def __init__( self ): self._db = self.env.get_db_cnx() # wiring factories ( dependency injection pattern ) self._userFactory = UserFactory( self._db ) self._componentFactory = ComponentFactory( self._db ) self._projectFactory = ProjectFactory( self.config ) self._milestoneFactory = MilestoneFactory( self._db, self._componentFactory, self._projectFactory ) self._ticketFactory = TicketFactory ( self._db, self._componentFactory, self._projectFactory )
class CustomPolicies(Component): implements( IPermissionPolicy ) def __init__( self ): self._db = self.env.get_db_cnx() # wiring factories ( dependency injection pattern ) self._userFactory = UserFactory( self._db ) self._componentFactory = ComponentFactory( self._db ) self._projectFactory = ProjectFactory( self.config ) self._milestoneFactory = MilestoneFactory( self._db, self._componentFactory, self._projectFactory ) self._ticketFactory = TicketFactory ( self._db, self._componentFactory, self._projectFactory ) def check_permission( self, action, username, resource, perm ): self.log.info( 'check_permission: %s, %s, %s, %s, )' % ( action, username, resource, perm )) self._user = self._userFactory.getByUsername( username ) #self.log.info( 'user: %s %s' % ( username, user._permissions )) args = [ action, username, resource, perm ] if action == 'TICKET_VIEW': return self._check_ticket_permission( *args ) if action == 'MILESTONE_VIEW': return self._check_milestone_permission( *args ) if action == 'COMPONENT_VIEW': return self._check_component_permission( *args ) if action == 'PROJECT_VIEW': return self._check_project_permission( *args ) return None def _check_ticket_permission( self, action, username, resource, perm ): if not resource: return None self.log.debug( 'Ticket id: %s' % resource.id ) ticket = self._ticketFactory.getById( resource.id ) access = ticket.canBeAccessedBy( self._user ) self.log.debug( 'component: %s, access: %s' % ( ticket._component, ticket._component and ticket._component.canBeAccessedBy( self._user ))) self.log.debug( 'project: %s, access: %s' % ( ticket._project, ticket._project and ticket._project.canBeAccessedBy( self._user ))) self.log.debug( 'Ticket can be accessed: %s' % access ) return access def _check_milestone_permission( self, action, username, resource, perm ): if not resource: return None self.log.debug( 'Milestone realm: %s' % resource.realm ) self.log.debug( 'Milestone id: %s' % resource.id ) milestone = self._milestoneFactory.getByName( resource.id ) result = milestone.canBeAccessedBy( self._user ) self.log.debug( 'Access: %s' % result ) return result def _check_component_permission( self, action, username, resource, perm ): if not resource: return None self.log.debug( 'Component realm: %s' % resource.realm ) self.log.debug( 'Component id: %s' % resource.id ) component = self._componentFactory.getByName( resource.realm ) result = component.canBeAccessedBy( self._user ) self.log.debug( 'Access: %s' % result ) return result def _check_project_permission( self, action, username, resource, perm ): if not resource: return None self.log.debug( 'Project realm: %s' % resource.realm ) self.log.debug( 'Project id: %s' % resource.id ) project = self._projectFactory.getByName( resource.realm ) result = project.canBeAccessedBy( self._user ) self.log.debug( 'Access: %s' % result ) return result