def clean_roles(context, role_id, setting=Allow): """Remove given role for all principals""" prinrole = IPrincipalRoleManager(context) old = prinrole.getPrincipalsForRole(role_id) for x in old: if x[1] == setting: prinrole.unsetRoleForPrincipal(role_id, x[0])
class PrincipalRoles(grok.Adapter): """Grant a role to a principal. """ grok.context(IPrincipal) grok.implements(IPrincipalRoles) def __init__(self, context): site = getSite() self.userid = context.id self.manager = IPrincipalRoleManager(site) @apply def roles(): """Writable property for roles. """ def get(self): setting = self.manager.getRolesForPrincipal(self.userid) return [role[0] for role in setting if role[1] is Allow] def set(self, roles): # removing undefined roles setting = self.manager.getRolesForPrincipal(self.userid) for role in setting: if role[0] not in roles and role[1] is Allow: self.manager.unsetRoleForPrincipal(role[0], self.userid) # setting new roles for role in roles: self.manager.assignRoleToPrincipal(role, self.userid) return property(get, set)
def rolesFromAccount(self): ''' Populate the managed roles for this principal from self.roles ''' roleMgr = IPrincipalRoleManager(grok.getSite()) if self.login == 'admin': self.roles.add('gfn.Administrator') for rid, _setting in roleMgr.getRolesForPrincipal('gfn.'+self.login): roleMgr.unsetRoleForPrincipal(rid, 'gfn.'+self.login) for role in self.roles: roleMgr.assignRoleToPrincipal(role, 'gfn.'+self.login)
def roles(self, value): principal_id = self.__principal__.id rolemanager = IPrincipalRoleManager(getSite()) for role, setting in value.items(): if role not in self._roles: continue if setting is Allow: rolemanager.assignRoleToPrincipal(role, principal_id) elif setting is Deny: rolemanager.removeRoleFromPrincipal(role, principal_id) else: rolemanager.unsetRoleForPrincipal(role, principal_id)
def __init__(self, *args, **kwargs): ''' Create an administrator with default login and password ''' super(AuthenticatorPlugin, self).__init__(*args, **kwargs) su = InternalPrincipal(login='******', password='******', title=u'Administrator', description=u'The SuperUser') self['admin'] = su roleMgr = IPrincipalRoleManager(grok.getSite()) for uid, _setting in roleMgr.getPrincipalsForRole('gfn.Administrator'): roleMgr.unsetRoleForPrincipal('gfn.Administrator', 'gfn.'+uid) uid = self.getIdByLogin('admin') roleMgr.assignRoleToPrincipal('gfn.Administrator', 'gfn.'+uid)
def roles(self, values): prmanager = IPrincipalRoleManager(self.context) for role_id in self.roles: prmanager.unsetRoleForPrincipal(role_id, self.principal_id) for role_id in values: prmanager.assignRoleToPrincipal(role_id, self.principal_id)
def unset_role(self, role_id, pids): if isinstance(pids, basestring): pids = [pids] role_id = ROLE_MAP[role_id] prinrole = IPrincipalRoleManager(self.context) for pid in pids: prinrole.unsetRoleForPrincipal(role_id, pid)
def status(self): setUpWidget(self, 'principal', self.principal_field, IInputWidget) if not self.principal_widget.hasInput(): return u'' try: principal = self.principal_widget.getInputValue() except MissingInputError: return u'' self.principal = principal # Make sure we can use the principal id in a form by base64ing it principal_token = unicode(principal).encode('base64').strip().replace( '=', '_') roles = [role for name, role in getUtilitiesFor(IRole)] roles.sort(lambda x, y: cmp(x.title, y.title)) principal_roles = IPrincipalRoleManager(self.context) self.roles = [] for role in roles: name = principal_token + '.role.'+role.id field = zope.schema.Choice(__name__= name, title=role.title, vocabulary=settings_vocabulary) setUpWidget(self, name, field, IInputWidget, principal_roles.getSetting(role.id, principal)) self.roles.append(getattr(self, name+'_widget')) perms = [perm for name, perm in getUtilitiesFor(IPermission)] perms.sort(lambda x, y: cmp(x.title, y.title)) principal_perms = IPrincipalPermissionManager(self.context) self.permissions = [] for perm in perms: if perm.id == 'zope.Public': continue name = principal_token + '.permission.'+perm.id field = zope.schema.Choice(__name__=name, title=perm.title, vocabulary=settings_vocabulary) setUpWidget(self, name, field, IInputWidget, principal_perms.getSetting(perm.id, principal)) self.permissions.append( getattr(self, name+'_widget')) if 'GRANT_SUBMIT' not in self.request: return u'' for role in roles: name = principal_token + '.role.'+role.id role_widget = getattr(self, name+'_widget') if role_widget.hasInput(): try: setting = role_widget.getInputValue() except MissingInputError: pass else: # Arrgh! if setting is Allow: principal_roles.assignRoleToPrincipal( role.id, principal) elif setting is Deny: principal_roles.removeRoleFromPrincipal( role.id, principal) else: principal_roles.unsetRoleForPrincipal( role.id, principal) for perm in perms: if perm.id == 'zope.Public': continue name = principal_token + '.permission.'+perm.id perm_widget = getattr(self, name+'_widget') if perm_widget.hasInput(): try: setting = perm_widget.getInputValue() except MissingInputError: pass else: # Arrgh! if setting is Allow: principal_perms.grantPermissionToPrincipal( perm.id, principal) elif setting is Deny: principal_perms.denyPermissionToPrincipal( perm.id, principal) else: principal_perms.unsetPermissionForPrincipal( perm.id, principal) return _('Grants updated.')
class Ownership(object): adapts(IOwnerAware) implements(IOwnership) def __init__(self, context): self._rolemanager = IPrincipalRoleManager(context) self.context = context def _getCurrentOwnerId(self): settings = self._rolemanager.getPrincipalsForRole(OWNER_ROLE) principals = [ principal_id for (principal_id, setting) in settings if sameProxiedObjects(setting, Allow) ] if not principals: return None if len(principals) > 1: raise RuntimeError( 'Object has multiple owners. This should not happen') return principals[0] @apply def owner(): def fget(self): principal_id = self._getCurrentOwnerId() if principal_id is None: return None try: return getUtility(IAuthentication).getPrincipal(principal_id) except PrincipalLookupError: return None def fset(self, new_owner): if not (new_owner is None or IPrincipal.providedBy(new_owner)): raise ValueError('IPrincipal object or None required') if new_owner is None: new_owner_id = None else: new_owner_id = new_owner.id current_owner_id = self._getCurrentOwnerId() if new_owner_id == current_owner_id: return if current_owner_id is not None: self._rolemanager.unsetRoleForPrincipal( OWNER_ROLE, current_owner_id) current_owner = getUtility(IAuthentication).getPrincipal( current_owner_id) else: current_owner = None if new_owner_id: self._rolemanager.assignRoleToPrincipal( OWNER_ROLE, new_owner_id) notify(OwnerChangedEvent(self.context, new_owner, current_owner)) return property(fget, fset)