def clean_permissions(context, permission_id, setting=Allow):
"""Remove given permission for all principals"""
prinper = IPrincipalPermissionManager(context)
old = prinper.getPrincipalsForPermission(permission_id)
for x in old:
if x[1] == setting:
prinper.unsetPermissionForPrincipal(permission_id, x[0])
def add_view_permission(event):
obj = event.object
if not IAdHocContent.providedBy(obj):
return
if event.destination in (PUBLISHED, PROGRESS):
ppm = IPrincipalPermissionManager(obj)
ppm.grantPermissionToPrincipal('uvc.ViewContent', obj.principal.id)
def authenticateCredentials(self, credentials):
if not isinstance(credentials, dict):
return None
if not ('login' in credentials and 'password' in credentials):
return None
# hardcoded admin account TODO Arghhh
if credentials['login'] != 'admin' or credentials[
'password'] != 'barcamp':
return None
# grant permission to the hardcoded admin
IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
'zope.ManageContent', 'admin')
IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
'afpy.barcamp.managemeetings', 'admin')
IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
'afpy.barcamp.editseance', 'admin')
IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
'afpy.barcamp.seances.list', 'admin')
return PrincipalInfo(id='admin',
title=_(u'admin'),
description=_(u'admin'))
def change_permissions(event):
if event.destination == Workflow.states.PUBLISHED:
try:
principal = uvcsite.utils.shorties.getPrincipal()
except zope.security.interfaces.NoInteraction:
return
else:
if not uvcsite.auth.interfaces.ICOUser.providedBy(principal):
return
prinper = IPrincipalPermissionManager(event.object)
roleper = IRolePermissionManager(event.object)
roleper.denyPermissionToRole(named(uvcsite.permissions.View),
named(uvcsite.permissions.Editor))
prinper.grantPermissionToPrincipal(named(uvcsite.permissions.View),
event.object.principal.id)
def deliver_some(how_many=1, note=None, grants=None, event='created'):
for _ in range(how_many):
tx = transaction.begin()
if note:
tx.note(note)
content = Folder()
if grants:
# Make sure we can use the default (annotatable)
# permission managers.
interface.alsoProvides(content, IAttributeAnnotatable)
prin_perm = IPrincipalPermissionManager(content)
for principal_id, perm_id in grants.items():
prin_perm.grantPermissionToPrincipal(perm_id, principal_id)
sender = getattr(lifecycleevent, event)
sender(content)
transaction.commit()
def traverse(self, name):
group = self.context[name]
principal_id = self.request.principal.id
uid = principal_id.split('.')[-1]
# grant permissions if user belongs to group
ppm = IPrincipalPermissionManager(grok.getApplication())
if uid in group.uids:
ppm.grantPermissionToPrincipal(u'gum.EditGroup', principal_id)
# grant permissions if the user is Admin
grant_info = IGrantInfo(grok.getApplication())
for role, perm in grant_info.getRolesForPrincipal(principal_id):
if role == u'gum.Admin' and perm == Allow:
ppm.grantPermissionToPrincipal(u'gum.EditGroup', principal_id)
return group
def __call__(self, data):
auth = zope.component.getUtility(IAuthentication, context=self.context)
# Add a Admin to the administrators group
login = data['member.login']
admin = authentication.WebSiteMember(login, data['member.password'],
data['member.firstName'],
data['member.lastName'],
data['member.email'])
zope.event.notify(zope.lifecycleevent.ObjectCreatedEvent(admin))
auth['members'].add(admin)
adminGroup = auth['groups']['groups.Administrators']
adminGroup.setPrincipals(adminGroup.principals + (admin.__name__, ),
check=False)
# grant permissions to roles
role_manager = IRolePermissionManager(self.context)
role_manager.grantPermissionToRole(permissions.MANAGESITE,
roles.ADMINISTRATOR)
role_manager.grantPermissionToRole(permissions.MANAGECONTENT,
roles.ADMINISTRATOR)
role_manager.grantPermissionToRole(permissions.MANAGEUSERS,
roles.ADMINISTRATOR)
role_manager.grantPermissionToRole(permissions.VIEW,
roles.ADMINISTRATOR)
role_manager.grantPermissionToRole(permissions.MANAGECONTENT,
roles.MEMBER)
role_manager.grantPermissionToRole(permissions.VIEW, roles.MEMBER)
# grant VIEW to unauthenticated users.
prin_manager = IPrincipalPermissionManager(self.context)
unauth = zope.component.queryUtility(IUnauthenticatedGroup,
context=self.context)
if unauth is not None:
prin_manager.grantPermissionToPrincipal(permissions.VIEW,
unauth.id)
def authenticated(user):
''' Come here when a user has been authenticated via OAuth '''
user = user.object
print 'Authenticated user [%s]' % user.title
pm = IPrincipalPermissionManager(grok.getApplication())
pm.grantPermissionToPrincipal('builder.Authenticated', user.id)
def traverse(self, name):
principal_id = self.request.principal.id
__name__ = principal_id.split('.')[-1]
if __name__ == self.context.__name__:
ppm = IPrincipalPermissionManager(grok.getApplication())
ppm.grantPermissionToPrincipal(u'gum.Edit', principal_id)
def _default_security_setter(subscription):
prin_per = IPrincipalPermissionManager(subscription)
for perm_id in _DEFAULT_PERMISSIONS:
# pylint:disable=too-many-function-args
prin_per.grantPermissionToPrincipal(perm_id, subscription.owner_id)
