def _modifyPermissionMappings(ob, map): """ Modifies multiple role to permission mappings. """ # This mimics what AccessControl/Role.py does. # Needless to say, it's crude. :-( something_changed = 0 perm_info = _ac_inherited_permissions(ob, 1) for name, settings in map.items(): cur_roles = rolesForPermissionOn(name, ob) if isinstance(cur_roles, basestring): cur_roles = [cur_roles] else: cur_roles = list(cur_roles) changed = 0 for (role, allow) in settings.items(): if not allow: if role in cur_roles: changed = 1 cur_roles.remove(role) else: if role not in cur_roles: changed = 1 cur_roles.append(role) if changed: data = () # The list of methods using this permission. for perm in perm_info: n, d = perm[:2] if n == name: data = d break p = Permission(name, data, ob) p.setRoles(tuple(cur_roles)) something_changed = 1 return something_changed
def manage_permission_for(brain_or_object, permission, roles, acquire=0): """Change the settings for the given permission. Code extracted from `IRoleManager.manage_permission` :param brain_or_object: Catalog brain or object :param permission: The permission to be granted :param roles: The roles the permission to be granted to :param acquire: Flag to acquire the permission """ obj = api.get_object(brain_or_object) if isinstance(roles, basestring): roles = [roles] for item in obj.ac_inherited_permissions(1): name, value = item[:2] if name == permission: permission = Permission(name, value, obj) if acquire: roles = list(roles) else: roles = tuple(roles) permission.setRoles(roles) return # Raise an error if the permission is invalid raise ValueError("The permission {} is invalid.".format(permission))
def _modifyPermissionMappings(ob, map): """ Modifies multiple role to permission mappings. """ # This mimics what AccessControl/Role.py does. # Needless to say, it's crude. :-( something_changed = 0 perm_info = _ac_inherited_permissions(ob, 1) for name, settings in map.items(): cur_roles = rolesForPermissionOn(name, ob) if isinstance(cur_roles, basestring): cur_roles = [cur_roles] else: cur_roles = list(cur_roles) changed = 0 for (role, allow) in settings.items(): if not allow: if role in cur_roles: changed = 1 cur_roles.remove(role) else: if role not in cur_roles: changed = 1 cur_roles.append(role) if changed: data = () # The list of methods using this permission. for perm in perm_info: n, d = perm[:2] if n == name: data = d break p = Permission(name, data, ob) p.setRoles(tuple(cur_roles)) something_changed = 1 return something_changed
def manage_changePermissions(self, REQUEST): """Change all permissions settings, called by management screen. """ valid_roles = self.valid_roles() indexes = range(len(valid_roles)) have = REQUEST.has_key permissions = self.ac_inherited_permissions(1) fails = [] for ip in range(len(permissions)): roles = [] for ir in indexes: if have("p%dr%d" % (ip, ir)): roles.append(valid_roles[ir]) name, value = permissions[ip][:2] try: p = Permission(name, value, self) if not have('a%d' % ip): roles = tuple(roles) p.setRoles(roles) except: fails.append(name) if fails: return MessageDialog(title="Warning!", message="Some permissions had errors: " + escape(', '.join(fails)), action='manage_access') return MessageDialog(title='Success!', message='Your changes have been saved', action='manage_access')
def manage_changePermissions(self, REQUEST): """Change all permissions settings, called by management screen. """ valid_roles=self.valid_roles() indexes=range(len(valid_roles)) have=REQUEST.has_key permissions=self.ac_inherited_permissions(1) fails = [] for ip in range(len(permissions)): roles = [] for ir in indexes: if have("p%dr%d" % (ip, ir)): roles.append(valid_roles[ir]) name, value = permissions[ip][:2] try: p = Permission(name, value, self) if not have('a%d' % ip): roles=tuple(roles) p.setRoles(roles) except: fails.append(name) if fails: return MessageDialog(title="Warning!", message="Some permissions had errors: " + escape(', '.join(fails)), action='manage_access') return MessageDialog( title = 'Success!', message = 'Your changes have been saved', action = 'manage_access')
def manage_changePermissions(self, REQUEST): """Change all permissions settings, called by management screen.""" valid_roles = self.valid_roles() have = REQUEST.__contains__ permissions = self.ac_inherited_permissions(1) fails = [] for ip in range(len(permissions)): permission_name = permissions[ip][0] permission_hash = _string_hash(permission_name) roles = [] for role in valid_roles: role_name = role role_hash = _string_hash(role_name) if have("permission_%srole_%s" % (permission_hash, role_hash)): roles.append(role) name, value = permissions[ip][:2] try: p = Permission(name, value, self) if not have('acquire_%s' % permission_hash): roles = tuple(roles) p.setRoles(roles) except Exception: fails.append(name) if fails: raise BadRequest('Some permissions had errors: ' + html.escape(', '.join(fails), True)) if REQUEST is not None: return self.manage_access(REQUEST)
def update(app): catalog = getattr(app, 'Catalog') brains = catalog(meta_type='Report Document') for brain in brains: doc = brain.getObject() valid_roles = doc.valid_roles() if 'Auditor' in valid_roles: permissions = doc.ac_inherited_permissions(1) for perm in permissions: name, value = perm[:2] if name == 'View': p = Permission(name, value, doc) roles = list(p.getRoles()) if 'Auditor' not in roles: roles.append('Auditor') roles = tuple(roles) try: p.setRoles(roles) print "Added Auditor to View permission for %s" % doc.absolute_url() except: print "Failed" transaction.commit()
def tryMethodCallWithTemporaryPermission(context, permission, method, method_argv, method_kw, exception): # we want to catch the explicit security check done in manage_renameObject # and bypass it. for this, we temporarily give the Copy or Move right to the # user. We assume that if the user has enough rights to pass the # "declareProtected" check around "setId", he should be really able to # rename the object. try: return method(*method_argv, **method_kw) except exception: user = getSecurityManager().getUser() user_role_list = user.getRolesInContext(context) if len(user_role_list) > 0: perm_list = context.ac_inherited_permissions() for p in perm_list: if p[0] == permission: name, value = p[:2] break else: name, value = (permission, ()) p = Permission(name,value,context) old_role_list = p.getRoles(default=[]) p.setRoles(user_role_list) result = method(*method_argv, **method_kw) p.setRoles(old_role_list) return result
def testChangeUseOpenFlowPermission(self): from AccessControl.Permission import Permission perms = self.of.ac_inherited_permissions(1) name, value = [p for p in perms if p[0]=='Use OpenFlow'][0][:2] p=Permission(name,value,self.of) roles = ['Authenticated'] p.setRoles(roles)
def manage_changePermissions(self, REQUEST): """Change all permissions settings, called by management screen.""" valid_roles = self.valid_roles() have = REQUEST.__contains__ permissions = self.ac_inherited_permissions(1) fails = [] for ip in range(len(permissions)): permission_name = permissions[ip][0] permission_hash = _string_hash(permission_name) roles = [] for role in valid_roles: role_name = role role_hash = _string_hash(role_name) if have("permission_%srole_%s" % (permission_hash, role_hash)): roles.append(role) name, value = permissions[ip][:2] try: p = Permission(name, value, self) if not have('acquire_%s' % permission_hash): roles = tuple(roles) p.setRoles(roles) except Exception: fails.append(name) if fails: raise BadRequest('Some permissions had errors: ' + escape(', '.join(fails), True)) if REQUEST is not None: return self.manage_access(REQUEST)
def tryMethodCallWithTemporaryPermission(context, permission, method, method_argv, method_kw, exception): # we want to catch the explicit security check done in manage_renameObject # and bypass it. for this, we temporarily give the Copy or Move right to the # user. We assume that if the user has enough rights to pass the # "declareProtected" check around "setId", he should be really able to # rename the object. try: return method(*method_argv, **method_kw) except exception: user = getSecurityManager().getUser() user_role_list = user.getRolesInContext(context) if len(user_role_list) > 0: perm_list = context.ac_inherited_permissions() for p in perm_list: if p[0] == permission: name, value = p[:2] break else: name, value = (permission, ()) p = Permission(name,value,context) old_role_list = p.getRoles(default=[]) p.setRoles(user_role_list) result = method(*method_argv, **method_kw) p.setRoles(old_role_list) return result
def _update(self, portal): layout_permission = Permission(view, (), portal.portal_layout) layout_permission.setRoles(portal.validRoles()) dyn_permission = Permission(view, (), portal.portal_dynamicproperties) dyn_permission.setRoles(portal.validRoles()) self.log.info('Done') return True
def setPermissionMapping(self, mapping): """ Change the permission mapping for the object. This leaves the other permissions (not in mapping.keys()) unchanged """ for permission in mapping: permission_object = Permission(permission, (), self.getObject()) permission_object.setRoles(mapping[permission])
def _update(self, portal): view_perm = Permission(view, (), portal) roles_with_view = view_perm.getRoles() if tuple is type(roles_with_view): self.log.debug('No need to update') else: view_perm.setRoles(tuple(roles_with_view)) self.log.debug('Removed view permission inheritance for the site') return True
def _update(self, portal): layout_tool = portal.getLayoutTool() view_perm = Permission(view, (), layout_tool) if 'Anonymous' not in view_perm.getRoles(): view_perm.setRoles(['Anonymous',]) self.log.info("View Permission set for Anonymous on portal_layout.") else: self.log.info("Already has it, nothing to do.") return True
def _update(self, portal): skip_captcha_perm = Permission('Naaya - Skip Captcha', (), portal) roles_with_skip_captcha = skip_captcha_perm.getRoles() if 'Authenticated' not in roles_with_skip_captcha: roles_with_skip_captcha.append('Authenticated') skip_captcha_perm.setRoles(roles_with_skip_captcha) self.log.debug('Skip Captcha permission assigned to Authenticated') else: self.log.debug('Authenticated already has the permission') return True
def manage_addLayoutTool(self, REQUEST=None): """ """ ob = LayoutTool(ID_LAYOUTTOOL, TITLE_LAYOUTTOOL) self._setObject(ID_LAYOUTTOOL, ob) ob_aq = self._getOb(ID_LAYOUTTOOL) ob_aq.loadDefaultData() view_perm = Permission(view, (), ob_aq) view_perm.setRoles(['Anonymous',]) if REQUEST: return self.manage_main(self, REQUEST, update_menu=1)
def _update(self, portal): skip_captcha_perm = Permission('Naaya - Skip Captcha', (), portal) roles_with_skip_captcha = skip_captcha_perm.getRoles() if 'Authenticated' not in roles_with_skip_captcha: roles_with_skip_captcha.append('Authenticated') skip_captcha_perm.setRoles(roles_with_skip_captcha) self.log.debug('Skip Captcha permission assigned to Authenticated') else: self.log.debug('Authenticated already has the permission') return True
def setPermissionMapping(self, mapping): """ Change the permission mapping for the parent. This leaves the other permissions (not in mapping.keys()) unchanged """ for zope_perm in mapping: permission = Permission(zope_perm, (), self.aq_parent) permission.setRoles(mapping[zope_perm]) transaction.commit()
def _update(self, portal): review_perm = Permission('Naaya - Review TalkBack Consultation', (), portal) for role in ['Administrator', 'Owner', 'Reviewer']: roles = review_perm.getRoles() if role not in roles: roles.append(role) review_perm.setRoles(roles) self.log.info("Review Permission set for %s on %s" % (role, portal.absolute_url())) return True
def set_acl_for_roles(ob, roles): permission_object = Permission(view, (), ob) current_roles = permission_object.getRoles() is_tuple = isinstance(current_roles, tuple) current_roles = list(current_roles) new_roles = set(roles + current_roles) if is_tuple: new_roles = tuple(new_roles) else: new_roles = list(new_roles) permission_object.setRoles(new_roles)
def manage_addLayoutTool(self, REQUEST=None): """ """ ob = LayoutTool(ID_LAYOUTTOOL, TITLE_LAYOUTTOOL) self._setObject(ID_LAYOUTTOOL, ob) ob_aq = self._getOb(ID_LAYOUTTOOL) ob_aq.loadDefaultData() view_perm = Permission(view, (), ob_aq) view_perm.setRoles([ 'Anonymous', ]) if REQUEST: return self.manage_main(self, REQUEST, update_menu=1)
def _update(self, portal): meetings = portal.getCatalogedObjects(meta_type='Naaya Meeting') for meeting in meetings: view_perm = Permission('View', (), meeting) for role in [OBSERVER_ROLE, WAITING_ROLE, PARTICIPANT_ROLE]: roles = view_perm.getRoles() if role not in roles: roles.append(role) view_perm.setRoles(roles) self.log.info("View Permission set for %s on %s" % (role, meeting.absolute_url())) return True
def _update(self, portal): layout_tool = portal.getLayoutTool() view_perm = Permission(view, (), layout_tool) if 'Anonymous' not in view_perm.getRoles(): view_perm.setRoles([ 'Anonymous', ]) self.log.info( "View Permission set for Anonymous on portal_layout.") else: self.log.info("Already has it, nothing to do.") return True
def _update(self, portal): meetings = portal.getCatalogedObjects(meta_type='Naaya Meeting') for meeting in meetings: view_perm = Permission('View', (), meeting) for role in [OBSERVER_ROLE, WAITING_ROLE, PARTICIPANT_ROLE]: roles = view_perm.getRoles() if role not in roles: roles.append(role) view_perm.setRoles(roles) self.log.info("View Permission set for %s on %s" % (role, meeting.absolute_url())) return True
def manage_acquiredPermissions(self, permissions=[]): """Change the permissions that acquire. """ for p in self.ac_inherited_permissions(1): name, value = p[:2] p = Permission(name, value, self) roles = p.getRoles() if roles is None: continue if name in permissions: p.setRoles(list(roles)) else: p.setRoles(tuple(roles))
def tearDown(self): self.browser_do_logout() self.auth_tool.manage_revokeUserRole(user=self.user_obj.name, location='/portal/info') # reset portal roles with view view_perm = Permission(view, (), self.portal) view_perm.setRoles(self.site_roles_with_view) transaction.commit() super(UserWithRolesOnlyOnFolderTestSetup, self).tearDown()
def manage_acquiredPermissions(self, permissions=[]): """Change the permissions that acquire. """ for p in self.ac_inherited_permissions(1): name, value = p[:2] p = Permission(name, value, self) roles = p.getRoles() if roles is None: continue if name in permissions: p.setRoles(list(roles)) else: p.setRoles(tuple(roles))
def tearDown(self): self.browser_do_logout() self.auth_tool.manage_revokeUserRole(user=self.user_obj.name, location='/portal/info') # reset portal roles with view view_perm = Permission(view, (), self.portal) view_perm.setRoles(self.site_roles_with_view) transaction.commit() super(UserWithRolesOnlyOnFolderTestSetup, self).tearDown()
def _update(self, portal): permission = Permission('Naaya - Add comments for content', (), portal) roles = permission.getRoles() if 'Authenticated' in roles: self.log.debug("Portal doesn't need update") self.log.debug("Authenticated users can already add comments") return True if isinstance(roles, tuple): roles = tuple(list(roles) + ['Authenticated']) else: roles = roles + ['Authenticated'] permission.setRoles(roles) return True
def _update(self, portal): portal_catalog = portal.getCatalogTool() set_roles = ['Administrator', 'Manager'] for brain in portal_catalog(meta_type='Naaya Forum'): forum = brain.getObject() for permission_name in (PERMISSION_MODIFY_FORUMTOPIC, PERMISSION_SKIP_CAPTCHA): perm = Permission(permission_name, (), forum) roles = perm.getRoles() if 'Manager' not in roles or 'Administrator' not in roles: perm.setRoles(list(set(roles + set_roles))) self.log.debug('Default permissions added for %s', forum.absolute_url()) return True
def migrate_permission_settings(self): """Migrate permission settings (permission <-> role) The acquire flag is coded into the type of the sequence. If roles is a list than the roles are also acquire. If roles is a tuple the roles aren't acquired. """ oldmap = getPermissionMapping(self.old.ac_inherited_permissions(1)) newmap = getPermissionMapping(self.new.ac_inherited_permissions(1)) for key, values in oldmap.items(): old_p = Permission(key, values, self.old) old_roles = old_p.getRoles() new_values = newmap.get(key, ()) new_p = Permission(key, new_values, self.new) new_p.setRoles(old_roles)
def migrate_permission_settings(self): """Migrate permission settings (permission <-> role) The acquire flag is coded into the type of the sequence. If roles is a list than the roles are also acquire. If roles is a tuple the roles aren't acquired. """ oldmap = getPermissionMapping(self.old.ac_inherited_permissions(1)) newmap = getPermissionMapping(self.new.ac_inherited_permissions(1)) for key, values in oldmap.items(): old_p = Permission(key, values, self.old) old_roles = old_p.getRoles() new_values = newmap.get(key, ()) new_p = Permission(key, new_values, self.new) new_p.setRoles(old_roles)
def allowMembersToAddCenter(obj): perms = [p for p in obj.ac_inherited_permissions(1) if p[0] == AddSoftwareCenter] p = perms[0] name, value = perms[0][:2] p = Permission(name, value, obj) roles = p.getRoles() if 'Member' not in roles: if type(roles) == type(()): roles = list(roles) roles.append('Member') roles = tuple(roles) else: roles.append('Member') p.setRoles(roles)
def allowMembersToAddCenter(obj): perms = [p for p in obj.ac_inherited_permissions(1) if p[0] == AddSoftwareCenter] p = perms[0] name, value = perms[0][:2] p = Permission(name, value, obj) roles = p.getRoles() if 'Member' not in roles: if type(roles) == type(()): roles = list(roles) roles.append('Member') roles = tuple(roles) else: roles.append('Member') p.setRoles(roles)
def _update(self, portal): portal_catalog = portal.getCatalogTool() set_roles = ['Administrator', 'Manager'] for brain in portal_catalog(meta_type='Naaya Forum'): forum = brain.getObject() for permission_name in (PERMISSION_MODIFY_FORUMTOPIC, PERMISSION_SKIP_CAPTCHA): perm = Permission(permission_name, (), forum) roles = perm.getRoles() if 'Manager' not in roles or 'Administrator' not in roles: perm.setRoles(list(set(roles + set_roles))) self.log.debug('Default permissions added for %s', forum.absolute_url()) return True
def setUp(self): super(UserWithRolesOnlyOnFolderTestSetup, self).setUp() # get&save roles with view view_perm = Permission(view, (), self.portal) self.site_roles_with_view = view_perm.getRoles() view_perm.setRoles(('Manager')) roles = ['Administrator', 'Manager', 'Contributor'] self.auth_tool.manage_addUsersRoles(name=self.user_obj.name, roles=roles, location='/portal/info') transaction.commit() self.browser_do_login(self.user_name, self.user_password)
def _update(self, portal): meta_type = 'Naaya Meeting' if not portal.is_pluggable_item_installed(meta_type): self.log.debug('Meeting not installed') return True self.log.debug('Adding Observer role') add_observer_role(portal) self.log.debug('Patching meeting objects') meetings = portal.getCatalogedObjects(meta_type) for meeting in meetings: self.log.debug('Patching meeting object at %s' % meeting.absolute_url(1)) permission = Permission(PERMISSION_PARTICIPATE_IN_MEETING, (), meeting) permission.setRoles([OBSERVER_ROLE, WAITING_ROLE, PARTICIPANT_ROLE, ADMINISTRATOR_ROLE]) return True
def setUp(self): super(UserWithRolesOnlyOnFolderTestSetup, self).setUp() # get&save roles with view view_perm = Permission(view, (), self.portal) self.site_roles_with_view = view_perm.getRoles() view_perm.setRoles(('Manager')) roles = ['Administrator', 'Manager', 'Contributor'] self.auth_tool.manage_addUsersRoles(name=self.user_obj.name, roles=roles, location='/portal/info') transaction.commit() self.browser_do_login(self.user_name, self.user_password)
def modifyRolesForPermission(ob, pname, roles): ''' Modifies multiple role to permission mappings. roles is a list to acquire, a tuple to not acquire. ''' # This mimics what AccessControl/Role.py does. data = () for perm in ac_inherited_permissions(ob, 1): name, value = perm[:2] if name == pname: data = value break p = Permission(pname, data, ob) if p.getRoles() != roles: p.setRoles(roles) return 1 return 0
def modifyRolesForPermission(ob, pname, roles): ''' Modifies multiple role to permission mappings. roles is a list to acquire, a tuple to not acquire. ''' # This mimics what AccessControl/Role.py does. data = () for perm in ac_inherited_permissions(ob, 1): name, value = perm[:2] if name == pname: data = value break p = Permission(pname, data, ob) if p.getRoles() != roles: p.setRoles(roles) return 1 return 0
def manage_permission(self, permission_to_manage, roles=[], acquire=0): """Change the settings for the given permission. If optional arg acquire is true, then the roles for the permission are acquired, in addition to the ones specified, otherwise the permissions are restricted to only the designated roles. """ for p in self.ac_inherited_permissions(1): name, value = p[:2] if name == permission_to_manage: p = Permission(name, value, self) if acquire: roles = list(roles) else: roles = tuple(roles) p.setRoles(roles) return raise ValueError("The permission <em>%s</em> is invalid." % escape(permission_to_manage))
def manage_permission(self, permission_to_manage, roles=[], acquire=0): """Change the settings for the given permission. If optional arg acquire is true, then the roles for the permission are acquired, in addition to the ones specified, otherwise the permissions are restricted to only the designated roles. """ for p in self.ac_inherited_permissions(1): name, value = p[:2] if name == permission_to_manage: p = Permission(name, value, self) if acquire: roles = list(roles) else: roles = tuple(roles) p.setRoles(roles) return raise ValueError( "The permission <em>%s</em> is invalid." % escape(permission_to_manage))
def _update(self, portal): meta_type = 'Naaya Meeting' if not portal.is_pluggable_item_installed(meta_type): self.log.debug('Meeting not installed') return True self.log.debug('Adding Observer role') add_observer_role(portal) self.log.debug('Patching meeting objects') meetings = portal.getCatalogedObjects(meta_type) for meeting in meetings: self.log.debug('Patching meeting object at %s' % meeting.absolute_url(1)) permission = Permission(PERMISSION_PARTICIPATE_IN_MEETING, (), meeting) permission.setRoles([ OBSERVER_ROLE, WAITING_ROLE, PARTICIPANT_ROLE, ADMINISTRATOR_ROLE ]) return True
def modifyRolesForPermission(obj, pname, roles): data = () for permission in ac_inherited_permissions(obj, True): name, value = permission[:2] if name == pname: data = value break p = Permission(pname, data, obj) # Note: tuple = not acquired; list = acquired acquire = isinstance(roles, list) to_remove = set(roles) valid_roles = set(obj.validRoles()) - set(['Authenticated', 'Anonymous']) existing_roles = set([r for r in rolesForPermissionOn(pname, obj) if r and not r.endswith('_Permission')]) # If we are taking away 'Anonymous', bear in mind that this implies "any role". if 'Anonymous' in existing_roles and 'Anonymous' in to_remove: existing_roles.update(valid_roles) existing_roles.remove('Anonymous') # Similarly, 'Authenticated' implies "any role except Anonymous" if 'Authenticated' in existing_roles and 'Authenticated' in to_remove: existing_roles.update(valid_roles) existing_roles.remove('Authenticated') if acquire: new_roles = list(existing_roles - to_remove) else: new_roles = tuple(existing_roles - to_remove) if p.getRoles() != new_roles: p.setRoles(new_roles) return True return False
def setUp(self): super(NyAccess2LevelTestCase, self).setUp() self.perm1, self.perm2 = 'View', 'View History' self.role1, self.role2 = 'Contributor', 'Reviewer' addNyFolder(self.portal.info, 'testfolderparent', contributor='admin', submission=1) self.testfolderparent = self.portal.info.testfolderparent addNyFolder(self.testfolderparent, 'testfolder', contributor='admin', submission=1) self.testfolder = self.testfolderparent.testfolder # NOTE: this is *not* the way to use NyAccess. It should never # be stored in the database. It should be set as an attribute # to a *class*, like NyForum. self.testfolderparent._setOb( 'ny_access', NyAccess('ny_access', { self.perm1: self.perm1, self.perm2: self.perm2 })) self.testfolder._setOb( 'ny_access', NyAccess('ny_access', { self.perm1: self.perm1, self.perm2: self.perm2 })) # default permission map # parent folder does not inherit permissions permission = Permission(self.perm1, (), self.testfolderparent) permission.setRoles((self.role1, 'Manager')) permission = Permission(self.perm2, (), self.testfolderparent) permission.setRoles((self.role2, 'Manager')) # child folder permissions permission = Permission(self.perm1, (), self.testfolder) permission.setRoles([self.role2]) permission = Permission(self.perm2, (), self.testfolder) permission.setRoles((self.role1, 'Manager')) transaction.commit()
def removePermissionsForRole(context, role, wanted_permissions): """ Remove permissions for a role in the context. Parameters: @param context Portal object (portal itself, Archetypes item, any inherited from RoleManager) @param role role name, as a string @param wanted_permissions tuple of permissions (string names) to add for the role All wanted_permissions lose their acquiring ability """ assert type(wanted_permissions) == types.TupleType # print "Doing role:" + role + " perms:" + str(wanted_permissions) for p in context.ac_inherited_permissions(all=True): name, value = p[:2] p = Permission(name, value, context) roles = list(p.getRoles()) # print "Permission:" + name + " roles " + str(roles) if name in wanted_permissions: if role in roles: roles.remove(role) p.setRoles(tuple(roles))
def removePermissionsForRole(context, role, wanted_permissions): """ Remove permissions for a role in the context. Parameters: @param context Portal object (portal itself, Archetypes item, any inherited from RoleManager) @param role role name, as a string @param wanted_permissions tuple of permissions (string names) to add for the role All wanted_permissions lose their acquiring ability """ assert type(wanted_permissions) == tuple #print "Doing role:" + role + " perms:" + str(wanted_permissions) for p in context.ac_inherited_permissions(all=True): name, value = p[:2] p=Permission(name, value, context) roles=list(p.getRoles()) #print "Permission:" + name + " roles " + str(roles) if name in wanted_permissions: if role in roles: roles.remove(role) p.setRoles(tuple(roles))
def setUp(self): super(NyAccess2LevelTestCase, self).setUp() self.perm1, self.perm2 = 'View', 'View History' self.role1, self.role2 = 'Contributor', 'Reviewer' addNyFolder(self.portal.info, 'testfolderparent', contributor='admin', submission=1) self.testfolderparent = self.portal.info.testfolderparent addNyFolder(self.testfolderparent, 'testfolder', contributor='admin', submission=1) self.testfolder = self.testfolderparent.testfolder # NOTE: this is *not* the way to use NyAccess. It should never # be stored in the database. It should be set as an attribute # to a *class*, like NyForum. self.testfolderparent._setOb('ny_access', NyAccess('ny_access', {self.perm1: self.perm1, self.perm2: self.perm2})) self.testfolder._setOb('ny_access', NyAccess('ny_access', {self.perm1: self.perm1, self.perm2: self.perm2})) # default permission map # parent folder does not inherit permissions permission = Permission(self.perm1, (), self.testfolderparent) permission.setRoles((self.role1, 'Manager')) permission = Permission(self.perm2, (), self.testfolderparent) permission.setRoles((self.role2, 'Manager')) # child folder permissions permission = Permission(self.perm1, (), self.testfolder) permission.setRoles([self.role2]) permission = Permission(self.perm2, (), self.testfolder) permission.setRoles((self.role1, 'Manager')) transaction.commit()
def inherit_view_permission(self): permission = Permission(view, (), self) roles = permission.getRoles() roles = list(roles) permission.setRoles(roles)
def dont_inherit_view_permission(self): permission = Permission(view, (), self) roles = permission.getRoles() roles = tuple(set(roles) | set(['Manager', 'Administrator', 'Owner'])) permission.setRoles(roles)
def test_with_captcha(self): """ Test for captcha: does it show up when it's supposed to? Is it really verified? """ self.portal.acl_users._doAddUser('other_user', 'other_user', [], '', 'Other', 'User', '*****@*****.**') zperm = self.portal.get_pluggable_item(self.meta_type)['permission'] p = Permission(zperm, (), self.portal) p.setRoles(p.getRoles() + ['Authenticated']) transaction.commit() self.login_user('other_user', 'other_user') self.selenium.open('/portal/info/', True) self.selenium.select('typetoadd', 'label=%s' % self.meta_label) self.selenium.wait_for_page_to_load(self._selenium_page_timeout) assert self.selenium.is_element_present( '//input[@name="test-captcha-response"]') self._fill_add_form() # submit with no captcha response self.selenium.click("//input[@value='Submit']") self.selenium.wait_for_page_to_load(self._selenium_page_timeout) assert self.selenium.is_text_present("Verification words do not match " "the ones in the picture.") # submit with incorrect captcha response self.selenium.type('test-captcha-response', "blah blah") self.selenium.click("//input[@value='Submit']") self.selenium.wait_for_page_to_load(self._selenium_page_timeout) assert self.selenium.is_text_present("Verification words do not match " "the ones in the picture.") challenge = self.selenium.get_text( '//span[@id="test-captcha-challenge"]') response = mock_captcha.solve(challenge) self.selenium.type('test-captcha-response', response) # submit with proper response self.selenium.click("//input[@value='Submit']") self.selenium.wait_for_page_to_load(self._selenium_page_timeout) assert self.selenium.is_text_present('The administrator will analyze') transaction.abort() self._assert_object_added_properly(self.portal['info'], submitter='other_user') # "skip captcha" permission p = Permission('Naaya - Skip Captcha', (), self.portal) p.setRoles(p.getRoles() + ['Authenticated']) transaction.commit() self.selenium.open('/portal/info/', True) self.selenium.select('typetoadd', 'label=%s' % self.meta_label) self.selenium.wait_for_page_to_load(self._selenium_page_timeout) assert not self.selenium.is_element_present( '//input[@name="test-captcha-response"]') self.logout_user()
def permission_del_role(context, permission, role): """ Removes permission from role """ p = Permission(permission, (), context) crt_roles = p.getRoles() ty = type(crt_roles) p.setRoles(ty(set(crt_roles) - set([role])))
def dont_inherit_view_permission(self): permission = Permission(view, (), self) roles = permission.getRoles() roles = tuple(set(roles) | set(['Manager', 'Administrator', 'Owner'])) permission.setRoles(roles)
def permission_add_role(context, permission, role): """ Adds a role to a permission""" p = Permission(permission, (), context) crt_roles = p.getRoles() ty = type(crt_roles) p.setRoles(ty(set(crt_roles) | set([role])))
def inherit_view_permission(self): permission = Permission(view, (), self) roles = permission.getRoles() roles = list(roles) permission.setRoles(roles)