def rename_default_group(root, registry): # pragma: no cover """Rename default user group.""" from adhocracy_core.authorization import add_local_roles from adhocracy_core.authorization import get_local_roles from adhocracy_core.authorization import set_local_roles from adhocracy_core.resources.process import IProcess from adhocracy_core.interfaces import DEFAULT_USER_GROUP_NAME from adhocracy_core.sheets.principal import IPermissions catalogs = find_service(root, 'catalogs') resources = _search_for_interfaces(catalogs, IProcess) old_default_group_name = 'authenticated' old_default_group_principal = 'group:' + old_default_group_name new_default_group_name = DEFAULT_USER_GROUP_NAME new_default_group_principal = 'group:' + DEFAULT_USER_GROUP_NAME groups = root['principals']['groups'] if old_default_group_name in groups: for resource in resources: local_roles = get_local_roles(resource) if old_default_group_principal in local_roles: logger.info('Rename default group in local roles' ' of {0}'.format(resource)) old_roles = local_roles.pop(old_default_group_principal) set_local_roles(resource, local_roles) add_local_roles({new_default_group_principal: old_roles}) users = [u for u in root['principals']['users'].values() if IPermissions.providedBy(u)] old_default_group = groups[old_default_group_name] users_with_default_group = [] for user in users: user_groups = registry.content.get_sheet_field(user, IPermissions, 'groups') if old_default_group in user_groups: users_with_default_group.append(user) logger.info('Rename default group ' 'to {}'.format(new_default_group_name)) groups.rename(old_default_group_name, new_default_group_name) new_default_group = groups[new_default_group_name] for user in users_with_default_group: logger.info('Update default group name of user {}'.format(user)) permission_sheet = registry.content.get_sheet(user, IPermissions) permissions = permission_sheet.get() user_groups = permissions['groups'] user_groups.append(new_default_group) permissions['groups'] = user_groups permission_sheet.set(permissions)
def _set_local_roles(local_roles_info: dict, context: IResource, registry: Registry): resource = find_resource(context, local_roles_info['path']) local_roles_info['roles'] = _deserialize_roles(local_roles_info['roles']) set_local_roles(resource, local_roles_info['roles'], registry=registry)
def _set_local_roles(local_roles_info: dict, context: IResource, registry: Registry): resource = find_resource(context, local_roles_info['path']) local_roles_info['roles'] = _deserialize_roles(local_roles_info['roles']) set_local_roles(resource, local_roles_info['roles'], registry)
def _store_data(self, appstruct): roles_list = appstruct.get('local_roles', []) if not roles_list: return roles = {x['principal']: set(x['roles']) for x in roles_list} set_local_roles(self.context, roles, self.registry)
def __call__(self, parent=None, appstructs={}, run_after_creation=True, creator=None, registry=None, request=None, send_event=True, **kwargs ): """Triggered when a ResourceFactory instance is called. Kwargs:: parent (IPool or None): Add the new resource to this pool. None value is allowed to create non persistent Resources (without OID/parent). Defaults to None. appstructs (dict): Key/Values of sheet appstruct data. Key is identifier of a sheet interface. Value is the data to set. after_creation (bool): Whether to invoke after_creation hooks, If parent is None you should set this False Default is True. creator (IResource or None): The resource of the creating user to set the right metadata. registry (Registry or None): Registry passed to creation eventes. If None :func:`pyramid.threadlocal.get_current_registry` is called. Default is None. request (Request or None): passed to :class:`adhocracy_core.interfaces.IResourceSheetModified'events send_event (bool): send :class:`adhocracy_core.interfaces.IResourceCreatedAndAdded` event. Default is True. **kwargs: Arbitary keyword arguments. Will be passed along with 'creator' to the `after_creation` hook as 3rd argument `options`. Returns: object (IResource): the newly created resource Raises: KeyError: if self.metadata.use_autonaming is False and the `resource name` is not given or already used in the `parent` pool. You can set the `resource name` with appstruct data for the name sheet (:mod:`adhocracy_core.sheets.name`). ComponentLookupError: if `appstructs` contains sheet data for non existing sheets. """ resource = self.meta.content_class() directlyProvides(resource, self.meta.iresource) isheets = self.meta.basic_sheets + self.meta.extended_sheets alsoProvides(resource, isheets) if registry is None: registry = get_current_registry() if parent is not None: self._add(parent, resource, appstructs, registry) else: resource.__parent__ = None resource.__name__ = '' for key, struct in appstructs.items(): isheet = DottedNameResolver().maybe_resolve(key) sheet = get_sheet(resource, isheet, registry=registry) if sheet.meta.creatable: sheet.set(struct, send_event=False, request=request) # Fixme: Sideffect. We change here the passed creator because the # creator of user resources should always be the created user. # A better solution would be to have custom adapter to add # resources. # To prevent import circles we do not import at module level. from adhocracy_core.resources.principal import IUser if IUser.providedBy(resource): creator = resource if creator is not None: userid = resource_path(creator) set_local_roles(resource, {userid: {'role:creator'}}) if IMetadata.providedBy(resource): metadata = self._get_metadata(resource, creator, registry) sheet = get_sheet(resource, IMetadata, registry=registry) sheet.set(metadata, send_event=False, request=request, omit_readonly=False) if run_after_creation: for call in self.meta.after_creation: kwargs['creator'] = creator call(resource, registry, options=kwargs) if send_event: self._notify_new_resource_created_and_added(resource, registry, creator) return resource
def _set_local_roles(local_roles_info: dict, context: IResource, registry: Registry): resource = find_resource(context, local_roles_info["path"]) local_roles_info["roles"] = _deserialize_roles(local_roles_info["roles"]) set_local_roles(resource, local_roles_info["roles"])