def getPermissionAcquiredMapping(self):
""" """
parent = self.getObjectParent()
acquiring_permissions = self.getPermissionsWithAcquiredRoles()
mapping = {}
for permission in self.permissions:
if permission in acquiring_permissions:
mapping[permission] = rolesForPermissionOn(permission, parent)
else:
mapping[permission] = []
return mapping
def rolesForPermissionOn(ob):
im_self = ob.im_self
name = '%s__roles__' % ob.__name__
# we explictly call _aq_dynamic to prevent acquiering the attribute
# from container
roles = getattr(im_self.__class__, name, im_self)
if roles is im_self:
roles = im_self._aq_dynamic(name)
if roles is None:
return rolesForPermissionOn(None, im_self, ('Manager',),
'_Access_contents_information_Permission')
return getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
def rolesForPermissionOn(ob):
im_self = ob.im_self
name = '%s__roles__' % ob.__name__
# we explictly call _aq_dynamic to prevent acquiering the attribute
# from container
roles = getattr(im_self.__class__, name, im_self)
if roles is im_self:
roles = im_self._aq_dynamic(name)
if roles is None:
return rolesForPermissionOn(
None, im_self, ('Manager', ),
'_Access_contents_information_Permission')
return getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
def rolesForPermissionOn(ob):
im_self = ob.im_self
name = '%s__roles__' % ob.__name__
# Lookup on the class, as getRoles gives priority to ob.__roles__
# over class.ob__roles__, this way we have an opportunity to define
# security on the class for generated methods.
# We explictly call _aq_dynamic to prevent acquiering the attribute
# from container
roles = getattr(im_self.__class__, name, im_self)
if roles is im_self:
roles = im_self._aq_dynamic(name)
if roles is None:
return rolesForPermissionOn(None, im_self, ('Manager',),
'_Modify_portal_content_Permission')
# if roles has an __of__ method, call it explicitly, as the Method
# already has an __of__ method that has been already called at this
# point.
return getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
def rolesForPermissionOn(ob):
im_self = ob.im_self
name = '%s__roles__' % ob.__name__
# Lookup on the class, as getRoles gives priority to ob.__roles__
# over class.ob__roles__, this way we have an opportunity to define
# security on the class for generated methods.
# We explictly call _aq_dynamic to prevent acquiering the attribute
# from container
roles = getattr(im_self.__class__, name, im_self)
if roles is im_self:
roles = im_self._aq_dynamic(name)
if roles is None:
return rolesForPermissionOn(
None, im_self, ('Manager', ),
'_Modify_portal_content_Permission')
# if roles has an __of__ method, call it explicitly, as the Method
# already has an __of__ method that has been already called at this
# point.
return getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
def allowedAdminRolesAndUsers(self):
"""
Return a list of roles and users with reportek_dataflow_admin
permission. Used by Catalog to filter out items you're not
allowed to see.
"""
ob = self
allowed = {}
for r in rolesForPermissionOn(reportek_dataflow_admin, ob):
allowed[r] = 1
localroles = self._mergedLocalRoles(ob)
for user, roles in localroles.items():
for role in roles:
if role in allowed:
allowed['user:'******'Owner' in allowed:
del allowed['Owner']
return list(allowed.keys())
def has_permission(permission=None, username=None, user=None, obj=None):
"""Check if the user has the specified permission on the given object.
Arguments ``username`` and ``user`` are mutually exclusive. You can either
set one or the other, but not both. If no ``username` or ``user`` are
provided, check the permission for the currently logged-in user.
:param permission: [required] Permission of the user to check for
:type permission: string
:param username: Username of the user that we are checking the permission
for
:type username: string
:param user: User that we are checking the permission for
:type user: MemberData object
:param obj: Object that we are checking the permission for
:type obj: object
:returns: True if user has the specified permission, False otherwise.
:rtype: bool
:raises:
ValueError
:Example: :ref:`user_has_permission_example`
"""
if not permission:
ValueError
if username and user:
raise ValueError
if not obj:
raise ValueError
portal_membership = getToolByName(portal.get(), "portal_membership")
if username:
user = portal_membership.getMemberById(username)
if not user or user == portal_membership.getAuthenticatedMember():
return portal_membership.checkPermission(permission, obj)
else:
roles = rolesForPermissionOn(permission, obj)
return user.allowed(obj, roles)
def _recipient_roles(self):
roles = getToolByName(self.context, 'portal_properties').site_properties.sendToRecipientRoles
roles = [r for r in roles if r in rolesForPermissionOn('View', self.context)]
return roles
