Esempio n. 1
0
    def test_deny_dublincore_view(self):
        """Tests the denial of dublincore view permissions to anonymous.

        Users who can view a folder contents page but cannot view dublin core
        should still be able to see the folder items' names, but not their
        title, modified, and created info.
        """
        # add an item that can be viewed from the root folder
        obj = OrderedContainer()
        alsoProvides(obj, IAttributeAnnotatable)

        self.getRootFolder()['obj'] = obj
        IZopeDublinCore(obj).title = u'My object'

        # deny zope.app.dublincore.view to zope.Anonymous
        prm = IRolePermissionManager(self.getRootFolder())
        prm.denyPermissionToRole('zope.dublincore.view', 'zope.Anonymous')
        # Try both spellings just in case we are used with an older zope.dc
        prm.denyPermissionToRole('zope.app.dublincore.view', 'zope.Anonymous')
        transaction.commit()

        response = self.publish('/')
        self.assertEquals(response.getStatus(), 200)
        body = response.getBody()

        # confirm we can see the file name
        self.assert_(body.find('<a href="obj">obj</a>') != -1)

        # confirm we *cannot* see the metadata title
        self.assert_(body.find('My object') == -1)
Esempio n. 2
0
 def invites(self, value):
     roles = IRolePermissionManager(self.__parent__)
     for val, role in [('member', 'group.Member'),
                       ('manager', 'group.Manager')]:
         if val in value:
             roles.grantPermissionToRole('zojax.InviteGroupMember', role)
         else:
             roles.unsetPermissionFromRole('zojax.InviteGroupMember', role)
Esempio n. 3
0
 def joining(self, value):
     roles = IRolePermissionManager(self.__parent__)
     for rid in value:
         role = queryUtility(IRole, rid)
         if IPublicRole.providedBy(role):
             roles.grantPermissionToRole('zojax.JoinGroup', rid)
         else:
             roles.denyPermissionToRole('zojax.JoinGroup', rid)
Esempio n. 4
0
    def test_deny_view(self):
        """Tests the denial of view permissions to anonymous.

        This test uses the ZMI interface to deny anonymous zope.View permission
        to the root folder.
        """
        # deny zope.View to zope.Anonymous
        prm = IRolePermissionManager(self.getRootFolder())
        prm.denyPermissionToRole('zope.View', 'zope.Anonymous')
        transaction.commit()

        # confirm Unauthorized when viewing root folder
        self.assertRaises(Unauthorized, self.publish, '/')
Esempio n. 5
0
    def test_deny_view(self):
        """Tests the denial of view permissions to anonymous.

        This test uses the ZMI interface to deny anonymous zope.View permission
        to the root folder.
        """
        # deny zope.View to zope.Anonymous
        prm = IRolePermissionManager(self.getRootFolder())
        prm.denyPermissionToRole('zope.View', 'zope.Anonymous')
        transaction.commit()

        # confirm Unauthorized when viewing root folder
        self.assertRaises(Unauthorized, self.publish, '/')
Esempio n. 6
0
def change_permissions(event):
    if event.destination == Workflow.states.PUBLISHED:
        try:
            principal = uvcsite.utils.shorties.getPrincipal()
        except zope.security.interfaces.NoInteraction:
            return
        else:
            if not uvcsite.auth.interfaces.ICOUser.providedBy(principal):
                return

        prinper = IPrincipalPermissionManager(event.object)
        roleper = IRolePermissionManager(event.object)
        roleper.denyPermissionToRole(named(uvcsite.permissions.View),
                                     named(uvcsite.permissions.Editor))
        prinper.grantPermissionToPrincipal(named(uvcsite.permissions.View),
                                           event.object.principal.id)
Esempio n. 7
0
async def sharing_post(context, request):
    data = await request.json()
    roleperm = IRolePermissionManager(context)
    prinrole = IPrincipalRoleManager(context)
    if 'prinrole' not in data and 'roleperm' not in data:
        raise AttributeError('prinrole or roleperm missing')

    if 'prinrole' in data:
        for user, roles in data['prinrole'].items():
            for role in roles:
                prinrole.assignRoleToPrincipal(role, user)

    if 'roleperm' in data:
        for role, perms in data['roleperm'].items():
            for perm in perms:
                roleperm.grantPermissionToRole(perm, role)
    await notify(ObjectPermissionsModifiedEvent(context))
    def status(self, value):
        context = removeAllProxies(self.context)

        roleper = IRolePermissionManager(context)
        if value == 4:
            roleper.grantPermissionToRole('zojax.AddComment', 'zope.Anonymous')
        else:
            roleper.denyPermissionToRole('zojax.AddComment', 'zope.Anonymous')

        if value == 3:
            if IContentDiscussionAware.providedBy(context):
                interface.noLongerProvides(context, IContentDiscussionAware)
        else:
            if not IContentDiscussionAware.providedBy(context):
                interface.alsoProvides(context, IContentDiscussionAware)
                discussibleAdded(context, None)

        self.data.status = value
Esempio n. 9
0
    def test_deny_dublincore_view(self):
        """Tests the denial of dublincore view permissions to anonymous.

        Users who can view a folder contents page but cannot view dublin core
        should still be able to see the folder items' names, but not their
        title, modified, and created info.
        """
        # add an item that can be viewed from the root folder
        obj = OrderedContainer()
        alsoProvides(obj, IAttributeAnnotatable)

        self.getRootFolder()['obj'] = obj
        IZopeDublinCore(obj).title = u'My object'

        # deny zope.app.dublincore.view to zope.Anonymous
        prm = IRolePermissionManager(self.getRootFolder())
        prm.denyPermissionToRole('zope.dublincore.view', 'zope.Anonymous')
        # Try both spellings just in case we are used with an older zope.dc
        prm.denyPermissionToRole('zope.app.dublincore.view', 'zope.Anonymous')
        transaction.commit()

        response = self.publish('/')
        self.assertEquals(response.getStatus(), 200)
        body = response.getBody()

        # confirm we can see the file name
        self.assert_(body.find('<a href="obj">obj</a>') != -1)

        # confirm we *cannot* see the metadata title
        self.assert_(body.find('My object') == -1)
Esempio n. 10
0
def remove_edit_permission(event):
    if event.destination != PUBLISHED:
        return
    IRolePermissionManager(event.object).denyPermissionToRole(
        'uvc.EditContent', 'uvc.Editor')
Esempio n. 11
0
    def __call__(self, data):

        auth = zope.component.getUtility(IAuthentication, context=self.context)
        # Add a Admin to the administrators group
        login = data['member.login']
        admin = authentication.WebSiteMember(login, data['member.password'],
                                             data['member.firstName'],
                                             data['member.lastName'],
                                             data['member.email'])
        zope.event.notify(zope.lifecycleevent.ObjectCreatedEvent(admin))
        auth['members'].add(admin)

        adminGroup = auth['groups']['groups.Administrators']
        adminGroup.setPrincipals(adminGroup.principals + (admin.__name__, ),
                                 check=False)

        # grant permissions to roles
        role_manager = IRolePermissionManager(self.context)
        role_manager.grantPermissionToRole(permissions.MANAGESITE,
                                           roles.ADMINISTRATOR)
        role_manager.grantPermissionToRole(permissions.MANAGECONTENT,
                                           roles.ADMINISTRATOR)
        role_manager.grantPermissionToRole(permissions.MANAGEUSERS,
                                           roles.ADMINISTRATOR)
        role_manager.grantPermissionToRole(permissions.VIEW,
                                           roles.ADMINISTRATOR)
        role_manager.grantPermissionToRole(permissions.MANAGECONTENT,
                                           roles.MEMBER)
        role_manager.grantPermissionToRole(permissions.VIEW, roles.MEMBER)

        # grant VIEW to unauthenticated users.
        prin_manager = IPrincipalPermissionManager(self.context)
        unauth = zope.component.queryUtility(IUnauthenticatedGroup,
                                             context=self.context)
        if unauth is not None:
            prin_manager.grantPermissionToPrincipal(permissions.VIEW,
                                                    unauth.id)
Esempio n. 12
0
def remove_edit_permission(event):
    if event.destination == Workflow.states.PUBLISHED:
        IRolePermissionManager(event.object).denyPermissionToRole(
            named(uvcsite.permissions.Edit), named(uvcsite.permissions.Editor))
Esempio n. 13
0
    def __call__(self, data):
        portal = self.context

        # create site manager
        try:
            sm = portal.getSiteManager()
        except:
            sm = None

        if sm is None:
            sm = LocalSiteManager(portal)
            portal.setSiteManager(sm)

        setSite(portal)

        if 'system' not in sm:
            system = SiteManagementFolder()
            event.notify(ObjectCreatedEvent(system))
            sm['system'] = system
        else:
            system = sm['system']

        # IIntId utility
        if 'ids' not in system:
            ids = component.createObject('zope.app.intid.IntIds')
            event.notify(ObjectCreatedEvent(ids))
            system['ids'] = ids
        else:
            system['ids'].__init__()

        ids = system['ids']

        sm.registerUtility(system['ids'], IIntIds)
        ids.register(portal)

        # Principal Annotations
        if 'principalannotations' not in system:
            pa = component.createObject('zope.app.PrincipalAnnotationUtility')
            event.notify(ObjectCreatedEvent(pa))

            system['principalannotations'] = pa
            sm.registerUtility(pa, IPrincipalAnnotationUtility)

        # session data container
        configlet = sm.getUtility(IConfiglet, 'system.session')
        configlet.sessiontype = 'ram'

        # set password
        password = sm.getUtility(IConfiglet, 'principals.password')
        password.passwordManager = 'MD5'

        # set site timezone
        fomratter = sm.getUtility(IConfiglet, 'system.formatter')
        fomratter.timezone = u'UTC'

        # set portal access to open
        manager = IPrincipalPermissionManager(portal)
        everyone = sm.queryUtility(IEveryoneGroup)
        if everyone is not None:
            manager.grantPermissionToPrincipal(
                'zojax.AccessPortal', everyone.id)

        authenticated = sm.queryUtility(IAuthenticatedGroup)
        if authenticated is not None:
            manager.unsetPermissionForPrincipal(
                'zojax.AccessPortal', authenticated.id)

        # setup default role
        roles = sm.getUtility(IPortalRoles)
        if 'site.member' not in roles:
            role = PortalRole(title = u'Site Member')
            event.notify(ObjectCreatedEvent(role))

            roles['site.member'] = role
            roleId = role.id
            sm.getUtility(IDefaultPortalRole).roles = [role.id]

            roleperm = IRolePermissionManager(portal)

            for permId in ('zojax.PersonalContent', 'zojax.PersonalSpace',
                           'zojax.forum.addMessage', 'zojax.forum.addTopic',
                           'zojax.SubmitBlogPost', 'zojax.SubmitDocuments',
                           'zojax.forum.SubmitTopic', 'zojax.SubmitPhoto',
                           'zojax.contenttype.SubmitNewsItem',):
                roleperm.grantPermissionToRole(permId, roleId)

        # install catalog
        sm.getUtility(IConfiglet, 'system.catalog').install()

        # install workspaces
        portal.workspaces = ('overview', 'people', 'news', 'documents')
        event.notify(ObjectModifiedEvent(portal))

        setSite(None)
Esempio n. 14
0
 def deny_role_permission(self, role, permission):
     permission = PERM_MAP[permission]
     role = ROLE_MAP[role]
     IRolePermissionManager(self.context).denyPermissionToRole(
         permission, role)
Esempio n. 15
0
File: ldapapp.py Progetto: bcgsc/gum
def grant_roles_to_permissions(obj, event):
    # grant roles to permissions
    rpm = IRolePermissionManager(obj)
    rpm.grantPermissionToRole(u'gum.Add', u'gum.Admin')
    rpm.grantPermissionToRole(u'gum.Edit', u'gum.Admin')
def init_application(event):
    application = event.object
    if not IDatashackle.providedBy(application):
        # no datashackle grok application
        return          

    # Site needs to be setted manually at this point.
    # Otherwise the framework does not notify the catalog to index the newly
    # created propertyform
    setSite(application)
        
    configfolder = Folder()
    configfolder.title = _(u'Configuration')
    application['configuration'] = configfolder
    # Deny view, edit permission to role dolmen.Owner (which is the default role for our restricted users).
    role_permission = IRolePermissionManager(configfolder)
    role_permission.denyPermissionToRole('dolmen.content.View', 'dolmen.Owner')
    #role_permission.grantPermissionToRole('dolmen.content.View', 'zope.Manager')
    role_permission.denyPermissionToRole('dolmen.content.Edit', 'dolmen.Owner')
    #role_permission.grantPermissionToRole('dolmen.content.Edit', 'zope.Manager')



    metaconfig = Folder()
    metaconfig.title = _(u'Meta configuration')
    configfolder['meta'] = metaconfig
    ignore_enumeration(metaconfig, 'zope.Everybody') 
 
    
    #users = Users()
    #users.title = _(u'Users')
    #configfolder['users'] = users

    set_ = GenericSet()
    set_.title = u'p2_model'
    set_.plan_identifier = 'p2_model'
    set_.table_identifier = 'p2_model'
    set_.table_key_field = 'plan_identifier'
    metaconfig['p2_model'] = set_

    set_ = GenericSet()
    set_.title = u'p2_form'
    set_.plan_identifier = 'p2_form'
    set_.table_identifier = 'p2_form'
    set_.table_key_field = 'form_identifier'
    metaconfig['p2_form'] = set_
 
    archetypes = GenericSet()
    archetypes.title = _(u'p2_archetype')
    archetypes.plan_identifier = 'p2_archetype'
    archetypes.table_identifier = 'p2_archetype'
    archetypes.table_key_field = 'id'
    metaconfig['p2_archetypes'] = archetypes
    
    linkageforms = GenericSet()
    linkageforms.title = u'p2_linkage'
    linkageforms.plan_identifier = 'p2_linkage'
    linkageforms.table_identifier = 'p2_linkage'
    linkageforms.table_key_field = 'id'
    metaconfig['p2_linkage'] = linkageforms
    
    set_ = GenericSet()
    set_.title = u'p2_relation'
    set_.plan_identifier = 'p2_relation'
    set_.table_identifier = 'p2_relation'
    set_.table_key_field = 'id'
    metaconfig['p2_relation'] = set_

    widget = GenericSet()
    widget.title = u'p2_widget'
    widget.plan_identifier = 'p2_widget'
    widget.table_identifier = 'p2_widget'
    widget.table_key_field = 'widget_identifier'
    metaconfig['p2_widget'] = widget
    
    set_ = GenericSet()
    set_.title = u'p2_span'
    set_.plan_identifier = 'p2_span'
    set_.table_identifier = 'p2_span'
    set_.table_key_field = 'span_identifier'
    metaconfig['p2_span'] = set_
    
    set_ = GenericSet()
    set_.title = u'p2_span_embeddedform'
    set_.plan_identifier = 'p2_span_embeddedform'
    set_.table_identifier = 'p2_span_embeddedform'
    set_.table_key_field = 'span_identifier'
    metaconfig['p2_span_embeddedform'] = set_
    
    set_ = GenericSet()
    set_.title = u'p2_span_fileupload'
    set_.plan_identifier = 'p2_span_fileupload'
    set_.table_identifier = 'p2_span_fileupload'
    set_.table_key_field = 'span_identifier'
    metaconfig['p2_span_fileupload'] = set_
    
    set_ = GenericSet()
    set_.title = u'p2_span_alphanumeric'
    set_.plan_identifier = 'p2_span_alphanumeric'
    set_.table_identifier = 'p2_span_alphanumeric'
    set_.table_key_field = 'span_identifier'
    metaconfig['p2_span_alphanumeric'] = set_
    
    set_ = GenericSet()
    set_.title = u'p2_span_checkbox'
    set_.plan_identifier = 'p2_span_checkbox'
    set_.table_identifier = 'p2_span_checkbox'
    set_.table_key_field = 'span_identifier'
    metaconfig['p2_span_checkbox'] = set_
    
    set_ = GenericSet()
    set_.title = u'p2_span_dropdown'
    set_.plan_identifier = 'p2_span_dropdown'
    set_.table_identifier = 'p2_span_dropdown'
    set_.table_key_field = 'span_identifier'
    metaconfig['p2_span_dropdown'] = set_
    
    set_ = GenericSet()
    set_.title = u'p2_countries'
    set_.plan_identifier = 'p2_countries'
    set_.table_identifier = 'p2_country'
    set_.table_key_field = 'id'
    metaconfig['p2_span_countries'] = set_
Esempio n. 17
0
 def unset_role_permission(self, role, permission):
     permission = PERM_MAP[permission]
     role = ROLE_MAP[role]
     IRolePermissionManager(self.context).unsetPermissionFromRole(
         permission, role)
Esempio n. 18
0
def grant_roles_to_permissions(obj, event):
    # grant roles to permissions
    rpm = IRolePermissionManager(obj)
    rpm.grantPermissionToRole(u'gum.Add', u'gum.Admin')
    rpm.grantPermissionToRole(u'gum.Edit', u'gum.Admin')