_LAYOUTTOOL, ob) ob_aq = self._getOb(ID_LAYOUTTOOL) ob_aq.loadDefaultData() view_perm = Permission(view, (), ob_aq) view_perm.setRoles([ 'Anonymous', ]) if REQUEST: return self.manage_main(self, REQUEST, update_menu=1)
def acquiredRolesAreUsedBy(self, permission): """ """ for p in self.ac_inherited_permissions(1): name, value = p[:2] if name == permission: p = Permission(name, value, self) roles = p.getRoles() return isinstance(roles, list) and 'CHECKED' or '' raise ValueError( "The permission <em>%s</em> is invalid." % escape(permission))
def permissionsOfRole(self, role): """Returns a role to permission mapping. """ r = [] for p in self.ac_inherited_permissions(1): name, value = p[:2] p = Permission(name, value, self) roles = p.getRoles() r.append({ 'name': name, 'selected': role in roles and 'SELECTED' or '', }) return r
def updateRolesForPermission(permission, roles, obj): '''Adds roles from list p_roles to the list of roles that are granted p_permission on p_obj.''' from AccessControl.Permission import Permission # Find existing roles that were granted p_permission on p_obj existingRoles = () for p in obj.ac_inherited_permissions(1): name, value = p[:2] if name == permission: perm = Permission(name, value, obj) existingRoles = perm.getRoles() allRoles = set(existingRoles).union(roles) obj.manage_permission(permission, tuple(allRoles), acquire=0)
def tearDown(self): self.browser_do_logout() self.auth_tool.manage_revokeUserRole(user=self.user_obj.name, location='/portal/info') # reset portal roles with view view_perm = Permission(view, (), self.portal) view_perm.setRoles(self.site_roles_with_view) transaction.commit() super(UserWithRolesOnlyOnFolderTestSetup, self).tearDown()
def _update(self, portal): permission = Permission('Naaya - Add comments for content', (), portal) roles = permission.getRoles() if 'Authenticated' in roles: self.log.debug("Portal doesn't need update") self.log.debug("Authenticated users can already add comments") return True if isinstance(roles, tuple): roles = tuple(list(roles) + ['Authenticated']) else: roles = roles + ['Authenticated'] permission.setRoles(roles) return True
def allowMembersToAddCenter(obj): perms = [p for p in obj.ac_inherited_permissions(1) if p[0] == AddSoftwareCenter] p = perms[0] name, value = perms[0][:2] p = Permission(name, value, obj) roles = p.getRoles() if 'Member' not in roles: if type(roles) == type(()): roles = list(roles) roles.append('Member') roles = tuple(roles) else: roles.append('Member') p.setRoles(roles)
def _update(self, portal): layout_permission = Permission(view, (), portal.portal_layout) layout_permission.setRoles(portal.validRoles()) dyn_permission = Permission(view, (), portal.portal_dynamicproperties) dyn_permission.setRoles(portal.validRoles()) self.log.info('Done') return True