class PrincipalRoles(grok.Adapter):
"""Grant a role to a principal.
"""
grok.context(IPrincipal)
grok.implements(IPrincipalRoles)
def __init__(self, context):
site = getSite()
self.userid = context.id
self.manager = IPrincipalRoleManager(site)
@apply
def roles():
"""Writable property for roles.
"""
def get(self):
setting = self.manager.getRolesForPrincipal(self.userid)
return [role[0] for role in setting if role[1] is Allow]
def set(self, roles):
# removing undefined roles
setting = self.manager.getRolesForPrincipal(self.userid)
for role in setting:
if role[0] not in roles and role[1] is Allow:
self.manager.unsetRoleForPrincipal(role[0], self.userid)
# setting new roles
for role in roles:
self.manager.assignRoleToPrincipal(role, self.userid)
return property(get, set)
def handle_add(self):
data, errors = self.extractData()
if errors:
self.flash(u'Es ist ein Fehler aufgetreten', 'warning')
return
changes = apply_data_event(self.fields, self.context, data)
role_manager = IPrincipalRoleManager(grok.getSite())
for role_id, setting in role_manager.getRolesForPrincipal(data['login']):
role_manager.removeRoleFromPrincipal(role_id, data['login'])
role_manager.assignRoleToPrincipal(data['role'], data['login'])
print role_manager.getRolesForPrincipal(data['login'])
self.redirect(self.url(grok.getSite(), '/benutzer'))
def handle_delete(self):
data, errors = self.extractData()
del self.context.__parent__[self.context.__name__]
role_manager = IPrincipalRoleManager(grok.getSite())
for role_id, setting in role_manager.getRolesForPrincipal(data['login']):
role_manager.removeRoleFromPrincipal(role_id, data['login'])
self.redirect(self.url(grok.getSite(), '/benutzer'))
def accountFromRoles(self, login):
''' Populate self.roles by querying the role manager
'''
roleMgr = IPrincipalRoleManager(grok.getSite())
for rid, setting in roleMgr.getRolesForPrincipal('gfn.'+login):
if setting.getName() == 'Allow':
self.roles.add(rid)
def test_homefolder_creation_roles(self):
from zope.securitypolicy.interfaces import IPrincipalRoleManager
utility = uvcsite.interfaces.IHomeFolderManager(self.app)
homefolder = utility.create('lars')
prm = IPrincipalRoleManager(homefolder)
for role, setting in prm.getRolesForPrincipal('lars'):
self.assertTrue(role in utility.owner_roles)
self.assertEqual(setting, zope.securitypolicy.settings.Allow)
def rolesFromAccount(self):
''' Populate the managed roles for this principal from self.roles
'''
roleMgr = IPrincipalRoleManager(grok.getSite())
if self.login == 'admin':
self.roles.add('gfn.Administrator')
for rid, _setting in roleMgr.getRolesForPrincipal('gfn.'+self.login):
roleMgr.unsetRoleForPrincipal(rid, 'gfn.'+self.login)
for role in self.roles:
roleMgr.assignRoleToPrincipal(role, 'gfn.'+self.login)
def roles(self):
principal_id = self.__principal__.id
rolemanager = IPrincipalRoleManager(getSite())
roles = {}
for rid in self._roles:
roles[rid] = Unset
for role, setting in rolemanager.getRolesForPrincipal(principal_id):
if role in self._roles:
roles[role] = setting
return roles
def prepare(self):
results = getUtility(IAcknowledgements).search(object=self.context)
acknowledged = [i.principal for i in results]
allusers = searchPrincipals(
type=('user',),
principalSubscribed={'any_of': (True,)})
members = []
bannedusers = getUtility(IBanPrincipalConfiglet)
rolemanager = IPrincipalRoleManager(getSite())
checkroles = ['zope.Anonymous', ]
portal_roles = getUtility(IPortalRoles)
if 'site.member' in portal_roles:
checkroles.append(portal_roles['site.member'].id)
for pid in [i.id for i in allusers if i.id not in acknowledged]:
# Note: skip banned users
if pid in bannedusers.banned:
continue
try:
principal = getPrincipal(pid)
except PrincipalLookupError:
continue
# Note: skip users with Deny roles
nextitem = False
for role, setting in rolemanager.getRolesForPrincipal(pid):
if role == 'zope.Manager':
continue
if role in checkroles and setting == Deny:
nextitem = True
break
if nextitem:
continue
profile = IPersonalProfile(principal, None)
if profile is None:
continue
members.append(profile)
return self.export(members)
def prepare(self):
results = getUtility(IAcknowledgements).search(object=self.context)
acknowledged = [i.principal for i in results]
allusers = searchPrincipals(
type=('user',),
principalSubscribed={'any_of': (True,)})
members = []
bannedusers = getUtility(IBanPrincipalConfiglet)
rolemanager = IPrincipalRoleManager(getSite())
checkroles = ['zope.Anonymous', ]
portal_roles = getUtility(IPortalRoles)
if 'site.member' in portal_roles:
checkroles.append(portal_roles['site.member'].id)
for pid in [i.id for i in allusers if i.id not in acknowledged]:
# Note: skip banned users
if pid in bannedusers.banned:
continue
try:
principal = getPrincipal(pid)
except PrincipalLookupError:
continue
# Note: skip users with Deny roles
nextitem = False
for role, setting in rolemanager.getRolesForPrincipal(pid):
if role == 'zope.Manager':
continue
if role in checkroles and setting == Deny:
nextitem = True
break
if nextitem:
continue
profile = IPersonalProfile(principal, None)
if profile is None:
continue
members.append(profile)
return self.export(members)
def prepare(self):
results = getUtility(IAcknowledgements).search(object=self.context)
if len(results) > 0:
members = []
# localtz = tz.tzlocal()
bannedusers = getUtility(IBanPrincipalConfiglet)
rolemanager = IPrincipalRoleManager(getSite())
checkroles = ['zope.Anonymous', ]
portal_roles = getUtility(IPortalRoles)
if 'site.member' in portal_roles:
checkroles.append(portal_roles['site.member'].id)
for pid, ack_date in [(i.principal, i.date) for i in results]:
# Note: skip banned users
if pid in bannedusers.banned:
continue
try:
principal = getPrincipal(pid)
except PrincipalLookupError:
continue
# Note: skip users with Deny roles
nextitem = False
for role, setting in rolemanager.getRolesForPrincipal(pid):
if role == 'zope.Manager':
continue
if role in checkroles and setting == Deny:
nextitem = True
break
if nextitem:
continue
profile = IPersonalProfile(principal, None)
if profile is None:
continue
members.append(
(profile, ack_date.strftime('%Y-%m-%d %H:%M UTC')))
# NOTE: convert date to local time zone
# .replace(tzinfo=utc).astimezone(localtz).strftime('%Y-%m-%d %H:%M %Z')
return self.export(members)
def prepare(self):
results = getUtility(IAcknowledgements).search(object=self.context)
if len(results) > 0:
members = []
# localtz = tz.tzlocal()
bannedusers = getUtility(IBanPrincipalConfiglet)
rolemanager = IPrincipalRoleManager(getSite())
checkroles = ['zope.Anonymous', ]
portal_roles = getUtility(IPortalRoles)
if 'site.member' in portal_roles:
checkroles.append(portal_roles['site.member'].id)
for pid, ack_date in [(i.principal, i.date) for i in results]:
# Note: skip banned users
if pid in bannedusers.banned:
continue
try:
principal = getPrincipal(pid)
except PrincipalLookupError:
continue
# Note: skip users with Deny roles
nextitem = False
for role, setting in rolemanager.getRolesForPrincipal(pid):
if role == 'zope.Manager':
continue
if role in checkroles and setting == Deny:
nextitem = True
break
if nextitem:
continue
profile = IPersonalProfile(principal, None)
if profile is None:
continue
members.append(
(profile, ack_date.strftime('%Y-%m-%d %H:%M UTC')))
# NOTE: convert date to local time zone
# .replace(tzinfo=utc).astimezone(localtz).strftime('%Y-%m-%d %H:%M %Z')
return self.export(members)
def getRoles(self, user):
manager = IPrincipalRoleManager(self.context)
setting = manager.getRolesForPrincipal(user)
return [role[0] for role in setting if role[1] is Allow]
def getRoles(self, user):
manager = IPrincipalRoleManager(self.context)
setting = manager.getRolesForPrincipal(user)
return [role[0] for role in setting if role[1] is Allow]
def borrarUsuario(self, usuario):
if usuario in self.contenedor_cuentas:
role_manager = IPrincipalRoleManager(grok.getSite())
rol = role_manager.getRolesForPrincipal(usuario)[0]
role_manager.removeRoleFromPrincipal(rol[0], usuario)
del self.contenedor_cuentas[usuario]
def borrarUsuario(self, usuario):
if usuario in self.contenedor_cuentas:
role_manager = IPrincipalRoleManager(grok.getSite())
rol = role_manager.getRolesForPrincipal(usuario)[0]
role_manager.removeRoleFromPrincipal(rol[0], usuario)
del self.contenedor_cuentas[usuario]
