def handle_form(self):
"""
We split this out so we can reuse this for ajax.
Will return a boolean if it was a post or not
"""
postback = True
form = self.request.form
submitted = form.get('form.submitted', False)
save_button = form.get('form.button.Save', None) is not None
cancel_button = form.get('form.button.Cancel', None) is not None
if submitted and save_button and not cancel_button:
if not self.request.get('REQUEST_METHOD', 'GET') == 'POST':
raise Forbidden
authenticator = self.context.restrictedTraverse(
'@@authenticator', None)
if not authenticator.verify():
raise Forbidden
# Update the acquire-roles setting
if self.can_edit_inherit():
inherit = bool(form.get('inherit', False))
reindex = self.update_inherit(inherit, reindex=False)
else:
reindex = False
# Update settings for users and groups
entries = form.get('entries', [])
roles = [r['id'] for r in self.roles()]
settings = []
for entry in entries:
settings.append(
dict(id=entry['id'],
type=entry['type'],
roles=[
r for r in roles if entry.get('role_%s' % r, False)
]))
if settings:
reindex = self.update_role_settings(settings,
reindex=False) or reindex
notify(LocalrolesModifiedEvent(self.context, self.request))
if reindex:
self.context.reindexObjectSecurity()
notify(LocalrolesModifiedEvent(self.context, self.request))
IStatusMessage(self.request).addStatusMessage(_(u"Changes saved."),
type='info')
# Other buttons return to the sharing page
if cancel_button:
postback = False
return postback
def __call__(self):
data = json_body(self.request)
sharing_view = getMultiAdapter((self.context, self.request),
name="sharing")
# inherit roles
inherit_reindex = False
# block can be None, so we might get False or None, so we test
# for a marker.
inherit = data.get("inherit", marker)
if inherit is not marker:
inherit_reindex = sharing_view.update_inherit(status=inherit,
reindex=False)
# roles
roles_reindex = False
new_roles = data.get("entries", None)
if new_roles is not None:
# the roles are converted into a FrozenSet so we have to filter
# the data structure we get.
for user in new_roles:
roles_list = [
key for key in user["roles"] if user["roles"][key]
]
user["roles"] = roles_list
roles_reindex = sharing_view.update_role_settings(new_roles,
reindex=False)
# reindex object security
can_reindex = ICatalogAware(
self.context, None) or IPloneSiteRoot.providedBy(self.context)
if can_reindex and (inherit_reindex or roles_reindex):
self.context.reindexObjectSecurity()
if LOCALROLES_MODIFIED_EVENT_AVAILABLE:
notify(LocalrolesModifiedEvent(self.context, self.request))
def test_localroles_modified_event(self):
from zope.interface import Interface
from zope.interface import implementer
from zope.event import notify
from zope.component import getGlobalSiteManager
from plone.app.workflow.interfaces import ILocalrolesModifiedEvent
from plone.app.workflow.events import LocalrolesModifiedEvent
# define local roles modified sensitive interface and class
class ILRMEContext(Interface):
pass
@implementer(ILRMEContext)
class LRMEContext(object):
def __init__(self):
# gets set by handler
self.context = None
self.event = None
# define handler
def lrme_handler(context, event):
context.context = context
context.event = event
# register handler
gsm = getGlobalSiteManager()
gsm.registerHandler(
lrme_handler, (ILRMEContext, ILocalrolesModifiedEvent))
# create object and notify subscriber
context = LRMEContext()
request = self.app.REQUEST
event = LocalrolesModifiedEvent(context, request)
notify(event)
# check subscriber called
self.assertEqual(context.context, context)
self.assertEqual(context.event, event)
def sharing_handle_form(self):
"""
We split this out so we can reuse this for ajax.
Will return a boolean if it was a post or not
"""
postback = True
form = self.request.form
submitted = form.get('form.submitted', False)
save_button = form.get('form.button.Save', None) is not None
cancel_button = form.get('form.button.Cancel', None) is not None
if submitted and save_button and not cancel_button:
if not self.request.get('REQUEST_METHOD', 'GET') == 'POST':
raise Forbidden
old_ac_local_roles_block = getattr(
self.context, '__ac_local_roles_block__', None)
authenticator = self.context.restrictedTraverse('@@authenticator',
None)
if not authenticator.verify():
raise Forbidden
# Update the acquire-roles setting
if self.can_edit_inherit():
inherit = bool(form.get('inherit', False))
reindex = self.update_inherit(inherit, reindex=False)
else:
reindex = False
entries = form.get('entries', [])
roles = [r['id'] for r in self.roles()]
settings = []
for entry in entries:
settings.append(
dict(id=entry['id'],
type=entry['type'],
roles=[r for r in roles
if entry.get('role_%s' % r, False)]))
if settings:
old_settings = self.context.get_local_roles()
old_settings_dict = dict([(userid, set(roles))
for userid, roles in old_settings])
settings_dict = dict([(d['id'], set(d['roles']))
for d in settings])
old_userids = set(
[tp[0] for tp in old_settings if list(tp[1]) != ['Owner']])
new_userids = set([d['id'] for d in settings if d['roles']])
all_userids = old_userids | new_userids
reindex = self.update_role_settings(settings, reindex=False) \
or reindex
new_ac_local_roles_block = getattr(
self.context, '__ac_local_roles_block__', None)
diff_context = dict()
diff_context['removed_userids'] = old_userids - new_userids
diff_context['added_userids'] = new_userids - old_userids
diff_context['block_localroles'] = bool(new_ac_local_roles_block)
diff_context['role_changes'] = dict()
for userid, roles in settings_dict.items():
old_roles = old_settings_dict.get(userid, set())
if roles == old_roles:
continue
roles_added = roles - old_roles
roles_removed = old_roles - roles
user = plone.api.user.get(userid)
fullname = email = None
if user:
fullname = user.getProperty('fullname')
email = user.getProperty('email')
diff_context['role_changes'][userid] = dict(
fullname=fullname, email=email, added=roles_added, removed=roles_removed)
if reindex:
self.context.reindexObjectSecurity()
event = LocalrolesModifiedEvent(self.context, self.request)
event.diff_context = diff_context
notify(event)
IStatusMessage(self.request).addStatusMessage(
_(u"Changes saved."), type='info')
# Other buttons return to the sharing page
if cancel_button:
postback = False
return postback
def sharing_handle_form(self):
"""
We split this out so we can reuse this for ajax.
Will return a boolean if it was a post or not
"""
postback = True
form = self.request.form
submitted = form.get('form.submitted', False)
save_button = form.get('form.button.Save', None) is not None
cancel_button = form.get('form.button.Cancel', None) is not None
if submitted and save_button and not cancel_button:
if not self.request.get('REQUEST_METHOD', 'GET') == 'POST':
raise Forbidden
old_ac_local_roles_block = getattr(self.context,
'__ac_local_roles_block__', None)
authenticator = self.context.restrictedTraverse(
'@@authenticator', None)
if not authenticator.verify():
raise Forbidden
# Update the acquire-roles setting
if self.can_edit_inherit():
inherit = bool(form.get('inherit', False))
reindex = self.update_inherit(inherit, reindex=False)
else:
reindex = False
entries = form.get('entries', [])
roles = [r['id'] for r in self.roles()]
settings = []
for entry in entries:
settings.append(
dict(id=entry['id'],
type=entry['type'],
roles=[
r for r in roles if entry.get('role_%s' % r, False)
]))
if settings:
old_settings = self.context.get_local_roles()
old_settings_dict = dict([(userid, set(roles))
for userid, roles in old_settings])
settings_dict = dict([(d['id'], set(d['roles']))
for d in settings])
old_userids = set(
[tp[0] for tp in old_settings if list(tp[1]) != ['Owner']])
new_userids = set([d['id'] for d in settings if d['roles']])
all_userids = old_userids | new_userids
reindex = self.update_role_settings(settings, reindex=False) \
or reindex
new_ac_local_roles_block = getattr(self.context,
'__ac_local_roles_block__',
None)
diff_context = dict()
diff_context['removed_userids'] = old_userids - new_userids
diff_context['added_userids'] = new_userids - old_userids
diff_context['block_localroles'] = bool(new_ac_local_roles_block)
diff_context['role_changes'] = dict()
for userid, roles in settings_dict.items():
old_roles = old_settings_dict.get(userid, set())
if roles == old_roles:
continue
roles_added = roles - old_roles
roles_removed = old_roles - roles
user = plone.api.user.get(userid)
fullname = email = None
if user:
fullname = user.getProperty('fullname')
email = user.getProperty('email')
diff_context['role_changes'][userid] = dict(
fullname=fullname,
email=email,
added=roles_added,
removed=roles_removed)
if reindex:
self.context.reindexObjectSecurity()
event = LocalrolesModifiedEvent(self.context, self.request)
event.diff_context = diff_context
notify(event)
IStatusMessage(self.request).addStatusMessage(_(u"Changes saved."),
type='info')
# Other buttons return to the sharing page
if cancel_button:
postback = False
return postback