def cached_prinper(self, parent, principal, groups, permission):
# Compute the permission, if any, for the principal.
cache = self.cache(parent)
try:
cache_prin = cache.prin
except AttributeError:
cache_prin = cache.prin = {}
cache_prin_per = cache_prin.get(principal)
if not cache_prin_per:
cache_prin_per = cache_prin[principal] = {}
try:
return cache_prin_per[permission]
except KeyError:
pass
if parent is None:
prinper = SettingAsBoolean[
globalPrincipalPermissionSetting(permission, principal, None)]
cache_prin_per[permission] = prinper
return prinper
prinper = IPrincipalPermissionMap(parent, None)
if prinper is not None:
prinper = SettingAsBoolean[
prinper.getSetting(permission, principal, None)]
if prinper is not None:
cache_prin_per[permission] = prinper
return prinper
parent = removeSecurityProxy(getattr(parent, '__parent__', None))
prinper = self.cached_prinper(parent, principal, groups, permission)
cache_prin_per[permission] = prinper
return prinper
def get_principals_with_access_content(obj):
if obj is None:
return {}
active_roles = get_principals_with_access_content(
removeSecurityProxy(getattr(obj, '__parent__', None)))
prinperm = IPrincipalPermissionMap(obj)
for role, permission in prinperm.getRow('plone.AccessContent'):
active_roles[role] = permission
return active_roles
def settingsForObject(ob):
"""Analysis tool to show all of the grants to a process
"""
result = []
while ob is not None:
data = {}
result.append((getattr(ob, '__name__', '(no name)'), data))
principalPermissions = IPrincipalPermissionMap(ob, None)
if principalPermissions is not None:
settings = principalPermissions.getPrincipalsAndPermissions()
settings.sort()
data['principalPermissions'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
principalRoles = IPrincipalRoleMap(ob, None)
if principalRoles is not None:
settings = principalRoles.getPrincipalsAndRoles()
data['principalRoles'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
rolePermissions = IRolePermissionMap(ob, None)
if rolePermissions is not None:
settings = rolePermissions.getRolesAndPermissions()
data['rolePermissions'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
ob = getattr(ob, '__parent__', None)
data = {}
result.append(('global settings', data))
settings = principalPermissionManager.getPrincipalsAndPermissions()
settings.sort()
data['principalPermissions'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
settings = principalRoleManager.getPrincipalsAndRoles()
data['principalRoles'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
settings = rolePermissionManager.getRolesAndPermissions()
data['rolePermissions'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
return result
async def sharing_get(context, request):
roleperm = IRolePermissionMap(context)
prinperm = IPrincipalPermissionMap(context)
prinrole = IPrincipalRoleMap(context)
result = {'local': {}, 'inherit': []}
result['local']['role_permission'] = roleperm._byrow
result['local']['principal_permission'] = prinperm._byrow
result['local']['principal_role'] = prinrole._byrow
for obj in iter_parents(context):
roleperm = IRolePermissionMap(obj)
prinperm = IPrincipalPermissionMap(obj)
prinrole = IPrincipalRoleMap(obj)
result['inherit'].append({
'@id': IAbsoluteURL(obj, request)(),
'role_permission': roleperm._byrow,
'principal_permission': prinperm._byrow,
'principal_role': prinrole._byrow,
})
await notify(ObjectPermissionsViewEvent(context))
return result
def cached_prinper(self, parent, principal, groups, permission):
cache = self.cache(parent)
try:
cache_prin = cache.prin
except AttributeError:
cache_prin = cache.prin = {}
cache_prin_per = cache_prin.get(principal)
if not cache_prin_per:
cache_prin_per = cache_prin[principal] = {}
try:
return cache_prin_per[permission]
except KeyError:
pass
if parent is None:
prinper = SettingAsBoolean[globalPrincipalPermissionSetting(
permission, principal, None)]
cache_prin_per[permission] = prinper
return prinper
prinper = IPrincipalPermissionMap(parent, None)
if prinper is not None:
prinper = SettingAsBoolean[prinper.getSetting(
permission, principal, None)]
if prinper is not None:
cache_prin_per[permission] = prinper
return prinper
if getattr(parent, 'inherit_permissions', None):
parent = removeSecurityProxy(getattr(parent, '__parent__', None))
prinper = self.cached_prinper(parent, principal, groups,
permission)
cache_prin_per[permission] = prinper
return prinper
prinper = SettingAsBoolean[globalPrincipalPermissionSetting(
permission, principal, None)]
cache_prin_per[permission] = prinper
return prinper