def clean_roles(context, role_id, setting=Allow):
"""Remove given role for all principals"""
prinrole = IPrincipalRoleManager(context)
old = prinrole.getPrincipalsForRole(role_id)
for x in old:
if x[1] == setting:
prinrole.unsetRoleForPrincipal(role_id, x[0])
class PrincipalRoles(grok.Adapter):
"""Grant a role to a principal.
"""
grok.context(IPrincipal)
grok.implements(IPrincipalRoles)
def __init__(self, context):
site = getSite()
self.userid = context.id
self.manager = IPrincipalRoleManager(site)
@apply
def roles():
"""Writable property for roles.
"""
def get(self):
setting = self.manager.getRolesForPrincipal(self.userid)
return [role[0] for role in setting if role[1] is Allow]
def set(self, roles):
# removing undefined roles
setting = self.manager.getRolesForPrincipal(self.userid)
for role in setting:
if role[0] not in roles and role[1] is Allow:
self.manager.unsetRoleForPrincipal(role[0], self.userid)
# setting new roles
for role in roles:
self.manager.assignRoleToPrincipal(role, self.userid)
return property(get, set)
def clean_roles(context, role_id, setting=Allow):
"""Remove given role for all principals"""
prinrole = IPrincipalRoleManager(context)
old = prinrole.getPrincipalsForRole(role_id)
for x in old:
if x[1] == setting:
prinrole.unsetRoleForPrincipal(role_id, x[0])
def rolesFromAccount(self):
''' Populate the managed roles for this principal from self.roles
'''
roleMgr = IPrincipalRoleManager(grok.getSite())
if self.login == 'admin':
self.roles.add('gfn.Administrator')
for rid, _setting in roleMgr.getRolesForPrincipal('gfn.'+self.login):
roleMgr.unsetRoleForPrincipal(rid, 'gfn.'+self.login)
for role in self.roles:
roleMgr.assignRoleToPrincipal(role, 'gfn.'+self.login)
def roles(self, value):
principal_id = self.__principal__.id
rolemanager = IPrincipalRoleManager(getSite())
for role, setting in value.items():
if role not in self._roles:
continue
if setting is Allow:
rolemanager.assignRoleToPrincipal(role, principal_id)
elif setting is Deny:
rolemanager.removeRoleFromPrincipal(role, principal_id)
else:
rolemanager.unsetRoleForPrincipal(role, principal_id)
def __init__(self, *args, **kwargs):
''' Create an administrator with default login and password
'''
super(AuthenticatorPlugin, self).__init__(*args, **kwargs)
su = InternalPrincipal(login='******', password='******', title=u'Administrator',
description=u'The SuperUser')
self['admin'] = su
roleMgr = IPrincipalRoleManager(grok.getSite())
for uid, _setting in roleMgr.getPrincipalsForRole('gfn.Administrator'):
roleMgr.unsetRoleForPrincipal('gfn.Administrator', 'gfn.'+uid)
uid = self.getIdByLogin('admin')
roleMgr.assignRoleToPrincipal('gfn.Administrator', 'gfn.'+uid)
def roles(self, values):
prmanager = IPrincipalRoleManager(self.context)
for role_id in self.roles:
prmanager.unsetRoleForPrincipal(role_id, self.principal_id)
for role_id in values:
prmanager.assignRoleToPrincipal(role_id, self.principal_id)
def roles(self, values):
prmanager = IPrincipalRoleManager(self.context)
for role_id in self.roles:
prmanager.unsetRoleForPrincipal(role_id, self.principal_id)
for role_id in values:
prmanager.assignRoleToPrincipal(role_id, self.principal_id)
def unset_role(self, role_id, pids):
if isinstance(pids, basestring): pids = [pids]
role_id = ROLE_MAP[role_id]
prinrole = IPrincipalRoleManager(self.context)
for pid in pids:
prinrole.unsetRoleForPrincipal(role_id, pid)
def unset_role(self, role_id, pids):
if isinstance(pids, basestring): pids = [pids]
role_id = ROLE_MAP[role_id]
prinrole = IPrincipalRoleManager(self.context)
for pid in pids:
prinrole.unsetRoleForPrincipal(role_id, pid)
def status(self):
setUpWidget(self, 'principal', self.principal_field, IInputWidget)
if not self.principal_widget.hasInput():
return u''
try:
principal = self.principal_widget.getInputValue()
except MissingInputError:
return u''
self.principal = principal
# Make sure we can use the principal id in a form by base64ing it
principal_token = unicode(principal).encode('base64').strip().replace(
'=', '_')
roles = [role for name, role in getUtilitiesFor(IRole)]
roles.sort(lambda x, y: cmp(x.title, y.title))
principal_roles = IPrincipalRoleManager(self.context)
self.roles = []
for role in roles:
name = principal_token + '.role.'+role.id
field = zope.schema.Choice(__name__= name,
title=role.title,
vocabulary=settings_vocabulary)
setUpWidget(self, name, field, IInputWidget,
principal_roles.getSetting(role.id, principal))
self.roles.append(getattr(self, name+'_widget'))
perms = [perm for name, perm in getUtilitiesFor(IPermission)]
perms.sort(lambda x, y: cmp(x.title, y.title))
principal_perms = IPrincipalPermissionManager(self.context)
self.permissions = []
for perm in perms:
if perm.id == 'zope.Public':
continue
name = principal_token + '.permission.'+perm.id
field = zope.schema.Choice(__name__=name,
title=perm.title,
vocabulary=settings_vocabulary)
setUpWidget(self, name, field, IInputWidget,
principal_perms.getSetting(perm.id, principal))
self.permissions.append(
getattr(self, name+'_widget'))
if 'GRANT_SUBMIT' not in self.request:
return u''
for role in roles:
name = principal_token + '.role.'+role.id
role_widget = getattr(self, name+'_widget')
if role_widget.hasInput():
try:
setting = role_widget.getInputValue()
except MissingInputError:
pass
else:
# Arrgh!
if setting is Allow:
principal_roles.assignRoleToPrincipal(
role.id, principal)
elif setting is Deny:
principal_roles.removeRoleFromPrincipal(
role.id, principal)
else:
principal_roles.unsetRoleForPrincipal(
role.id, principal)
for perm in perms:
if perm.id == 'zope.Public':
continue
name = principal_token + '.permission.'+perm.id
perm_widget = getattr(self, name+'_widget')
if perm_widget.hasInput():
try:
setting = perm_widget.getInputValue()
except MissingInputError:
pass
else:
# Arrgh!
if setting is Allow:
principal_perms.grantPermissionToPrincipal(
perm.id, principal)
elif setting is Deny:
principal_perms.denyPermissionToPrincipal(
perm.id, principal)
else:
principal_perms.unsetPermissionForPrincipal(
perm.id, principal)
return _('Grants updated.')
class Ownership(object):
adapts(IOwnerAware)
implements(IOwnership)
def __init__(self, context):
self._rolemanager = IPrincipalRoleManager(context)
self.context = context
def _getCurrentOwnerId(self):
settings = self._rolemanager.getPrincipalsForRole(OWNER_ROLE)
principals = [
principal_id for (principal_id, setting) in settings
if sameProxiedObjects(setting, Allow)
]
if not principals:
return None
if len(principals) > 1:
raise RuntimeError(
'Object has multiple owners. This should not happen')
return principals[0]
@apply
def owner():
def fget(self):
principal_id = self._getCurrentOwnerId()
if principal_id is None:
return None
try:
return getUtility(IAuthentication).getPrincipal(principal_id)
except PrincipalLookupError:
return None
def fset(self, new_owner):
if not (new_owner is None or IPrincipal.providedBy(new_owner)):
raise ValueError('IPrincipal object or None required')
if new_owner is None:
new_owner_id = None
else:
new_owner_id = new_owner.id
current_owner_id = self._getCurrentOwnerId()
if new_owner_id == current_owner_id:
return
if current_owner_id is not None:
self._rolemanager.unsetRoleForPrincipal(
OWNER_ROLE, current_owner_id)
current_owner = getUtility(IAuthentication).getPrincipal(
current_owner_id)
else:
current_owner = None
if new_owner_id:
self._rolemanager.assignRoleToPrincipal(
OWNER_ROLE, new_owner_id)
notify(OwnerChangedEvent(self.context, new_owner, current_owner))
return property(fget, fset)
