コード例 #1
0
ファイル: security.py プロジェクト: ilshad/tacklets
def clean_permissions(context, permission_id, setting=Allow):
    """Remove given permission for all principals"""
    prinper = IPrincipalPermissionManager(context)
    old = prinper.getPrincipalsForPermission(permission_id)
    for x in old:
        if x[1] == setting:
            prinper.unsetPermissionForPrincipal(permission_id, x[0])
コード例 #2
0
def add_view_permission(event):
    obj = event.object
    if not IAdHocContent.providedBy(obj):
        return
    if event.destination in (PUBLISHED, PROGRESS):
        ppm = IPrincipalPermissionManager(obj)
        ppm.grantPermissionToPrincipal('uvc.ViewContent', obj.principal.id)
コード例 #3
0
ファイル: security.py プロジェクト: ilshad/tacklets
def clean_permissions(context, permission_id, setting=Allow):
    """Remove given permission for all principals"""
    prinper = IPrincipalPermissionManager(context)
    old = prinper.getPrincipalsForPermission(permission_id)
    for x in old:
        if x[1] == setting:
            prinper.unsetPermissionForPrincipal(permission_id, x[0])
コード例 #4
0
def change_permissions(event):
    if event.destination == Workflow.states.PUBLISHED:
        try:
            principal = uvcsite.utils.shorties.getPrincipal()
        except zope.security.interfaces.NoInteraction:
            return
        else:
            if not uvcsite.auth.interfaces.ICOUser.providedBy(principal):
                return

        prinper = IPrincipalPermissionManager(event.object)
        roleper = IRolePermissionManager(event.object)
        roleper.denyPermissionToRole(named(uvcsite.permissions.View),
                                     named(uvcsite.permissions.Editor))
        prinper.grantPermissionToPrincipal(named(uvcsite.permissions.View),
                                           event.object.principal.id)
コード例 #5
0
def deliver_some(how_many=1, note=None, grants=None, event='created'):
    for _ in range(how_many):
        tx = transaction.begin()
        if note:
            tx.note(note)
        content = Folder()
        if grants:
            # Make sure we can use the default (annotatable)
            # permission managers.
            interface.alsoProvides(content, IAttributeAnnotatable)
            prin_perm = IPrincipalPermissionManager(content)
            for principal_id, perm_id in grants.items():
                prin_perm.grantPermissionToPrincipal(perm_id, principal_id)
        sender = getattr(lifecycleevent, event)
        sender(content)
        transaction.commit()
コード例 #6
0
ファイル: config.py プロジェクト: Zojax/zojax.site
    def __call__(self, data):
        portal = self.context

        site = getSite()
        setSite(portal)

        request = None
        interaction = queryInteraction()
        if interaction is not None:
            for participation in interaction.participations:
                request = participation
                break

        if request is None:
            request = TestRequest()

        sm = portal.getSiteManager()

        # setup default skin
        skintool = sm.queryUtility(IConfiglet, 'ui.portalskin')
        skintool.skin = u'zojax'

        interface.directlyProvides(request, *skintool.generate())

        # setup portlets
        portlets = sm.queryMultiAdapter(
            (portal, request, None), IPortletManager, 'columns.left')
        portlets.status = ENABLED
        portlets.__data__['portletIds'] = ('portlet.login', 'portlet.actions')

         # set portal access to open
        manager = IPrincipalPermissionManager(portal)
        everyone = sm.queryUtility(IEveryoneGroup)
        if everyone is not None:
            manager.grantPermissionToPrincipal(
                'zojax.AccessSite', everyone.id)

        authenticated = sm.queryUtility(IAuthenticatedGroup)
        if authenticated is not None:
            manager.unsetPermissionForPrincipal(
                'zojax.AccessSite', authenticated.id)

        # install catalog
        #sm.getUtility(IConfiglet, 'system.catalog').install()

        setSite(site)
コード例 #7
0
ファイル: authentication.py プロジェクト: AFPy/afpy.barcamp
 def authenticateCredentials(self, credentials):
     if not isinstance(credentials, dict):
         return None
     if not ('login' in credentials and 'password' in credentials):
         return None
     # hardcoded admin account TODO Arghhh
     if credentials['login'] != 'admin' or credentials[
             'password'] != 'barcamp':
         return None
     # grant permission to the hardcoded admin
     IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
         'zope.ManageContent', 'admin')
     IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
         'afpy.barcamp.managemeetings', 'admin')
     IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
         'afpy.barcamp.editseance', 'admin')
     IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
         'afpy.barcamp.seances.list', 'admin')
     return PrincipalInfo(id='admin',
                          title=_(u'admin'),
                          description=_(u'admin'))
コード例 #8
0
    def __call__(self, data):

        auth = zope.component.getUtility(IAuthentication, context=self.context)
        # Add a Admin to the administrators group
        login = data['member.login']
        admin = authentication.WebSiteMember(login, data['member.password'],
                                             data['member.firstName'],
                                             data['member.lastName'],
                                             data['member.email'])
        zope.event.notify(zope.lifecycleevent.ObjectCreatedEvent(admin))
        auth['members'].add(admin)

        adminGroup = auth['groups']['groups.Administrators']
        adminGroup.setPrincipals(adminGroup.principals + (admin.__name__, ),
                                 check=False)

        # grant permissions to roles
        role_manager = IRolePermissionManager(self.context)
        role_manager.grantPermissionToRole(permissions.MANAGESITE,
                                           roles.ADMINISTRATOR)
        role_manager.grantPermissionToRole(permissions.MANAGECONTENT,
                                           roles.ADMINISTRATOR)
        role_manager.grantPermissionToRole(permissions.MANAGEUSERS,
                                           roles.ADMINISTRATOR)
        role_manager.grantPermissionToRole(permissions.VIEW,
                                           roles.ADMINISTRATOR)
        role_manager.grantPermissionToRole(permissions.MANAGECONTENT,
                                           roles.MEMBER)
        role_manager.grantPermissionToRole(permissions.VIEW, roles.MEMBER)

        # grant VIEW to unauthenticated users.
        prin_manager = IPrincipalPermissionManager(self.context)
        unauth = zope.component.queryUtility(IUnauthenticatedGroup,
                                             context=self.context)
        if unauth is not None:
            prin_manager.grantPermissionToPrincipal(permissions.VIEW,
                                                    unauth.id)
コード例 #9
0
ファイル: config.py プロジェクト: domashevskiy/bbru
    def create_user(self, site, sm, data,
                          site_roles=(), site_permissions=(),
                          prefix='bbru.principal.', folder_key=u'principals'):
        auth = sm.getUtility(IAuthentication)
        principalfolder = auth[folder_key]
        key = data['login'] # convenient

        principal = InternalPrincipal(
            data['login'], data['password'],
            data.get('title') or data['login'].title(),
            data.get('description') or u'',
            data.get('passwordManagerName') or 'SSHA')

        if key not in principalfolder:
            principalfolder[key] = principal

            roles = IPrincipalRoleManager(site)
            for role in site_roles:
                roles.assignRoleToPrincipal(role, prefix + data['login'])

            permissions = IPrincipalPermissionManager(site)
            for permission in site_permissions:
                permissions.grantPermissionToPrincipal(
                    permission, prefix + data['login'])
コード例 #10
0
ファイル: group.py プロジェクト: bcgsc/gum
 def traverse(self, name):
     group = self.context[name]
     principal_id = self.request.principal.id
     uid = principal_id.split('.')[-1]
     
     # grant permissions if user belongs to group
     ppm = IPrincipalPermissionManager(grok.getApplication())     
     if uid in group.uids:
         ppm.grantPermissionToPrincipal(u'gum.EditGroup', principal_id)
     
     # grant permissions if the user is Admin
     grant_info = IGrantInfo(grok.getApplication())
     for role, perm in grant_info.getRolesForPrincipal(principal_id):
         if role == u'gum.Admin' and perm == Allow:
             ppm.grantPermissionToPrincipal(u'gum.EditGroup', principal_id)
     
     return group
コード例 #11
0
ファイル: user.py プロジェクト: bcgsc/gum
 def traverse(self, name):
     principal_id = self.request.principal.id
     __name__ = principal_id.split('.')[-1]
     if __name__ == self.context.__name__:
         ppm = IPrincipalPermissionManager(grok.getApplication())
         ppm.grantPermissionToPrincipal(u'gum.Edit', principal_id)
コード例 #12
0
ファイル: roles.py プロジェクト: prsephton/partybuilder
def authenticated(user):
    ''' Come here when a user has been authenticated via OAuth '''
    user = user.object
    print 'Authenticated user [%s]' % user.title
    pm = IPrincipalPermissionManager(grok.getApplication())
    pm.grantPermissionToPrincipal('builder.Authenticated', user.id)
コード例 #13
0
 def traverse(self, name):
     principal_id = self.request.principal.id
     __name__ = principal_id.split('.')[-1]
     if __name__ == self.context.__name__:
         ppm = IPrincipalPermissionManager(grok.getApplication())
         ppm.grantPermissionToPrincipal(u'gum.Edit', principal_id)
コード例 #14
0
def _default_security_setter(subscription):
    prin_per = IPrincipalPermissionManager(subscription)
    for perm_id in _DEFAULT_PERMISSIONS:
        # pylint:disable=too-many-function-args
        prin_per.grantPermissionToPrincipal(perm_id, subscription.owner_id)
コード例 #15
0
    def status(self):
        setUpWidget(self, 'principal', self.principal_field, IInputWidget)
        if not self.principal_widget.hasInput():
            return u''
        try:
            principal = self.principal_widget.getInputValue()
        except MissingInputError:
            return u''

        self.principal = principal

        # Make sure we can use the principal id in a form by base64ing it
        principal_token = unicode(principal).encode('base64').strip().replace(
            '=', '_')

        roles = [role for name, role in getUtilitiesFor(IRole)]
        roles.sort(lambda x, y: cmp(x.title, y.title))
        principal_roles = IPrincipalRoleManager(self.context)

        self.roles = []
        for role in roles:
            name = principal_token + '.role.'+role.id
            field = zope.schema.Choice(__name__= name,
                                       title=role.title,
                                       vocabulary=settings_vocabulary)
            setUpWidget(self, name, field, IInputWidget,
                        principal_roles.getSetting(role.id, principal))
            self.roles.append(getattr(self, name+'_widget'))

        perms = [perm for name, perm in getUtilitiesFor(IPermission)]
        perms.sort(lambda x, y: cmp(x.title, y.title))
        principal_perms = IPrincipalPermissionManager(self.context)

        self.permissions = []
        for perm in perms:
            if perm.id == 'zope.Public':
                continue
            name = principal_token + '.permission.'+perm.id
            field = zope.schema.Choice(__name__=name,
                                       title=perm.title,
                                       vocabulary=settings_vocabulary)
            setUpWidget(self, name, field, IInputWidget,
                        principal_perms.getSetting(perm.id, principal))
            self.permissions.append(
                getattr(self, name+'_widget'))

        if 'GRANT_SUBMIT' not in self.request:
            return u''

        for role in roles:
            name = principal_token + '.role.'+role.id
            role_widget = getattr(self, name+'_widget')
            if role_widget.hasInput():
                try:
                    setting = role_widget.getInputValue()
                except MissingInputError:
                    pass
                else:
                    # Arrgh!
                    if setting is Allow:
                        principal_roles.assignRoleToPrincipal(
                            role.id, principal)
                    elif setting is Deny:
                        principal_roles.removeRoleFromPrincipal(
                            role.id, principal)
                    else:
                        principal_roles.unsetRoleForPrincipal(
                            role.id, principal)

        for perm in perms:
            if perm.id == 'zope.Public':
                continue
            name = principal_token + '.permission.'+perm.id
            perm_widget = getattr(self, name+'_widget')
            if perm_widget.hasInput():
                try:
                    setting = perm_widget.getInputValue()
                except MissingInputError:
                    pass
                else:
                    # Arrgh!
                    if setting is Allow:
                        principal_perms.grantPermissionToPrincipal(
                            perm.id, principal)
                    elif setting is Deny:
                        principal_perms.denyPermissionToPrincipal(
                            perm.id, principal)
                    else:
                        principal_perms.unsetPermissionForPrincipal(
                            perm.id, principal)

        return _('Grants updated.')
コード例 #16
0
ファイル: access.py プロジェクト: Zojax/zojax.site
    def update(self):
        self.everyone = getUtility(IEveryoneGroup).id
        self.authgroup = getUtility(IAuthenticatedGroup).id

        manager = IPrincipalPermissionManager(removeSecurityProxy(self.context))

        if 'site.access.save' in self.request:
            val = self.request.get('site.access', None)
            if val == 'open':
                manager.grantPermissionToPrincipal(
                    'zojax.AccessSite', self.everyone)
                manager.unsetPermissionForPrincipal(
                    'zojax.AccessSite', self.authgroup)

            if val == 'private':
                manager.grantPermissionToPrincipal(
                    'zojax.AccessSite', self.authgroup)
                manager.unsetPermissionForPrincipal(
                    'zojax.AccessSite', self.everyone)

            IStatusMessage(self.request).add(
                _('Site access settings has been changed.'))

        self.everyoneAllowed = manager.getSetting(
            'zojax.AccessSite', self.everyone) is Allow

        self.authgroupAllowed = manager.getSetting(
            'zojax.AccessSite', self.authgroup) is Allow
コード例 #17
0
ファイル: config.py プロジェクト: Zojax/zojax.portal
    def __call__(self, data):
        portal = self.context

        # create site manager
        try:
            sm = portal.getSiteManager()
        except:
            sm = None

        if sm is None:
            sm = LocalSiteManager(portal)
            portal.setSiteManager(sm)

        setSite(portal)

        if 'system' not in sm:
            system = SiteManagementFolder()
            event.notify(ObjectCreatedEvent(system))
            sm['system'] = system
        else:
            system = sm['system']

        # IIntId utility
        if 'ids' not in system:
            ids = component.createObject('zope.app.intid.IntIds')
            event.notify(ObjectCreatedEvent(ids))
            system['ids'] = ids
        else:
            system['ids'].__init__()

        ids = system['ids']

        sm.registerUtility(system['ids'], IIntIds)
        ids.register(portal)

        # Principal Annotations
        if 'principalannotations' not in system:
            pa = component.createObject('zope.app.PrincipalAnnotationUtility')
            event.notify(ObjectCreatedEvent(pa))

            system['principalannotations'] = pa
            sm.registerUtility(pa, IPrincipalAnnotationUtility)

        # session data container
        configlet = sm.getUtility(IConfiglet, 'system.session')
        configlet.sessiontype = 'ram'

        # set password
        password = sm.getUtility(IConfiglet, 'principals.password')
        password.passwordManager = 'MD5'

        # set site timezone
        fomratter = sm.getUtility(IConfiglet, 'system.formatter')
        fomratter.timezone = u'UTC'

        # set portal access to open
        manager = IPrincipalPermissionManager(portal)
        everyone = sm.queryUtility(IEveryoneGroup)
        if everyone is not None:
            manager.grantPermissionToPrincipal(
                'zojax.AccessPortal', everyone.id)

        authenticated = sm.queryUtility(IAuthenticatedGroup)
        if authenticated is not None:
            manager.unsetPermissionForPrincipal(
                'zojax.AccessPortal', authenticated.id)

        # setup default role
        roles = sm.getUtility(IPortalRoles)
        if 'site.member' not in roles:
            role = PortalRole(title = u'Site Member')
            event.notify(ObjectCreatedEvent(role))

            roles['site.member'] = role
            roleId = role.id
            sm.getUtility(IDefaultPortalRole).roles = [role.id]

            roleperm = IRolePermissionManager(portal)

            for permId in ('zojax.PersonalContent', 'zojax.PersonalSpace',
                           'zojax.forum.addMessage', 'zojax.forum.addTopic',
                           'zojax.SubmitBlogPost', 'zojax.SubmitDocuments',
                           'zojax.forum.SubmitTopic', 'zojax.SubmitPhoto',
                           'zojax.contenttype.SubmitNewsItem',):
                roleperm.grantPermissionToRole(permId, roleId)

        # install catalog
        sm.getUtility(IConfiglet, 'system.catalog').install()

        # install workspaces
        portal.workspaces = ('overview', 'people', 'news', 'documents')
        event.notify(ObjectModifiedEvent(portal))

        setSite(None)