def test_deny_dublincore_view(self): """Tests the denial of dublincore view permissions to anonymous. Users who can view a folder contents page but cannot view dublin core should still be able to see the folder items' names, but not their title, modified, and created info. """ # add an item that can be viewed from the root folder obj = OrderedContainer() alsoProvides(obj, IAttributeAnnotatable) self.getRootFolder()['obj'] = obj IZopeDublinCore(obj).title = u'My object' # deny zope.app.dublincore.view to zope.Anonymous prm = IRolePermissionManager(self.getRootFolder()) prm.denyPermissionToRole('zope.dublincore.view', 'zope.Anonymous') # Try both spellings just in case we are used with an older zope.dc prm.denyPermissionToRole('zope.app.dublincore.view', 'zope.Anonymous') transaction.commit() response = self.publish('/') self.assertEquals(response.getStatus(), 200) body = response.getBody() # confirm we can see the file name self.assert_(body.find('<a href="obj">obj</a>') != -1) # confirm we *cannot* see the metadata title self.assert_(body.find('My object') == -1)
def joining(self, value): roles = IRolePermissionManager(self.__parent__) for rid in value: role = queryUtility(IRole, rid) if IPublicRole.providedBy(role): roles.grantPermissionToRole('zojax.JoinGroup', rid) else: roles.denyPermissionToRole('zojax.JoinGroup', rid)
def test_deny_view(self): """Tests the denial of view permissions to anonymous. This test uses the ZMI interface to deny anonymous zope.View permission to the root folder. """ # deny zope.View to zope.Anonymous prm = IRolePermissionManager(self.getRootFolder()) prm.denyPermissionToRole('zope.View', 'zope.Anonymous') transaction.commit() # confirm Unauthorized when viewing root folder self.assertRaises(Unauthorized, self.publish, '/')
def change_permissions(event): if event.destination == Workflow.states.PUBLISHED: try: principal = uvcsite.utils.shorties.getPrincipal() except zope.security.interfaces.NoInteraction: return else: if not uvcsite.auth.interfaces.ICOUser.providedBy(principal): return prinper = IPrincipalPermissionManager(event.object) roleper = IRolePermissionManager(event.object) roleper.denyPermissionToRole(named(uvcsite.permissions.View), named(uvcsite.permissions.Editor)) prinper.grantPermissionToPrincipal(named(uvcsite.permissions.View), event.object.principal.id)
def status(self, value): context = removeAllProxies(self.context) roleper = IRolePermissionManager(context) if value == 4: roleper.grantPermissionToRole('zojax.AddComment', 'zope.Anonymous') else: roleper.denyPermissionToRole('zojax.AddComment', 'zope.Anonymous') if value == 3: if IContentDiscussionAware.providedBy(context): interface.noLongerProvides(context, IContentDiscussionAware) else: if not IContentDiscussionAware.providedBy(context): interface.alsoProvides(context, IContentDiscussionAware) discussibleAdded(context, None) self.data.status = value
def init_application(event): application = event.object if not IDatashackle.providedBy(application): # no datashackle grok application return # Site needs to be setted manually at this point. # Otherwise the framework does not notify the catalog to index the newly # created propertyform setSite(application) configfolder = Folder() configfolder.title = _(u'Configuration') application['configuration'] = configfolder # Deny view, edit permission to role dolmen.Owner (which is the default role for our restricted users). role_permission = IRolePermissionManager(configfolder) role_permission.denyPermissionToRole('dolmen.content.View', 'dolmen.Owner') #role_permission.grantPermissionToRole('dolmen.content.View', 'zope.Manager') role_permission.denyPermissionToRole('dolmen.content.Edit', 'dolmen.Owner') #role_permission.grantPermissionToRole('dolmen.content.Edit', 'zope.Manager') metaconfig = Folder() metaconfig.title = _(u'Meta configuration') configfolder['meta'] = metaconfig ignore_enumeration(metaconfig, 'zope.Everybody') #users = Users() #users.title = _(u'Users') #configfolder['users'] = users set_ = GenericSet() set_.title = u'p2_model' set_.plan_identifier = 'p2_model' set_.table_identifier = 'p2_model' set_.table_key_field = 'plan_identifier' metaconfig['p2_model'] = set_ set_ = GenericSet() set_.title = u'p2_form' set_.plan_identifier = 'p2_form' set_.table_identifier = 'p2_form' set_.table_key_field = 'form_identifier' metaconfig['p2_form'] = set_ archetypes = GenericSet() archetypes.title = _(u'p2_archetype') archetypes.plan_identifier = 'p2_archetype' archetypes.table_identifier = 'p2_archetype' archetypes.table_key_field = 'id' metaconfig['p2_archetypes'] = archetypes linkageforms = GenericSet() linkageforms.title = u'p2_linkage' linkageforms.plan_identifier = 'p2_linkage' linkageforms.table_identifier = 'p2_linkage' linkageforms.table_key_field = 'id' metaconfig['p2_linkage'] = linkageforms set_ = GenericSet() set_.title = u'p2_relation' set_.plan_identifier = 'p2_relation' set_.table_identifier = 'p2_relation' set_.table_key_field = 'id' metaconfig['p2_relation'] = set_ widget = GenericSet() widget.title = u'p2_widget' widget.plan_identifier = 'p2_widget' widget.table_identifier = 'p2_widget' widget.table_key_field = 'widget_identifier' metaconfig['p2_widget'] = widget set_ = GenericSet() set_.title = u'p2_span' set_.plan_identifier = 'p2_span' set_.table_identifier = 'p2_span' set_.table_key_field = 'span_identifier' metaconfig['p2_span'] = set_ set_ = GenericSet() set_.title = u'p2_span_embeddedform' set_.plan_identifier = 'p2_span_embeddedform' set_.table_identifier = 'p2_span_embeddedform' set_.table_key_field = 'span_identifier' metaconfig['p2_span_embeddedform'] = set_ set_ = GenericSet() set_.title = u'p2_span_fileupload' set_.plan_identifier = 'p2_span_fileupload' set_.table_identifier = 'p2_span_fileupload' set_.table_key_field = 'span_identifier' metaconfig['p2_span_fileupload'] = set_ set_ = GenericSet() set_.title = u'p2_span_alphanumeric' set_.plan_identifier = 'p2_span_alphanumeric' set_.table_identifier = 'p2_span_alphanumeric' set_.table_key_field = 'span_identifier' metaconfig['p2_span_alphanumeric'] = set_ set_ = GenericSet() set_.title = u'p2_span_checkbox' set_.plan_identifier = 'p2_span_checkbox' set_.table_identifier = 'p2_span_checkbox' set_.table_key_field = 'span_identifier' metaconfig['p2_span_checkbox'] = set_ set_ = GenericSet() set_.title = u'p2_span_dropdown' set_.plan_identifier = 'p2_span_dropdown' set_.table_identifier = 'p2_span_dropdown' set_.table_key_field = 'span_identifier' metaconfig['p2_span_dropdown'] = set_ set_ = GenericSet() set_.title = u'p2_countries' set_.plan_identifier = 'p2_countries' set_.table_identifier = 'p2_country' set_.table_key_field = 'id' metaconfig['p2_span_countries'] = set_