def update(self, data): # get user role iUserRole = objectAccess.getAccess(self.item, self.session.user) if data.has_key('__rolesinherited') and iUserRole == objectAccess.COORDINATOR: self.item.inheritRoles = data.pop('__rolesinherited') if not self.item.inheritRoles: acl = data.pop('__acl') if acl: security = {} for descriptor in acl: security[descriptor['id']] = int(descriptor['role']) self.item.security = security for prop in data: oAttr = getattr(self.item, prop) if isinstance(oAttr, datatypes.File): # see if the user has uploaded a new file if data[prop]['tempfile']: oAttr.filename = data[prop]['filename'] sPath = self.server.temp_folder + '/' + data[prop]['tempfile'] oAttr.loadFromFile(sPath) os.remove(sPath) else: oAttr.value = data[prop] txn = self.server.store.getTransaction() self.item.update(txn) txn.commit() return True
def getItem(sPath, trans=None): """ Fetches an object from the database. If the user has no read permissions on the object then C{None} is returned. @param sPath: The object's ID or the object's full path. @type sPath: str @param trans: A valid transaction handle. @rtype: L{GenericItem<porcupine.systemObjects.GenericItem>} @raise porcupine.serverExceptions.DBItemNotFound: if the item does not exist """ if (trans): trans.actions.append( (getItem, (sPath, trans)) ) try: oItem = db.getItem(sPath, trans) except serverExceptions.DBTransactionIncomplete: trans.retry() # check read permissions if objectAccess.getAccess(oItem, currentThread().session.user): return(oItem) else: return(None)
def getSecurity(self, forItem, rolesInherited=None): sLang = self.request.getLang() user = self.session.user # get user role iUserRole = objectAccess.getAccess(forItem, user) if iUserRole == objectAccess.COORDINATOR: rolesInherited = rolesInherited or forItem.inheritRoles if rolesInherited: sChecked = 'true' else: sChecked = 'false' return SECURITY_TAB % ( self.server.resources.getResource('SECURITY', sLang), sChecked, self.server.resources.getResource('ROLES_INHERITED', sLang), sChecked, self.server.resources.getResource('NAME', sLang), self.server.resources.getResource('ROLE', sLang), self.server.resources.getResource('ROLE_1', sLang), self.server.resources.getResource('ROLE_2', sLang), self.server.resources.getResource('ROLE_4', sLang), self.server.resources.getResource('ROLE_8', sLang), self.server.resources.getResource('ADD', sLang), self.server.resources.getResource('REMOVE', sLang) ) else: return ''
def create(self, data): # create new item oNewItem = misc.getClassByName(data.pop('CC'))() # get user role iUserRole = objectAccess.getAccess(self.item, self.session.user) if data.has_key('__rolesinherited') and iUserRole == objectAccess.COORDINATOR: oNewItem.inheritRoles = data.pop('__rolesinherited') if not oNewItem.inheritRoles: acl = data.pop('__acl') if acl: security = {} for descriptor in acl: security[descriptor['id']] = int(descriptor['role']) oNewItem.security = security # set props for prop in data: oAttr = getattr(oNewItem, prop) if isinstance(oAttr, datatypes.File): if data[prop]['tempfile']: oAttr.filename = data[prop]['filename'] sPath = self.server.temp_folder + '/' + data[prop]['tempfile'] oAttr.loadFromFile(sPath) os.remove(sPath) elif isinstance(oAttr, datatypes.Date): oAttr.value = data[prop].value else: oAttr.value = data[prop] txn = self.server.store.getTransaction() oNewItem.appendTo(self.item.id, txn) txn.commit() return True
def getInfo(self): sLang = self.request.getLang() lstChildren = [] children = self.item.getChildren() for child in children: obj = { 'id' : child.id, 'image': child.__image__, 'displayName' : child.displayName.value, 'isCollection': child.isCollection, 'modified': date.Date(child.modified) } if hasattr(child, 'size'): obj['size'] = child.size lstChildren.append(obj) containment = [] for contained in self.item.containment: image = misc.getClassByName(contained).__image__ if not type(image)==str: image = '' localestring = self.server.resources.getResource(contained, sLang) containment.append( [localestring, contained, image] ) return { 'displayName': self.item.displayName.value, 'path': misc.getFullPath(self.item), 'parentid': self.item.parentid, 'iscollection': self.item.isCollection, 'containment': containment, 'user_role': objectAccess.getAccess(self.item, self.session.user), 'contents': lstChildren }
def setParams(self): self.response.setHeader('cache-control', 'no-cache') sLang = self.request.getLang() user = self.session.user iUserRole = objectAccess.getAccess(self.item, user) readonly = (iUserRole==1) self.params['ID'] = self.item.id self.params['URI'] = self.request.serverVariables['SCRIPT_NAME'] + '/' + self.item.id self.params['ICON'] = self.item.__image__ self.params['NAME'] = self.item.displayName.value self.params['FULL_NAME'] = self.item.fullName.value self.params['DESCRIPTION'] = self.item.description.value self.params['MODIFIED'] = date.Date(self.item.modified).format(DATES_FORMAT, sLang) self.params['MODIFIED_BY'] = self.item.modifiedBy self.params['CONTENTCLASS'] = self.item.contentclass self.params['SELECT_FROM'] = self.request.serverVariables['SCRIPT_NAME'] + '/' + self.item.parentid self.params['REL_CC'] = '|'.join(self.item.memberof.relCc) self.params['SELECT_FROM_POLICIES'] = self.request.serverVariables['SCRIPT_NAME'] + '/policies' self.params['POLICIES_REL_CC'] = '|'.join(self.item.policies.relCc) self.params['READONLY'] = self.getStringFromBoolean(readonly) memberof_options = '' memberof = self.item.memberof.getItems() for group in memberof: memberof_options += '<a:option img="%s" value="%s" caption="%s"></a:option>' % (group.__image__, group.id, group.displayName.value) self.params['MEMBER_OF_OPTIONS'] = memberof_options self.params['SECURITY_TAB'] = self.getSecurity(self.item)
def delete(self, trans): """ Deletes the item permanently. @param trans: A valid transaction handle @return: None """ trans.actions.append( (self.delete, (trans, ))) try: oUser = currentThread().session.user self = db.getItem(self._id, trans) iUserRole = objectAccess.getAccess(self, oUser) bCanDelete = (iUserRole > objectAccess.AUTHOR) or \ (iUserRole == objectAccess.AUTHOR and self._owner == oUser._id) if (not(self._isSystem) and bCanDelete): # delete item physically self._delete(trans) # update container oParent = db.getItem(self._parentid, trans) oParent._removeItemReference(self) db.putItem(oParent, trans) else: raise serverExceptions.PermissionDenied except serverExceptions.DBTransactionIncomplete: trans.retry()
def setParams(self): self.response.setHeader('Cache-Control', 'no-cache') sLang = self.request.getLang() user = self.session.user iUserRole = objectAccess.getAccess(self.item, user) readonly = (iUserRole==1) self.params = { 'ID': self.item.id, 'URI': self.request.serverVariables['SCRIPT_NAME'] + '/' + self.item.id, 'IMG': self.item.__image__, 'NAME': self.item.displayName.value, 'DESCRIPTION': self.item.description.value, 'ICON': self.item.icon.value, 'INTERFACE': xmlUtils.XMLEncode(self.item.interface.value), 'SCRIPT': xmlUtils.XMLEncode(self.item.script.value), 'IS_RESIZABLE': self.getStringFromBoolean(self.item.isResizable.value), 'CAN_MINIMIZE': self.getStringFromBoolean(self.item.canMinimize.value), 'CAN_MAXIMIZE': self.getStringFromBoolean(self.item.canMaximize.value), 'LEFT': self.item.left.value, 'TOP': self.item.top.value, 'WIDTH': self.item.width.value, 'HEIGHT': self.item.height.value, 'MODIFIED': date.Date(self.item.modified).format(DATES_FORMAT, sLang), 'MODIFIED_BY': self.item.modifiedBy, 'CONTENTCLASS': self.item.contentclass, 'SECURITY_TAB': self.getSecurity(self.item), 'READONLY': self.getStringFromBoolean(readonly) }
def copyTo(self, targetId, trans): """ Copies the item to the designated target. @param targetId: The ID of the destination container @type targetId: str @param trans: A valid transaction handle @return: None """ oTarget = _db.getItem(targetId, trans) if self.isCollection and oTarget.isContainedIn(self._id, trans): raise exceptions.ContainmentError, \ 'Cannot copy item to destination.\n' + \ 'The destination is contained in the source.' #check permissions on target folder oUser = currentThread().context.session.user iUserRole = objectAccess.getAccess(oTarget, oUser) if not(self._isSystem) and iUserRole>objectAccess.READER: if not(self.getContentclass() in oTarget.containment): raise exceptions.ContainmentError, \ 'The target container does not accept ' + \ 'objects of type "%s".' % self.getContentclass() self._copy(oTarget, trans, True) else: raise exceptions.PermissionDenied, \ 'The object was not copied.\n' + \ 'The user has insufficient permissions.'
def delete(self, trans): """ Deletes the item permanently. @param trans: A valid transaction handle @return: None """ oUser = currentThread().context.session.user self = _db.getItem(self._id, trans) iUserRole = objectAccess.getAccess(self, oUser) bCanDelete = (iUserRole > objectAccess.AUTHOR) or \ (iUserRole == objectAccess.AUTHOR and self._owner == oUser._id) if (not(self._isSystem) and bCanDelete): # delete item physically self._delete(trans) # update container oParent = _db.getItem(self._parentid, trans) oParent._removeItemReference(self) _db.putItem(oParent, trans) else: raise exceptions.PermissionDenied, \ 'The object was not deleted.\n' + \ 'The user has insufficient permissions.'
def update(self, data): "Updates an object based on values contained inside the data dictionary" context = HttpContext.current() # get user role iUserRole = objectAccess.getAccess(self, context.user) if data.has_key('__rolesinherited') and iUserRole == objectAccess.COORDINATOR: self.inheritRoles = data.pop('__rolesinherited') if not self.inheritRoles: acl = data.pop('__acl') if acl: security = {} for descriptor in acl: security[descriptor['id']] = int(descriptor['role']) self.security = security for prop in data: oAttr = getattr(self, prop) if isinstance(oAttr, datatypes.File): # see if the user has uploaded a new file if data[prop]['tempfile']: oAttr.filename = data[prop]['filename'] sPath = context.server.temp_folder + '/' + data[prop]['tempfile'] oAttr.loadFromFile(sPath) elif isinstance(oAttr, datatypes.Date): oAttr.value = data[prop].value elif isinstance(oAttr, datatypes.Integer): oAttr.value = int(data[prop]) else: oAttr.value = data[prop] txn = db.getTransaction() self.update(txn) return True
def copyTo(self, targetId, trans): """ Copies the item to the designated target. @param targetId: The ID of the destination container @type targetId: str @param trans: A valid transaction handle @return: None """ trans.actions.append( (self.copyTo, (targetId, trans)) ) try: oTarget = db.getItem(targetId, trans) if self.isCollection and oTarget.isContainedIn(self._id): raise serverExceptions.TargetContainedInSource #check permissions on target folder oUser = currentThread().session.user iUserRole = objectAccess.getAccess(oTarget, oUser) if not(self._isSystem) and iUserRole>objectAccess.READER: if not(self.getContentclass() in oTarget.containment): raise serverExceptions.ContainmentError self._copy(oTarget, trans, True) else: raise serverExceptions.PermissionDenied except serverExceptions.DBTransactionIncomplete: trans.retry()
def setParams(self): self.response.setHeader('Cache-Control', 'no-cache') sLang = self.request.getLang() user = self.session.user iUserRole = objectAccess.getAccess(self.item, user) readonly = (iUserRole==1) modified = date.Date(self.item.modified) self.params = { 'ID': self.item.id, 'ICON': self.item.__image__, 'NAME': self.item.displayName.value, 'MODIFIED': modified.format(DATES_FORMAT, sLang), 'MODIFIED_BY': self.item.modifiedBy, 'CONTENTCLASS': self.item.contentclass, 'PROPERTIES_TAB': '', 'EXTRA_TABS': '', 'SECURITY_TAB': self.getSecurity(self.item), 'UPDATE_DISABLED': self.getStringFromBoolean(readonly) } # inspect item properties sProperties = '' for attr_name in self.item.__props__: attr = getattr(self.item, attr_name) if isinstance(attr, datatypes.DataType): control, tab = \ self.getControlFromAttribute(attr_name, attr, readonly) sProperties += control self.params['EXTRA_TABS'] += tab self.params['PROPERTIES_TAB'] = \ '<tab caption="@@PROPERTIES@@">%s</tab>' % sProperties
def moveTo(self, targetId, trans): """ Moves the item to the designated target. @param targetId: The ID of the destination container @type targetId: str @param trans: A valid transaction handle @return: None """ oUser = currentThread().context.session.user iUserRole = objectAccess.getAccess(self, oUser) bCanMove = (iUserRole > objectAccess.AUTHOR)## or (iUserRole == objectAccess.AUTHOR and oItem.owner == oUser.id) parentId = self._parentid oTarget = _db.getItem(targetId, trans) iUserRole2 = objectAccess.getAccess(oTarget, oUser) if self.isCollection and oTarget.isContainedIn(self._id, trans): raise exceptions.ContainmentError, \ 'Cannot move item to destination.\n' + \ 'The destination is contained in the source.' if (not(self._isSystem) and bCanMove and iUserRole2 > objectAccess.READER): if not(self.getContentclass() in oTarget.containment): raise exceptions.ContainmentError, \ 'The target container does not accept ' + \ 'objects of type "%s".' % self.getContentclass() self._parentid = targetId self.inheritRoles = False _db.putItem(self, trans) #update target oTarget._addItemReference(self) _db.putItem(oTarget, trans) #update parent oParent = _db.getItem(parentId, trans) oParent._removeItemReference(self) _db.putItem(oParent, trans) else: raise exceptions.PermissionDenied, \ 'The object was not moved.\n' + \ 'The user has insufficient permissions.'
def moveTo(self, targetId, trans): """ Moves the item to the designated target. @param targetId: The ID of the destination container @type targetId: str @param trans: A valid transaction handle @return: None """ trans.actions.append( (self.moveTo, (targetId, trans)) ) try: oUser = currentThread().session.user iUserRole = objectAccess.getAccess(self, oUser) bCanMove = (iUserRole > objectAccess.AUTHOR)## or (iUserRole == objectAccess.AUTHOR and oItem.owner == oUser.id) parentId = self._parentid oTarget = db.getItem(targetId, trans) iUserRole2 = objectAccess.getAccess(oTarget, oUser) if self.isCollection and oTarget.isContainedIn(self._id): raise serverExceptions.TargetContainedInSource if (not(self._isSystem) and bCanMove and iUserRole2 > objectAccess.READER): if not(self.getContentclass() in oTarget.containment): raise serverExceptions.ContainmentError self._parentid = targetId self.inheritRoles = False db.putItem(self, trans) #update target oTarget._addItemReference(self) db.putItem(oTarget, trans) #update parent oParent = db.getItem(parentId, trans) oParent._removeItemReference(self) db.putItem(oParent, trans) else: raise serverExceptions.PermissionDenied except serverExceptions.DBTransactionIncomplete: trans.retry()
def _getSecurity(forItem, user, rolesInherited=None): # get user role iUserRole = objectAccess.getAccess(forItem, user) if iUserRole == objectAccess.COORDINATOR: rolesInherited = rolesInherited or forItem.inheritRoles return SECURITY_TAB % str(rolesInherited).lower() else: return ''
def wm_wrapper(item, context): if objectAccess.getAccess(item, context.user) == 0: raise exceptions.PermissionDenied context.response.content_type = self.content_type context.response.charset = self.encoding if self.max_age: context.response.setExpiration(self.max_age) return self.execute(item, context)
def __init__(self, server, session, request): self.server = server self.session = session self.request = request self.item = request.item if self.item: if objectAccess.getAccess(self.item, self.session.user) == objectAccess.NO_ACCESS: raise serverExceptions.PermissionDenied
def getSecurity(self, forItem, rolesInherited=None): user = self.session.user # get user role iUserRole = objectAccess.getAccess(forItem, user) if iUserRole == objectAccess.COORDINATOR: rolesInherited = rolesInherited or forItem.inheritRoles return SECURITY_TAB % self.getStringFromBoolean(rolesInherited) else: return ''
def appendTo(self, parent, trans): """ Adds the item to the specified container. @param parent: The id of the destination container or the container itself @type parent: str OR L{Container} @param trans: A valid transaction handle @return: None """ if type(parent) == str: oParent = _db.getItem(parent, trans) else: oParent = parent if isinstance(self, Shortcut): contentclass = self.target.getItem(trans).getContentclass() else: contentclass = self.contentclass oUser = currentThread().context.user iUserRole = objectAccess.getAccess(oParent, oUser) if iUserRole == objectAccess.READER: raise exceptions.PermissionDenied, \ 'The user does not have write permissions ' + \ 'on the parent folder.' if not(contentclass in oParent.containment): raise exceptions.ContainmentError, \ 'The target container does not accept ' + \ 'objects of type "%s".' % contentclass # set security to new item if iUserRole == objectAccess.COORDINATOR: # user is COORDINATOR self._applySecurity(oParent, trans) else: # user is not COORDINATOR self.inheritRoles = True self.security = oParent.security #if trans._retries == 0: # raise exceptions.DBTransactionIncomplete self._owner = oUser._id self._created = time.time() self.modifiedBy = oUser.displayName.value self.modified = time.time() self._parentid = oParent._id _db.handle_update(self, None, trans) _db.putItem(self, trans) # update container oParent._addItemReference(self) _db.putItem(oParent, trans)
def recycle(self, rbID, trans): """ Moves the item to the specified recycle bin. The item then becomes inaccesible. @param rbID: The id of the destination container, which must be a L{RecycleBin} instance @type rbID: str @param trans: A valid transaction handle @return: None """ trans.actions.append( (self.recycle, (rbID, trans)) ) try: oUser = currentThread().session.user self = db.getItem(self._id, trans) iUserRole = objectAccess.getAccess(self, oUser) bCanDelete = (iUserRole > objectAccess.AUTHOR) or \ (iUserRole == objectAccess.AUTHOR and self._owner == oUser._id) if (not(self._isSystem) and bCanDelete): oDeleted = DeletedItem(self) oDeleted._owner = oUser._id oDeleted._created = time.time() oDeleted.modifiedBy = oUser.displayName.value oDeleted.modified = time.time() oDeleted._parentid = rbID db.handle_update(oDeleted, None, trans) db.putItem(oDeleted, trans) # delete item logically self._recycle(trans) # save container oParent = db.getItem(self._parentid, trans) oParent._removeItemReference(self) db.putItem(oParent, trans) #update recycle bin oRecycleBin = db.getItem(rbID, trans) if not(oDeleted.getContentclass() in oRecycleBin.containment): raise serverExceptions.ContainmentError oRecycleBin._addItemReference(oDeleted) db.putItem(oRecycleBin, trans) else: raise serverExceptions.PermissionDenied except serverExceptions.DBTransactionIncomplete: trans.retry()
def recycle(self, rbID, trans): """ Moves the item to the specified recycle bin. The item then becomes inaccesible. @param rbID: The id of the destination container, which must be a L{RecycleBin} instance @type rbID: str @param trans: A valid transaction handle @return: None """ oUser = currentThread().context.session.user self = _db.getItem(self._id, trans) iUserRole = objectAccess.getAccess(self, oUser) bCanDelete = (iUserRole > objectAccess.AUTHOR) or \ (iUserRole == objectAccess.AUTHOR and self._owner == oUser._id) if (not(self._isSystem) and bCanDelete): oDeleted = DeletedItem(self) oDeleted._owner = oUser._id oDeleted._created = time.time() oDeleted.modifiedBy = oUser.displayName.value oDeleted.modified = time.time() oDeleted._parentid = rbID _db.handle_update(oDeleted, None, trans) _db.putItem(oDeleted, trans) # delete item logically self._recycle(trans) # save container oParent = _db.getItem(self._parentid, trans) oParent._removeItemReference(self) _db.putItem(oParent, trans) #update recycle bin oRecycleBin = _db.getItem(rbID, trans) if not(oDeleted.getContentclass() in oRecycleBin.containment): raise exceptions.ContainmentError, \ 'The target container does not accept ' + \ 'objects of type "%s".' % oDeleted.getContentclass() oRecycleBin._addItemReference(oDeleted) _db.putItem(oRecycleBin, trans) else: raise exceptions.PermissionDenied, \ 'The object was not deleted.\n' + \ 'The user has insufficient permissions.'
def getSecurity(self, forItem, rolesInherited=None): user = self.session.user # get user role iUserRole = objectAccess.getAccess(forItem, user) if iUserRole == objectAccess.COORDINATOR: rolesInherited = rolesInherited or forItem.inheritRoles if rolesInherited: sChecked = 'true' else: sChecked = 'false' return SECURITY_TAB % (sChecked, sChecked) else: return ''
def appendTo(self, parent, trans): """ Adds the item to the specified container. @param parent: The id of the destination container or the container itself @type parent: str OR L{Container} @param trans: A valid transaction handle @return: None """ trans.actions.append( (self.appendTo, (parent, trans)) ) try: if type(parent)==str: oParent = db.getItem(parent, trans) else: oParent = parent oUser = currentThread().session.user iUserRole = objectAccess.getAccess(oParent, oUser) if iUserRole == objectAccess.READER: raise serverExceptions.PermissionDenied if not(self.getContentclass() in oParent.containment): raise serverExceptions.ContainmentError # set security to new item if iUserRole == objectAccess.COORDINATOR: # user is COORDINATOR self._applySecurity(oParent, trans) else: # user is not COORDINATOR self.inheritRoles = True self.security = oParent.security # if trans._retries == 0: # raise serverExceptions.DBTransactionIncomplete self._owner = oUser._id self._created = time.time() self.modifiedBy = oUser.displayName.value self.modified = time.time() self._parentid = oParent._id db.handle_update(self, None, trans) db.putItem(self, trans) # update container oParent._addItemReference(self) db.putItem(oParent, trans) except serverExceptions.DBTransactionIncomplete: trans.retry()
def _restore(self, deletedItem, target, trans): """ Restores a logically deleted item to the designated target. Returns: None """ # check permissions oUser = currentThread().session.user iUserRole = objectAccess.getAccess(target, oUser) if iUserRole > objectAccess.READER: deletedItem._parentid = target._id deletedItem.inheritRoles = False self._undelete(deletedItem, trans) else: raise serverExceptions.PermissionDenied
def properties(self): "Displays the group's properties form" context = HttpContext.current() context.response.setHeader('cache-control', 'no-cache') sLang = context.request.getLang() user = context.user iUserRole = objectAccess.getAccess(self, user) readonly = (iUserRole==1) params = { 'ID' : self.id, 'ICON' : self.__image__, 'SELECT_FROM_POLICIES' : 'policies', 'POLICIES_REL_CC' : '|'.join(self.policies.relCc), 'NAME' : xml.xml_encode(self.displayName.value), 'DESCRIPTION' : xml.xml_encode(self.description.value), 'MODIFIED' : date.Date(self.modified).format(baseitem.DATES_FORMAT, sLang), 'MODIFIED_BY' : xml.xml_encode(self.modifiedBy), 'CONTENTCLASS' : self.contentclass, 'SELECT_FROM' : self.parentid, 'REL_CC' : '|'.join(self.members.relCc), 'READONLY' : str(readonly).lower() } members_options = [] members = self.members.getItems() for user in members: members_options += [xml.xml_encode(user.__image__), user.id, xml.xml_encode(user.displayName.value)] params['MEMBERS'] = ';'.join(members_options) policies_options = [] policies = self.policies.getItems() for policy in policies: policies_options += [xml.xml_encode(policy.__image__), policy.id, xml.xml_encode(policy.displayName.value)] params['POLICIES'] = ';'.join(policies_options) params['SECURITY_TAB'] = baseitem._getSecurity(self, user) return params
def _restore(self, deletedItem, target, trans): """ Restores a logically deleted item to the designated target. Returns: None """ # check permissions oUser = currentThread().context.user iUserRole = objectAccess.getAccess(target, oUser) if iUserRole > objectAccess.READER: deletedItem._parentid = target._id deletedItem.inheritRoles = False self._undelete(deletedItem, trans) else: raise exceptions.PermissionDenied, \ 'The user does not have write permissions on the ' + \ 'destination folder.'
def setParams(self): self.response.setHeader('cache-control', 'no-cache') sLang = self.request.getLang() user = self.session.user iUserRole = objectAccess.getAccess(self.item, user) readonly = (iUserRole==1) self.params['ID'] = self.item.id self.params['ICON'] = self.item.__image__ self.params['NAME'] = self.item.displayName.value self.params['FULL_NAME'] = self.item.fullName.value self.params['DESCRIPTION'] = self.item.description.value self.params['MODIFIED'] = \ date.Date(self.item.modified).format(DATES_FORMAT, sLang) self.params['MODIFIED_BY'] = self.item.modifiedBy self.params['CONTENTCLASS'] = self.item.contentclass self.params['SELECT_FROM'] = self.item.parentid self.params['REL_CC'] = '|'.join(self.item.memberof.relCc) self.params['SELECT_FROM_POLICIES'] = 'policies' self.params['POLICIES_REL_CC'] = '|'.join(self.item.policies.relCc) self.params['READONLY'] = self.getStringFromBoolean(readonly) memberof_options = [] memberof = self.item.memberof.getItems() for group in memberof: memberof_options += [xmlUtils.XMLEncode(group.__image__), group.id, xmlUtils.XMLEncode(group.displayName.value)] self.params['MEMBEROF'] = ';'.join(memberof_options) policies_options = [] policies = self.item.policies.getItems() for policy in policies: policies_options += [xmlUtils.XMLEncode(policy.__image__), policy.id, xmlUtils.XMLEncode(policy.displayName.value)] self.params['POLICIES'] = ';'.join(policies_options) self.params['SECURITY_TAB'] = self.getSecurity(self.item)
def update(self, trans): """ Updates the item. @param trans: A valid transaction handle @return: None """ trans.actions.append( (self.update, (trans, )) ) try: oOldItem = db.getItem(self._id, trans) oUser = currentThread().session.user iUserRole = objectAccess.getAccess(oOldItem, oUser) if iUserRole > objectAccess.READER: # set security if iUserRole == objectAccess.COORDINATOR: # user is COORDINATOR if (self.inheritRoles != oOldItem.inheritRoles) or \ (not self.inheritRoles and self.security != oOldItem.security): oParent = db.getItem(self._parentid, trans) self._applySecurity(oParent, trans) else: # restore previous ACL self.security = oOldItem.security self.inheritRoles = oOldItem.inheritRoles db.handle_update(self, oOldItem, trans) self.modifiedBy = oUser.displayName.value self.modified = time.time() db.putItem(self, trans) if self.displayName.value != oOldItem.displayName.value: oParent = db.getItem(self._parentid, trans) oParent._removeItemReference(oOldItem) oParent._addItemReference(self) db.putItem(oParent, trans) else: raise serverExceptions.PermissionDenied except serverExceptions.DBTransactionIncomplete: trans.retry()
def setParams(self): self.response.setHeader('cache-control', 'no-cache') sLang = self.request.getLang() user = self.session.user iUserRole = objectAccess.getAccess(self.item, user) readonly = (iUserRole==1) self.params['ID'] = self.item.id self.params['ICON'] = self.item.__image__ self.params['SELECT_FROM_POLICIES'] = 'policies' self.params['POLICIES_REL_CC'] = '|'.join(self.item.policies.relCc) self.params['NAME'] = self.item.displayName.value self.params['DESCRIPTION'] = self.item.description.value self.params['MODIFIED'] = \ date.Date(self.item.modified).format(DATES_FORMAT, sLang) self.params['MODIFIED_BY'] = self.item.modifiedBy self.params['CONTENTCLASS'] = self.item.contentclass self.params['SELECT_FROM'] = self.item.parentid self.params['REL_CC'] = '|'.join(self.item.members.relCc) self.params['READONLY'] = self.getStringFromBoolean(readonly) members_options = '' members = self.item.members.getItems() for user in members: members_options += \ '<a:option img="%s" value="%s" caption="%s"/>' % \ (user.__image__, user.id, user.displayName.value) self.params['MEMBERS_OPTIONS'] = members_options policies_options = '' policies = self.item.policies.getItems() for policy in policies: policies_options += \ '<a:option img="%s" value="%s" caption="%s"/>' % \ (policy.__image__, policy.id, policy.displayName.value) self.params['POLICIES_OPTIONS'] = policies_options self.params['SECURITY_TAB'] = self.getSecurity(self.item)