Exemplo n.º 1
0
def filterFields(context, form_fields):
    omit_names = []
    if IAlchemistContent.providedBy(context):
        md = utils.get_descriptor(context.__class__)
        for field in form_fields:
            # field:zope.formlib.form.FormField
            try:
                can_write = security.canWrite(context, field.__name__)
                can_read = security.canAccess(context, field.__name__)
            except AttributeError:
                log.warn('filterFields: item [%s] has no field named "%s"',
                         context, field.__name__)
                can_write = can_read = False
            if can_write:
                continue
            if can_read:
                field.for_display = True
                field.custom_widget = md.get(field.__name__).view_widget
            else:
                omit_names.append(field.__name__)
    elif not IAlchemistContainer.providedBy(context):
        ctx = getattr(context, "context", None)
        if ctx:
            filterFields(ctx, form_fields)
        else:
            raise NotImplementedError
    return form_fields.omit(*omit_names)
Exemplo n.º 2
0
def filterFields(context, form_fields):
    omit_names = []
    if IAlchemistContent.providedBy(context):
        md = utils.get_descriptor(context.__class__)
        for field in form_fields:
            # field:zope.formlib.form.FormField
            try:
                can_write = security.canWrite(context, field.__name__)
                can_read = security.canAccess(context, field.__name__)
            except AttributeError:
                log.warn('filterFields: item [%s] has no field named "%s"', context, field.__name__)
                can_write = can_read = False
            if can_write:
                continue
            if can_read:
                field.for_display = True
                field.custom_widget = md.get(field.__name__).view_widget
            else:
                omit_names.append(field.__name__)
    elif not IAlchemistContainer.providedBy(context):
        ctx = getattr(context, "context", None)
        if ctx:
            filterFields(ctx, form_fields)
        else:
            raise NotImplementedError
    return form_fields.omit(*omit_names)
Exemplo n.º 3
0
    def _extractContentInfo(self, item):
        request = self.request


        rename_ids = {}
        if "container_rename_button" in request:
            for rename_id in request.get('ids', ()):
                rename_ids[rename_id] = rename_id
        elif "rename_ids" in request:
            for rename_id in request.get('rename_ids', ()):
                rename_ids[rename_id] = rename_id


        retitle_id = request.get('retitle_id')

        id, obj = item
        info = {}
        info['id'] = info['cb_id'] = id
        info['object'] = obj

        info['url'] = urllib.quote(id.encode('utf-8'))
        info['rename'] = rename_ids.get(id)
        info['retitle'] = id == retitle_id


        zmi_icon = zapi.queryMultiAdapter((obj, self.request), name='zmi_icon')
        if zmi_icon is None:
            info['icon'] = None
        else:
            info['icon'] = zmi_icon()

        dc = IZopeDublinCore(obj, None)
        if dc is not None:
            info['retitleable'] = canWrite(dc, 'title')
            info['plaintitle'] = not info['retitleable']

            title = self.safe_getattr(dc, 'title', None)
            if title:
                info['title'] = title

            formatter = self.request.locale.dates.getFormatter(
                'dateTime', 'short')

            created = self.safe_getattr(dc, 'created', None)
            if created is not None:
                info['created'] = formatter.format(created)

            modified = self.safe_getattr(dc, 'modified', None)
            if modified is not None:
                info['modified'] = formatter.format(modified)
        else:
            info['retitleable'] = 0
            info['plaintitle'] = 1


        sized_adapter = ISized(obj, None)
        if sized_adapter is not None:
            info['size'] = sized_adapter
        return info
Exemplo n.º 4
0
    def _extractContentInfo(self, item):
        request = self.request

        rename_ids = {}
        if "container_rename_button" in request:
            for rename_id in request.get('ids', ()):
                rename_ids[rename_id] = rename_id
        elif "rename_ids" in request:
            for rename_id in request.get('rename_ids', ()):
                rename_ids[rename_id] = rename_id

        retitle_id = request.get('retitle_id')

        id, obj = item
        info = {}
        info['id'] = info['cb_id'] = id
        info['object'] = obj

        info['url'] = urllib.quote(id.encode('utf-8'))
        info['rename'] = rename_ids.get(id)
        info['retitle'] = id == retitle_id

        zmi_icon = queryMultiAdapter((obj, self.request), name='zmi_icon')
        if zmi_icon is None:
            info['icon'] = None
        else:
            info['icon'] = zmi_icon()

        dc = IZopeDublinCore(obj, None)
        if dc is not None:
            info['retitleable'] = canWrite(dc, 'title')
            info['plaintitle'] = not info['retitleable']

            title = self.safe_getattr(dc, 'title', None)
            if title:
                info['title'] = title

            formatter = self.request.locale.dates.getFormatter(
                'dateTime', 'short')

            created = self.safe_getattr(dc, 'created', None)
            if created is not None:
                info['created'] = formatter.format(created)

            modified = self.safe_getattr(dc, 'modified', None)
            if modified is not None:
                info['modified'] = formatter.format(modified)
        else:
            info['retitleable'] = 0
            info['plaintitle'] = 1

        sized_adapter = ISized(obj, None)
        if sized_adapter is not None:
            info['size'] = sized_adapter
        return info
Exemplo n.º 5
0
    def render(self):
        content = self.content

        if content.__name__ not in self.globalenviron['activeIds']:
            return super(RenameTitleColumn, self).render()

        if IItem.providedBy(content):
            if not canWrite(content, 'title'):
                return super(RenameTitleColumn, self).render()
        else:
            dc = ICMFDublinCore(content, None)
            if dc is not None:
                if not canWrite(dc, 'title'):
                    return super(RenameTitleColumn, self).render()

        if IDocument.providedBy(content):
            return super(RenameTitleColumn, self).render()

        return u'<input type="text" name="newTitles:list" '\
            'size="14" value="%s" />' % cgi.escape(self.query())
Exemplo n.º 6
0
 def has_write_permission(self, context):
     """check that  the user has the rights to edit 
          the object, if not we assume he has no rights 
          to make a version
          assumption is here that if he has the rights on any of the fields
          he may create a version."""
     table = orm.class_mapper(context.__class__).mapped_table
     for column in table.columns:
         if canWrite(context, column.name):
             return True
     else:
         return False
Exemplo n.º 7
0
 def has_write_permission(self, context):
     """check that  the user has the rights to edit 
          the object, if not we assume he has no rights 
          to make a version
          assumption is here that if he has the rights on any of the fields
          he may create a version."""
     table = orm.class_mapper(context.__class__).mapped_table
     for column in table.columns:
         if canWrite(context, column.name):
             return True
     else:
         return False
Exemplo n.º 8
0
 def _copy_writeableFields(self, source, dest, context):
     """Only revert the fields which the user has edit rights for
     """
     table = get_mapped_table(source.__class__)
     for column in table.columns:
         if column.primary_key:
             continue
         value = getattr(source, column.name)
         try:
             if canWrite(context, column.name):
                 setattr(dest, column.name, value)
         except ForbiddenAttribute:
             setattr(dest, column.name, value)
Exemplo n.º 9
0
 def has_write_permission(self, context):
     """check that  the user has the rights to edit 
          the object, if not we assume he has no rights 
          to make a version
          assumption is here that if he has the rights on any of the fields
          he may create a version."""
     trusted = removeSecurityProxy(self.context)
     table = orm.class_mapper(trusted.__class__).mapped_table
     for column in table.columns:
         try:
             if canWrite(self.context, column.name):
                 return True
         except ForbiddenAttribute:
             pass
     else:
         return False
Exemplo n.º 10
0
 def has_write_permission(self, context):
     """check that  the user has the rights to edit 
          the object, if not we assume he has no rights 
          to make a version
          assumption is here that if he has the rights on any of the fields
          he may create a version."""
     trusted = removeSecurityProxy(self.context)
     table = orm.class_mapper(trusted.__class__).mapped_table
     for column in table.columns:
         try:
             if canWrite(self.context, column.name):
                 return True
         except ForbiddenAttribute:
             pass
     else:
         return False
Exemplo n.º 11
0
 def has_write_permission(self, context):
     """Check that  the user has the rights to edit the object, if not we 
     assume he has no rights to make a version assumption is here that if 
     he has the rights on any of the fields he may create a version.
     """
     trusted = removeSecurityProxy(self.context)
     # !+extended attributes? get complete list of attribuites off kls, as 
     # in core.audit...get_field_names_to_audit(kls)
     # !+ replace with a more explict permission check?
     table = orm.class_mapper(trusted.__class__).mapped_table
     for column in table.columns:
         try:
             if canWrite(self.context, column.name):
                 return True
             else:
                 return False
         except ForbiddenAttribute:
             pass
     else:
         return False
Exemplo n.º 12
0
def filterFields(context, form_fields):
    omit_names = []
    if IAlchemistContent.providedBy(context):
        md = queryModelDescriptor(context.__class__)
        for field in form_fields:
            try:
                can_write = security.canWrite(context, field.__name__)
                can_read = security.canAccess(context, field.__name__)
            except AttributeError:
                can_write = can_read = False
            if can_write:
                continue
            if can_read:
                field.for_display = True
                field.custom_widget = md.get(field.__name__).view_widget
            else:
                omit_names.append(field.__name__)
    elif not IAlchemistContainer.providedBy(context):
        ctx = getattr(context, "context", None)
        if ctx:
            filterFields(ctx, form_fields)
        else:
            raise NotImplementedError
    return form_fields.omit(*omit_names)
Exemplo n.º 13
0
def filterFields(context, form_fields):
    omit_names = []
    if IAlchemistContent.providedBy(context):
        md = queryModelDescriptor(context.__class__)
        for field in form_fields:
            try:
                can_write = security.canWrite( context, field.__name__)
                can_read = security.canAccess( context, field.__name__)
            except AttributeError:
                can_write = can_read = False
            if can_write:
                continue
            if can_read:
                field.for_display = True
                field.custom_widget = md.get(field.__name__).view_widget
            else:
                omit_names.append(field.__name__)
    elif not IAlchemistContainer.providedBy(context):
        ctx=getattr(context, 'context', None)
        if ctx:
            filterFields(ctx, form_fields)
        else:
            raise NotImplementedError
    return form_fields.omit(*omit_names)
Exemplo n.º 14
0
def setUpEditWidgets(view, schema, source=None, prefix=None,
                     ignoreStickyValues=False, names=None, context=None,
                     degradeInput=False, degradeDisplay=False):
    """Sets up widgets to collect input on a view.

    See `setUpWidgets` for details on `view`, `schema`, `prefix`,
    `ignoreStickyValues`, `names`, and `context`.

    `source`, if specified, is an object from which initial widget values are
    read. If source is not specified, the view context is used as the source.

    `degradeInput` is a flag that changes the behavior when a user does not
    have permission to edit a field in the names.  By default, the function
    raises Unauthorized.  If degradeInput is True, the field is changed to
    an IDisplayWidget.

    `degradeDisplay` is a flag that changes the behavior when a user does not
    have permission to access a field in the names.  By default, the function
    raises Unauthorized.  If degradeDisplay is True, the field is removed from
    the form.

    Returns a list of names, equal to or a subset of the names that were
    supposed to be drawn, with uninitialized undrawn fields missing.
    """
    if context is None:
        context = view.context
    if source is None:
        source = view.context
    security_proxied = isProxy(source, Proxy)
    res_names = []
    for name, field in _fieldlist(names, schema):
        try:
            value = field.get(source)
        except ForbiddenAttribute:
            raise
        except AttributeError:
            value = no_value
        except Unauthorized:
            if degradeDisplay:
                continue
            else:
                raise
        if field.readonly:
            viewType = IDisplayWidget
        else:
            if security_proxied:
                is_accessor = IMethod.providedBy(field)
                if is_accessor:
                    set_name = field.writer.__name__
                    authorized = security.canAccess(source, set_name)
                else:
                    set_name = name
                    authorized = security.canWrite(source, name)
                if not authorized:
                    if degradeInput:
                        viewType = IDisplayWidget
                    else:
                        raise Unauthorized(set_name)
                else:
                    viewType = IInputWidget
            else:
                # if object is not security proxied, might be a standard
                # adapter without a registered checker.  If the feature of
                # paying attention to the users ability to actually set a
                # field is decided to be a must-have for the form machinery,
                # then we ought to change this case to have a deprecation
                # warning.
                viewType = IInputWidget
        setUpWidget(view, name, field, viewType, value, prefix,
                    ignoreStickyValues, context)
        res_names.append(name)
    return res_names
Exemplo n.º 15
0
 except Unauthorized:
     if degradeDisplay:
         continue
     else:
         raise
 if field.readonly:
     viewType = IDisplayWidget
 else:
     if security_proxied:
         is_accessor = IMethod.providedBy(field)
         if is_accessor:
             set_name = field.writer.__name__
             authorized = security.canAccess(source, set_name)
         else:
             set_name = name
             authorized = security.canWrite(source, name)
         if not authorized:
             if degradeInput:
                 viewType = IDisplayWidget
             else:
                 raise Unauthorized(set_name)
         else:
             viewType = IInputWidget
     else:
         # if object is not security proxied, might be a standard
         # adapter without a registered checker.  If the feature of
         # paying attention to the users ability to actually set a
         # field is decided to be a must-have for the form machinery,
         # then we ought to change this case to have a deprecation
         # warning.
         viewType = IInputWidget
Exemplo n.º 16
0
 def can_write(self):
     """See pyams_utils.interfaces.form.IDataManager"""
     context = self.adapted_context
     if isinstance(context, Proxy):
         return canWrite(context, self.field.__name__)
     return True
Exemplo n.º 17
0
 except Unauthorized:
     if degradeDisplay:
         continue
     else:
         raise
 if field.readonly:
     viewType = IDisplayWidget
 else:
     if security_proxied:
         is_accessor = IMethod.providedBy(field)
         if is_accessor:
             set_name = field.writer.__name__
             authorized = security.canAccess(source, set_name)
         else:
             set_name = name
             authorized = security.canWrite(source, name)
         if not authorized:
             if degradeInput:
                 viewType = IDisplayWidget
             else:
                 raise Unauthorized(set_name)
         else:
             viewType = IInputWidget
     else:
         # if object is not security proxied, might be a standard
         # adapter without a registered checker.  If the feature of
         # paying attention to the users ability to actually set a
         # field is decided to be a must-have for the form machinery,
         # then we ought to change this case to have a deprecation
         # warning.
         viewType = IInputWidget
Exemplo n.º 18
0
def setUpEditWidgets(view,
                     schema,
                     source=None,
                     prefix=None,
                     ignoreStickyValues=False,
                     names=None,
                     context=None,
                     degradeInput=False,
                     degradeDisplay=False):
    """Sets up widgets to collect input on a view.

    See `setUpWidgets` for details on `view`, `schema`, `prefix`,
    `ignoreStickyValues`, `names`, and `context`.

    `source`, if specified, is an object from which initial widget values are
    read. If source is not specified, the view context is used as the source.

    `degradeInput` is a flag that changes the behavior when a user does not
    have permission to edit a field in the names.  By default, the function
    raises Unauthorized.  If degradeInput is True, the field is changed to
    an IDisplayWidget.

    `degradeDisplay` is a flag that changes the behavior when a user does not
    have permission to access a field in the names.  By default, the function
    raises Unauthorized.  If degradeDisplay is True, the field is removed from
    the form.

    Returns a list of names, equal to or a subset of the names that were
    supposed to be drawn, with uninitialized undrawn fields missing.
    """
    if context is None:
        context = view.context
    if source is None:
        source = view.context
    security_proxied = isProxy(source, Proxy)
    res_names = []
    for name, field in _fieldlist(names, schema):
        try:
            value = field.get(source)
        except ForbiddenAttribute:
            raise
        except AttributeError:
            value = no_value
        except Unauthorized:
            if degradeDisplay:
                continue
            else:
                raise
        if field.readonly:
            viewType = IDisplayWidget
        else:
            if security_proxied:
                is_accessor = IMethod.providedBy(field)
                if is_accessor:
                    set_name = field.writer.__name__
                    authorized = security.canAccess(source, set_name)
                else:
                    set_name = name
                    authorized = security.canWrite(source, name)
                if not authorized:
                    if degradeInput:
                        viewType = IDisplayWidget
                    else:
                        raise Unauthorized(set_name)
                else:
                    viewType = IInputWidget
            else:
                # if object is not security proxied, might be a standard
                # adapter without a registered checker.  If the feature of
                # paying attention to the users ability to actually set a
                # field is decided to be a must-have for the form machinery,
                # then we ought to change this case to have a deprecation
                # warning.
                viewType = IInputWidget
        setUpWidget(view, name, field, viewType, value, prefix,
                    ignoreStickyValues, context)
        res_names.append(name)
    return res_names