def evolve(site): offices = site.get('offices') if offices is None: return for doc in postorder(offices): if hasattr(doc, '__custom_acl__'): continue try: ct = get_content_type(doc) except: continue if ct is None: continue wf = get_workflow(ct, 'security', doc) if wf is None: continue if wf.name != 'intranet-content': continue print 'Resetting workflow for', model_path(doc) wf.reset(doc) _reindex(offices)
def _reindex(ob, texts=False): catalog = find_catalog(ob) if catalog is None: return # Will be true for a mailin test trace # XXX reindexing the 'path' index can be removed once we've # removed the last ACLChecker spelled in catalog queries from the # code; this is the "old" way of doing security filtering. path_index = catalog['path'] path_index.reindex_doc(ob.docid, ob) # In some cases changing the workflow state of an object can change its # ranking in text search. if texts: text_index = catalog['texts'] text_index.reindex_doc(ob.docid, ob) # if the object is folderish, we need to reindex it plus all its # subobjects' 'allowed' index entries recursively; each object's # allowed value depends on its parents in the lineage allowed_index = catalog.get('allowed') if allowed_index is not None: for node in postorder(ob): if hasattr(node, 'docid'): allowed_index.reindex_doc(node.docid, node)
def mothball_community(community): catalog = find_catalog(community) tags = find_tags(community) def get_docid(doc): return catalog.document_map.docid_for_address(resource_path(doc)) # Unindex all documents, remove top level tools # Make copy of items so we're not mutating a BTree while traversing it for name, tool in list(community.items()): if name == 'members': # We probably want to hang on to historical membership data continue for doc in postorder(tool): # includes tool in traversal log.info("Removing %s", resource_path(doc)) docid = get_docid(doc) tags.delete(docid) catalog.unindex_doc(docid) del community[name] log.info("Removing tags") docid = get_docid(community) tags.delete(docid) catalog.unindex_doc(docid) community.description = 'This community has been archived.' community.text = render('templates/archived_community_text.pt', {'settings': get_current_registry().settings}) community.archive_status = 'archived' community.default_tool = None log.info("Finished removing content: %s", resource_path(community))
def mothball_community(community): catalog = find_catalog(community) tags = find_tags(community) def get_docid(doc): return catalog.document_map.docid_for_address(resource_path(doc)) # Unindex all documents, remove top level tools # Make copy of items so we're not mutating a BTree while traversing it for name, tool in list(community.items()): if name == 'members': # We probably want to hang on to historical membership data continue for doc in postorder(tool): # includes tool in traversal log.info("Removing %s", resource_path(doc)) docid = get_docid(doc) tags.delete(docid) catalog.unindex_doc(docid) del community[name] log.info("Removing tags") docid = get_docid(community) tags.delete(docid) catalog.unindex_doc(docid) community.description = 'This community has been archived.' community.text = render('templates/archived_community_text.pt', { 'settings': get_current_registry().settings}) community.archive_status = 'archived' community.default_tool = None log.info("Finished removing content: %s", resource_path(community))
def evolve(site): offices = site.get('offices') if offices is None: return for doc in postorder(offices): if hasattr(doc, '__custom_acl__'): continue try: ct = get_content_type(doc) except: continue if ct is None: continue wf = get_workflow(ct, 'security', doc) if wf is None: continue if wf.name != 'intranet-content': continue print 'Resetting workflow for', resource_path(doc) wf.reset(doc) _reindex(offices)
def modify_acl(context, acl): context.__custom_acl__ = acl # added so we can find customized obs later context.__acl__ = acl catalog = find_catalog(context) # Some objects w/ ACLs may not be indexed in the catalog. E.g., # People Directory entities. If not, they won't have 'docid'. docid = getattr(context, 'docid', None) if docid is not None and catalog is not None: allowed = catalog.get('allowed') if allowed is not None: for node in postorder(context): allowed.reindex_doc(node.docid, node) catalog.invalidate()
def _reindex(ob): catalog = find_catalog(ob) # XXX reindexing the 'path' index can be removed once we've # removed the last ACLChecker spelled in catalog queries from the # code; this is the "old" way of doing security filtering. path_index = catalog['path'] path_index.reindex_doc(ob.docid, ob) # if the object is folderish, we need to reindex it plus all its # subobjects' 'allowed' index entries recursively; each object's # allowed value depends on its parents in the lineage allowed_index = catalog.get('allowed') if allowed_index is not None: for node in postorder(ob): if hasattr(node, 'docid'): allowed_index.reindex_doc(node.docid, node)
def edit_acl_view(context, request): acl = original_acl = getattr(context, '__acl__', []) if acl and acl[-1] == NO_INHERIT: acl = acl[:-1] epilog = [NO_INHERIT] else: epilog = [] if 'form.move_up' in request.POST: index = int(request.POST['index']) if index > 0: new = acl[:] new[index-1], new[index] = new[index], new[index-1] acl = new elif 'form.move_down' in request.POST: index = int(request.POST['index']) if index < len(acl) - 1: new = acl[:] new[index+1], new[index] = new[index], new[index+1] acl = new elif 'form.remove' in request.POST: index = int(request.POST['index']) new = acl[:] del new[index] acl = new elif 'form.add' in request.POST: verb = request.POST['verb'] principal = request.POST['principal'] permissions = tuple(filter(None, COMMA_WS.split(request.POST['permissions']))) new = acl[:] new.append((verb, principal, permissions)) acl = new elif 'form.inherit' in request.POST: no_inherit = request.POST['inherit'] == 'disabled' if no_inherit: epilog = [NO_INHERIT] else: epilog = [] elif 'form.security_state' in request.POST: new_state = request.POST['security_state'] if new_state != 'CUSTOM': workflow = get_context_workflow(context) if hasattr(context, '__custom_acl__'): workflow.reset(context) del context.__custom_acl__ workflow.transition_to_state(context, request, new_state) acl = acl + epilog if acl != original_acl: context.__custom_acl__ = acl # added so we can find customized obs later context.__acl__ = acl catalog = find_catalog(context) if catalog is not None: allowed = catalog.get('allowed') if allowed is not None: for node in postorder(context): allowed.reindex_doc(node.docid, node) catalog.invalidate() workflow = get_context_workflow(context) if workflow is not None: if hasattr(context, '__custom_acl__'): security_state = 'CUSTOM' security_states = [s['name'] for s in workflow.state_info(context, request)] security_states.insert(0, 'CUSTOM') else: security_state = workflow.state_of(context) security_states = [s['name'] for s in get_security_states(workflow, context, request)] else: security_state = None security_states = None parent = context.__parent__ parent_acl = [] while parent is not None: p_acl = getattr(parent, '__acl__', ()) stop = False for ace in p_acl: if ace == NO_INHERIT: stop = True else: parent_acl.append(ace) if stop: break parent = parent.__parent__ local_acl = [] inheriting = 'enabled' l_acl = getattr(context, '__acl__', ()) for l_ace in l_acl: if l_ace == NO_INHERIT: inheriting = 'disabled' break local_acl.append(l_ace) return render_to_response( 'templates/edit_acl.pt', dict(parent_acl=parent_acl or (), local_acl=local_acl, inheriting=inheriting, security_state=security_state, security_states=security_states), request=request, )
def _callFUT(self, node): from karl.security.workflow import postorder return postorder(node)
def edit_acl_view(context, request): acl = original_acl = getattr(context, '__acl__', []) if acl and acl[-1] == NO_INHERIT: acl = acl[:-1] epilog = [NO_INHERIT] else: epilog = [] if 'form.move_up' in request.POST: index = int(request.POST['index']) if index > 0: new = acl[:] new[index - 1], new[index] = new[index], new[index - 1] acl = new elif 'form.move_down' in request.POST: index = int(request.POST['index']) if index < len(acl) - 1: new = acl[:] new[index + 1], new[index] = new[index], new[index + 1] acl = new elif 'form.remove' in request.POST: index = int(request.POST['index']) new = acl[:] del new[index] acl = new elif 'form.add' in request.POST: verb = request.POST['verb'] principal = request.POST['principal'] permissions = tuple( filter(None, COMMA_WS.split(request.POST['permissions']))) new = acl[:] new.append((verb, principal, permissions)) acl = new elif 'form.inherit' in request.POST: no_inherit = request.POST['inherit'] == 'disabled' if no_inherit: epilog = [NO_INHERIT] else: epilog = [] elif 'form.security_state' in request.POST: new_state = request.POST['security_state'] if new_state != 'CUSTOM': workflow = get_context_workflow(context) if hasattr(context, '__custom_acl__'): workflow.reset(context) del context.__custom_acl__ workflow.transition_to_state(context, request, new_state) acl = acl + epilog if acl != original_acl: context.__custom_acl__ = acl # added so we can find customized obs later context.__acl__ = acl catalog = find_catalog(context) if catalog is not None: allowed = catalog.get('allowed') if allowed is not None: for node in postorder(context): allowed.reindex_doc(node.docid, node) catalog.invalidate() workflow = get_context_workflow(context) if workflow is not None: if hasattr(context, '__custom_acl__'): security_state = 'CUSTOM' security_states = [ s['name'] for s in workflow.state_info(context, request) ] security_states.insert(0, 'CUSTOM') else: security_state = workflow.state_of(context) security_states = [ s['name'] for s in get_security_states(workflow, context, request) ] else: security_state = None security_states = None parent = context.__parent__ parent_acl = [] while parent is not None: p_acl = getattr(parent, '__acl__', ()) stop = False for ace in p_acl: if ace == NO_INHERIT: stop = True else: parent_acl.append(ace) if stop: break parent = parent.__parent__ local_acl = [] inheriting = 'enabled' l_acl = getattr(context, '__acl__', ()) for l_ace in l_acl: if l_ace == NO_INHERIT: inheriting = 'disabled' break local_acl.append(l_ace) return render_to_response( 'templates/edit_acl.pt', dict(parent_acl=parent_acl or (), local_acl=local_acl, inheriting=inheriting, security_state=security_state, security_states=security_states), request=request, )