class PrincipalRoles(grok.Adapter): """Grant a role to a principal. """ grok.context(IPrincipal) grok.implements(IPrincipalRoles) def __init__(self, context): site = getSite() self.userid = context.id self.manager = IPrincipalRoleManager(site) @apply def roles(): """Writable property for roles. """ def get(self): setting = self.manager.getRolesForPrincipal(self.userid) return [role[0] for role in setting if role[1] is Allow] def set(self, roles): # removing undefined roles setting = self.manager.getRolesForPrincipal(self.userid) for role in setting: if role[0] not in roles and role[1] is Allow: self.manager.unsetRoleForPrincipal(role[0], self.userid) # setting new roles for role in roles: self.manager.assignRoleToPrincipal(role, self.userid) return property(get, set)
def handle_add(self): data, errors = self.extractData() if errors: self.flash(u'Es ist ein Fehler aufgetreten', 'warning') return changes = apply_data_event(self.fields, self.context, data) role_manager = IPrincipalRoleManager(grok.getSite()) for role_id, setting in role_manager.getRolesForPrincipal(data['login']): role_manager.removeRoleFromPrincipal(role_id, data['login']) role_manager.assignRoleToPrincipal(data['role'], data['login']) print role_manager.getRolesForPrincipal(data['login']) self.redirect(self.url(grok.getSite(), '/benutzer'))
def handle_delete(self): data, errors = self.extractData() del self.context.__parent__[self.context.__name__] role_manager = IPrincipalRoleManager(grok.getSite()) for role_id, setting in role_manager.getRolesForPrincipal(data['login']): role_manager.removeRoleFromPrincipal(role_id, data['login']) self.redirect(self.url(grok.getSite(), '/benutzer'))
def accountFromRoles(self, login): ''' Populate self.roles by querying the role manager ''' roleMgr = IPrincipalRoleManager(grok.getSite()) for rid, setting in roleMgr.getRolesForPrincipal('gfn.'+login): if setting.getName() == 'Allow': self.roles.add(rid)
def test_homefolder_creation_roles(self): from zope.securitypolicy.interfaces import IPrincipalRoleManager utility = uvcsite.interfaces.IHomeFolderManager(self.app) homefolder = utility.create('lars') prm = IPrincipalRoleManager(homefolder) for role, setting in prm.getRolesForPrincipal('lars'): self.assertTrue(role in utility.owner_roles) self.assertEqual(setting, zope.securitypolicy.settings.Allow)
def rolesFromAccount(self): ''' Populate the managed roles for this principal from self.roles ''' roleMgr = IPrincipalRoleManager(grok.getSite()) if self.login == 'admin': self.roles.add('gfn.Administrator') for rid, _setting in roleMgr.getRolesForPrincipal('gfn.'+self.login): roleMgr.unsetRoleForPrincipal(rid, 'gfn.'+self.login) for role in self.roles: roleMgr.assignRoleToPrincipal(role, 'gfn.'+self.login)
def roles(self): principal_id = self.__principal__.id rolemanager = IPrincipalRoleManager(getSite()) roles = {} for rid in self._roles: roles[rid] = Unset for role, setting in rolemanager.getRolesForPrincipal(principal_id): if role in self._roles: roles[role] = setting return roles
def prepare(self): results = getUtility(IAcknowledgements).search(object=self.context) acknowledged = [i.principal for i in results] allusers = searchPrincipals( type=('user',), principalSubscribed={'any_of': (True,)}) members = [] bannedusers = getUtility(IBanPrincipalConfiglet) rolemanager = IPrincipalRoleManager(getSite()) checkroles = ['zope.Anonymous', ] portal_roles = getUtility(IPortalRoles) if 'site.member' in portal_roles: checkroles.append(portal_roles['site.member'].id) for pid in [i.id for i in allusers if i.id not in acknowledged]: # Note: skip banned users if pid in bannedusers.banned: continue try: principal = getPrincipal(pid) except PrincipalLookupError: continue # Note: skip users with Deny roles nextitem = False for role, setting in rolemanager.getRolesForPrincipal(pid): if role == 'zope.Manager': continue if role in checkroles and setting == Deny: nextitem = True break if nextitem: continue profile = IPersonalProfile(principal, None) if profile is None: continue members.append(profile) return self.export(members)
def prepare(self): results = getUtility(IAcknowledgements).search(object=self.context) if len(results) > 0: members = [] # localtz = tz.tzlocal() bannedusers = getUtility(IBanPrincipalConfiglet) rolemanager = IPrincipalRoleManager(getSite()) checkroles = ['zope.Anonymous', ] portal_roles = getUtility(IPortalRoles) if 'site.member' in portal_roles: checkroles.append(portal_roles['site.member'].id) for pid, ack_date in [(i.principal, i.date) for i in results]: # Note: skip banned users if pid in bannedusers.banned: continue try: principal = getPrincipal(pid) except PrincipalLookupError: continue # Note: skip users with Deny roles nextitem = False for role, setting in rolemanager.getRolesForPrincipal(pid): if role == 'zope.Manager': continue if role in checkroles and setting == Deny: nextitem = True break if nextitem: continue profile = IPersonalProfile(principal, None) if profile is None: continue members.append( (profile, ack_date.strftime('%Y-%m-%d %H:%M UTC'))) # NOTE: convert date to local time zone # .replace(tzinfo=utc).astimezone(localtz).strftime('%Y-%m-%d %H:%M %Z') return self.export(members)
def getRoles(self, user): manager = IPrincipalRoleManager(self.context) setting = manager.getRolesForPrincipal(user) return [role[0] for role in setting if role[1] is Allow]
def borrarUsuario(self, usuario): if usuario in self.contenedor_cuentas: role_manager = IPrincipalRoleManager(grok.getSite()) rol = role_manager.getRolesForPrincipal(usuario)[0] role_manager.removeRoleFromPrincipal(rol[0], usuario) del self.contenedor_cuentas[usuario]