class PrincipalRoles(grok.Adapter):
    """Grant a role to a principal.
    """
    grok.context(IPrincipal)
    grok.implements(IPrincipalRoles)

    def __init__(self, context):
        site = getSite()
        self.userid = context.id
        self.manager = IPrincipalRoleManager(site)

    @apply
    def roles():
        """Writable property for roles.
        """
        def get(self):
            setting = self.manager.getRolesForPrincipal(self.userid)
            return [role[0] for role in setting if role[1] is Allow]

        def set(self, roles):
            # removing undefined roles
            setting = self.manager.getRolesForPrincipal(self.userid)
            for role in setting:
                if role[0] not in roles and role[1] is Allow:
                    self.manager.unsetRoleForPrincipal(role[0], self.userid)

            # setting new roles
            for role in roles:
                self.manager.assignRoleToPrincipal(role, self.userid)

        return property(get, set)
Exemple #2
0
 def handle_add(self):
     data, errors = self.extractData()
     if errors:
         self.flash(u'Es ist ein Fehler aufgetreten', 'warning')
         return
     changes = apply_data_event(self.fields, self.context, data)
     role_manager = IPrincipalRoleManager(grok.getSite())
     for role_id, setting in role_manager.getRolesForPrincipal(data['login']):
         role_manager.removeRoleFromPrincipal(role_id, data['login'])
     role_manager.assignRoleToPrincipal(data['role'], data['login'])
     print role_manager.getRolesForPrincipal(data['login'])
     self.redirect(self.url(grok.getSite(), '/benutzer'))
Exemple #3
0
 def handle_delete(self):
     data, errors = self.extractData()
     del self.context.__parent__[self.context.__name__]
     role_manager = IPrincipalRoleManager(grok.getSite())
     for role_id, setting in role_manager.getRolesForPrincipal(data['login']):
         role_manager.removeRoleFromPrincipal(role_id, data['login'])
     self.redirect(self.url(grok.getSite(), '/benutzer'))
Exemple #4
0
 def accountFromRoles(self, login):
     ''' Populate self.roles by querying the role manager
     '''
     roleMgr = IPrincipalRoleManager(grok.getSite())
     for rid, setting in roleMgr.getRolesForPrincipal('gfn.'+login):
         if setting.getName() == 'Allow':
             self.roles.add(rid)
Exemple #5
0
    def test_homefolder_creation_roles(self):
        from zope.securitypolicy.interfaces import IPrincipalRoleManager

        utility = uvcsite.interfaces.IHomeFolderManager(self.app)
        homefolder = utility.create('lars')

        prm = IPrincipalRoleManager(homefolder)
        for role, setting in prm.getRolesForPrincipal('lars'):
            self.assertTrue(role in utility.owner_roles)
            self.assertEqual(setting, zope.securitypolicy.settings.Allow)
Exemple #6
0
 def rolesFromAccount(self):
     ''' Populate the managed roles for this principal from self.roles
     '''
     roleMgr = IPrincipalRoleManager(grok.getSite())
     if self.login == 'admin':
         self.roles.add('gfn.Administrator')
     for rid, _setting in roleMgr.getRolesForPrincipal('gfn.'+self.login):
         roleMgr.unsetRoleForPrincipal(rid, 'gfn.'+self.login)
     for role in self.roles:
         roleMgr.assignRoleToPrincipal(role, 'gfn.'+self.login)
    def roles(self):
        principal_id = self.__principal__.id
        rolemanager = IPrincipalRoleManager(getSite())

        roles = {}
        for rid in self._roles:
            roles[rid] = Unset

        for role, setting in rolemanager.getRolesForPrincipal(principal_id):
            if role in self._roles:
                roles[role] = setting

        return roles
Exemple #8
0
    def prepare(self):
        results = getUtility(IAcknowledgements).search(object=self.context)

        acknowledged = [i.principal for i in results]
        allusers = searchPrincipals(
            type=('user',),
            principalSubscribed={'any_of': (True,)})

        members = []
        bannedusers = getUtility(IBanPrincipalConfiglet)
        rolemanager = IPrincipalRoleManager(getSite())
        checkroles = ['zope.Anonymous', ]

        portal_roles = getUtility(IPortalRoles)
        if 'site.member' in portal_roles:
            checkroles.append(portal_roles['site.member'].id)

        for pid in [i.id for i in allusers if i.id not in acknowledged]:
            # Note: skip banned users
            if pid in bannedusers.banned:
                continue

            try:
                principal = getPrincipal(pid)
            except PrincipalLookupError:
                continue

            # Note: skip users with Deny roles
            nextitem = False
            for role, setting in rolemanager.getRolesForPrincipal(pid):
                if role == 'zope.Manager':
                    continue
                if role in checkroles and setting == Deny:
                    nextitem = True
                    break
            if nextitem:
                continue

            profile = IPersonalProfile(principal, None)
            if profile is None:
                continue

            members.append(profile)

        return self.export(members)
    def prepare(self):
        results = getUtility(IAcknowledgements).search(object=self.context)

        acknowledged = [i.principal for i in results]
        allusers = searchPrincipals(
            type=('user',),
            principalSubscribed={'any_of': (True,)})

        members = []
        bannedusers = getUtility(IBanPrincipalConfiglet)
        rolemanager = IPrincipalRoleManager(getSite())
        checkroles = ['zope.Anonymous', ]

        portal_roles = getUtility(IPortalRoles)
        if 'site.member' in portal_roles:
            checkroles.append(portal_roles['site.member'].id)

        for pid in [i.id for i in allusers if i.id not in acknowledged]:
            # Note: skip banned users
            if pid in bannedusers.banned:
                continue

            try:
                principal = getPrincipal(pid)
            except PrincipalLookupError:
                continue

            # Note: skip users with Deny roles
            nextitem = False
            for role, setting in rolemanager.getRolesForPrincipal(pid):
                if role == 'zope.Manager':
                    continue
                if role in checkroles and setting == Deny:
                    nextitem = True
                    break
            if nextitem:
                continue

            profile = IPersonalProfile(principal, None)
            if profile is None:
                continue

            members.append(profile)

        return self.export(members)
Exemple #10
0
    def prepare(self):
        results = getUtility(IAcknowledgements).search(object=self.context)

        if len(results) > 0:
            members = []
            # localtz = tz.tzlocal()
            bannedusers = getUtility(IBanPrincipalConfiglet)
            rolemanager = IPrincipalRoleManager(getSite())
            checkroles = ['zope.Anonymous', ]

            portal_roles = getUtility(IPortalRoles)
            if 'site.member' in portal_roles:
                checkroles.append(portal_roles['site.member'].id)

            for pid, ack_date in [(i.principal, i.date) for i in results]:
                # Note: skip banned users
                if pid in bannedusers.banned:
                    continue

                try:
                    principal = getPrincipal(pid)
                except PrincipalLookupError:
                    continue

                # Note: skip users with Deny roles
                nextitem = False
                for role, setting in rolemanager.getRolesForPrincipal(pid):
                    if role == 'zope.Manager':
                        continue
                    if role in checkroles and setting == Deny:
                        nextitem = True
                        break
                if nextitem:
                    continue

                profile = IPersonalProfile(principal, None)
                if profile is None:
                    continue
                members.append(
                    (profile, ack_date.strftime('%Y-%m-%d %H:%M UTC')))
                # NOTE: convert date to local time zone
                # .replace(tzinfo=utc).astimezone(localtz).strftime('%Y-%m-%d %H:%M %Z')

            return self.export(members)
    def prepare(self):
        results = getUtility(IAcknowledgements).search(object=self.context)

        if len(results) > 0:
            members = []
            # localtz = tz.tzlocal()
            bannedusers = getUtility(IBanPrincipalConfiglet)
            rolemanager = IPrincipalRoleManager(getSite())
            checkroles = ['zope.Anonymous', ]

            portal_roles = getUtility(IPortalRoles)
            if 'site.member' in portal_roles:
                checkroles.append(portal_roles['site.member'].id)

            for pid, ack_date in [(i.principal, i.date) for i in results]:
                # Note: skip banned users
                if pid in bannedusers.banned:
                    continue

                try:
                    principal = getPrincipal(pid)
                except PrincipalLookupError:
                    continue

                # Note: skip users with Deny roles
                nextitem = False
                for role, setting in rolemanager.getRolesForPrincipal(pid):
                    if role == 'zope.Manager':
                        continue
                    if role in checkroles and setting == Deny:
                        nextitem = True
                        break
                if nextitem:
                    continue

                profile = IPersonalProfile(principal, None)
                if profile is None:
                    continue
                members.append(
                    (profile, ack_date.strftime('%Y-%m-%d %H:%M UTC')))
                # NOTE: convert date to local time zone
                # .replace(tzinfo=utc).astimezone(localtz).strftime('%Y-%m-%d %H:%M %Z')

            return self.export(members)
Exemple #12
0
 def getRoles(self, user):
     manager = IPrincipalRoleManager(self.context)
     setting = manager.getRolesForPrincipal(user)
     return [role[0] for role in setting if role[1] is Allow]
Exemple #13
0
 def getRoles(self, user):
     manager = IPrincipalRoleManager(self.context)
     setting = manager.getRolesForPrincipal(user)
     return [role[0] for role in setting if role[1] is Allow]
Exemple #14
0
 def borrarUsuario(self, usuario):
     if usuario in self.contenedor_cuentas:
         role_manager = IPrincipalRoleManager(grok.getSite())
         rol = role_manager.getRolesForPrincipal(usuario)[0]
         role_manager.removeRoleFromPrincipal(rol[0], usuario)
         del self.contenedor_cuentas[usuario]
Exemple #15
0
 def borrarUsuario(self, usuario):
     if usuario in self.contenedor_cuentas:
         role_manager = IPrincipalRoleManager(grok.getSite())
         rol = role_manager.getRolesForPrincipal(usuario)[0]
         role_manager.removeRoleFromPrincipal(rol[0], usuario)
         del self.contenedor_cuentas[usuario]