def append_to(self, parent):
"""
Adds the item to the specified container.
@param parent: The id of the destination container or the container
itself
@type parent: str OR L{Container}
@return: None
"""
if isinstance(parent, basestring):
parent = db._db.get_item(parent)
contentclass = self.get_contentclass()
user = context.user
user_role = permsresolver.get_access(parent, user)
if user_role == permsresolver.READER:
raise exceptions.PermissionDenied(
'The user does not have write permissions '
'on the parent folder.')
if contentclass not in parent.containment:
raise exceptions.ContainmentError(
'The target container does not accept '
'objects of type\n"%s".' % contentclass)
# set security to new item
if user_role == permsresolver.COORDINATOR:
# user is COORDINATOR
self._apply_security(parent, True)
else:
# user is not COORDINATOR
self.inheritRoles = True
self.security = parent.security
self._owner = user._id
self._created = time.time()
self.modifiedBy = user.displayName.value
self.modified = time.time()
self._pid = parent._id
db._db.handle_update(self, None)
db._db.put_item(self)
if self.isCollection:
parent._nc += 1
else:
parent._ni += 1
parent.modified = self.modified
db._db.put_item(parent)
db._db.handle_post_update(self, None)
def copy_to(self, target):
"""
Copies the item to the designated target.
@param target: The id of the target container or the container object
itself
@type target: str OR L{Container}
@return: None
@raise L{porcupine.exceptions.ObjectNotFound}:
If the target container does not exist.
"""
if isinstance(target, (str, bytes)):
target = db._db.get_item(target)
if target is None or target._isDeleted:
raise exceptions.ObjectNotFound(
'The target container does not exist.')
contentclass = self.get_contentclass()
if self.isCollection and target.is_contained_in(self._id):
raise exceptions.ContainmentError(
'Cannot copy item to destination.\n'
'The destination is contained in the source.')
# check permissions on target folder
user = context.user
user_role = permsresolver.get_access(target, user)
if not (self._isSystem) and user_role > permsresolver.READER:
if contentclass not in target.containment:
raise exceptions.ContainmentError(
'The target container does not accept '
'objects of type\n"%s".' % contentclass)
self._copy(target, clear_inherited=True)
# update parent
if self.isCollection:
target._nc += 1
else:
target._ni += 1
target.modified = time.time()
db._db.put_item(target)
else:
raise exceptions.PermissionDenied(
'The object was not copied.\n'
'The user has insufficient permissions.')
def _restore(self, deleted, target):
"""
Restores a logically deleted item to the designated target.
@return: None
"""
# check permissions
user = context.user
user_role = permsresolver.get_access(target, user)
if user_role > permsresolver.READER:
deleted._pid = target._id
deleted.inheritRoles = False
deleted._undelete()
else:
raise exceptions.PermissionDenied(
'The user does not have write permissions on the '
'destination folder.')
def recycle(self, rb_id):
"""
Moves the item to the specified recycle bin.
The item then becomes inaccessible.
@param rb_id: The id of the destination container, which must be
a L{RecycleBin} instance
@type rb_id: str
@return: None
"""
user = context.user
self_ = db._db.get_item(self._id)
user_role = permsresolver.get_access(self_, user)
can_delete = (user_role > permsresolver.AUTHOR) or \
(user_role == permsresolver.AUTHOR and
self_._owner == user._id)
if (not (self_._isSystem) and can_delete):
deleted = DeletedItem(self_)
deleted._owner = user._id
deleted._created = time.time()
deleted.modifiedBy = user.displayName.value
deleted.modified = time.time()
deleted._pid = rb_id
# check recycle bin's containment
recycle_bin = db._db.get_item(rb_id)
if deleted.get_contentclass() not in recycle_bin.containment:
raise exceptions.ContainmentError(
'The target container does not accept '
'objects of type\n"%s".' % deleted.get_contentclass())
db._db.handle_update(deleted, None)
db._db.put_item(deleted)
db._db.handle_post_update(deleted, None)
# delete item logically
self_._recycle()
else:
raise exceptions.PermissionDenied(
'The object was not deleted.\n'
'The user has insufficient permissions.')
def delete(self):
"""
Deletes the item permanently.
@return: None
"""
user = context.user
self_ = db._db.get_item(self._id)
user_role = permsresolver.get_access(self_, user)
can_delete = (user_role > permsresolver.AUTHOR) or \
(user_role == permsresolver.AUTHOR and self_._owner == user._id)
if (not (self_._isSystem) and can_delete):
# delete item physically
self_._delete()
else:
raise exceptions.PermissionDenied(
'The object was not deleted.\n'
'The user has insufficient permissions.')
def update(self):
"""
Updates the item.
@return: None
"""
old_item = db._db.get_item(self._id)
if self._pid is not None:
parent = db._db.get_item(self._pid)
else:
parent = None
user = context.user
user_role = permsresolver.get_access(old_item, user)
if user_role > permsresolver.READER:
# set security
if user_role == permsresolver.COORDINATOR:
# user is COORDINATOR
if (self.inheritRoles != old_item.inheritRoles) or \
(not self.inheritRoles and \
self.security != old_item.security):
self._apply_security(parent, False)
else:
# restore previous ACL
self.security = old_item.security
self.inheritRoles = old_item.inheritRoles
self.modifiedBy = user.displayName.value
self.modified = time.time()
db._db.handle_update(self, old_item)
db._db.put_item(self)
if parent is not None:
parent.modified = self.modified
db._db.put_item(parent)
db._db.handle_post_update(self, old_item)
else:
raise exceptions.PermissionDenied(
'The user does not have update permissions.')
def apply(context, item, registration, **kwargs):
policyid = kwargs['policyid']
policy = _db.get_item(policyid)
user = context.user
policyGrantedTo = policy.policyGranted.value
userID = user._id
if userID in policyGrantedTo or user.is_admin():
return
memberOf = ['everyone']
memberOf.extend(user.memberof.value)
if hasattr(user, 'authenticate'):
memberOf.append('authusers')
for groupid in memberOf:
if groupid in policyGrantedTo:
return
raise exceptions.PermissionDenied(
"This action is restricted due to policy '%s'" %
policy.displayName.value)
def move_to(self, target):
"""
Moves the item to the designated target.
@param target: The id of the target container or the container object
itself
@type target: str OR L{Container}
@return: None
@raise L{porcupine.exceptions.ObjectNotFound}:
If the target container does not exist.
"""
user = context.user
user_role = permsresolver.get_access(self, user)
can_move = (user_role > permsresolver.AUTHOR)
## or (user_role == permsresolver.AUTHOR and oItem.owner == user.id)
parent_id = self._pid
if isinstance(target, (str, bytes)):
target = db._db.get_item(target)
if target is None or target._isDeleted:
raise exceptions.ObjectNotFound(
'The target container does not exist.')
contentclass = self.get_contentclass()
user_role2 = permsresolver.get_access(target, user)
if self.isCollection and target.is_contained_in(self._id):
raise exceptions.ContainmentError(
'Cannot move item to destination.\n'
'The destination is contained in the source.')
if (not (self._isSystem) and can_move
and user_role2 > permsresolver.READER):
if contentclass not in target.containment:
raise exceptions.ContainmentError(
'The target container does not accept '
'objects of type\n"%s".' % contentclass)
db._db.delete_item(self)
self._pid = target._id
self.inheritRoles = False
self.modified = time.time()
db._db.put_item(self)
# update target
if self.isCollection:
target._nc += 1
else:
target._ni += 1
target.modified = time.time()
db._db.put_item(target)
# update parent
parent = db._db.get_item(parent_id)
parent.modified = time.time()
db._db.put_item(parent)
else:
raise exceptions.PermissionDenied(
'The object was not moved.\n'
'The user has insufficient permissions.')