def query_iterator(query, parent): """Generator of the items in a query. Checks if the user has view permission on the objects """ for item in query: item.__parent__ = parent if checkPermission(view_permission(item), item): yield item
def for_display(self): """Do not display viewlet unless the user can view at least one item. """ if len(self.context): for item in self.context.values(): if checkPermission(view_permission(item), item): return True return False
def values(self): workflow = capi.get_type_info(self.context.domain_model).workflow public_wfstates = workflow.get_state_ids(tagged=["public"], restrict=False) return [ x for x in self.context.values() if checkPermission(view_permission(x), x) and x.status in public_wfstates ]
def version_data_items(self): # version log is only concerned with own versions (not of any child # objects) i.e. only own "version changes"; as "data_provider" we # simply use the versions attribute on context: if self._data_items is None: self._data_items = [] # sorted desc by sqlalchemy, so following sorting not necessary: permission = view_permission(self.context) for v in removeSecurityProxy(self.context).versions: if checkPermission(permission, v): self._data_items.append(v) return self._data_items
def _query(self, **kw): principal = common.get_request_principal() roles = get_workspace_roles() group_roles_domain_status = self.item_status_filter(kw, roles) session = Session() results = [] count = 0 reverse = True if (kw.get("sort_dir", "desc") == "desc") else False for domain_class, status in group_roles_domain_status.iteritems(): query = session.query(domain_class).filter( domain_class.status.in_(status)).enable_eagerloads(False) #filter on title query = self.filter_title(query, domain_class, kw) #filter on status_date query = self.filter_status_date(query, domain_class, kw) # Order results query = self.order_query(query, domain_class, kw, reverse) results.extend(query.all()) for obj_role in ROLES_DIRECTLY_DEFINED_ON_OBJECTS: object_roles_domain_status = self.item_status_filter( kw, [obj_role]) for domain_class, status in object_roles_domain_status.iteritems(): query = session.query(domain_class).filter( domain_class.status.in_(status)).enable_eagerloads(False) #filter on title query = self.filter_title(query, domain_class, kw) #filter on status_date query = self.filter_status_date(query, domain_class, kw) # Order results query = self.order_query(query, domain_class, kw, reverse) for obj in query.all(): if obj in results: continue prm = IPrincipalRoleMap(obj) if (prm.getSetting(obj_role, principal.id) == Allow): results.append( contained(obj, self, self.string_key(obj))) results = [ item for item in results if checkPermission(view_permission(item), contained(item, self, self.string_key(item))) ] # Sort items if (kw.get("sort_on", None) and kw.get("sort_dir", None)): results.sort(key=lambda x: getattr(x, str(kw.get("sort_on"))), reverse=reverse) count = len(results) if not (kw.get("filter_title", None) or kw.get("filter_type", None) or kw.get("filter_status", None) or kw.get("filter_status_date", None)): self.set_tab_count(principal.id, count) return (results, count)
def _query(self, **kw): principal = utils.get_principal() roles = get_workspace_roles() group_roles_domain_status = self.item_status_filter(kw, roles) session = Session() results = [] count = 0 reverse = True if (kw.get("sort_dir", "desc") == "desc") else False for domain_class, status in group_roles_domain_status.iteritems(): query = session.query(domain_class).filter( domain_class.status.in_(status)).enable_eagerloads(False) #filter on title query = self.filter_title(query, domain_class, kw) #filter on status_date query = self.filter_status_date(query, domain_class, kw) # Order results query = self.order_query(query, domain_class, kw, reverse) results.extend(query.all()) for obj_role in ROLES_DIRECTLY_DEFINED_ON_OBJECTS: object_roles_domain_status = self.item_status_filter( kw, [obj_role]) for domain_class, status in object_roles_domain_status.iteritems(): query = session.query(domain_class).filter( domain_class.status.in_(status)).enable_eagerloads(False) #filter on title query = self.filter_title(query, domain_class, kw) #filter on status_date query = self.filter_status_date(query, domain_class, kw) # Order results query = self.order_query(query, domain_class, kw, reverse) for obj in query.all(): if obj in results: continue prm = IPrincipalRoleMap(obj) if (prm.getSetting(obj_role, principal.id) == Allow): results.append( contained(obj, self, self.string_key(obj))) results = [item for item in results if checkPermission( view_permission(item), contained(item, self, self.string_key(item)))] # Sort items if (kw.get("sort_on", None) and kw.get("sort_dir", None)): results.sort(key=lambda x: getattr(x, str(kw.get("sort_on"))), reverse=reverse) count = len(results) if not (kw.get("filter_title", None) or kw.get("filter_type", None) or kw.get("filter_status", None) or kw.get("filter_status_date", None) ): self.set_tab_count(principal.id, count) return (results, count)
def _query(self, **kw): # !+REWORK **kw to be explicit keywords, see context.query() in ui/workspace.py session = Session() results = [] count = 0 reverse = True if (kw.get("sort_dir", "desc") == "desc") else False principal_id = common.get_request_principal().id def extend_results_for_roles(roles): domain_status = self.item_status_filter(kw, roles) OBJECT_ROLES = [ role for role in roles if role in ROLES_DIRECTLY_DEFINED_ON_OBJECTS ] for domain_class, status in domain_status.iteritems(): query = session.query(domain_class).filter( domain_class.status.in_(status)).enable_eagerloads(False) query = self.filter_group(query, domain_class, kw) query = self.filter_title(query, domain_class, kw) query = self.filter_status_date(query, domain_class, kw) query = self.order_query(query, domain_class, kw, reverse) for obj in query.all(): if obj in results: continue if OBJECT_ROLES: prm = IPrincipalRoleMap(obj) if not prm.getSetting(obj_role, principal_id) == Allow: continue results.append(contained(obj, self, self.string_key(obj))) # get results for roles extend_results_for_roles(get_workspace_roles()) for obj_role in ROLES_DIRECTLY_DEFINED_ON_OBJECTS: extend_results_for_roles([obj_role]) # filter results = [ item for item in results if checkPermission(view_permission(item), item) ] # sort items if (kw.get("sort_on", None) and kw.get("sort_dir", None)): results.sort(key=lambda x: getattr(x, str(kw.get("sort_on"))), reverse=reverse) count = len(results) if not (kw.get("filter_title", None) or kw.get("filter_type", None) or kw.get("filter_status", None) or kw.get("filter_status_date", None)): self.set_tab_count(principal_id, count) return (results, count)
def _query(self, **kw): # !+REWORK **kw to be explicit keywords, see context.query() in ui/workspace.py session = Session() results = [] count = 0 reverse = True if (kw.get("sort_dir", "desc") == "desc") else False principal_id = common.get_request_principal().id def extend_results_for_roles(roles): domain_status = self.item_status_filter(kw, roles) OBJECT_ROLES = [ role for role in roles if role in ROLES_DIRECTLY_DEFINED_ON_OBJECTS ] for domain_class, status in domain_status.iteritems(): query = session.query(domain_class).filter( domain_class.status.in_(status)).enable_eagerloads(False) query = self.filter_group(query, domain_class, kw) query = self.filter_title(query, domain_class, kw) query = self.filter_status_date(query, domain_class, kw) query = self.order_query(query, domain_class, kw, reverse) for obj in query.all(): if obj in results: continue if OBJECT_ROLES: prm = IPrincipalRoleMap(obj) if not prm.getSetting(obj_role, principal_id) == Allow: continue results.append(contained(obj, self, self.string_key(obj))) # get results for roles extend_results_for_roles(get_workspace_roles()) for obj_role in ROLES_DIRECTLY_DEFINED_ON_OBJECTS: extend_results_for_roles([obj_role]) # filter results = [ item for item in results if checkPermission(view_permission(item), item) ] # sort items if (kw.get("sort_on", None) and kw.get("sort_dir", None)): results.sort(key=lambda x: getattr(x, str(kw.get("sort_on"))), reverse=reverse) count = len(results) if not (kw.get("filter_title", None) or kw.get("filter_type", None) or kw.get("filter_status", None) or kw.get("filter_status_date", None) ): self.set_tab_count(principal_id, count) return (results, count)
def list_container_items(container_instance, permission=None): """Generate list of container items with permission check Note that we first try to generate the permission name or fall back to zope.View """ sort_fields = [] from bungeni.core.workflows.utils import view_permission trusted = proxy.removeSecurityProxy(container_instance) domain_model = trusted._class type_info = capi.get_type_info(domain_model) descriptor = type_info.descriptor_model if descriptor.sort_on: order_func = sort_dir_funcs.get(descriptor.sort_dir, sql.desc) for field in descriptor.sort_on: sort_fields.append(order_func(getattr(domain_model, field))) if not permission: permission = view_permission(domain_model) for item in trusted.batch(limit=None, order_by=tuple(sort_fields)): if checkPermission(permission, item): yield item
def append_visible_changes_on_item(item): permission = view_permission(item) for c in domain.get_changes(item, *self.param_audit_actions): if checkPermission(permission, c): changes.append(c)