def test_deny_dublincore_view(self): """Tests the denial of dublincore view permissions to anonymous. Users who can view a folder contents page but cannot view dublin core should still be able to see the folder items' names, but not their title, modified, and created info. """ # add an item that can be viewed from the root folder file = File() self.getRootFolder()['file'] = file IZopeDublinCore(file).title = u'My File' # deny zope.app.dublincore.view to zope.Anonymous prm = IRolePermissionManager(self.getRootFolder()) prm.denyPermissionToRole('zope.app.dublincore.view', 'zope.Anonymous') transaction.commit() response = self.publish('/') self.assertEquals(response.getStatus(), 200) body = response.getBody() # confirm we can see the file name self.assert_(body.find('<a href="file">file</a>') != -1) # confirm we *cannot* see the metadata title self.assert_(body.find('My File') == -1)
def test_deny_view(self): """Tests the denial of view permissions to anonymous. This test uses the ZMI interface to deny anonymous zope.View permission to the root folder. """ # deny zope.View to zope.Anonymous prm = IRolePermissionManager(self.getRootFolder()) prm.denyPermissionToRole('zope.View', 'zope.Anonymous') transaction.commit() # confirm Unauthorized when viewing root folder self.assertRaises(Unauthorized, self.publish, '/')
def setPermissionRoles(self): """Set permissions of roles. """ prm = IRolePermissionManager(self.context) permissions = [perm.id for perm in self.permissions] for perm in permissions: rperm = self.request.get(u'perm%s' % perm) if rperm not in permissions: continue for role in self.roles: rrole = self.request.get('role%s' % role) if rrole not in self.roles: continue setting = self.request.get(u'prole%s%s' % (perm, role)) if setting is None: continue if setting == Unset.getName(): prm.unsetPermissionFromRole(rperm, rrole) elif setting == Allow.getName(): prm.grantPermissionToRole(rperm, rrole) elif setting == Deny.getName(): prm.denyPermissionToRole(rperm, rrole) else: # Unknown value. Ignore it. pass self.msg = u"Permissions successfully updated."
def getPermissionRoles(self): """Get a dict of dicts containing the current role->permission mappings. """ prm = IRolePermissionManager(self.context) result = {} for perm in self.permissions: proles = prm.getRolesForPermission(perm.id) settings = {} for role, setting in proles: settings[role] = setting.getName() nosetting = Unset.getName() result[perm.id] = {} for role in self.roles: result[perm.id][role] = settings.get(role, nosetting) return result
def setQreatureFolderUtilities(event): """ This is a handler for custom event. All object hierarchies and site-level utilities are created here""" site = event.object sm = site.getSiteManager() internal_principal = InternalPrincipal(site.login, site.password, u'owner') quiz_site = site.__parent__ quiz_site_manager = quiz_site.getSiteManager() quiz_site_pau = quiz_site_manager['pau'] quiz_site_pf = quiz_site_pau['PrincipalFolder'] quiz_site_pf.__setitem__(site.__name__, internal_principal) role = LocalRole(u'Quiz Creator',u'Registerde user, able to create and edit quizes') sm['role'] = role sm.registerUtility(role, IRole, site.__name__) role_perm_manager = IRolePermissionManager(site) role_perm_manager.grantPermissionToRole("qreature.edit_quiz", site.__name__)