コード例 #1
0
    def update(self, data):
        # get user role
        iUserRole = objectAccess.getAccess(self.item, self.session.user)
        if data.has_key('__rolesinherited') and iUserRole == objectAccess.COORDINATOR:
            self.item.inheritRoles = data.pop('__rolesinherited')
            if not self.item.inheritRoles:
                acl = data.pop('__acl')
                if acl:
                    security = {}
                    for descriptor in acl:
                        security[descriptor['id']] = int(descriptor['role'])
                    self.item.security = security

        for prop in data:
            oAttr = getattr(self.item, prop)
            if isinstance(oAttr, datatypes.File):
                # see if the user has uploaded a new file
                if data[prop]['tempfile']:
                    oAttr.filename = data[prop]['filename']
                    sPath = self.server.temp_folder + '/' + data[prop]['tempfile']
                    oAttr.loadFromFile(sPath)
                    os.remove(sPath)
            else:
                oAttr.value = data[prop]
        txn = self.server.store.getTransaction()
        self.item.update(txn)
        txn.commit()
        return True
コード例 #2
0
def getItem(sPath, trans=None):
    """
    Fetches an object from the database. If the user has no read permissions
    on the object then C{None} is returned.
    
    @param sPath: The object's ID or the object's full path.
    @type sPath: str
    
    @param trans: A valid transaction handle.
    
    @rtype: L{GenericItem<porcupine.systemObjects.GenericItem>}
    
    @raise porcupine.serverExceptions.DBItemNotFound: if the item does not exist
    """
    if (trans):
        trans.actions.append( (getItem, (sPath, trans)) )
    
    try:
        oItem = db.getItem(sPath, trans)
    except serverExceptions.DBTransactionIncomplete:
        trans.retry()

    # check read permissions
    if objectAccess.getAccess(oItem, currentThread().session.user):
        return(oItem)
    else:
        return(None)
コード例 #3
0
 def getSecurity(self, forItem, rolesInherited=None):
     sLang = self.request.getLang()
     user = self.session.user
     # get user role
     iUserRole = objectAccess.getAccess(forItem, user)
     if iUserRole == objectAccess.COORDINATOR:
         rolesInherited = rolesInherited or forItem.inheritRoles
         if rolesInherited:
             sChecked = 'true'
         else:
             sChecked = 'false'
         return SECURITY_TAB % (
             self.server.resources.getResource('SECURITY', sLang),
             sChecked,
             self.server.resources.getResource('ROLES_INHERITED', sLang),
             sChecked,
             self.server.resources.getResource('NAME', sLang),
             self.server.resources.getResource('ROLE', sLang),
             self.server.resources.getResource('ROLE_1', sLang),
             self.server.resources.getResource('ROLE_2', sLang),
             self.server.resources.getResource('ROLE_4', sLang),
             self.server.resources.getResource('ROLE_8', sLang),
             self.server.resources.getResource('ADD', sLang),
             self.server.resources.getResource('REMOVE', sLang)
         )
     else:
         return ''
コード例 #4
0
    def create(self, data):
        # create new item
        oNewItem = misc.getClassByName(data.pop('CC'))()

        # get user role
        iUserRole = objectAccess.getAccess(self.item, self.session.user)
        if data.has_key('__rolesinherited') and iUserRole == objectAccess.COORDINATOR:
            oNewItem.inheritRoles = data.pop('__rolesinherited')
            if not oNewItem.inheritRoles:
                acl = data.pop('__acl')
                if acl:
                    security = {}
                    for descriptor in acl:
                        security[descriptor['id']] = int(descriptor['role'])
                    oNewItem.security = security

        # set props
        for prop in data:
            oAttr = getattr(oNewItem, prop)
            if isinstance(oAttr, datatypes.File):
                if data[prop]['tempfile']:
                    oAttr.filename = data[prop]['filename']
                    sPath = self.server.temp_folder + '/' + data[prop]['tempfile']
                    oAttr.loadFromFile(sPath)
                    os.remove(sPath)
            elif isinstance(oAttr, datatypes.Date):
                oAttr.value = data[prop].value
            else:
                oAttr.value = data[prop]
                
        txn = self.server.store.getTransaction()
        oNewItem.appendTo(self.item.id, txn)
        txn.commit()
        return True
コード例 #5
0
 def getInfo(self):
     sLang = self.request.getLang()
     lstChildren = []
     children = self.item.getChildren()
     for child in children:
         obj = {
             'id' : child.id,
             'image': child.__image__,
             'displayName' : child.displayName.value,
             'isCollection': child.isCollection,
             'modified': date.Date(child.modified)
         }
         if hasattr(child, 'size'):
             obj['size'] = child.size
         lstChildren.append(obj)
     
     containment = []
     for contained in self.item.containment:
         image = misc.getClassByName(contained).__image__
         if not type(image)==str:
             image = ''
         localestring = self.server.resources.getResource(contained, sLang)
         containment.append( [localestring, contained, image] )
         
     return {
         'displayName': self.item.displayName.value,
         'path': misc.getFullPath(self.item),
         'parentid': self.item.parentid,
         'iscollection': self.item.isCollection,
         'containment': containment,
         'user_role': objectAccess.getAccess(self.item, self.session.user),
         'contents': lstChildren
     }
コード例 #6
0
    def setParams(self):
        self.response.setHeader('cache-control', 'no-cache')
        sLang = self.request.getLang()

        user = self.session.user
        iUserRole = objectAccess.getAccess(self.item, user)
        readonly = (iUserRole==1)

        self.params['ID'] = self.item.id
        self.params['URI'] = self.request.serverVariables['SCRIPT_NAME'] + '/' + self.item.id
        self.params['ICON'] = self.item.__image__
        
        self.params['NAME'] = self.item.displayName.value
        self.params['FULL_NAME'] = self.item.fullName.value
        self.params['DESCRIPTION'] = self.item.description.value
        self.params['MODIFIED'] = date.Date(self.item.modified).format(DATES_FORMAT, sLang)
        self.params['MODIFIED_BY'] = self.item.modifiedBy
        self.params['CONTENTCLASS'] = self.item.contentclass
        
        self.params['SELECT_FROM'] = self.request.serverVariables['SCRIPT_NAME'] + '/' + self.item.parentid
        self.params['REL_CC'] = '|'.join(self.item.memberof.relCc)

        self.params['SELECT_FROM_POLICIES'] = self.request.serverVariables['SCRIPT_NAME'] + '/policies'
        self.params['POLICIES_REL_CC'] = '|'.join(self.item.policies.relCc)

        self.params['READONLY'] = self.getStringFromBoolean(readonly)
        
        memberof_options = ''
        memberof = self.item.memberof.getItems()
        for group in memberof:
            memberof_options += '<a:option img="%s" value="%s" caption="%s"></a:option>' % (group.__image__, group.id, group.displayName.value)
        self.params['MEMBER_OF_OPTIONS'] = memberof_options
        
        self.params['SECURITY_TAB'] = self.getSecurity(self.item)
コード例 #7
0
    def delete(self, trans):
        """
        Deletes the item permanently.
        
        @param trans: A valid transaction handle 
        
        @return: None
        """
        trans.actions.append( (self.delete, (trans, )))
        
        try:
            oUser = currentThread().session.user
            self = db.getItem(self._id, trans)

            iUserRole = objectAccess.getAccess(self, oUser)
            bCanDelete = (iUserRole > objectAccess.AUTHOR) or \
                (iUserRole == objectAccess.AUTHOR and self._owner == oUser._id)
            
            if (not(self._isSystem) and bCanDelete):
                # delete item physically
                self._delete(trans)
                # update container
                oParent = db.getItem(self._parentid, trans)
                oParent._removeItemReference(self)
                db.putItem(oParent, trans)
            else:
                raise serverExceptions.PermissionDenied
        
        except serverExceptions.DBTransactionIncomplete:
            trans.retry()
コード例 #8
0
    def setParams(self):
        self.response.setHeader('Cache-Control', 'no-cache')
        sLang = self.request.getLang()

        user = self.session.user
        iUserRole = objectAccess.getAccess(self.item, user)
        readonly = (iUserRole==1)

        self.params = {
            'ID': self.item.id,
            'URI': self.request.serverVariables['SCRIPT_NAME'] + '/' + self.item.id,
            'IMG': self.item.__image__,
            'NAME': self.item.displayName.value,
            'DESCRIPTION': self.item.description.value,
            'ICON': self.item.icon.value,
            'INTERFACE': xmlUtils.XMLEncode(self.item.interface.value),
            'SCRIPT': xmlUtils.XMLEncode(self.item.script.value),
            'IS_RESIZABLE': self.getStringFromBoolean(self.item.isResizable.value),
            'CAN_MINIMIZE': self.getStringFromBoolean(self.item.canMinimize.value),
            'CAN_MAXIMIZE': self.getStringFromBoolean(self.item.canMaximize.value),
            'LEFT': self.item.left.value,
            'TOP': self.item.top.value,
            'WIDTH': self.item.width.value,
            'HEIGHT': self.item.height.value,
            'MODIFIED': date.Date(self.item.modified).format(DATES_FORMAT, sLang),
            'MODIFIED_BY': self.item.modifiedBy,
            'CONTENTCLASS': self.item.contentclass,
            'SECURITY_TAB': self.getSecurity(self.item),
            'READONLY': self.getStringFromBoolean(readonly)
        }
コード例 #9
0
    def copyTo(self, targetId, trans):
        """
        Copies the item to the designated target.

        @param targetId: The ID of the destination container
        @type targetId: str
        
        @param trans: A valid transaction handle 
            
        @return: None
        """
        oTarget = _db.getItem(targetId, trans)
        if self.isCollection and oTarget.isContainedIn(self._id, trans):
            raise exceptions.ContainmentError, \
                'Cannot copy item to destination.\n' + \
                'The destination is contained in the source.'
        #check permissions on target folder
        oUser = currentThread().context.session.user
        iUserRole = objectAccess.getAccess(oTarget, oUser)
        if not(self._isSystem) and iUserRole>objectAccess.READER:
            if not(self.getContentclass() in oTarget.containment):
                raise exceptions.ContainmentError, \
                    'The target container does not accept ' + \
                    'objects of type "%s".' % self.getContentclass()
            
            self._copy(oTarget, trans, True)
        else:
            raise exceptions.PermissionDenied, \
                'The object was not copied.\n' + \
                'The user has insufficient permissions.'
コード例 #10
0
    def delete(self, trans):
        """
        Deletes the item permanently.
        
        @param trans: A valid transaction handle 
        
        @return: None
        """
        oUser = currentThread().context.session.user
        self = _db.getItem(self._id, trans)

        iUserRole = objectAccess.getAccess(self, oUser)
        bCanDelete = (iUserRole > objectAccess.AUTHOR) or \
            (iUserRole == objectAccess.AUTHOR and self._owner == oUser._id)
        
        if (not(self._isSystem) and bCanDelete):
            # delete item physically
            self._delete(trans)
            # update container
            oParent = _db.getItem(self._parentid, trans)
            oParent._removeItemReference(self)
            _db.putItem(oParent, trans)
        else:
            raise exceptions.PermissionDenied, \
                'The object was not deleted.\n' + \
                'The user has insufficient permissions.'
コード例 #11
0
def update(self, data):
    "Updates an object based on values contained inside the data dictionary"
    context = HttpContext.current()
    # get user role
    iUserRole = objectAccess.getAccess(self, context.user)
    if data.has_key('__rolesinherited') and iUserRole == objectAccess.COORDINATOR:
        self.inheritRoles = data.pop('__rolesinherited')
        if not self.inheritRoles:
            acl = data.pop('__acl')
            if acl:
                security = {}
                for descriptor in acl:
                    security[descriptor['id']] = int(descriptor['role'])
                self.security = security

    for prop in data:
        oAttr = getattr(self, prop)
        if isinstance(oAttr, datatypes.File):
            # see if the user has uploaded a new file
            if data[prop]['tempfile']:
                oAttr.filename = data[prop]['filename']
                sPath = context.server.temp_folder + '/' + data[prop]['tempfile']
                oAttr.loadFromFile(sPath)
        elif isinstance(oAttr, datatypes.Date):
            oAttr.value = data[prop].value
        elif isinstance(oAttr, datatypes.Integer):
            oAttr.value = int(data[prop])
        else:
            oAttr.value = data[prop]
    txn = db.getTransaction()
    self.update(txn)
    return True
コード例 #12
0
    def copyTo(self, targetId, trans):
        """
        Copies the item to the designated target.

        @param targetId: The ID of the destination container
        @type targetId: str
        
        @param trans: A valid transaction handle 
            
        @return: None
        """
        trans.actions.append( (self.copyTo, (targetId, trans)) )
        try:
            oTarget = db.getItem(targetId, trans)
            if self.isCollection and oTarget.isContainedIn(self._id):
                raise serverExceptions.TargetContainedInSource
            #check permissions on target folder
            oUser = currentThread().session.user
            iUserRole = objectAccess.getAccess(oTarget, oUser)
            if not(self._isSystem) and iUserRole>objectAccess.READER:
                if not(self.getContentclass() in oTarget.containment):
                    raise serverExceptions.ContainmentError
                
                self._copy(oTarget, trans, True)
            else:
                raise serverExceptions.PermissionDenied
        except serverExceptions.DBTransactionIncomplete:
            trans.retry()
コード例 #13
0
 def setParams(self):
     self.response.setHeader('Cache-Control', 'no-cache')
     sLang = self.request.getLang()
     
     user = self.session.user
     iUserRole = objectAccess.getAccess(self.item, user)
     readonly = (iUserRole==1)
     modified = date.Date(self.item.modified)
     
     self.params = {
         'ID': self.item.id,
         'ICON': self.item.__image__,
         'NAME': self.item.displayName.value,
         'MODIFIED': modified.format(DATES_FORMAT, sLang),
         'MODIFIED_BY': self.item.modifiedBy,
         'CONTENTCLASS': self.item.contentclass,
         'PROPERTIES_TAB': '',
         'EXTRA_TABS': '',
         'SECURITY_TAB': self.getSecurity(self.item),
         'UPDATE_DISABLED': self.getStringFromBoolean(readonly)    
     }
     # inspect item properties
     sProperties = ''
     for attr_name in self.item.__props__:
         attr = getattr(self.item, attr_name)
         if isinstance(attr, datatypes.DataType):
             control, tab = \
                 self.getControlFromAttribute(attr_name, attr, readonly)
             sProperties += control
             self.params['EXTRA_TABS'] += tab
     
     self.params['PROPERTIES_TAB'] = \
         '<tab caption="@@PROPERTIES@@">%s</tab>' % sProperties
コード例 #14
0
    def moveTo(self, targetId, trans):
        """
        Moves the item to the designated target.
        
        @param targetId: The ID of the destination container
        @type targetId: str
        
        @param trans: A valid transaction handle 
            
        @return: None
        """
        oUser = currentThread().context.session.user
        iUserRole = objectAccess.getAccess(self, oUser)
        bCanMove = (iUserRole > objectAccess.AUTHOR)## or (iUserRole == objectAccess.AUTHOR and oItem.owner == oUser.id)

        parentId = self._parentid
        oTarget = _db.getItem(targetId, trans)
    
        iUserRole2 = objectAccess.getAccess(oTarget, oUser)
    
        if self.isCollection and oTarget.isContainedIn(self._id, trans):
            raise exceptions.ContainmentError, \
                'Cannot move item to destination.\n' + \
                'The destination is contained in the source.'
    
        if (not(self._isSystem) and bCanMove and iUserRole2 > objectAccess.READER):
            if not(self.getContentclass() in oTarget.containment):
                raise exceptions.ContainmentError, \
                    'The target container does not accept ' + \
                    'objects of type "%s".' % self.getContentclass()

            self._parentid = targetId
            self.inheritRoles = False
            _db.putItem(self, trans)

            #update target
            oTarget._addItemReference(self)
            _db.putItem(oTarget, trans)

            #update parent
            oParent = _db.getItem(parentId, trans)
            oParent._removeItemReference(self)
            _db.putItem(oParent, trans)
        else:
            raise exceptions.PermissionDenied, \
                'The object was not moved.\n' + \
                'The user has insufficient permissions.'
コード例 #15
0
    def moveTo(self, targetId, trans):
        """
        Moves the item to the designated target.
        
        @param targetId: The ID of the destination container
        @type targetId: str
        
        @param trans: A valid transaction handle 
            
        @return: None
        """
        trans.actions.append( (self.moveTo, (targetId, trans)) )
        try:
            oUser = currentThread().session.user
            iUserRole = objectAccess.getAccess(self, oUser)
            bCanMove = (iUserRole > objectAccess.AUTHOR)## or (iUserRole == objectAccess.AUTHOR and oItem.owner == oUser.id)

            parentId = self._parentid
            oTarget = db.getItem(targetId, trans)
        
            iUserRole2 = objectAccess.getAccess(oTarget, oUser)
        
            if self.isCollection and oTarget.isContainedIn(self._id):
                raise serverExceptions.TargetContainedInSource
        
            if (not(self._isSystem) and bCanMove and iUserRole2 > objectAccess.READER):
                if not(self.getContentclass() in oTarget.containment):
                    raise serverExceptions.ContainmentError

                self._parentid = targetId
                self.inheritRoles = False
                db.putItem(self, trans)

                #update target
                oTarget._addItemReference(self)
                db.putItem(oTarget, trans)

                #update parent
                oParent = db.getItem(parentId, trans)
                oParent._removeItemReference(self)
                db.putItem(oParent, trans)
            else:
                raise serverExceptions.PermissionDenied
        
        except serverExceptions.DBTransactionIncomplete:
            trans.retry()
コード例 #16
0
def _getSecurity(forItem, user, rolesInherited=None):
    # get user role
    iUserRole = objectAccess.getAccess(forItem, user)
    if iUserRole == objectAccess.COORDINATOR:
        rolesInherited = rolesInherited or forItem.inheritRoles
        return SECURITY_TAB % str(rolesInherited).lower()
    else:
        return ''
コード例 #17
0
 def wm_wrapper(item, context):
     if objectAccess.getAccess(item, context.user) == 0:
         raise exceptions.PermissionDenied
     context.response.content_type = self.content_type
     context.response.charset = self.encoding
     if self.max_age:
         context.response.setExpiration(self.max_age)
     return self.execute(item, context)
コード例 #18
0
 def __init__(self, server, session, request):
     self.server = server
     self.session = session
     self.request = request
     self.item = request.item
     
     if self.item:
         if objectAccess.getAccess(self.item, self.session.user) == objectAccess.NO_ACCESS:
             raise serverExceptions.PermissionDenied
コード例 #19
0
 def getSecurity(self, forItem, rolesInherited=None):
     user = self.session.user
     # get user role
     iUserRole = objectAccess.getAccess(forItem, user)
     if iUserRole == objectAccess.COORDINATOR:
         rolesInherited = rolesInherited or forItem.inheritRoles
         return SECURITY_TAB % self.getStringFromBoolean(rolesInherited)
     else:
         return ''
コード例 #20
0
    def appendTo(self, parent, trans):
        """
        Adds the item to the specified container.

        @param parent: The id of the destination container or the container
            itself
        @type parent: str OR L{Container}
        
        @param trans: A valid transaction handle
        
        @return: None
        """
        if type(parent) == str:
            oParent = _db.getItem(parent, trans)
        else:
            oParent = parent
        
        if isinstance(self, Shortcut):
            contentclass = self.target.getItem(trans).getContentclass()
        else:
            contentclass = self.contentclass
        
        oUser = currentThread().context.user
        iUserRole = objectAccess.getAccess(oParent, oUser)
        if iUserRole == objectAccess.READER:
            raise exceptions.PermissionDenied, \
                'The user does not have write permissions ' + \
                'on the parent folder.'
        if not(contentclass in oParent.containment):
            raise exceptions.ContainmentError, \
                'The target container does not accept ' + \
                'objects of type "%s".' % contentclass

        # set security to new item
        if iUserRole == objectAccess.COORDINATOR:
            # user is COORDINATOR
            self._applySecurity(oParent, trans)
        else:
            # user is not COORDINATOR
            self.inheritRoles = True
            self.security = oParent.security
            #if trans._retries == 0:
            #   raise exceptions.DBTransactionIncomplete    
        self._owner = oUser._id
        self._created = time.time()
        self.modifiedBy = oUser.displayName.value
        self.modified = time.time()
        self._parentid = oParent._id
        _db.handle_update(self, None, trans)
        _db.putItem(self, trans)
        # update container
        oParent._addItemReference(self)
        _db.putItem(oParent, trans)
コード例 #21
0
    def recycle(self, rbID, trans):
        """
        Moves the item to the specified recycle bin.
        
        The item then becomes inaccesible.
        
        @param rbID: The id of the destination container, which must be
                     a L{RecycleBin} instance
        @type rbID: str
        
        @param trans: A valid transaction handle 
        
        @return: None
        """
        trans.actions.append( (self.recycle, (rbID, trans)) )
        try:
            oUser = currentThread().session.user
            self = db.getItem(self._id, trans)
        
            iUserRole = objectAccess.getAccess(self, oUser)
            bCanDelete = (iUserRole > objectAccess.AUTHOR) or \
                (iUserRole == objectAccess.AUTHOR and self._owner == oUser._id)
        
            if (not(self._isSystem) and bCanDelete):
                oDeleted = DeletedItem(self)
    
                oDeleted._owner = oUser._id
                oDeleted._created = time.time()
                oDeleted.modifiedBy = oUser.displayName.value
                oDeleted.modified = time.time()
                oDeleted._parentid = rbID
                db.handle_update(oDeleted, None, trans)
                db.putItem(oDeleted, trans)
    
                # delete item logically
                self._recycle(trans)
                
                # save container
                oParent = db.getItem(self._parentid, trans)
                oParent._removeItemReference(self)
                db.putItem(oParent, trans)
                
                #update recycle bin
                oRecycleBin = db.getItem(rbID, trans)
                if not(oDeleted.getContentclass() in oRecycleBin.containment):
                    raise serverExceptions.ContainmentError
                oRecycleBin._addItemReference(oDeleted)
                db.putItem(oRecycleBin, trans)
            else:
                raise serverExceptions.PermissionDenied

        except serverExceptions.DBTransactionIncomplete:
            trans.retry()
コード例 #22
0
 def recycle(self, rbID, trans):
     """
     Moves the item to the specified recycle bin.
     
     The item then becomes inaccesible.
     
     @param rbID: The id of the destination container, which must be
                  a L{RecycleBin} instance
     @type rbID: str
     
     @param trans: A valid transaction handle 
     
     @return: None
     """
     oUser = currentThread().context.session.user
     self = _db.getItem(self._id, trans)
     
     iUserRole = objectAccess.getAccess(self, oUser)
     bCanDelete = (iUserRole > objectAccess.AUTHOR) or \
         (iUserRole == objectAccess.AUTHOR and self._owner == oUser._id)
     
     if (not(self._isSystem) and bCanDelete):
         oDeleted = DeletedItem(self)
         
         oDeleted._owner = oUser._id
         oDeleted._created = time.time()
         oDeleted.modifiedBy = oUser.displayName.value
         oDeleted.modified = time.time()
         oDeleted._parentid = rbID
         _db.handle_update(oDeleted, None, trans)
         _db.putItem(oDeleted, trans)
         
         # delete item logically
         self._recycle(trans)
         
         # save container
         oParent = _db.getItem(self._parentid, trans)
         oParent._removeItemReference(self)
         _db.putItem(oParent, trans)
         
         #update recycle bin
         oRecycleBin = _db.getItem(rbID, trans)
         if not(oDeleted.getContentclass() in oRecycleBin.containment):
             raise exceptions.ContainmentError, \
                 'The target container does not accept ' + \
                 'objects of type "%s".' % oDeleted.getContentclass()
         oRecycleBin._addItemReference(oDeleted)
         _db.putItem(oRecycleBin, trans)
     else:
         raise exceptions.PermissionDenied, \
             'The object was not deleted.\n' + \
             'The user has insufficient permissions.'
コード例 #23
0
 def getSecurity(self, forItem, rolesInherited=None):
     user = self.session.user
     # get user role
     iUserRole = objectAccess.getAccess(forItem, user)
     if iUserRole == objectAccess.COORDINATOR:
         rolesInherited = rolesInherited or forItem.inheritRoles
         if rolesInherited:
             sChecked = 'true'
         else:
             sChecked = 'false'
         return SECURITY_TAB % (sChecked, sChecked)
     else:
         return ''
コード例 #24
0
    def appendTo(self, parent, trans):
        """
        Adds the item to the specified container.

        @param parent: The id of the destination container or the container
            itself
        @type parent: str OR L{Container}
        
        @param trans: A valid transaction handle
        
        @return: None
        """
        trans.actions.append( (self.appendTo, (parent, trans)) )
        try:
            if type(parent)==str:
                oParent = db.getItem(parent, trans)
            else:
                oParent = parent
            oUser = currentThread().session.user
    
            iUserRole = objectAccess.getAccess(oParent, oUser)
            if iUserRole == objectAccess.READER:
                raise serverExceptions.PermissionDenied
            if not(self.getContentclass() in oParent.containment):
                raise serverExceptions.ContainmentError
    
            # set security to new item
            if iUserRole == objectAccess.COORDINATOR:
                # user is COORDINATOR
                self._applySecurity(oParent, trans)
            else:
                # user is not COORDINATOR
                self.inheritRoles = True
                self.security = oParent.security
#            if trans._retries == 0:
#                raise serverExceptions.DBTransactionIncomplete    
            self._owner = oUser._id
            self._created = time.time()
            self.modifiedBy = oUser.displayName.value
            self.modified = time.time()
            self._parentid = oParent._id
            db.handle_update(self, None, trans)
            db.putItem(self, trans)
            # update container
            oParent._addItemReference(self)
            db.putItem(oParent, trans)
            
        except serverExceptions.DBTransactionIncomplete:
            trans.retry()
コード例 #25
0
 def _restore(self, deletedItem, target, trans):
     """
     Restores a logically deleted item to the designated target.
     
     Returns: None
     """
     # check permissions
     oUser = currentThread().session.user
     iUserRole = objectAccess.getAccess(target, oUser)
     
     if iUserRole > objectAccess.READER:
         deletedItem._parentid = target._id
         deletedItem.inheritRoles = False
         self._undelete(deletedItem, trans)
     else:
         raise serverExceptions.PermissionDenied
コード例 #26
0
def properties(self):
    "Displays the group's properties form"
    context = HttpContext.current()

    context.response.setHeader('cache-control', 'no-cache')
    sLang = context.request.getLang()

    user = context.user
    iUserRole = objectAccess.getAccess(self, user)
    readonly = (iUserRole==1)

    params = {
        'ID' : self.id,
        'ICON' : self.__image__,
        'SELECT_FROM_POLICIES' : 'policies',
        'POLICIES_REL_CC' : '|'.join(self.policies.relCc),
        'NAME' : xml.xml_encode(self.displayName.value),
        'DESCRIPTION' : xml.xml_encode(self.description.value),
        'MODIFIED' : date.Date(self.modified).format(baseitem.DATES_FORMAT, sLang),
        'MODIFIED_BY' : xml.xml_encode(self.modifiedBy),
        'CONTENTCLASS' : self.contentclass,
        'SELECT_FROM' : self.parentid,
        'REL_CC' : '|'.join(self.members.relCc),
        'READONLY' : str(readonly).lower()
    }

    members_options = []
    members = self.members.getItems()
    for user in members:
        members_options += [xml.xml_encode(user.__image__),
                            user.id,
                            xml.xml_encode(user.displayName.value)]
    params['MEMBERS'] = ';'.join(members_options)

    policies_options = []
    policies = self.policies.getItems()
    for policy in policies:
        policies_options += [xml.xml_encode(policy.__image__),
                             policy.id,
                             xml.xml_encode(policy.displayName.value)]
    params['POLICIES'] = ';'.join(policies_options)
    
    params['SECURITY_TAB'] = baseitem._getSecurity(self, user)
    
    return params
コード例 #27
0
 def _restore(self, deletedItem, target, trans):
     """
     Restores a logically deleted item to the designated target.
     
     Returns: None
     """
     # check permissions
     oUser = currentThread().context.user
     iUserRole = objectAccess.getAccess(target, oUser)
     
     if iUserRole > objectAccess.READER:
         deletedItem._parentid = target._id
         deletedItem.inheritRoles = False
         self._undelete(deletedItem, trans)
     else:
         raise exceptions.PermissionDenied, \
                 'The user does not have write permissions on the ' + \
                 'destination folder.'
コード例 #28
0
    def setParams(self):
        self.response.setHeader('cache-control', 'no-cache')
        sLang = self.request.getLang()

        user = self.session.user
        iUserRole = objectAccess.getAccess(self.item, user)
        readonly = (iUserRole==1)

        self.params['ID'] = self.item.id
        self.params['ICON'] = self.item.__image__
        
        self.params['NAME'] = self.item.displayName.value
        self.params['FULL_NAME'] = self.item.fullName.value
        self.params['DESCRIPTION'] = self.item.description.value
        self.params['MODIFIED'] = \
            date.Date(self.item.modified).format(DATES_FORMAT, sLang)
        self.params['MODIFIED_BY'] = self.item.modifiedBy
        self.params['CONTENTCLASS'] = self.item.contentclass
        
        self.params['SELECT_FROM'] = self.item.parentid
        self.params['REL_CC'] = '|'.join(self.item.memberof.relCc)

        self.params['SELECT_FROM_POLICIES'] = 'policies'
        self.params['POLICIES_REL_CC'] = '|'.join(self.item.policies.relCc)

        self.params['READONLY'] = self.getStringFromBoolean(readonly)
        
        memberof_options = []
        memberof = self.item.memberof.getItems()
        for group in memberof:
            memberof_options += [xmlUtils.XMLEncode(group.__image__),
                                 group.id,
                                 xmlUtils.XMLEncode(group.displayName.value)]
        self.params['MEMBEROF'] = ';'.join(memberof_options)
        
        policies_options = []
        policies = self.item.policies.getItems()
        for policy in policies:
            policies_options += [xmlUtils.XMLEncode(policy.__image__),
                                 policy.id,
                                 xmlUtils.XMLEncode(policy.displayName.value)]
        self.params['POLICIES'] = ';'.join(policies_options)
                
        self.params['SECURITY_TAB'] = self.getSecurity(self.item)
コード例 #29
0
 def update(self, trans):
     """
     Updates the item.
     
     @param trans: A valid transaction handle
         
     @return: None
     """
     trans.actions.append( (self.update, (trans, )) )
     try:
         oOldItem = db.getItem(self._id, trans)
         
         oUser = currentThread().session.user
         iUserRole = objectAccess.getAccess(oOldItem, oUser)
         
         if iUserRole > objectAccess.READER:
             # set security
             if iUserRole == objectAccess.COORDINATOR:
                 # user is COORDINATOR
                 if (self.inheritRoles != oOldItem.inheritRoles) or \
                 (not self.inheritRoles and self.security != oOldItem.security):
                     oParent = db.getItem(self._parentid, trans)
                     self._applySecurity(oParent, trans)
             else:
                 # restore previous ACL
                 self.security = oOldItem.security
                 self.inheritRoles = oOldItem.inheritRoles
 
             db.handle_update(self, oOldItem, trans)
             self.modifiedBy = oUser.displayName.value
             self.modified = time.time()
             db.putItem(self, trans)
             
             if self.displayName.value != oOldItem.displayName.value:
                 oParent = db.getItem(self._parentid, trans)
                 oParent._removeItemReference(oOldItem)
                 oParent._addItemReference(self)
                 db.putItem(oParent, trans)
         else:
             raise serverExceptions.PermissionDenied
     
     except serverExceptions.DBTransactionIncomplete:
         trans.retry()
コード例 #30
0
    def setParams(self):
        self.response.setHeader('cache-control', 'no-cache')
        sLang = self.request.getLang()

        user = self.session.user
        iUserRole = objectAccess.getAccess(self.item, user)
        readonly = (iUserRole==1)

        self.params['ID'] = self.item.id
        self.params['ICON'] = self.item.__image__

        self.params['SELECT_FROM_POLICIES'] = 'policies'
        self.params['POLICIES_REL_CC'] = '|'.join(self.item.policies.relCc)
        
        self.params['NAME'] = self.item.displayName.value
        self.params['DESCRIPTION'] = self.item.description.value
        self.params['MODIFIED'] = \
            date.Date(self.item.modified).format(DATES_FORMAT, sLang)
        self.params['MODIFIED_BY'] = self.item.modifiedBy
        self.params['CONTENTCLASS'] = self.item.contentclass
        
        self.params['SELECT_FROM'] = self.item.parentid
        self.params['REL_CC'] = '|'.join(self.item.members.relCc)
        self.params['READONLY'] = self.getStringFromBoolean(readonly)
        
        members_options = ''
        members = self.item.members.getItems()
        for user in members:
            members_options += \
                '<a:option img="%s" value="%s" caption="%s"/>' % \
                (user.__image__, user.id, user.displayName.value)
        self.params['MEMBERS_OPTIONS'] = members_options

        policies_options = ''
        policies = self.item.policies.getItems()
        for policy in policies:
            policies_options += \
                '<a:option img="%s" value="%s" caption="%s"/>' % \
                (policy.__image__, policy.id, policy.displayName.value)
        self.params['POLICIES_OPTIONS'] = policies_options

        self.params['SECURITY_TAB'] = self.getSecurity(self.item)