def manage_changePermissions(self, REQUEST):
"""Change all permissions settings, called by management screen."""
valid_roles = self.valid_roles()
have = REQUEST.__contains__
permissions = self.ac_inherited_permissions(1)
fails = []
for ip in range(len(permissions)):
permission_name = permissions[ip][0]
permission_hash = _string_hash(permission_name)
roles = []
for role in valid_roles:
role_name = role
role_hash = _string_hash(role_name)
if have("permission_%srole_%s" % (permission_hash, role_hash)):
roles.append(role)
name, value = permissions[ip][:2]
try:
p = Permission(name, value, self)
if not have('acquire_%s' % permission_hash):
roles = tuple(roles)
p.setRoles(roles)
except Exception:
fails.append(name)
if fails:
raise BadRequest('Some permissions had errors: ' +
html.escape(', '.join(fails), True))
if REQUEST is not None:
return self.manage_access(REQUEST)
def test12_retrieveAndRevertRetainWorkingCopiesPermissions(self):
portal_repo = self.portal.portal_repository
doc = self.portal.doc
perm = 'Access contents information'
if has_zope4:
member_role = 'permission_{0}role_{1}'.format(
_string_hash(perm),
_string_hash('Member')
)
else:
roles = list(doc.valid_roles())
member_role = 'p0r{0}'.format(roles.index('Member'))
doc.manage_permission(perm, ('Manager',), 0)
portal_repo.applyVersionControl(doc)
doc.manage_permission(perm, ('Manager', 'Member'), 1)
portal_repo.save(doc)
# just check the original is unchanged
settings = doc.permission_settings(perm)[0]
self.failUnless(settings['acquire'])
role_enabled = [r for r in settings['roles']
if r['name'] == member_role][0]
self.failUnless(role_enabled['checked'])
# ----- retrieve
# check if retrieved object carries the working copy's permissions
retrieved_data = portal_repo.retrieve(
doc, 0, preserve=['_Access_contents_information_Permission'])
settings = retrieved_data.object.permission_settings(perm)[0]
self.failUnless(settings['acquire'])
role_enabled = [
r for r in settings['roles']
if r['name'] == member_role
][0]
self.failUnless(role_enabled['checked'])
# check that the working copy's permissions are unchanged
settings = doc.permission_settings(perm)[0]
self.failUnless(settings['acquire'])
role_enabled = [
r for r in settings['roles']
if r['name'] == member_role
][0]
self.failUnless(role_enabled['checked'])
# check if the preserved data is returned correctly
preserved = retrieved_data.preserved_data['_Access_contents_information_Permission'] # noqa
self.assertEqual(preserved, ('Manager',))
# ----- revert
# check that the working copies permissions are unchanged after revert
portal_repo.revert(doc, 0)
settings = doc.permission_settings(perm)[0]
self.failUnless(settings['acquire'])
role_enabled = [r for r in settings['roles']
if r['name'] == member_role][0]
self.failUnless(role_enabled['checked'])
def test12_retrieveAndRevertRetainWorkingCopiesPermissions(self):
portal_repo = self.portal.portal_repository
doc = self.portal.doc
perm = 'Access contents information'
if has_zope4:
member_role = 'permission_{0}role_{1}'.format(
_string_hash(perm),
_string_hash('Member')
)
else:
roles = list(doc.valid_roles())
member_role = 'p0r{0}'.format(roles.index('Member'))
doc.manage_permission(perm, ('Manager',), 0)
portal_repo.applyVersionControl(doc)
doc.manage_permission(perm, ('Manager', 'Member'), 1)
portal_repo.save(doc)
# just check the original is unchanged
settings = doc.permission_settings(perm)[0]
self.assertTrue(settings['acquire'])
role_enabled = [r for r in settings['roles']
if r['name'] == member_role][0]
self.assertTrue(role_enabled['checked'])
# ----- retrieve
# check if retrieved object carries the working copy's permissions
retrieved_data = portal_repo.retrieve(
doc, 0, preserve=['_Access_contents_information_Permission'])
settings = retrieved_data.object.permission_settings(perm)[0]
self.assertTrue(settings['acquire'])
role_enabled = [
r for r in settings['roles']
if r['name'] == member_role
][0]
self.assertTrue(role_enabled['checked'])
# check that the working copy's permissions are unchanged
settings = doc.permission_settings(perm)[0]
self.assertTrue(settings['acquire'])
role_enabled = [
r for r in settings['roles']
if r['name'] == member_role
][0]
self.assertTrue(role_enabled['checked'])
# check if the preserved data is returned correctly
preserved = retrieved_data.preserved_data['_Access_contents_information_Permission'] # noqa
self.assertEqual(preserved, ('Manager',))
# ----- revert
# check that the working copies permissions are unchanged after revert
portal_repo.revert(doc, 0)
settings = doc.permission_settings(perm)[0]
self.assertTrue(settings['acquire'])
role_enabled = [r for r in settings['roles']
if r['name'] == member_role][0]
self.assertTrue(role_enabled['checked'])
def manage_changePermissions(self, REQUEST):
"""Change all permissions settings, called by management screen."""
valid_roles = self.valid_roles()
have = REQUEST.__contains__
permissions = self.ac_inherited_permissions(1)
fails = []
for ip in range(len(permissions)):
permission_name = permissions[ip][0]
permission_hash = _string_hash(permission_name)
roles = []
for role in valid_roles:
role_name = role
role_hash = _string_hash(role_name)
if have("permission_%srole_%s" % (permission_hash, role_hash)):
roles.append(role)
name, value = permissions[ip][:2]
try:
p = Permission(name, value, self)
if not have('acquire_%s' % permission_hash):
roles = tuple(roles)
p.setRoles(roles)
except Exception:
fails.append(name)
if fails:
raise BadRequest('Some permissions had errors: '
+ escape(', '.join(fails), True))
if REQUEST is not None:
return self.manage_access(REQUEST)
def get_permissions(self):
"""Permission of object (Security tab in ZMI)
:keys: _permissions
This works well until Plone 51.
From Plone 52, permission_settings method returns a different list.
"""
self["_permissions"] = {}
if getattr(self.context, "permission_settings", False):
roles = self.context.validRoles()
ps = self.context.permission_settings()
for perm in ps:
unchecked = 0
if not perm["acquire"]:
unchecked = 1
new_roles = []
for role in perm["roles"]:
if role["checked"]:
if six.PY2:
role_idx = role["name"].index("r") + 1
role_name = roles[int(role["name"][role_idx:])]
new_roles.append(role_name)
else:
role_hash = role["name"].split("role_")[1]
role_name = [
x
for x in roles
if _string_hash(x) == role_hash
]
new_roles.append(role_name[0])
if unchecked or new_roles:
self["_permissions"][perm["name"]] = {
"acquire": not unchecked,
"roles": new_roles,
}
