Пример #1
0
def get_permissions(username=None, user=None, obj=None):
    """Get user's site-wide or local permissions.

    Arguments ``username`` and ``user`` are mutually exclusive. You
    can either set one or the other, but not both. if ``username`` and
    ``user`` are not given, the authenticated member will be used.

    :param username: Username of the user for which you want to check
        the permissions.
    :type username: string
    :param user: User object for which you want to check the permissions.
    :type user: MemberData object
    :param obj: If obj is set then check the permissions on this context.
        If obj is not given, the site root will be used.
    :type obj: content object
    :raises:
        InvalidParameterError
    :Example: :ref:`user_get_permissions_example`
    """
    if obj is None:
        obj = portal.get()

    if username is None and user is None:
        context = _nop_context_manager()
    else:
        context = env.adopt_user(username, user)

    with context:
        sm = getSecurityManager()
        pms = (record[0] for record in getPermissions())
        result = {pm: bool(sm.checkPermission(pm, obj)) for pm in pms}
    return result
Пример #2
0
    def _applyAllStaticSecurity(cls):
        """
    Apply static security on portal_components to ensure that nobody can
    change Permissions, only 'ghost' Developer Role has Permissions to
    add/modify/delete Components. Also, make these permissions read-only
    thanks to 'property'.

    cls is erp5.portal_type.Component Tool and not this class as this function
    is called on Portal Type class when loading Componet Tool Portal Type
    class
    """
        from AccessControl.Permission import getPermissions, pname
        for permission_name, _, _ in getPermissions():
            if permission_name == 'Reset dynamic classes':
                permission_function = lambda self: ('Manager', )
            elif permission_name in ('Change permissions',
                                     'Define permissions'):
                permission_function = lambda self: ()
            elif (permission_name.startswith('Access ')
                  or permission_name.startswith('View')
                  or permission_name == 'WebDAV access'):
                permission_function = lambda self: ('Developer', 'Manager')
            else:
                permission_function = lambda self: ('Developer', )

            setattr(cls, pname(permission_name), property(permission_function))
    def test_all_public_permissions_are_mapped_to_real_permissions(self):
        existing_permissions = map(lambda permission: permission[0], getPermissions())

        for public_name, permission in PUBLIC_PERMISSIONS_MAPPING.items():
            self.assertIn(
                permission, existing_permissions,
                "{} is mapped to an unnokwn permission {}".format(public_name, permission))
Пример #4
0
def get_permissions(username=None, user=None, obj=None):
    """Get user's site-wide or local permissions.

    Arguments ``username`` and ``user`` are mutually exclusive. You
    can either set one or the other, but not both. if ``username`` and
    ``user`` are not given, the authenticated member will be used.

    :param username: Username of the user for which you want to check
        the permissions.
    :type username: string
    :param user: User object for which you want to check the permissions.
    :type user: MemberData object
    :param obj: If obj is set then check the permissions on this context.
        If obj is not given, the site root will be used.
    :type obj: content object
    :raises:
        InvalidParameterError
    :Example: :ref:`user_get_permissions_example`
    """
    if obj is None:
        obj = portal.get()

    if username is None and user is None:
        context = _nop_context_manager()
    else:
        context = env.adopt_user(username, user)

    with context:
        adopted_user = get_current()
        permissions = (p[0] for p in getPermissions())
        d = {}
        for permission in permissions:
            d[permission] = bool(adopted_user.checkPermission(permission, obj))

    return d
Пример #5
0
  def _applyAllStaticSecurity(cls):
    """
    Apply static security on portal_components to ensure that nobody can
    change Permissions, only 'ghost' Developer Role has Permissions to
    add/modify/delete Components. Also, make these permissions read-only
    thanks to 'property'.

    cls is erp5.portal_type.Component Tool and not this class as this function
    is called on Portal Type class when loading Componet Tool Portal Type
    class
    """
    from AccessControl.Permission import getPermissions, pname
    for permission_name, _, _ in getPermissions():
      if permission_name == 'Reset dynamic classes':
        permission_function = lambda self: ('Manager',)
      elif permission_name in ('Change permissions', 'Define permissions'):
        permission_function = lambda self: ()
      elif (permission_name.startswith('Access ') or
            permission_name.startswith('View') or
            permission_name == 'WebDAV access'):
        permission_function = lambda self: ('Developer', 'Manager')
      else:
        permission_function = lambda self: ('Developer',)

      setattr(cls, pname(permission_name), property(permission_function))
    def test_all_public_permissions_are_mapped_to_real_permissions(self):
        existing_permissions = map(lambda permission: permission[0],
                                   getPermissions())

        for public_name, permission in PUBLIC_PERMISSIONS_MAPPING.items():
            self.assertIn(
                permission, existing_permissions,
                "{} is mapped to an unnokwn permission {}".format(
                    public_name, permission))
Пример #7
0
    def possible_permissions(self):
        d = {}
        permissions = getPermissions()
        for p in permissions:
            d[p[0]] = 1
        for p in self.ac_inherited_permissions(1):
            d[p[0]] = 1

        d = sorted(d.keys())
        return d
Пример #8
0
 def test_get_permissions_no_parameters(self):
     """Test get_permissions passing no parameters."""
     if six.PY2:
         assertCountEqual = self.assertItemsEqual
     else:
         assertCountEqual = self.assertCountEqual
     assertCountEqual(
         [p[0] for p in getPermissions()],
         api.user.get_permissions().keys(),
     )
Пример #9
0
 def test_get_permissions_no_parameters(self):
     """Test get_permissions passing no parameters."""
     if six.PY2:
         assertCountEqual = self.assertItemsEqual
     else:
         assertCountEqual = self.assertCountEqual
     assertCountEqual(
         [p[0] for p in getPermissions()],
         api.user.get_permissions().keys(),
     )
Пример #10
0
    def possible_permissions(self):
        d = {}
        permissions = getPermissions()
        for p in permissions:
            d[p[0]] = 1
        for p in self.ac_inherited_permissions(1):
            d[p[0]] = 1

        d = sorted(d.keys())
        return d
Пример #11
0
def get_permissions(username=None, user=None, obj=None):
    """Get user's site-wide or local permissions.

    Arguments ``username`` and ``user`` are mutually exclusive. You
    can either set one or the other, but not both. if ``username`` and
    ``user`` are not given, the authenticated member will be used.

    :param username: Username of the user for which you want to check
        the permissions.
    :type username: string
    :param user: User object for which you want to check the permissions.
    :type user: MemberData object
    :param obj: If obj is set then check the permissions on this context.
        If obj is not given, the site root will be used.
    :type obj: content object
    :raises:
        InvalidParameterError
    :Example: :ref:`user_get_permissions_example`

    """

    if username and user:
        raise InvalidParameterError

    if obj is None:
        obj = portal.get()

    # holds the initial security context
    current_security_manager = getSecurityManager()

    portal_membership = getToolByName(portal.get(), "portal_membership")

    if username is None:
        if user is None:
            username = portal_membership.getAuthenticatedMember().getId()
        else:
            username = user.getId()

    user = portal_membership.getMemberById(username)
    if user is None:
        # XXX This needs a custom plone.api error
        raise ValueError
    newSecurityManager(getRequest(), user)

    permissions = (p[0] for p in getPermissions())
    d = {}
    for permission in permissions:
        d[permission] = bool(user.checkPermission(permission, obj))

    # restore the initial security context
    setSecurityManager(current_security_manager)

    return d
Пример #12
0
 def test_get_permissions_no_parameters(self):
     """Test get_permissions passing no parameters."""
     self.assertEqual(  # TODO: maybe assertItemsEqual?
         set(p[0] for p in getPermissions()),
         set(api.user.get_permissions().keys()))
Пример #13
0
def getUserPermissions(portal, username, context):
    mt = portal['portal_membership']
    user = mt.getMemberById(username)
    permissions = [pp[0] for pp in getPermissions() if user.checkPermission(pp[0],context)]
    return permissions
Пример #14
0
 def test_get_permissions_no_parameters(self):
     """Test get_permissions passing no parameters."""
     self.assertEqual(  # TODO: maybe assertItemsEqual?
         set(p[0] for p in getPermissions()),
         set(api.user.get_permissions().keys())
     )
Пример #15
0
 def _subobject_permissions(self):
     return getPermissions()
Пример #16
0
 def _subobject_permissions(self):
     return getPermissions()
Пример #17
0
 def test_get_permissions_no_parameters(self):
     """Test get_permissions passing no parameters."""
     self.assertItemsEqual(
         [p[0] for p in getPermissions()],
         api.user.get_permissions().keys(),
     )