def revoke_local_roles_for(brain_or_object, roles, user=None):
"""Revoke local roles for the object
Code extracted from `IRoleManager.manage_setLocalRoles`
:param brain_or_object: Catalog brain or object
:param roles: The local roles to revoke for the current user
:param user: A user ID, user object or None (for the current user)
"""
user_id = get_user_id(user)
obj = api.get_object(brain_or_object)
valid_roles = get_valid_roles_for(obj)
to_grant = list(get_local_roles_for(obj))
if isinstance(roles, basestring):
roles = [roles]
for role in roles:
if role in to_grant:
if role not in valid_roles:
raise ValueError("The Role '{}' is invalid.".format(role))
# Remove the role
to_grant.remove(role)
if len(to_grant) > 0:
obj.manage_setLocalRoles(user_id, to_grant)
else:
obj.manage_delLocalRoles([user_id])
return get_local_roles_for(brain_or_object)
def get_actor(snapshot):
"""Get the actor of the snapshot
"""
actor = get_meta_value_for(snapshot, "actor")
if not actor:
return get_user_id()
return actor
def get_local_roles_for(brain_or_object, user=None):
"""Get the local defined roles on the context
Code extracted from `IRoleManager.get_local_roles_for_userid`
:param brain_or_object: Catalog brain or object
:param user: A user ID, user object or None (for the current user)
:returns: List of granted local roles on the given object
"""
user_id = get_user_id(user)
obj = api.get_object(brain_or_object)
return sorted(obj.get_local_roles_for_userid(user_id))
def grant_local_roles_for(brain_or_object, roles, user=None):
"""Grant local roles for the object
Code extracted from `IRoleManager.manage_addLocalRoles`
:param brain_or_object: Catalog brain or object
:param user: A user ID, user object or None (for the current user)
:param roles: The local roles to grant for the current user
"""
user_id = get_user_id(user)
obj = api.get_object(brain_or_object)
if isinstance(roles, basestring):
roles = [roles]
obj.manage_addLocalRoles(user_id, roles)
return get_local_roles_for(brain_or_object)