def update_manager(organization, managers):
managers_toadd = [u for u in managers
if not has_role(
user=u,
role=('OrganizationResponsible',
organization))]
managers_todel = [u for u in organization.managers
if u not in managers]
for manager in managers_todel:
revoke_roles(manager, (('OrganizationResponsible',
organization),))
for manager in managers_toadd:
grant_roles(user=manager,
roles=(('OrganizationResponsible',
organization),))
for manager in managers:
if manager not in organization.members:
organization.addtoproperty('members', manager)
for member in organization.members:
grant_roles(user=member,
roles=(('OrganizationMember',
organization),))
def set_organization(self, organization):
current_organization = self.organization
if organization:
if current_organization is not organization:
is_manager = current_organization and has_role(
('OrganizationResponsible', current_organization),
self,
ignore_superiors=True)
if current_organization and is_manager:
revoke_roles(
self,
(('OrganizationResponsible', current_organization), ))
self.setproperty('organization', organization)
elif current_organization:
is_manager = has_role(
('OrganizationResponsible', current_organization),
self,
ignore_superiors=True)
if is_manager:
revoke_roles(
self,
(('OrganizationResponsible', current_organization), ))
self.delfromproperty('organization', current_organization)
def _set(self, new_managers):
old_managers = self.managers
managers_toadd = [u for u in new_managers if u not in old_managers]
managers_todel = [u for u in old_managers if u not in new_managers]
for manager in managers_todel:
revoke_roles(manager, (('OrganizationResponsible', self), ))
for manager in managers_toadd:
for current_org in manager.managed_organization:
revoke_roles(manager,
(('OrganizationResponsible', current_org), ))
grant_roles(user=manager,
roles=(('OrganizationResponsible', self), ))
def unsubscribe(self, context, user, **kwargs):
if not hasattr(user, 'customeraccount'):
user = getattr(self, 'customer', None)
if not user and hasattr(context, 'customer') and\
context.customer:
user = context.customer.user
customeraccount = getattr(user, 'customeraccount', None)
if customeraccount:
revoke_roles(user=user, roles=(("Owner", self), ))
customeraccount.delfromproperty('services', self)
if context:
context.delfromproperty('services', self)
def unsubscribe(self, context, user, **kwargs):
if not hasattr(user, 'customeraccount'):
user = getattr(self, 'customer', None)
if not user and hasattr(context, 'customer') and\
context.customer:
user = context.customer.user
customeraccount = getattr(user, 'customeraccount', None)
if customeraccount:
revoke_roles(user=user, roles=(("Owner", self),))
customeraccount.delfromproperty('services', self)
if context:
context.delfromproperty('services', self)
def start(self, context, request, appstruct, **kw):
context.modified_at = datetime.datetime.now(tz=pytz.UTC)
if isinstance(context.perimeter, SiteFolder):
revoke_roles(context.delegate,
roles=(('Moderator', context.perimeter), ),
root=context.perimeter)
context.delegate.reindex()
context.delegate = appstruct['delegate']
grant_roles(context.delegate,
roles=(("Moderator", context.perimeter), ))
else:
context.delegate = appstruct['delegate']
context.delegate.reindex()
context.reindex()
return {}
def start(self, context, request, appstruct, **kw):
members = appstruct['members']
for member in members:
if member in context.invited_users:
context.delfromproperty('invited_users', member)
revoke_roles(
user=member,
roles=(('ChallengeParticipant', context), ))
member.reindex()
context.reindex()
context.modified_at = datetime.datetime.now(tz=pytz.UTC)
request.registry.notify(ActivityExecuted(
self, [context], get_current()))
return {}
def start(self, context, request, appstruct, **kw):
if isinstance(context.perimeter, SiteFolder):
processes = [
p for p in context.involvers if p.discriminator == 'Service'
]
if processes:
runtime = find_service('runtime')
for process in processes:
runtime.delfromproperty('processes', process)
revoke_roles(context.delegate,
roles=(('Moderator', context.perimeter), ),
root=context.perimeter)
context.delegate.reindex()
context.unsubscribe(context.perimeter, context.customer.user)
return {}
def start(self, context, request, appstruct, **kw):
if isinstance(context.perimeter, SiteFolder):
processes = [p for p in context.involvers
if p.discriminator == 'Service']
if processes:
runtime = find_service('runtime')
for process in processes:
runtime.delfromproperty('processes', process)
revoke_roles(
context.delegate,
roles=(('Moderator', context.perimeter),),
root=context.perimeter)
context.delegate.reindex()
context.unsubscribe(context.perimeter, context.customer.user)
return {}
def start(self, context, request, appstruct, **kw):
members = appstruct['members']
for member in members:
if member in context.members:
context.delfromproperty('members', member)
if has_role(user=member,
role=('OrganizationResponsible', context),
ignore_superiors=True):
revoke_roles(
user=member,
roles=(('OrganizationResponsible', context), ))
member.reindex()
context.reindex()
context.modified_at = datetime.datetime.now(tz=pytz.UTC)
request.registry.notify(ActivityExecuted(
self, [context], get_current()))
return {}
def start(self, context, request, appstruct, **kw):
members = appstruct['members']
for member in members:
if member in context.members:
context.delfromproperty('members', member)
if has_role(user=member,
role=('OrganizationResponsible', context),
ignore_superiors=True):
revoke_roles(user=member,
roles=(('OrganizationResponsible',
context), ))
member.reindex()
context.reindex()
context.modified_at = datetime.datetime.now(tz=pytz.UTC)
request.registry.notify(
ActivityExecuted(self, [context], get_current()))
return {}
def start(self, context, request, appstruct, **kw):
context.modified_at = datetime.datetime.now(tz=pytz.UTC)
if isinstance(context.perimeter, SiteFolder):
revoke_roles(
context.delegate,
roles=(('Moderator', context.perimeter),),
root=context.perimeter)
context.delegate.reindex()
context.delegate = appstruct['delegate']
grant_roles(
context.delegate,
roles=(("Moderator", context.perimeter),))
else:
context.delegate = appstruct['delegate']
context.delegate.reindex()
context.reindex()
return {}
def empty(self, remove_author=True):
author = self.proposal.author
self.state = PersistentList(['deactivated'])
self.setproperty('wating_list', [])
if hasattr(self, 'first_improvement_cycle'):
del self.first_improvement_cycle
if hasattr(self, 'first_vote'):
del self.first_vote
members = self.members
if remove_author and author in members:
members.remove(author)
for member in members:
self.delfromproperty('members', member)
revoke_roles(member, (('Participant', self.proposal), ))
self.init_nonproductive_cycle()
def _set(self, new_managers):
old_managers = self.managers
managers_toadd = [u for u in new_managers
if u not in old_managers]
managers_todel = [u for u in old_managers
if u not in new_managers]
for manager in managers_todel:
revoke_roles(manager, (('OrganizationResponsible',
self),))
for manager in managers_toadd:
for current_org in manager.managed_organization:
revoke_roles(manager, (('OrganizationResponsible',
current_org),))
grant_roles(user=manager,
roles=(('OrganizationResponsible',
self),))
def empty(self, remove_author=True):
author = self.proposal.author
self.state = PersistentList(['deactivated'])
self.setproperty('wating_list', [])
if hasattr(self, 'first_improvement_cycle'):
del self.first_improvement_cycle
if hasattr(self, 'first_vote'):
del self.first_vote
members = self.members
if remove_author and author in members:
members.remove(author)
for member in members:
self.delfromproperty('members', member)
revoke_roles(member, (('Participant', self.proposal),))
self.init_nonproductive_cycle()
def start(self, context, request, appstruct, **kw):
new_roles = list(appstruct['roles'])
authorized_roles = get_authorized_roles()
new_roles = [r for r in new_roles if r in authorized_roles]
if new_roles:
current_roles = [
r for r in get_roles(context)
if not getattr(DACE_ROLES.get(r, None), 'islocal', False)
]
roles_to_revoke = [r for r in current_roles if r not in new_roles]
roles_to_grant = [r for r in new_roles if r not in current_roles]
revoke_roles(context, roles_to_revoke)
grant_roles(context, roles_to_grant)
context.modified_at = datetime.datetime.now(tz=pytz.UTC)
context.reindex()
request.registry.notify(
ActivityExecuted(self, [context], get_current()))
return {}
def start(self, context, request, appstruct, **kw):
new_roles = list(appstruct['roles'])
authorized_roles = get_authorized_roles()
new_roles = [r for r in new_roles if r in authorized_roles]
if new_roles:
current_roles = [r for r in get_roles(context) if
not getattr(
DACE_ROLES.get(r, None), 'islocal', False)]
roles_to_revoke = [r for r in current_roles
if r not in new_roles]
roles_to_grant = [r for r in new_roles
if r not in current_roles]
revoke_roles(context, roles_to_revoke)
grant_roles(context, roles_to_grant)
context.modified_at = datetime.datetime.now(tz=pytz.UTC)
context.reindex()
request.registry.notify(ActivityExecuted(
self, [context], get_current()))
return {}
def start(self, context, request, appstruct, **kw):
organization = appstruct['organization']
if organization:
is_manager = appstruct['ismanager']
context.set_organization(organization)
if is_manager:
grant_roles(user=context,
roles=(('OrganizationResponsible',
organization), ))
else:
revoke_roles(user=context,
roles=(('OrganizationResponsible',
organization), ))
context.reindex()
context.modified_at = datetime.datetime.now(tz=pytz.UTC)
request.registry.notify(
ActivityExecuted(self, [context], get_current()))
return {}
def after_execution(self, context, request, **kw):
content = self.process.execution_context.involved_entity('content')
close_ballot(self, content, request)
# content not removed
if content and content.__parent__:
root = getSite()
moderators = self.process.execution_context.get_involved_collection(
'electors')
for moderator in moderators:
revoke_roles(user=moderator,
roles=(('LocalModerator', content), ))
ballots = getattr(self.sub_process, 'ballots', [])
ballot = None
for ballot_ in ballots:
ballot_.finish_ballot()
ballot = ballot_
ballot_oid = get_oid(ballot, '')
ballot_url = request.resource_url(
root, '@@seeballot', query={'id': ballot_oid}) \
if ballot_oid else None
accepted = ballot_result(self, _marker)
if accepted:
ignore(content, request, root)
alert('internal', [request.root],
moderators,
internal_kind=InternalAlertKind.moderation_alert,
subjects=[content],
alert_kind='object_report_ignored',
ballot=ballot_url if accepted is not _marker else None)
else:
censor(content, request, root, ballot_url=ballot_url)
alert('internal', [request.root],
moderators,
internal_kind=InternalAlertKind.moderation_alert,
subjects=[content],
alert_kind='object_censor',
ballot=ballot_url)
super(ModerationVote, self).after_execution(content, request, **kw)
def start(self, context, request, appstruct, **kw):
new_roles = list(appstruct['roles'])
site = get_site_folder(True)
if 'global_site' in kw:
site = getSite()
current_roles = [r for r in get_roles(context, root=site,
ignore_groups=True)
if not getattr(DACE_ROLES.get(r, None),
'islocal', False)]
roles_to_revoke = [(r, site) for r in current_roles
if r not in new_roles]
roles_to_grant = [(r, site) for r in new_roles
if r not in current_roles]
revoke_roles(context, roles_to_revoke)
grant_roles(context, roles_to_grant)
if 'Member' in roles_to_grant:
grant_roles(context, ('Member',))
context.reindex()
request.registry.notify(ActivityExecuted(self, [context], get_current()))
return {}
def start(self, context, request, appstruct, **kw):
organization = appstruct['organization']
if organization:
is_manager = appstruct['ismanager']
context.set_organization(organization)
if is_manager:
grant_roles(
user=context,
roles=(('OrganizationResponsible',
organization),))
else:
revoke_roles(
user=context,
roles=(('OrganizationResponsible',
organization),))
context.reindex()
context.modified_at = datetime.datetime.now(tz=pytz.UTC)
request.registry.notify(ActivityExecuted(
self, [context], get_current()))
return {}
def set_organization(self, organization):
current_organization = self.organization
if organization:
if current_organization is not organization:
is_manager = current_organization and has_role(
('OrganizationResponsible', current_organization), self,
ignore_superiors=True)
if current_organization and is_manager:
revoke_roles(
self,
(('OrganizationResponsible', current_organization),))
self.setproperty('organization', organization)
elif current_organization:
is_manager = has_role(
('OrganizationResponsible', current_organization), self,
ignore_superiors=True)
if is_manager:
revoke_roles(
self,
(('OrganizationResponsible', current_organization),))
self.delfromproperty('organization', current_organization)
def start(self, context, request, appstruct, **kw):
new_roles = list(appstruct['roles'])
site = get_site_folder(True)
if 'global_site' in kw:
site = getSite()
current_roles = [
r for r in get_roles(context, root=site, ignore_groups=True)
if not getattr(DACE_ROLES.get(r, None), 'islocal', False)
]
roles_to_revoke = [(r, site) for r in current_roles
if r not in new_roles]
roles_to_grant = [(r, site) for r in new_roles
if r not in current_roles]
revoke_roles(context, roles_to_revoke)
grant_roles(context, roles_to_grant)
if 'Member' in roles_to_grant:
grant_roles(context, ('Member', ))
context.reindex()
request.registry.notify(
ActivityExecuted(self, [context], get_current()))
return {}
def test_grantroles(self):
object1, object2 = self._create_objects()
user = self.request.user #Admin
self.assertEqual(len(get_roles(user)), 1)
self.assertTrue(has_any_roles(user, roles=('Admin', )))
grant_roles(user, roles=('Collaborator', ('Owner', object1)))
self.assertTrue(has_any_roles(user, roles=('Collaborator', 'Owner')))
self.assertTrue(has_any_roles(user, roles=('Collaborator', ('Owner', object1))))
self.assertFalse(has_any_roles(user, roles=(('Owner', object2),)))
roles = get_roles(user)
self.assertEqual(len(roles), 3)
self.assertIn('Collaborator',roles)
self.assertIn('Owner',roles)
self.assertIn('Admin',roles)
self.assertTrue(has_all_roles(user, ('Collaborator', 'Owner')))
self.assertFalse(has_all_roles(user, ('Collaborator', 'Owner', 'Other')))
users = get_users_with_role(role=('Owner', object1))
self.assertEqual(len(users), 1)
self.assertIn(self.request.user,users)
users = get_users_with_role(role='Owner')
self.assertEqual(len(users), 1)
self.assertIn(self.request.user,users)
objects = get_objects_with_role(user=self.request.user, role='Owner')
self.assertEqual(len(objects), 1)
self.assertIn(object1,objects)
revoke_roles(user, roles=(('Owner', object1),))
self.assertFalse(has_all_roles(user, ('Collaborator', 'Owner')))
self.assertTrue(has_all_roles(user, ('Collaborator', )))
revoke_roles(user, roles=('Collaborator', ))
self.assertEqual(len(get_roles(user)), 1)
self.request.user = self.users['alice']
user = self.request.user #Alice
roles = get_roles(user)
self.assertEqual(len(roles), 0)
grant_roles(user, roles=('Admin',))
roles = get_roles(user)
self.assertEqual(len(roles), 1)
self.assertIn('Admin',roles)
self.assertTrue(has_any_roles(user, roles=('Collaborator', )))
revoke_roles(user, roles=('Admin', ))
self.assertFalse(has_any_roles(user, roles=('Collaborator', )))
grant_roles(user, roles=('Developer',))
roles = get_roles(user)
self.assertEqual(len(roles), 1)
self.assertIn('Developer',roles)
self.assertTrue(has_any_roles(user, roles=('Collaborator', )))
self.assertFalse(has_any_roles(user, ('Collaborator', ), True)) #exclude superiors
#Anonymous
self.request.user = None
roles = get_roles()
self.assertEqual(len(roles), 1)
self.assertIn('Anonymous',roles)
self.assertFalse(has_any_roles(roles=('Collaborator', 'Owner')))
self.assertTrue(has_any_roles(roles=('Anonymous',)))
def test_grantroles(self):
object1, object2 = self._create_objects()
user = self.request.user #Admin
self.assertEqual(len(get_roles(user)), 1)
self.assertTrue(has_any_roles(user, roles=('Admin', )))
grant_roles(user, roles=('Collaborator', ('Owner', object1)))
self.assertTrue(has_any_roles(user, roles=('Collaborator', 'Owner')))
self.assertTrue(has_any_roles(user, roles=('Collaborator', ('Owner', object1))))
self.assertFalse(has_any_roles(user, roles=(('Owner', object2),)))
roles = get_roles(user)
self.assertEqual(len(roles), 3)
self.assertIn('Collaborator',roles)
self.assertIn('Owner',roles)
self.assertIn('Admin',roles)
self.assertTrue(has_all_roles(user, ('Collaborator', 'Owner')))
self.assertFalse(has_all_roles(user, ('Collaborator', 'Owner', 'Other')))
users = get_users_with_role(role=('Owner', object1))
self.assertEqual(len(users), 1)
self.assertIn(self.request.user,users)
users = get_users_with_role(role='Owner')
self.assertEqual(len(users), 1)
self.assertIn(self.request.user,users)
objects = get_objects_with_role(user=self.request.user, role='Owner')
self.assertEqual(len(objects), 1)
self.assertIn(object1,objects)
revoke_roles(user, roles=(('Owner', object1),))
self.assertFalse(has_all_roles(user, ('Collaborator', 'Owner')))
self.assertTrue(has_all_roles(user, ('Collaborator', )))
revoke_roles(user, roles=('Collaborator', ))
self.assertEqual(len(get_roles(user)), 1)
self.request.user = self.users['alice']
user = self.request.user #Alice
roles = get_roles(user)
self.assertEqual(len(roles), 0)
grant_roles(user, roles=('Admin',))
roles = get_roles(user)
self.assertEqual(len(roles), 1)
self.assertIn('Admin',roles)
self.assertTrue(has_any_roles(user, roles=('Collaborator', )))
revoke_roles(user, roles=('Admin', ))
self.assertFalse(has_any_roles(user, roles=('Collaborator', )))
grant_roles(user, roles=('Developer',))
roles = get_roles(user)
self.assertEqual(len(roles), 1)
self.assertIn('Developer',roles)
self.assertTrue(has_any_roles(user, roles=('Collaborator', )))
self.assertFalse(has_any_roles(user, ('Collaborator', ), True)) #exclude superiors
#Anonymous
self.request.user = None
roles = get_roles()
self.assertEqual(len(roles), 1)
self.assertIn('Anonymous',roles)
self.assertFalse(has_any_roles(roles=('Collaborator', 'Owner')))
self.assertTrue(has_any_roles(roles=('Anonymous',)))