def __set__(self, instance, value):
field = self.__field.bind(instance)
if ISet.providedBy(field): # pylint: disable=no-value-for-parameter
if value is None:
value = set()
elif isinstance(value, str):
value = set(value.split(','))
value = set(
map(lambda x: x.id
if IPrincipalInfo.providedBy(x) else x, value))
else:
value = value.id if IPrincipalInfo.providedBy(value) else value
field.validate(value)
if field.readonly:
raise ValueError("Field {0} is readonly!".format(self.__name))
protection = IProtectedObject(instance.__parent__, None)
if not IRoleProtectedObject.providedBy(protection):
raise ValueError(
"Can't use role properties on object not providing "
"IRoleProtectedObject interface!")
# pylint: disable=assignment-from-no-return
old_principals = protection.get_principals(self.__role_id)
if not isinstance(value, set):
value = {value}
added = value - old_principals
removed = old_principals - value
for principal_id in added:
protection.grant_role(self.__role_id, principal_id)
for principal_id in removed:
protection.revoke_role(self.__role_id, principal_id)
def revoke_role(self, role_id, principal_ids):
"""Revoke role to selected principals"""
registry = get_pyramid_registry()
if IRole.providedBy(role_id):
role_id = role_id.id
if isinstance(principal_ids, str):
principal_ids = {principal_ids}
role_principals = self._principals_by_role.get(role_id) or set()
for principal_id in principal_ids.copy():
if IPrincipalInfo.providedBy(principal_id):
principal_id = principal_id.id
if principal_id in role_principals:
principal_roles = self._roles_by_principal.get(
principal_id) or set()
if principal_id in role_principals:
role_principals.remove(principal_id)
if role_id in principal_roles:
principal_roles.remove(role_id)
if principal_roles:
self._roles_by_principal[principal_id] = principal_roles
elif principal_id in self._roles_by_principal:
del self._roles_by_principal[principal_id]
if role_principals:
self._principals_by_role[role_id] = role_principals
elif role_id in self._principals_by_role:
del self._principals_by_role[role_id]
registry.notify(RevokedRoleEvent(self, role_id, principal_id))
def handle_workflow_version_transition(event):
"""Handle workflow version transition"""
principal = event.principal
factory = get_object_factory(IWorkflowStateHistoryItem)
if factory is not None:
item = factory(date=gmtime(datetime.utcnow()),
source_version=IWorkflowState(
event.old_object).version_id,
source_state=event.source,
target_state=event.destination,
transition_id=event.transition.transition_id,
principal=principal.id
if IPrincipalInfo.providedBy(principal) else principal,
comment=event.comment)
IWorkflowState(event.object).history.append(item) # pylint: disable=no-member
def grant_role(self, role_id, principal_ids):
"""Grant role to selected principals"""
registry = get_pyramid_registry()
if IRole.providedBy(role_id):
role_id = role_id.id
if isinstance(principal_ids, str):
principal_ids = {principal_ids}
role_principals = self._principals_by_role.get(role_id) or set()
for principal_id in principal_ids:
if IPrincipalInfo.providedBy(principal_id):
principal_id = principal_id.id
if principal_id not in role_principals:
principal_roles = self._roles_by_principal.get(
principal_id) or set()
role_principals.add(principal_id)
principal_roles.add(role_id)
self._roles_by_principal[principal_id] = principal_roles
self._principals_by_role[role_id] = role_principals
registry.notify(GrantedRoleEvent(self, role_id, principal_id))
def get_principal_id(value):
"""Get principal ID"""
return value.id if IPrincipalInfo.providedBy(value) else value
def set(self, object, value): # pylint: disable=redefined-builtin
if IPrincipalInfo.providedBy(value):
value = value.id
super().set(object, value)
def validate(self, value):
if IPrincipalInfo.providedBy(value):
value = value.id
super().validate(value)
def get_roles(self, principal_id):
"""Get roles for given principal"""
if IPrincipalInfo.providedBy(principal_id):
principal_id = principal_id.id
return self._roles_by_principal.get(principal_id) or set()
def state_principal(self, value):
"""Setter of state principal"""
self._state_principal = value.id if IPrincipalInfo.providedBy(
value) else value