def update(self, data):
# get user role
iUserRole = objectAccess.getAccess(self.item, self.session.user)
if data.has_key('__rolesinherited') and iUserRole == objectAccess.COORDINATOR:
self.item.inheritRoles = data.pop('__rolesinherited')
if not self.item.inheritRoles:
acl = data.pop('__acl')
if acl:
security = {}
for descriptor in acl:
security[descriptor['id']] = int(descriptor['role'])
self.item.security = security
for prop in data:
oAttr = getattr(self.item, prop)
if isinstance(oAttr, datatypes.File):
# see if the user has uploaded a new file
if data[prop]['tempfile']:
oAttr.filename = data[prop]['filename']
sPath = self.server.temp_folder + '/' + data[prop]['tempfile']
oAttr.loadFromFile(sPath)
os.remove(sPath)
else:
oAttr.value = data[prop]
txn = self.server.store.getTransaction()
self.item.update(txn)
txn.commit()
return True
def getItem(sPath, trans=None):
"""
Fetches an object from the database. If the user has no read permissions
on the object then C{None} is returned.
@param sPath: The object's ID or the object's full path.
@type sPath: str
@param trans: A valid transaction handle.
@rtype: L{GenericItem<porcupine.systemObjects.GenericItem>}
@raise porcupine.serverExceptions.DBItemNotFound: if the item does not exist
"""
if (trans):
trans.actions.append( (getItem, (sPath, trans)) )
try:
oItem = db.getItem(sPath, trans)
except serverExceptions.DBTransactionIncomplete:
trans.retry()
# check read permissions
if objectAccess.getAccess(oItem, currentThread().session.user):
return(oItem)
else:
return(None)
def getSecurity(self, forItem, rolesInherited=None):
sLang = self.request.getLang()
user = self.session.user
# get user role
iUserRole = objectAccess.getAccess(forItem, user)
if iUserRole == objectAccess.COORDINATOR:
rolesInherited = rolesInherited or forItem.inheritRoles
if rolesInherited:
sChecked = 'true'
else:
sChecked = 'false'
return SECURITY_TAB % (
self.server.resources.getResource('SECURITY', sLang),
sChecked,
self.server.resources.getResource('ROLES_INHERITED', sLang),
sChecked,
self.server.resources.getResource('NAME', sLang),
self.server.resources.getResource('ROLE', sLang),
self.server.resources.getResource('ROLE_1', sLang),
self.server.resources.getResource('ROLE_2', sLang),
self.server.resources.getResource('ROLE_4', sLang),
self.server.resources.getResource('ROLE_8', sLang),
self.server.resources.getResource('ADD', sLang),
self.server.resources.getResource('REMOVE', sLang)
)
else:
return ''
def create(self, data):
# create new item
oNewItem = misc.getClassByName(data.pop('CC'))()
# get user role
iUserRole = objectAccess.getAccess(self.item, self.session.user)
if data.has_key('__rolesinherited') and iUserRole == objectAccess.COORDINATOR:
oNewItem.inheritRoles = data.pop('__rolesinherited')
if not oNewItem.inheritRoles:
acl = data.pop('__acl')
if acl:
security = {}
for descriptor in acl:
security[descriptor['id']] = int(descriptor['role'])
oNewItem.security = security
# set props
for prop in data:
oAttr = getattr(oNewItem, prop)
if isinstance(oAttr, datatypes.File):
if data[prop]['tempfile']:
oAttr.filename = data[prop]['filename']
sPath = self.server.temp_folder + '/' + data[prop]['tempfile']
oAttr.loadFromFile(sPath)
os.remove(sPath)
elif isinstance(oAttr, datatypes.Date):
oAttr.value = data[prop].value
else:
oAttr.value = data[prop]
txn = self.server.store.getTransaction()
oNewItem.appendTo(self.item.id, txn)
txn.commit()
return True
def getInfo(self):
sLang = self.request.getLang()
lstChildren = []
children = self.item.getChildren()
for child in children:
obj = {
'id' : child.id,
'image': child.__image__,
'displayName' : child.displayName.value,
'isCollection': child.isCollection,
'modified': date.Date(child.modified)
}
if hasattr(child, 'size'):
obj['size'] = child.size
lstChildren.append(obj)
containment = []
for contained in self.item.containment:
image = misc.getClassByName(contained).__image__
if not type(image)==str:
image = ''
localestring = self.server.resources.getResource(contained, sLang)
containment.append( [localestring, contained, image] )
return {
'displayName': self.item.displayName.value,
'path': misc.getFullPath(self.item),
'parentid': self.item.parentid,
'iscollection': self.item.isCollection,
'containment': containment,
'user_role': objectAccess.getAccess(self.item, self.session.user),
'contents': lstChildren
}
def setParams(self):
self.response.setHeader('cache-control', 'no-cache')
sLang = self.request.getLang()
user = self.session.user
iUserRole = objectAccess.getAccess(self.item, user)
readonly = (iUserRole==1)
self.params['ID'] = self.item.id
self.params['URI'] = self.request.serverVariables['SCRIPT_NAME'] + '/' + self.item.id
self.params['ICON'] = self.item.__image__
self.params['NAME'] = self.item.displayName.value
self.params['FULL_NAME'] = self.item.fullName.value
self.params['DESCRIPTION'] = self.item.description.value
self.params['MODIFIED'] = date.Date(self.item.modified).format(DATES_FORMAT, sLang)
self.params['MODIFIED_BY'] = self.item.modifiedBy
self.params['CONTENTCLASS'] = self.item.contentclass
self.params['SELECT_FROM'] = self.request.serverVariables['SCRIPT_NAME'] + '/' + self.item.parentid
self.params['REL_CC'] = '|'.join(self.item.memberof.relCc)
self.params['SELECT_FROM_POLICIES'] = self.request.serverVariables['SCRIPT_NAME'] + '/policies'
self.params['POLICIES_REL_CC'] = '|'.join(self.item.policies.relCc)
self.params['READONLY'] = self.getStringFromBoolean(readonly)
memberof_options = ''
memberof = self.item.memberof.getItems()
for group in memberof:
memberof_options += '<a:option img="%s" value="%s" caption="%s"></a:option>' % (group.__image__, group.id, group.displayName.value)
self.params['MEMBER_OF_OPTIONS'] = memberof_options
self.params['SECURITY_TAB'] = self.getSecurity(self.item)
def delete(self, trans):
"""
Deletes the item permanently.
@param trans: A valid transaction handle
@return: None
"""
trans.actions.append( (self.delete, (trans, )))
try:
oUser = currentThread().session.user
self = db.getItem(self._id, trans)
iUserRole = objectAccess.getAccess(self, oUser)
bCanDelete = (iUserRole > objectAccess.AUTHOR) or \
(iUserRole == objectAccess.AUTHOR and self._owner == oUser._id)
if (not(self._isSystem) and bCanDelete):
# delete item physically
self._delete(trans)
# update container
oParent = db.getItem(self._parentid, trans)
oParent._removeItemReference(self)
db.putItem(oParent, trans)
else:
raise serverExceptions.PermissionDenied
except serverExceptions.DBTransactionIncomplete:
trans.retry()
def setParams(self):
self.response.setHeader('Cache-Control', 'no-cache')
sLang = self.request.getLang()
user = self.session.user
iUserRole = objectAccess.getAccess(self.item, user)
readonly = (iUserRole==1)
self.params = {
'ID': self.item.id,
'URI': self.request.serverVariables['SCRIPT_NAME'] + '/' + self.item.id,
'IMG': self.item.__image__,
'NAME': self.item.displayName.value,
'DESCRIPTION': self.item.description.value,
'ICON': self.item.icon.value,
'INTERFACE': xmlUtils.XMLEncode(self.item.interface.value),
'SCRIPT': xmlUtils.XMLEncode(self.item.script.value),
'IS_RESIZABLE': self.getStringFromBoolean(self.item.isResizable.value),
'CAN_MINIMIZE': self.getStringFromBoolean(self.item.canMinimize.value),
'CAN_MAXIMIZE': self.getStringFromBoolean(self.item.canMaximize.value),
'LEFT': self.item.left.value,
'TOP': self.item.top.value,
'WIDTH': self.item.width.value,
'HEIGHT': self.item.height.value,
'MODIFIED': date.Date(self.item.modified).format(DATES_FORMAT, sLang),
'MODIFIED_BY': self.item.modifiedBy,
'CONTENTCLASS': self.item.contentclass,
'SECURITY_TAB': self.getSecurity(self.item),
'READONLY': self.getStringFromBoolean(readonly)
}
def copyTo(self, targetId, trans):
"""
Copies the item to the designated target.
@param targetId: The ID of the destination container
@type targetId: str
@param trans: A valid transaction handle
@return: None
"""
oTarget = _db.getItem(targetId, trans)
if self.isCollection and oTarget.isContainedIn(self._id, trans):
raise exceptions.ContainmentError, \
'Cannot copy item to destination.\n' + \
'The destination is contained in the source.'
#check permissions on target folder
oUser = currentThread().context.session.user
iUserRole = objectAccess.getAccess(oTarget, oUser)
if not(self._isSystem) and iUserRole>objectAccess.READER:
if not(self.getContentclass() in oTarget.containment):
raise exceptions.ContainmentError, \
'The target container does not accept ' + \
'objects of type "%s".' % self.getContentclass()
self._copy(oTarget, trans, True)
else:
raise exceptions.PermissionDenied, \
'The object was not copied.\n' + \
'The user has insufficient permissions.'
def delete(self, trans):
"""
Deletes the item permanently.
@param trans: A valid transaction handle
@return: None
"""
oUser = currentThread().context.session.user
self = _db.getItem(self._id, trans)
iUserRole = objectAccess.getAccess(self, oUser)
bCanDelete = (iUserRole > objectAccess.AUTHOR) or \
(iUserRole == objectAccess.AUTHOR and self._owner == oUser._id)
if (not(self._isSystem) and bCanDelete):
# delete item physically
self._delete(trans)
# update container
oParent = _db.getItem(self._parentid, trans)
oParent._removeItemReference(self)
_db.putItem(oParent, trans)
else:
raise exceptions.PermissionDenied, \
'The object was not deleted.\n' + \
'The user has insufficient permissions.'
def update(self, data):
"Updates an object based on values contained inside the data dictionary"
context = HttpContext.current()
# get user role
iUserRole = objectAccess.getAccess(self, context.user)
if data.has_key('__rolesinherited') and iUserRole == objectAccess.COORDINATOR:
self.inheritRoles = data.pop('__rolesinherited')
if not self.inheritRoles:
acl = data.pop('__acl')
if acl:
security = {}
for descriptor in acl:
security[descriptor['id']] = int(descriptor['role'])
self.security = security
for prop in data:
oAttr = getattr(self, prop)
if isinstance(oAttr, datatypes.File):
# see if the user has uploaded a new file
if data[prop]['tempfile']:
oAttr.filename = data[prop]['filename']
sPath = context.server.temp_folder + '/' + data[prop]['tempfile']
oAttr.loadFromFile(sPath)
elif isinstance(oAttr, datatypes.Date):
oAttr.value = data[prop].value
elif isinstance(oAttr, datatypes.Integer):
oAttr.value = int(data[prop])
else:
oAttr.value = data[prop]
txn = db.getTransaction()
self.update(txn)
return True
def copyTo(self, targetId, trans):
"""
Copies the item to the designated target.
@param targetId: The ID of the destination container
@type targetId: str
@param trans: A valid transaction handle
@return: None
"""
trans.actions.append( (self.copyTo, (targetId, trans)) )
try:
oTarget = db.getItem(targetId, trans)
if self.isCollection and oTarget.isContainedIn(self._id):
raise serverExceptions.TargetContainedInSource
#check permissions on target folder
oUser = currentThread().session.user
iUserRole = objectAccess.getAccess(oTarget, oUser)
if not(self._isSystem) and iUserRole>objectAccess.READER:
if not(self.getContentclass() in oTarget.containment):
raise serverExceptions.ContainmentError
self._copy(oTarget, trans, True)
else:
raise serverExceptions.PermissionDenied
except serverExceptions.DBTransactionIncomplete:
trans.retry()
def setParams(self):
self.response.setHeader('Cache-Control', 'no-cache')
sLang = self.request.getLang()
user = self.session.user
iUserRole = objectAccess.getAccess(self.item, user)
readonly = (iUserRole==1)
modified = date.Date(self.item.modified)
self.params = {
'ID': self.item.id,
'ICON': self.item.__image__,
'NAME': self.item.displayName.value,
'MODIFIED': modified.format(DATES_FORMAT, sLang),
'MODIFIED_BY': self.item.modifiedBy,
'CONTENTCLASS': self.item.contentclass,
'PROPERTIES_TAB': '',
'EXTRA_TABS': '',
'SECURITY_TAB': self.getSecurity(self.item),
'UPDATE_DISABLED': self.getStringFromBoolean(readonly)
}
# inspect item properties
sProperties = ''
for attr_name in self.item.__props__:
attr = getattr(self.item, attr_name)
if isinstance(attr, datatypes.DataType):
control, tab = \
self.getControlFromAttribute(attr_name, attr, readonly)
sProperties += control
self.params['EXTRA_TABS'] += tab
self.params['PROPERTIES_TAB'] = \
'<tab caption="@@PROPERTIES@@">%s</tab>' % sProperties
def moveTo(self, targetId, trans):
"""
Moves the item to the designated target.
@param targetId: The ID of the destination container
@type targetId: str
@param trans: A valid transaction handle
@return: None
"""
oUser = currentThread().context.session.user
iUserRole = objectAccess.getAccess(self, oUser)
bCanMove = (iUserRole > objectAccess.AUTHOR)## or (iUserRole == objectAccess.AUTHOR and oItem.owner == oUser.id)
parentId = self._parentid
oTarget = _db.getItem(targetId, trans)
iUserRole2 = objectAccess.getAccess(oTarget, oUser)
if self.isCollection and oTarget.isContainedIn(self._id, trans):
raise exceptions.ContainmentError, \
'Cannot move item to destination.\n' + \
'The destination is contained in the source.'
if (not(self._isSystem) and bCanMove and iUserRole2 > objectAccess.READER):
if not(self.getContentclass() in oTarget.containment):
raise exceptions.ContainmentError, \
'The target container does not accept ' + \
'objects of type "%s".' % self.getContentclass()
self._parentid = targetId
self.inheritRoles = False
_db.putItem(self, trans)
#update target
oTarget._addItemReference(self)
_db.putItem(oTarget, trans)
#update parent
oParent = _db.getItem(parentId, trans)
oParent._removeItemReference(self)
_db.putItem(oParent, trans)
else:
raise exceptions.PermissionDenied, \
'The object was not moved.\n' + \
'The user has insufficient permissions.'
def moveTo(self, targetId, trans):
"""
Moves the item to the designated target.
@param targetId: The ID of the destination container
@type targetId: str
@param trans: A valid transaction handle
@return: None
"""
trans.actions.append( (self.moveTo, (targetId, trans)) )
try:
oUser = currentThread().session.user
iUserRole = objectAccess.getAccess(self, oUser)
bCanMove = (iUserRole > objectAccess.AUTHOR)## or (iUserRole == objectAccess.AUTHOR and oItem.owner == oUser.id)
parentId = self._parentid
oTarget = db.getItem(targetId, trans)
iUserRole2 = objectAccess.getAccess(oTarget, oUser)
if self.isCollection and oTarget.isContainedIn(self._id):
raise serverExceptions.TargetContainedInSource
if (not(self._isSystem) and bCanMove and iUserRole2 > objectAccess.READER):
if not(self.getContentclass() in oTarget.containment):
raise serverExceptions.ContainmentError
self._parentid = targetId
self.inheritRoles = False
db.putItem(self, trans)
#update target
oTarget._addItemReference(self)
db.putItem(oTarget, trans)
#update parent
oParent = db.getItem(parentId, trans)
oParent._removeItemReference(self)
db.putItem(oParent, trans)
else:
raise serverExceptions.PermissionDenied
except serverExceptions.DBTransactionIncomplete:
trans.retry()
def _getSecurity(forItem, user, rolesInherited=None):
# get user role
iUserRole = objectAccess.getAccess(forItem, user)
if iUserRole == objectAccess.COORDINATOR:
rolesInherited = rolesInherited or forItem.inheritRoles
return SECURITY_TAB % str(rolesInherited).lower()
else:
return ''
def wm_wrapper(item, context):
if objectAccess.getAccess(item, context.user) == 0:
raise exceptions.PermissionDenied
context.response.content_type = self.content_type
context.response.charset = self.encoding
if self.max_age:
context.response.setExpiration(self.max_age)
return self.execute(item, context)
def __init__(self, server, session, request):
self.server = server
self.session = session
self.request = request
self.item = request.item
if self.item:
if objectAccess.getAccess(self.item, self.session.user) == objectAccess.NO_ACCESS:
raise serverExceptions.PermissionDenied
def getSecurity(self, forItem, rolesInherited=None):
user = self.session.user
# get user role
iUserRole = objectAccess.getAccess(forItem, user)
if iUserRole == objectAccess.COORDINATOR:
rolesInherited = rolesInherited or forItem.inheritRoles
return SECURITY_TAB % self.getStringFromBoolean(rolesInherited)
else:
return ''
def appendTo(self, parent, trans):
"""
Adds the item to the specified container.
@param parent: The id of the destination container or the container
itself
@type parent: str OR L{Container}
@param trans: A valid transaction handle
@return: None
"""
if type(parent) == str:
oParent = _db.getItem(parent, trans)
else:
oParent = parent
if isinstance(self, Shortcut):
contentclass = self.target.getItem(trans).getContentclass()
else:
contentclass = self.contentclass
oUser = currentThread().context.user
iUserRole = objectAccess.getAccess(oParent, oUser)
if iUserRole == objectAccess.READER:
raise exceptions.PermissionDenied, \
'The user does not have write permissions ' + \
'on the parent folder.'
if not(contentclass in oParent.containment):
raise exceptions.ContainmentError, \
'The target container does not accept ' + \
'objects of type "%s".' % contentclass
# set security to new item
if iUserRole == objectAccess.COORDINATOR:
# user is COORDINATOR
self._applySecurity(oParent, trans)
else:
# user is not COORDINATOR
self.inheritRoles = True
self.security = oParent.security
#if trans._retries == 0:
# raise exceptions.DBTransactionIncomplete
self._owner = oUser._id
self._created = time.time()
self.modifiedBy = oUser.displayName.value
self.modified = time.time()
self._parentid = oParent._id
_db.handle_update(self, None, trans)
_db.putItem(self, trans)
# update container
oParent._addItemReference(self)
_db.putItem(oParent, trans)
def recycle(self, rbID, trans):
"""
Moves the item to the specified recycle bin.
The item then becomes inaccesible.
@param rbID: The id of the destination container, which must be
a L{RecycleBin} instance
@type rbID: str
@param trans: A valid transaction handle
@return: None
"""
trans.actions.append( (self.recycle, (rbID, trans)) )
try:
oUser = currentThread().session.user
self = db.getItem(self._id, trans)
iUserRole = objectAccess.getAccess(self, oUser)
bCanDelete = (iUserRole > objectAccess.AUTHOR) or \
(iUserRole == objectAccess.AUTHOR and self._owner == oUser._id)
if (not(self._isSystem) and bCanDelete):
oDeleted = DeletedItem(self)
oDeleted._owner = oUser._id
oDeleted._created = time.time()
oDeleted.modifiedBy = oUser.displayName.value
oDeleted.modified = time.time()
oDeleted._parentid = rbID
db.handle_update(oDeleted, None, trans)
db.putItem(oDeleted, trans)
# delete item logically
self._recycle(trans)
# save container
oParent = db.getItem(self._parentid, trans)
oParent._removeItemReference(self)
db.putItem(oParent, trans)
#update recycle bin
oRecycleBin = db.getItem(rbID, trans)
if not(oDeleted.getContentclass() in oRecycleBin.containment):
raise serverExceptions.ContainmentError
oRecycleBin._addItemReference(oDeleted)
db.putItem(oRecycleBin, trans)
else:
raise serverExceptions.PermissionDenied
except serverExceptions.DBTransactionIncomplete:
trans.retry()
def recycle(self, rbID, trans):
"""
Moves the item to the specified recycle bin.
The item then becomes inaccesible.
@param rbID: The id of the destination container, which must be
a L{RecycleBin} instance
@type rbID: str
@param trans: A valid transaction handle
@return: None
"""
oUser = currentThread().context.session.user
self = _db.getItem(self._id, trans)
iUserRole = objectAccess.getAccess(self, oUser)
bCanDelete = (iUserRole > objectAccess.AUTHOR) or \
(iUserRole == objectAccess.AUTHOR and self._owner == oUser._id)
if (not(self._isSystem) and bCanDelete):
oDeleted = DeletedItem(self)
oDeleted._owner = oUser._id
oDeleted._created = time.time()
oDeleted.modifiedBy = oUser.displayName.value
oDeleted.modified = time.time()
oDeleted._parentid = rbID
_db.handle_update(oDeleted, None, trans)
_db.putItem(oDeleted, trans)
# delete item logically
self._recycle(trans)
# save container
oParent = _db.getItem(self._parentid, trans)
oParent._removeItemReference(self)
_db.putItem(oParent, trans)
#update recycle bin
oRecycleBin = _db.getItem(rbID, trans)
if not(oDeleted.getContentclass() in oRecycleBin.containment):
raise exceptions.ContainmentError, \
'The target container does not accept ' + \
'objects of type "%s".' % oDeleted.getContentclass()
oRecycleBin._addItemReference(oDeleted)
_db.putItem(oRecycleBin, trans)
else:
raise exceptions.PermissionDenied, \
'The object was not deleted.\n' + \
'The user has insufficient permissions.'
def getSecurity(self, forItem, rolesInherited=None):
user = self.session.user
# get user role
iUserRole = objectAccess.getAccess(forItem, user)
if iUserRole == objectAccess.COORDINATOR:
rolesInherited = rolesInherited or forItem.inheritRoles
if rolesInherited:
sChecked = 'true'
else:
sChecked = 'false'
return SECURITY_TAB % (sChecked, sChecked)
else:
return ''
def appendTo(self, parent, trans):
"""
Adds the item to the specified container.
@param parent: The id of the destination container or the container
itself
@type parent: str OR L{Container}
@param trans: A valid transaction handle
@return: None
"""
trans.actions.append( (self.appendTo, (parent, trans)) )
try:
if type(parent)==str:
oParent = db.getItem(parent, trans)
else:
oParent = parent
oUser = currentThread().session.user
iUserRole = objectAccess.getAccess(oParent, oUser)
if iUserRole == objectAccess.READER:
raise serverExceptions.PermissionDenied
if not(self.getContentclass() in oParent.containment):
raise serverExceptions.ContainmentError
# set security to new item
if iUserRole == objectAccess.COORDINATOR:
# user is COORDINATOR
self._applySecurity(oParent, trans)
else:
# user is not COORDINATOR
self.inheritRoles = True
self.security = oParent.security
# if trans._retries == 0:
# raise serverExceptions.DBTransactionIncomplete
self._owner = oUser._id
self._created = time.time()
self.modifiedBy = oUser.displayName.value
self.modified = time.time()
self._parentid = oParent._id
db.handle_update(self, None, trans)
db.putItem(self, trans)
# update container
oParent._addItemReference(self)
db.putItem(oParent, trans)
except serverExceptions.DBTransactionIncomplete:
trans.retry()
def _restore(self, deletedItem, target, trans):
"""
Restores a logically deleted item to the designated target.
Returns: None
"""
# check permissions
oUser = currentThread().session.user
iUserRole = objectAccess.getAccess(target, oUser)
if iUserRole > objectAccess.READER:
deletedItem._parentid = target._id
deletedItem.inheritRoles = False
self._undelete(deletedItem, trans)
else:
raise serverExceptions.PermissionDenied
def properties(self):
"Displays the group's properties form"
context = HttpContext.current()
context.response.setHeader('cache-control', 'no-cache')
sLang = context.request.getLang()
user = context.user
iUserRole = objectAccess.getAccess(self, user)
readonly = (iUserRole==1)
params = {
'ID' : self.id,
'ICON' : self.__image__,
'SELECT_FROM_POLICIES' : 'policies',
'POLICIES_REL_CC' : '|'.join(self.policies.relCc),
'NAME' : xml.xml_encode(self.displayName.value),
'DESCRIPTION' : xml.xml_encode(self.description.value),
'MODIFIED' : date.Date(self.modified).format(baseitem.DATES_FORMAT, sLang),
'MODIFIED_BY' : xml.xml_encode(self.modifiedBy),
'CONTENTCLASS' : self.contentclass,
'SELECT_FROM' : self.parentid,
'REL_CC' : '|'.join(self.members.relCc),
'READONLY' : str(readonly).lower()
}
members_options = []
members = self.members.getItems()
for user in members:
members_options += [xml.xml_encode(user.__image__),
user.id,
xml.xml_encode(user.displayName.value)]
params['MEMBERS'] = ';'.join(members_options)
policies_options = []
policies = self.policies.getItems()
for policy in policies:
policies_options += [xml.xml_encode(policy.__image__),
policy.id,
xml.xml_encode(policy.displayName.value)]
params['POLICIES'] = ';'.join(policies_options)
params['SECURITY_TAB'] = baseitem._getSecurity(self, user)
return params
def _restore(self, deletedItem, target, trans):
"""
Restores a logically deleted item to the designated target.
Returns: None
"""
# check permissions
oUser = currentThread().context.user
iUserRole = objectAccess.getAccess(target, oUser)
if iUserRole > objectAccess.READER:
deletedItem._parentid = target._id
deletedItem.inheritRoles = False
self._undelete(deletedItem, trans)
else:
raise exceptions.PermissionDenied, \
'The user does not have write permissions on the ' + \
'destination folder.'
def setParams(self):
self.response.setHeader('cache-control', 'no-cache')
sLang = self.request.getLang()
user = self.session.user
iUserRole = objectAccess.getAccess(self.item, user)
readonly = (iUserRole==1)
self.params['ID'] = self.item.id
self.params['ICON'] = self.item.__image__
self.params['NAME'] = self.item.displayName.value
self.params['FULL_NAME'] = self.item.fullName.value
self.params['DESCRIPTION'] = self.item.description.value
self.params['MODIFIED'] = \
date.Date(self.item.modified).format(DATES_FORMAT, sLang)
self.params['MODIFIED_BY'] = self.item.modifiedBy
self.params['CONTENTCLASS'] = self.item.contentclass
self.params['SELECT_FROM'] = self.item.parentid
self.params['REL_CC'] = '|'.join(self.item.memberof.relCc)
self.params['SELECT_FROM_POLICIES'] = 'policies'
self.params['POLICIES_REL_CC'] = '|'.join(self.item.policies.relCc)
self.params['READONLY'] = self.getStringFromBoolean(readonly)
memberof_options = []
memberof = self.item.memberof.getItems()
for group in memberof:
memberof_options += [xmlUtils.XMLEncode(group.__image__),
group.id,
xmlUtils.XMLEncode(group.displayName.value)]
self.params['MEMBEROF'] = ';'.join(memberof_options)
policies_options = []
policies = self.item.policies.getItems()
for policy in policies:
policies_options += [xmlUtils.XMLEncode(policy.__image__),
policy.id,
xmlUtils.XMLEncode(policy.displayName.value)]
self.params['POLICIES'] = ';'.join(policies_options)
self.params['SECURITY_TAB'] = self.getSecurity(self.item)
def update(self, trans):
"""
Updates the item.
@param trans: A valid transaction handle
@return: None
"""
trans.actions.append( (self.update, (trans, )) )
try:
oOldItem = db.getItem(self._id, trans)
oUser = currentThread().session.user
iUserRole = objectAccess.getAccess(oOldItem, oUser)
if iUserRole > objectAccess.READER:
# set security
if iUserRole == objectAccess.COORDINATOR:
# user is COORDINATOR
if (self.inheritRoles != oOldItem.inheritRoles) or \
(not self.inheritRoles and self.security != oOldItem.security):
oParent = db.getItem(self._parentid, trans)
self._applySecurity(oParent, trans)
else:
# restore previous ACL
self.security = oOldItem.security
self.inheritRoles = oOldItem.inheritRoles
db.handle_update(self, oOldItem, trans)
self.modifiedBy = oUser.displayName.value
self.modified = time.time()
db.putItem(self, trans)
if self.displayName.value != oOldItem.displayName.value:
oParent = db.getItem(self._parentid, trans)
oParent._removeItemReference(oOldItem)
oParent._addItemReference(self)
db.putItem(oParent, trans)
else:
raise serverExceptions.PermissionDenied
except serverExceptions.DBTransactionIncomplete:
trans.retry()
def setParams(self):
self.response.setHeader('cache-control', 'no-cache')
sLang = self.request.getLang()
user = self.session.user
iUserRole = objectAccess.getAccess(self.item, user)
readonly = (iUserRole==1)
self.params['ID'] = self.item.id
self.params['ICON'] = self.item.__image__
self.params['SELECT_FROM_POLICIES'] = 'policies'
self.params['POLICIES_REL_CC'] = '|'.join(self.item.policies.relCc)
self.params['NAME'] = self.item.displayName.value
self.params['DESCRIPTION'] = self.item.description.value
self.params['MODIFIED'] = \
date.Date(self.item.modified).format(DATES_FORMAT, sLang)
self.params['MODIFIED_BY'] = self.item.modifiedBy
self.params['CONTENTCLASS'] = self.item.contentclass
self.params['SELECT_FROM'] = self.item.parentid
self.params['REL_CC'] = '|'.join(self.item.members.relCc)
self.params['READONLY'] = self.getStringFromBoolean(readonly)
members_options = ''
members = self.item.members.getItems()
for user in members:
members_options += \
'<a:option img="%s" value="%s" caption="%s"/>' % \
(user.__image__, user.id, user.displayName.value)
self.params['MEMBERS_OPTIONS'] = members_options
policies_options = ''
policies = self.item.policies.getItems()
for policy in policies:
policies_options += \
'<a:option img="%s" value="%s" caption="%s"/>' % \
(policy.__image__, policy.id, policy.displayName.value)
self.params['POLICIES_OPTIONS'] = policies_options
self.params['SECURITY_TAB'] = self.getSecurity(self.item)
