Exemple #1
0
 def getRolesInContext(self, user, object):
     # we combine the permission of the user with those of the
     # groups she belongs to
     uf = self._get_userfolder(user)
     if uf is not None:
         # rewrap user with an unwrapped user folder, so
         # _check_context works appropriately
         user = aq_inner(user)
         user = user.__of__(uf)
     principal_ids = self._get_principal_ids(user)
     roles = set()
     for obj in self._parent_chain(object):
         if user._check_context(obj):
             count = -1
             for count, a in enumerate(self._getAdapters(obj)):
                 for pid in principal_ids:
                     roles.update(a.getRoles(pid))
             # XXX: BBB code, kicks in only if there's no proper adapter
             if count == -1:
                 workspace = IGroupAwareWorkspace(obj,
                                                  IWorkspace(obj, None))
                 if workspace is not None:
                     roles.update(workspace.getLocalRolesForPrincipal(user))
                     for group in self._groups(obj, user, workspace):
                         roles.update(
                             workspace.getLocalRolesForPrincipal(group))
     return list(roles)
Exemple #2
0
    def getAllLocalRolesInContext(self, object):
        rolemap = {}
        for obj in self._parent_chain(object):
            for a in self._getAdapters(obj):
                iter_roles = a.getAllRoles()
                for principal, roles in iter_roles:
                    rolemap.setdefault(principal, set()).update(roles)
            else:  # XXX: BBB code, kicks in only if there's no proper ddapter
                workspace = IGroupAwareWorkspace(obj, IWorkspace(obj, None))
                if workspace is not None:
                    rolemap.update(workspace.getLocalRoles())

        return rolemap
Exemple #3
0
    def checkLocalRolesAllowed(self, user, object, object_roles):
        """Checks if the user has one of the specified roles in the
        given context, short circuits when the first provider granting
        one of the roles is found."""
        uf = self._get_userfolder(user)
        if uf is not None:
            # rewrap user with an unwrapped user folder, so
            # _check_context works appropriately
            user = aq_inner(user)
            user = user.__of__(uf)
        check_roles = set(object_roles)
        principal_ids = self._get_principal_ids(user)
        for obj in self._parent_chain(object):
            count = -1
            for count, a in enumerate(self._getAdapters(obj)):
                for pid in principal_ids:
                    roles = a.getRoles(pid)
                    if check_roles.intersection(roles):
                        if user._check_context(obj):
                            return 1
                        else:
                            return 0
            # XXX: BBB code, kicks in only if there's no proper adapter
            if count == -1:
                workspace = IGroupAwareWorkspace(obj, IWorkspace(obj, None))
                if workspace is not None:
                    roles = workspace.getLocalRolesForPrincipal(user)
                    if check_roles.intersection(roles):
                        if user._check_context(obj):
                            return 1
                        else:
                            return 0
                    for group in self._groups(obj, user, workspace):
                        roles = workspace.getLocalRolesForPrincipal(group)
                        if check_roles.intersection(roles):
                            if user._check_context(obj):
                                return 1
                            else:
                                return 0

        return None