def get_permissions(username=None, user=None, obj=None):
"""Get user's site-wide or local permissions.
Arguments ``username`` and ``user`` are mutually exclusive. You
can either set one or the other, but not both. if ``username`` and
``user`` are not given, the authenticated member will be used.
:param username: Username of the user for which you want to check
the permissions.
:type username: string
:param user: User object for which you want to check the permissions.
:type user: MemberData object
:param obj: If obj is set then check the permissions on this context.
If obj is not given, the site root will be used.
:type obj: content object
:raises:
InvalidParameterError
:Example: :ref:`user_get_permissions_example`
"""
if obj is None:
obj = portal.get()
if username is None and user is None:
context = _nop_context_manager()
else:
context = env.adopt_user(username, user)
with context:
sm = getSecurityManager()
pms = (record[0] for record in getPermissions())
result = {pm: bool(sm.checkPermission(pm, obj)) for pm in pms}
return result
def _applyAllStaticSecurity(cls):
"""
Apply static security on portal_components to ensure that nobody can
change Permissions, only 'ghost' Developer Role has Permissions to
add/modify/delete Components. Also, make these permissions read-only
thanks to 'property'.
cls is erp5.portal_type.Component Tool and not this class as this function
is called on Portal Type class when loading Componet Tool Portal Type
class
"""
from AccessControl.Permission import getPermissions, pname
for permission_name, _, _ in getPermissions():
if permission_name == 'Reset dynamic classes':
permission_function = lambda self: ('Manager', )
elif permission_name in ('Change permissions',
'Define permissions'):
permission_function = lambda self: ()
elif (permission_name.startswith('Access ')
or permission_name.startswith('View')
or permission_name == 'WebDAV access'):
permission_function = lambda self: ('Developer', 'Manager')
else:
permission_function = lambda self: ('Developer', )
setattr(cls, pname(permission_name), property(permission_function))
def test_all_public_permissions_are_mapped_to_real_permissions(self):
existing_permissions = map(lambda permission: permission[0], getPermissions())
for public_name, permission in PUBLIC_PERMISSIONS_MAPPING.items():
self.assertIn(
permission, existing_permissions,
"{} is mapped to an unnokwn permission {}".format(public_name, permission))
def get_permissions(username=None, user=None, obj=None):
"""Get user's site-wide or local permissions.
Arguments ``username`` and ``user`` are mutually exclusive. You
can either set one or the other, but not both. if ``username`` and
``user`` are not given, the authenticated member will be used.
:param username: Username of the user for which you want to check
the permissions.
:type username: string
:param user: User object for which you want to check the permissions.
:type user: MemberData object
:param obj: If obj is set then check the permissions on this context.
If obj is not given, the site root will be used.
:type obj: content object
:raises:
InvalidParameterError
:Example: :ref:`user_get_permissions_example`
"""
if obj is None:
obj = portal.get()
if username is None and user is None:
context = _nop_context_manager()
else:
context = env.adopt_user(username, user)
with context:
adopted_user = get_current()
permissions = (p[0] for p in getPermissions())
d = {}
for permission in permissions:
d[permission] = bool(adopted_user.checkPermission(permission, obj))
return d
def _applyAllStaticSecurity(cls):
"""
Apply static security on portal_components to ensure that nobody can
change Permissions, only 'ghost' Developer Role has Permissions to
add/modify/delete Components. Also, make these permissions read-only
thanks to 'property'.
cls is erp5.portal_type.Component Tool and not this class as this function
is called on Portal Type class when loading Componet Tool Portal Type
class
"""
from AccessControl.Permission import getPermissions, pname
for permission_name, _, _ in getPermissions():
if permission_name == 'Reset dynamic classes':
permission_function = lambda self: ('Manager',)
elif permission_name in ('Change permissions', 'Define permissions'):
permission_function = lambda self: ()
elif (permission_name.startswith('Access ') or
permission_name.startswith('View') or
permission_name == 'WebDAV access'):
permission_function = lambda self: ('Developer', 'Manager')
else:
permission_function = lambda self: ('Developer',)
setattr(cls, pname(permission_name), property(permission_function))
def test_all_public_permissions_are_mapped_to_real_permissions(self):
existing_permissions = map(lambda permission: permission[0],
getPermissions())
for public_name, permission in PUBLIC_PERMISSIONS_MAPPING.items():
self.assertIn(
permission, existing_permissions,
"{} is mapped to an unnokwn permission {}".format(
public_name, permission))
def possible_permissions(self):
d = {}
permissions = getPermissions()
for p in permissions:
d[p[0]] = 1
for p in self.ac_inherited_permissions(1):
d[p[0]] = 1
d = sorted(d.keys())
return d
def test_get_permissions_no_parameters(self):
"""Test get_permissions passing no parameters."""
if six.PY2:
assertCountEqual = self.assertItemsEqual
else:
assertCountEqual = self.assertCountEqual
assertCountEqual(
[p[0] for p in getPermissions()],
api.user.get_permissions().keys(),
)
def test_get_permissions_no_parameters(self):
"""Test get_permissions passing no parameters."""
if six.PY2:
assertCountEqual = self.assertItemsEqual
else:
assertCountEqual = self.assertCountEqual
assertCountEqual(
[p[0] for p in getPermissions()],
api.user.get_permissions().keys(),
)
def possible_permissions(self):
d = {}
permissions = getPermissions()
for p in permissions:
d[p[0]] = 1
for p in self.ac_inherited_permissions(1):
d[p[0]] = 1
d = sorted(d.keys())
return d
def get_permissions(username=None, user=None, obj=None):
"""Get user's site-wide or local permissions.
Arguments ``username`` and ``user`` are mutually exclusive. You
can either set one or the other, but not both. if ``username`` and
``user`` are not given, the authenticated member will be used.
:param username: Username of the user for which you want to check
the permissions.
:type username: string
:param user: User object for which you want to check the permissions.
:type user: MemberData object
:param obj: If obj is set then check the permissions on this context.
If obj is not given, the site root will be used.
:type obj: content object
:raises:
InvalidParameterError
:Example: :ref:`user_get_permissions_example`
"""
if username and user:
raise InvalidParameterError
if obj is None:
obj = portal.get()
# holds the initial security context
current_security_manager = getSecurityManager()
portal_membership = getToolByName(portal.get(), "portal_membership")
if username is None:
if user is None:
username = portal_membership.getAuthenticatedMember().getId()
else:
username = user.getId()
user = portal_membership.getMemberById(username)
if user is None:
# XXX This needs a custom plone.api error
raise ValueError
newSecurityManager(getRequest(), user)
permissions = (p[0] for p in getPermissions())
d = {}
for permission in permissions:
d[permission] = bool(user.checkPermission(permission, obj))
# restore the initial security context
setSecurityManager(current_security_manager)
return d
def test_get_permissions_no_parameters(self):
"""Test get_permissions passing no parameters."""
self.assertEqual( # TODO: maybe assertItemsEqual?
set(p[0] for p in getPermissions()),
set(api.user.get_permissions().keys()))
def getUserPermissions(portal, username, context):
mt = portal['portal_membership']
user = mt.getMemberById(username)
permissions = [pp[0] for pp in getPermissions() if user.checkPermission(pp[0],context)]
return permissions
def test_get_permissions_no_parameters(self):
"""Test get_permissions passing no parameters."""
self.assertEqual( # TODO: maybe assertItemsEqual?
set(p[0] for p in getPermissions()),
set(api.user.get_permissions().keys())
)
def _subobject_permissions(self):
return getPermissions()
def _subobject_permissions(self):
return getPermissions()
def test_get_permissions_no_parameters(self):
"""Test get_permissions passing no parameters."""
self.assertItemsEqual(
[p[0] for p in getPermissions()],
api.user.get_permissions().keys(),
)