def __set__(self, instance, value): field = self.__field.bind(instance) if ISet.providedBy(field): # pylint: disable=no-value-for-parameter if value is None: value = set() elif isinstance(value, str): value = set(value.split(',')) value = set( map(lambda x: x.id if IPrincipalInfo.providedBy(x) else x, value)) else: value = value.id if IPrincipalInfo.providedBy(value) else value field.validate(value) if field.readonly: raise ValueError("Field {0} is readonly!".format(self.__name)) protection = IProtectedObject(instance.__parent__, None) if not IRoleProtectedObject.providedBy(protection): raise ValueError( "Can't use role properties on object not providing " "IRoleProtectedObject interface!") # pylint: disable=assignment-from-no-return old_principals = protection.get_principals(self.__role_id) if not isinstance(value, set): value = {value} added = value - old_principals removed = old_principals - value for principal_id in added: protection.grant_role(self.__role_id, principal_id) for principal_id in removed: protection.revoke_role(self.__role_id, principal_id)
def revoke_role(self, role_id, principal_ids): """Revoke role to selected principals""" registry = get_pyramid_registry() if IRole.providedBy(role_id): role_id = role_id.id if isinstance(principal_ids, str): principal_ids = {principal_ids} role_principals = self._principals_by_role.get(role_id) or set() for principal_id in principal_ids.copy(): if IPrincipalInfo.providedBy(principal_id): principal_id = principal_id.id if principal_id in role_principals: principal_roles = self._roles_by_principal.get( principal_id) or set() if principal_id in role_principals: role_principals.remove(principal_id) if role_id in principal_roles: principal_roles.remove(role_id) if principal_roles: self._roles_by_principal[principal_id] = principal_roles elif principal_id in self._roles_by_principal: del self._roles_by_principal[principal_id] if role_principals: self._principals_by_role[role_id] = role_principals elif role_id in self._principals_by_role: del self._principals_by_role[role_id] registry.notify(RevokedRoleEvent(self, role_id, principal_id))
def handle_workflow_version_transition(event): """Handle workflow version transition""" principal = event.principal factory = get_object_factory(IWorkflowStateHistoryItem) if factory is not None: item = factory(date=gmtime(datetime.utcnow()), source_version=IWorkflowState( event.old_object).version_id, source_state=event.source, target_state=event.destination, transition_id=event.transition.transition_id, principal=principal.id if IPrincipalInfo.providedBy(principal) else principal, comment=event.comment) IWorkflowState(event.object).history.append(item) # pylint: disable=no-member
def grant_role(self, role_id, principal_ids): """Grant role to selected principals""" registry = get_pyramid_registry() if IRole.providedBy(role_id): role_id = role_id.id if isinstance(principal_ids, str): principal_ids = {principal_ids} role_principals = self._principals_by_role.get(role_id) or set() for principal_id in principal_ids: if IPrincipalInfo.providedBy(principal_id): principal_id = principal_id.id if principal_id not in role_principals: principal_roles = self._roles_by_principal.get( principal_id) or set() role_principals.add(principal_id) principal_roles.add(role_id) self._roles_by_principal[principal_id] = principal_roles self._principals_by_role[role_id] = role_principals registry.notify(GrantedRoleEvent(self, role_id, principal_id))
def get_principal_id(value): """Get principal ID""" return value.id if IPrincipalInfo.providedBy(value) else value
def set(self, object, value): # pylint: disable=redefined-builtin if IPrincipalInfo.providedBy(value): value = value.id super().set(object, value)
def validate(self, value): if IPrincipalInfo.providedBy(value): value = value.id super().validate(value)
def get_roles(self, principal_id): """Get roles for given principal""" if IPrincipalInfo.providedBy(principal_id): principal_id = principal_id.id return self._roles_by_principal.get(principal_id) or set()
def state_principal(self, value): """Setter of state principal""" self._state_principal = value.id if IPrincipalInfo.providedBy( value) else value