def to_profile_active(ob, extra_acl=None, override_default_acl=False):
from opencore.utils import find_users
from opencore.views.communities import get_community_groups
acl = []
if not override_default_acl:
acl.append((Allow, ob.creator,
MEMBER_PERMS + ('view_only',)))
acl.append((Allow, 'group.KarlUserAdmin',
ADMINISTRATOR_PERMS + ('view_only',)))
acl.append((Allow, 'group.KarlAdmin',
ADMINISTRATOR_PERMS + ('view_only',)))
acl.append((Allow, 'group.KarlStaff',
GUEST_PERMS + ('view_only',)))
acl.append((Allow, 'group.API',
API_PERMS))
if extra_acl:
acl = acl + extra_acl
# not auth'd users can view all content
acl.append((Allow, Everyone, ('view_only',)))
users = find_users(ob)
user = users.get_by_id(ob.creator)
if user is not None:
groups = user['groups']
for group, role in get_community_groups(groups):
c_group = 'group.community:%s:%s' % (group, role)
acl.append((Allow, c_group, GUEST_PERMS + ('view_only',)))
acl.append((Allow, 'system.Authenticated', GUEST_PERMS + ('view_only',)))
acl.append(NO_INHERIT)
added, removed = acl_diff(ob, acl)
if added or removed:
ob.__acl__ = acl
log.info('profile (%s) to-active, added: %s, removed: %s' % (model_path(ob), added, removed))
if ob.security_state == 'inactive':
ob.security_state = 'active'
log.info('profile (%s) security_state changed to %s' % (model_path(ob), ob.security_state))
def _callFUT(self, principals):
from opencore.views.communities import get_community_groups
return get_community_groups(principals)