def revoke_roles(user=None, roles=(), root=None): if not roles: return if user is None: user = get_current() if isinstance(user, Anonymous): return #TODO use cookies to revoke roles normalized_roles = [] if root is None: root = getSite() for role in roles: if isinstance(role, basestring): normalized_roles.append((role, root)) else: normalized_roles.append(role) for role in normalized_roles: obj = role[1] opts = {u'source_id': get_oid(user), u'target_id': get_oid(obj)} opts[u'relation_id'] = role[0] opts[u'reftype'] = 'Role' relations = [r for r in find_relations(obj, opts).all()] if not (obj is root): opts[u'target_id'] = get_oid(root) relations.extend([r for r in find_relations(obj, opts).all()]) for relation in relations: disconnect(relation) if hasattr(user, 'reindex'): user.reindex()
def test_disconnect_relation(self): before = len(get_relations_container(self.app)) source, target, relation = self._create_relation() self.assertEqual(len(get_relations_container(source)), before + 1) results = find_relations(source, {'target_id': get_oid(target)}) before = len(get_relations_container(self.app)) disconnect(relation) self.assertEqual(len(get_relations_container(source)), before - 1) results = find_relations(source, {'target_id': get_oid(target)}) self.assertEqual(len(list(results)), 0)
def test_remove_target(self): before = len(get_relations_container(self.app)) source, target, relation = self._create_relation() self.assertEqual(len(get_relations_container(source)), before + 1) results = find_relations(source, {'target_id': get_oid(target)}) self.assertEqual(len(list(results)), 1) before = len(get_relations_container(self.app)) del target.__parent__[target.__name__] self.assertEqual(len(get_relations_container(source)), before - 1) results = find_relations(source, {'target_id': get_oid(target)}) self.assertEqual(len(list(results)), 0)
def get_roles(user=None, obj=None, root=None, ignore_groups=False): if user is None: user = get_current() if isinstance(user, Anonymous): return [RoleAnonymous.name] if root is None: root = getSite() if obj is None: obj = root opts = {u'source_id': get_oid(user), u'target_id': get_oid(obj)} opts[u'reftype'] = 'Role' roles = [r.relation_id for r in find_relations(obj, opts).all()] principals = find_service(root, 'principals') sd_admin = principals['users']['admin'] if sd_admin is user and 'Admin' not in roles: roles.append('Admin') groups = [] if not ignore_groups: groups.extend(getattr(user, 'groups', [])) for group in groups: roles.extend(get_roles(group, obj, root)) return list(set(roles))
def get_roles(user=None, obj=None, root=None, ignore_groups=False): if user is None: user = get_current() if isinstance(user, Anonymous): return [RoleAnonymous.name] if root is None: root = getSite() if obj is None: obj = root opts = {u'source_id': get_oid(user), u'target_id': get_oid(obj)} opts[u'reftype'] = 'Role' roles = [r.relation_id for r in find_relations(obj, opts).all()] principals = find_service('principals') sd_admin = principals['users']['admin'] if sd_admin is user and 'Admin' not in roles: roles.append('Admin') groups = [] if not ignore_groups: groups.extend(getattr(user, 'user_groups', [])) for group in groups: roles.extend(get_roles(group, obj, root)) return list(set(roles))
def get_access_keys(user, root=None, to_exclude=[]): if isinstance(user, Anonymous): return ['anonymous'] principals = find_service('principals') sd_admin = principals['users']['admin'] pricipal_root = getSite() if root is None: root = pricipal_root root_oid = get_oid(root) principal_root_oid = get_oid(pricipal_root) if sd_admin is user: return list(set([('admin'+'_'+str(root_oid)).lower(), ('admin'+'_'+str(principal_root_oid)).lower()])) groups = list(getattr(user, 'user_groups', [])) groups.append(user) relations = [] for group in groups: opts = {u'source_id': get_oid(group)} opts[u'reftype'] = 'Role' relations.extend(list(find_relations(group, opts).all())) result = [(t.relation_id+'_'+str(t.target_id)).lower() \ for t in relations if t.target_id not in to_exclude] for relation in relations: if relation.relation_id == 'Admin': result.append(('admin'+'_'+str(principal_root_oid)).lower()) break return list(set(result))
def get_objects_with_role(user=None, role=None, root=None): if role is None: return [] if user is None: user = get_current() if isinstance(user, Anonymous): return False #TODO use cookies to find objects if root is None: root = getSite() groups = list(getattr(user, 'user_groups', [])) groups.append(user) objects = [] for principal in groups: opts = {u'source_id': get_oid(principal)} opts[u'relation_id'] = role opts[u'reftype'] = 'Role' objects.extend([r.target for r in find_relations(root, opts).all()]) objects = list(set(objects)) if root in objects: objects.remove(root) return objects
def get_access_keys(user, root=None, to_exclude=[]): if isinstance(user, Anonymous): return ['anonymous'] principals = find_service(user, 'principals') sd_admin = principals['users']['admin'] pricipal_root = getSite() if root is None: root = pricipal_root root_oid = get_oid(root) principal_root_oid = get_oid(pricipal_root) if sd_admin is user: return list(set([('admin'+'_'+str(root_oid)).lower(), ('admin'+'_'+str(principal_root_oid)).lower()])) groups = list(getattr(user, 'groups', [])) groups.append(user) relations = [] for group in groups: opts = {u'source_id': get_oid(group)} opts[u'reftype'] = 'Role' relations.extend(list(find_relations(group, opts).all())) result = [(t.relation_id+'_'+str(t.target_id)).lower() \ for t in relations if t.target_id not in to_exclude] for relation in relations: if relation.relation_id == 'Admin': result.append(('admin'+'_'+str(principal_root_oid)).lower()) break return list(set(result))
def revoke_roles(user=None, roles=(), root=None): if not roles: return if user is None: user = get_current() if isinstance(user, Anonymous): return #TODO use cookies to revoke roles normalized_roles = [] if root is None: root = getSite() for role in roles: if isinstance(role, basestring): normalized_roles.append((role, root)) else: normalized_roles.append(role) for role in normalized_roles: obj = role[1] opts = {u'source_id': get_oid(user), u'target_id': get_oid(obj)} opts[u'relation_id'] = role[0] opts[u'reftype'] = 'Role' relations = [r for r in find_relations(obj, opts).all()] if not(obj is root): opts[u'target_id'] = get_oid(root) relations.extend([r for r in find_relations(obj, opts).all()]) for relation in relations: disconnect(relation) if hasattr(user, 'reindex'): user.reindex()
def has_any_roles(user=None, roles=(), ignore_superiors=False, root=None): if not roles: return True normalized_roles = {} if root is None: root = getSite() for role in roles: if isinstance(role, basestring): normalized_roles[role] = root if not ignore_superiors: normalized_roles.update(dict(_get_allsuperiors(role, root))) else: normalized_roles[role[0]] = role[1] if not ignore_superiors: normalized_roles.update(dict(_get_allsuperiors(role[0], root))) if user is None: user = get_current() if isinstance(user, Anonymous): return RoleAnonymous.name in normalized_roles if 'Admin' in normalized_roles: principals = find_service('principals') sd_admin = principals['users']['admin'] if sd_admin is user: return True groups = list(getattr(user, 'user_groups', [])) groups.append(user) for role in normalized_roles: context = normalized_roles[role] opts = {u'source_id': ( 'any', tuple(sorted([get_oid(g) for g in groups]))), u'target_id': get_oid(context)} opts[u'relation_id'] = role opts[u'reftype'] = 'Role' if find_relations(root, opts): return True return False
def has_any_roles(user=None, roles=(), ignore_superiors=False, root=None): if not roles: return True normalized_roles = {} if root is None: root = getSite() for role in roles: if isinstance(role, basestring): normalized_roles[role] = root if not ignore_superiors: normalized_roles.update(dict(_get_allsuperiors(role, root))) else: normalized_roles[role[0]] = role[1] if not ignore_superiors: normalized_roles.update(dict(_get_allsuperiors(role[0], root))) if user is None: user = get_current() if isinstance(user, Anonymous): return RoleAnonymous.name in normalized_roles if 'Admin' in normalized_roles: principals = find_service(root, 'principals') sd_admin = principals['users']['admin'] if sd_admin is user: return True groups = list(getattr(user, 'groups', [])) groups.append(user) for role in normalized_roles: context = normalized_roles[role] opts = {u'source_id': ( 'any', tuple(sorted([get_oid(g) for g in groups]))), u'target_id': get_oid(context)} opts[u'relation_id'] = role opts[u'reftype'] = 'Role' if find_relations(root, opts): return True return False
def get_users_with_role(role=None, root=None): if role is None: return [] if root is None: root = getSite() normalized_role = role if isinstance(role, basestring): normalized_role = (role, root) opts = {u'target_id': get_oid(normalized_role[1])} opts[u'relation_id'] = normalized_role[0] opts[u'reftype'] = 'Role' users = list(set([r.source for r in find_relations(normalized_role[1], opts).all()])) result = [u for u in users if isinstance(u, User)] groups = [g.members for g in users if isinstance(g, Group)] groups = [item for sublist in groups for item in sublist] result.extend(groups) return list(set(result))
def get_objects_with_role(user=None, role=None, root=None): if role is None: return [] if user is None: user = get_current() if isinstance(user, Anonymous): return False #TODO use cookies to find objects if root is None: root = getSite() opts = {u'source_id': get_oid(user)} opts[u'relation_id'] = role opts[u'reftype'] = 'Role' objects = [r.target for r in find_relations(root, opts).all()] objects = list(set(objects)) if root in objects: objects.remove(root) return objects
def test_find_relations(self): source, target, relation = self._create_relation() results = list(find_relations(source, {'source_id': get_oid(source)})) self.assertEqual(len(results), 1) self.assertTrue(isinstance(results[0], RelationValue)) self.assertIs(results[0].source, source) self.assertIs(results[0].target, target) results = find_relations(source, {'target_id': get_oid(target)}) self.assertEqual(len(list(results)), 1) results = find_relations(source, {'tags': ('any', (u'created', u'involved'))}) self.assertEqual(len(list(results)), 1) results = find_relations(source, {'tags': ('all', (u'created', u'involved'))}) self.assertEqual(len(list(results)), 0) results = find_relations(source, {'tags': u'created'}) self.assertEqual(len(list(results)), 1) results = find_relations(source, {'tags': u'involved'}) self.assertEqual(len(list(results)), 0)
def copy(obj, container, new_name=None, shared_properties=False, composite_properties=False, roles=False, omit=OMIT_ATTRIBUTES, select=None): """Return a copy of obj If you need a deepcopy of the object, set composite_properties to True To copy the roles, set roles to True container can be a folder or a tuple (folder, propertyname) If this is a tuple, the new object will be set via propertyname. (Pdb) pp obj.__dict__ {'__name__': u'object1', '__oid__': 4368702640781270144, '__parent__': <substanced.root.Root object None at 0x407cb18>, '__property__': None, '_composition_u_valuekey': u'object2', '_num_objects': <BTrees.Length.Length object at 0x4950758>, 'created_at': datetime.datetime(2014, 9, 8, 13, 0, 11, 351214), 'data': <BTrees.OOBTree.OOBTree object at 0x49513d0>, 'dynamic_properties_def': {}, 'modified_at': datetime.datetime(2014, 9, 8, 13, 0, 11, 351227)} (Pdb) pp new.__dict__ {'__property__': None, '_num_objects': <BTrees.Length.Length object at 0x46a6140>, 'created_at': datetime.datetime(2014, 9, 8, 13, 6, 48, 635835), 'data': <BTrees.OOBTree.OOBTree object at 0x46a1bd0>, 'dynamic_properties_def': {}, 'modified_at': datetime.datetime(2014, 9, 8, 13, 6, 48, 635852)} """ if omit is not OMIT_ATTRIBUTES: omit = set(omit) | set(OMIT_ATTRIBUTES) new = obj.__class__() # wake up object to have obj.__dict__ populated obj._p_activate() for key, value in obj.__dict__.items(): if key.startswith('_') or key in omit: continue new_value = zope.copy.clone(value) # this does a new pickle for primitive value setattr(new, key, new_value) if new_name is None: new_name = 'copy_of_%s' % obj.__name__ # we need to add it to a container so the object is indexed # and has a __oid__ attribute if isinstance(container, tuple): container, propertyname = container new.__name__ = name_chooser(container, new_name) container.addtoproperty(propertyname, new) else: new_name = name_chooser(container, new_name) container.add(new_name, new) seen = set() # We can have descriptors inherited, # so take care to not get descriptor of above classes if it has been # overriden in a subclass. This is what the seen variable is for here. for klass in obj.__class__.__mro__: for descriptor_id, descriptor in klass.__dict__.items(): if descriptor_id in seen: continue seen.add(descriptor_id) if descriptor_id in omit: continue if select is not None and descriptor_id not in select: continue if isinstance(descriptor, Descriptor): value = descriptor.__get__(obj) if not value: continue # if isinstance(descriptor, (SharedUniqueProperty, SharedMultipleProperty)) and shared_properties: # descriptor.__set__(new, value) # this can have the side effect of moving value to a different container! # TODO do we really want to copy shared properties? if isinstance( descriptor, (CompositeUniqueProperty, CompositeMultipleProperty)) and composite_properties: if isinstance(descriptor, CompositeUniqueProperty): value = [value] for item in value: copy(item, (new, descriptor_id), new_name=item.__name__, shared_properties=shared_properties, composite_properties=composite_properties, roles=roles, omit=omit, select=select) # copy roles if roles: relations = find_relations(obj, {'target_id': get_oid(obj)}) for rel in relations: source = rel.source target = new opts = { 'reftype': rel.reftype, 'relation_id': rel.relation_id, 'tags': list(rel.tags) } connect(source, target, **opts) return new
def copy(obj, container, new_name=None, shared_properties=False, composite_properties=False, roles=False, omit=OMIT_ATTRIBUTES, select=None): """Return a copy of obj If you need a deepcopy of the object, set composite_properties to True To copy the roles, set roles to True container can be a folder or a tuple (folder, propertyname) If this is a tuple, the new object will be set via propertyname. (Pdb) pp obj.__dict__ {'__name__': u'object1', '__oid__': 4368702640781270144, '__parent__': <substanced.root.Root object None at 0x407cb18>, '__property__': None, '_composition_u_valuekey': u'object2', '_num_objects': <BTrees.Length.Length object at 0x4950758>, 'created_at': datetime.datetime(2014, 9, 8, 13, 0, 11, 351214), 'data': <BTrees.OOBTree.OOBTree object at 0x49513d0>, 'dynamic_properties_def': {}, 'modified_at': datetime.datetime(2014, 9, 8, 13, 0, 11, 351227)} (Pdb) pp new.__dict__ {'__property__': None, '_num_objects': <BTrees.Length.Length object at 0x46a6140>, 'created_at': datetime.datetime(2014, 9, 8, 13, 6, 48, 635835), 'data': <BTrees.OOBTree.OOBTree object at 0x46a1bd0>, 'dynamic_properties_def': {}, 'modified_at': datetime.datetime(2014, 9, 8, 13, 6, 48, 635852)} """ if omit is not OMIT_ATTRIBUTES: omit = set(omit) | set(OMIT_ATTRIBUTES) new = obj.__class__() # wake up object to have obj.__dict__ populated obj._p_activate() for key, value in obj.__dict__.items(): if key.startswith('_') or key in omit: continue new_value = zope.copy.clone(value) # this does a new pickle for primitive value setattr(new, key, new_value) if new_name is None: new_name = 'copy_of_%s' % obj.__name__ # we need to add it to a container so the object is indexed # and has a __oid__ attribute if isinstance(container, tuple): container, propertyname = container new.__name__ = name_chooser(container, new_name) container.addtoproperty(propertyname, new) else: new_name = name_chooser(container, new_name) container.add(new_name, new) seen = set() # We can have descriptors inherited, # so take care to not get descriptor of above classes if it has been # overriden in a subclass. This is what the seen variable is for here. for klass in obj.__class__.__mro__: for descriptor_id, descriptor in klass.__dict__.items(): if descriptor_id in seen: continue seen.add(descriptor_id) if descriptor_id in omit: continue if select is not None and descriptor_id not in select: continue if isinstance(descriptor, Descriptor): value = descriptor.__get__(obj) if not value: continue # if isinstance(descriptor, (SharedUniqueProperty, SharedMultipleProperty)) and shared_properties: # descriptor.__set__(new, value) # this can have the side effect of moving value to a different container! # TODO do we really want to copy shared properties? if isinstance(descriptor, (CompositeUniqueProperty, CompositeMultipleProperty)) and composite_properties: if isinstance(descriptor, CompositeUniqueProperty): value = [value] for item in value: copy(item, (new, descriptor_id), new_name=item.__name__, shared_properties=shared_properties, composite_properties=composite_properties, roles=roles, omit=omit, select=select) # copy roles if roles: relations = find_relations(obj, {'target_id': get_oid(obj)}) for rel in relations: source = rel.source target = new opts = {'reftype': rel.reftype, 'relation_id': rel.relation_id, 'tags': list(rel.tags)} connect(source, target, **opts) return new