def cached_roles(parent: IBaseObject, permission: str,
level: str) -> typing.Dict[str, int]:
"""
Get the roles for a specific permission.
Global + Local + Code
"""
try:
cache = parent.__volatile__.setdefault('security_cache', {})
except AttributeError:
cache = {}
try:
cache_roles = cache['roles']
except KeyError:
cache_roles = cache['roles'] = {}
try:
return cache_roles[permission + level]
except KeyError:
pass
if parent is None:
roles = dict([(role, 1)
for (role,
setting) in code_roles_for_permission(permission)
if setting is Allow])
cache_roles[permission + level] = roles
return roles
perminhe = IInheritPermissionMap(parent, None)
if perminhe is None or perminhe.get_inheritance(permission) is Allow:
roles = cached_roles(getattr(parent, '__parent__', None), permission,
'p')
else:
# We don't apply global permissions also
# Its dangerous as may lead to an object who nobody can see
roles = dict()
roleper = IRolePermissionMap(parent, None)
if roleper:
roles = roles.copy()
for role, setting in roleper.get_roles_for_permission(permission):
if setting is Allow:
roles[role] = 1
elif setting is AllowSingle and level == 'o':
roles[role] = 1
elif setting is Deny and role in roles:
del roles[role]
cache_roles[permission + level] = roles
return roles
def cached_roles(self, parent, permission, level):
"""Get the roles for a specific permission.
Global + Local + Code
"""
cache = self.cache(parent)
try:
cache_roles = cache.roles
except AttributeError:
cache_roles = cache.roles = {}
try:
return cache_roles[permission]
except KeyError:
pass
if parent is None:
roles = dict([
(role, 1)
for (role, setting) in code_roles_for_permission(permission)
if setting is Allow
])
cache_roles[permission] = roles
return roles
perminhe = IInheritPermissionMap(parent, None)
if perminhe is None or perminhe.get_inheritance(permission) is Allow:
roles = self.cached_roles(getattr(parent, '__parent__', None),
permission, 'p')
else:
# We don't apply global permissions also
# Its dangerous as may lead to an object who nobody can see
roles = dict()
roleper = IRolePermissionMap(parent, None)
if roleper:
roles = roles.copy()
for role, setting in roleper.get_roles_for_permission(permission):
if setting is Allow:
roles[role] = 1
elif setting is AllowSingle and level == 'o':
roles[role] = 1
elif setting is Deny and role in roles:
del roles[role]
if level != 'o':
# Only cache on non 1rst level queries needs new way
cache_roles[permission] = roles
return roles
def cached_roles(self, parent, permission, level):
"""Get the roles for a specific permission.
Global + Local + Code
"""
cache = self.cache(parent)
try:
cache_roles = cache.roles
except AttributeError:
cache_roles = cache.roles = {}
try:
return cache_roles[permission]
except KeyError:
pass
if parent is None:
roles = dict(
[(role, 1)
for (role, setting) in code_roles_for_permission(permission)
if setting is Allow])
cache_roles[permission] = roles
return roles
perminhe = IInheritPermissionMap(parent, None)
if perminhe is None or perminhe.get_inheritance(permission) is Allow:
roles = self.cached_roles(
getattr(parent, '__parent__', None),
permission, 'p')
else:
# We don't apply global permissions also
# Its dangerous as may lead to an object who nobody can see
roles = dict()
roleper = IRolePermissionMap(parent, None)
if roleper:
roles = roles.copy()
for role, setting in roleper.get_roles_for_permission(permission):
if setting is Allow:
roles[role] = 1
elif setting is AllowSingle and level == 'o':
roles[role] = 1
elif setting is Deny and role in roles:
del roles[role]
if level != 'o':
# Only cache on non 1rst level queries needs new way
cache_roles[permission] = roles
return roles
def cached_roles(self, parent, permission, level):
"""Get the roles for a specific permission.
Global + Local + Code
"""
cache = self.cache(parent)
try:
cache_roles = cache.roles
except AttributeError:
cache_roles = cache.roles = {}
try:
return cache_roles[permission]
except KeyError:
pass
if parent is None:
roles = dict([
(role, 1)
for (role, setting) in code_roles_for_permission(permission)
if setting is Allow
])
cache_roles[permission] = roles
return roles
roles = self.cached_roles(getattr(parent, '__parent__', None),
permission, 'p')
roleper = IRolePermissionMap(parent, None)
if roleper:
roles = roles.copy()
for role, setting in roleper.get_roles_for_permission(permission):
if setting is Allow:
roles[role] = 1
elif setting is AllowSingle and level == 'o':
roles[role] = 1
elif setting is Deny and role in roles:
del roles[role]
if level != 'o':
# Only cache on non 1rst level queries needs new way
cache_roles[permission] = roles
return roles