def getRolesInContext(self, user, object): # we combine the permission of the user with those of the # groups she belongs to uf = self._get_userfolder(user) if uf is not None: # rewrap user with an unwrapped user folder, so # _check_context works appropriately user = aq_inner(user) user = user.__of__(uf) principal_ids = self._get_principal_ids(user) roles = set() for obj in self._parent_chain(object): if user._check_context(obj): count = -1 for count, a in enumerate(self._getAdapters(obj)): for pid in principal_ids: roles.update(a.getRoles(pid)) # XXX: BBB code, kicks in only if there's no proper adapter if count == -1: workspace = IGroupAwareWorkspace(obj, IWorkspace(obj, None)) if workspace is not None: roles.update(workspace.getLocalRolesForPrincipal(user)) for group in self._groups(obj, user, workspace): roles.update( workspace.getLocalRolesForPrincipal(group)) return list(roles)
def getRolesInContext(self, user, object): # we combine the permission of the user with those of the # groups she belongs to uf = self._get_userfolder(user) if uf is not None: # rewrap user with an unwrapped user folder, so # _check_context works appropriately user = aq_inner(user) user = user.__of__(uf) principal_ids = self._get_principal_ids(user) roles = set() for obj in self._parent_chain(object): if user._check_context(obj): count = -1 for count, a in enumerate(self._getAdapters(obj)): for pid in principal_ids: roles.update(a.getRoles(pid)) # XXX: BBB code, kicks in only if there's no proper adapter if count == -1: workspace = IGroupAwareWorkspace(obj, IWorkspace(obj, None)) if workspace is not None: roles.update(workspace.getLocalRolesForPrincipal(user)) for group in self._groups(obj, user, workspace): roles.update(workspace.getLocalRolesForPrincipal(group)) return list(roles)
def checkLocalRolesAllowed(self, user, object, object_roles): """Checks if the user has one of the specified roles in the given context, short circuits when the first provider granting one of the roles is found.""" uf = self._get_userfolder(user) if uf is not None: # rewrap user with an unwrapped user folder, so # _check_context works appropriately user = aq_inner(user) user = user.__of__(uf) check_roles = set(object_roles) principal_ids = self._get_principal_ids(user) for obj in self._parent_chain(object): count = -1 for count, a in enumerate(self._getAdapters(obj)): for pid in principal_ids: roles = a.getRoles(pid) if check_roles.intersection(roles): if user._check_context(obj): return 1 else: return 0 # XXX: BBB code, kicks in only if there's no proper adapter if count == -1: workspace = IGroupAwareWorkspace(obj, IWorkspace(obj, None)) if workspace is not None: roles = workspace.getLocalRolesForPrincipal(user) if check_roles.intersection(roles): if user._check_context(obj): return 1 else: return 0 for group in self._groups(obj, user, workspace): roles = workspace.getLocalRolesForPrincipal(group) if check_roles.intersection(roles): if user._check_context(obj): return 1 else: return 0 return None