def testModifyRolesForPermission(self):
modifyRolesForPermission(self.ob, 'View', ['Manager'])
modifyRolesForPermission(
self.ob, 'View management screens', ['Member'])
self.assertEqual(self.ob._View_Permission, ['Manager'])
self.assertEqual(
self.ob._View_management_screens_Permission, ['Member'])
def testModifyRolesForPermission(self):
modifyRolesForPermission(self.ob, 'View', ['Manager'])
modifyRolesForPermission(self.ob, 'View management screens',
['Member'])
self.assertEqual(self.ob._View_Permission, ['Manager'])
self.assertEqual(self.ob._View_management_screens_Permission,
['Member'])
def updateRoleMappingsFor(self, ob):
"""Changes the object permissions according to the current state.
"""
changed = 0
sdef = self._getWorkflowStateOf(ob)
if sdef is None:
return 0
# Update the role -> permission map.
if self.permissions:
for p in self.permissions:
roles = []
if sdef.permission_roles is not None:
roles = sdef.permission_roles.get(p, roles)
if modifyRolesForPermission(ob, p, roles):
changed = 1
# Update the group -> role map.
groups = self.getGroups()
managed_roles = self.getRoles()
if groups and managed_roles:
for group in groups:
roles = ()
if sdef.group_roles is not None:
roles = sdef.group_roles.get(group, ())
if modifyRolesForGroup(ob, group, roles, managed_roles):
changed = 1
return changed
def updateRoleMappingsFor(self, ob):
"""Changes the object permissions according to the current state.
"""
changed = 0
sdef = self._getWorkflowStateOf(ob)
if sdef is None:
return 0
# Update the role -> permission map.
if self.permissions:
for p in self.permissions:
roles = []
if sdef.permission_roles is not None:
roles = sdef.permission_roles.get(p, roles)
if modifyRolesForPermission(ob, p, roles):
changed = 1
# Update the group -> role map.
groups = self.getGroups()
managed_roles = self.getRoles()
if groups and managed_roles:
for group in groups:
roles = ()
if sdef.group_roles is not None:
roles = sdef.group_roles.get(group, ())
if modifyRolesForGroup(ob, group, roles, managed_roles):
changed = 1
return changed
def setCommentType(self, data):
field = self.getField('commentType')
field.set(self, data)
data = field.get(self) # After cleanup
# Apply permissions according to type
view_roles = None
for atype in Comment.types:
if data == atype.getId():
view_roles = atype.getViewRoles()
break
if view_roles is None:
return
for view_perm in (permissions.AccessContentsInformation, permissions.View):
modifyRolesForPermission(self, view_perm, view_roles )# if roles is a tuple, this means not to acquire
# Only owner can modify this
modifyRolesForPermission(self,permissions.ModifyPortalContent,('Owner',))
def updateRoleMappingsFor(self, ob):
'''
Changes the object permissions according to the current
state.
'''
changed = 0
sdef = self._getWorkflowStateOf(ob)
tool = aq_parent(aq_inner(self))
other_workflow_list = \
[x for x in tool.getWorkflowsFor(ob) if x.id != self.id and isinstance(x,DCWorkflowDefinition)]
other_data_list = []
for other_workflow in other_workflow_list:
other_sdef = other_workflow._getWorkflowStateOf(ob)
if other_sdef is not None and other_sdef.permission_roles is not None:
other_data_list.append((other_workflow, other_sdef))
# Be carefull, permissions_roles should not change
# from list to tuple or vice-versa. (in modifyRolesForPermission,
# list means acquire roles, tuple means do not acquire)
if sdef is not None and self.permissions:
for p in self.permissions:
roles = []
refused_roles = []
role_type = 'list'
other_role_type_list = []
if sdef.permission_roles is not None:
roles = sdef.permission_roles.get(p, roles)
if type(roles) is type(()):
role_type = 'tuple'
roles = list(roles)
# We will check that each role is activated
# in each DCWorkflow
for other_workflow, other_sdef in other_data_list:
if p in other_workflow.permissions:
other_roles = other_sdef.permission_roles.get(p, [])
if type(other_roles) is type(()):
other_role_type_list.append('tuple')
else:
other_role_type_list.append('list')
for role in roles:
if role not in other_roles:
refused_roles.append(role)
for role in refused_roles:
if role in roles:
roles.remove(role)
if role_type == 'tuple' and ((not other_role_type_list) or
('list' not in other_role_type_list)):
#If at least, one of other workflows manage security and for all are role_type are tuple
roles = tuple(roles)
if modifyRolesForPermission(ob, p, roles):
changed = 1
return changed
def updateRoleMappingsFor(self, ob):
"""
Changes the object permissions according to the current
state.
"""
changed = 0
sdef = self._getWorkflowStateOf(ob)
tool = aq_parent(aq_inner(self))
other_workflow_list = [
x for x in tool.getWorkflowsFor(ob) if x.id != self.id and isinstance(x, DCWorkflowDefinition)
]
other_data_list = []
for other_workflow in other_workflow_list:
other_sdef = other_workflow._getWorkflowStateOf(ob)
if other_sdef is not None and other_sdef.permission_roles is not None:
other_data_list.append((other_workflow, other_sdef))
# Be carefull, permissions_roles should not change
# from list to tuple or vice-versa. (in modifyRolesForPermission,
# list means acquire roles, tuple means do not acquire)
if sdef is not None and self.permissions:
for p in self.permissions:
roles = []
refused_roles = []
role_type = "list"
other_role_type_list = []
if sdef.permission_roles is not None:
roles = sdef.permission_roles.get(p, roles)
if type(roles) is type(()):
role_type = "tuple"
roles = list(roles)
# We will check that each role is activated
# in each DCWorkflow
for other_workflow, other_sdef in other_data_list:
if p in other_workflow.permissions:
other_roles = other_sdef.permission_roles.get(p, [])
if type(other_roles) is type(()):
other_role_type_list.append("tuple")
else:
other_role_type_list.append("list")
for role in roles:
if role not in other_roles:
refused_roles.append(role)
for role in refused_roles:
if role in roles:
roles.remove(role)
if role_type == "tuple" and ((not other_role_type_list) or ("list" not in other_role_type_list)):
# If at least, one of other workflows manage security and for all are role_type are tuple
roles = tuple(roles)
if modifyRolesForPermission(ob, p, roles):
changed = 1
return changed
def initialize_bise_checkout(context):
""" A GenericSetup import handler.
"""
if context.readDataFile('bise.country.txt') is None:
return
site = context.getSite()
# create checkout-folder
# assign ICountryFolder to folders in /countries
cf = createContentInContainer(site, 'Folder', title='Checkout folder')
logger.info("Created /checkout-folder")
# We grant "Add portal content" permission on the checkout-folder
perm = 'Add portal content'
pm = set(getPermissionMapping(perm, cf, st=tuple))
pm.update(['Contributor', 'Reviewer', 'Editor', 'Manager', 'Owner'])
modifyRolesForPermission(cf, perm, tuple(pm))
for name in ['countries']:
setup_country_folder(site.restrictedTraverse(name))
def remap_workflow(context, type_ids, chain, state_map={}):
"""Change the workflow for each type in type_ids to use the workflow
chain given. state_map is a dictionary of old state names to
new ones. States that are not found will be remapped to the default
state of the new workflow.
"""
if chain is None:
chain = '(Default)'
portal_workflow = getToolByName(context, 'portal_workflow')
default_chain = portal_workflow.getDefaultChain()
chains_by_type = dict(portal_workflow.listChainOverrides())
# Build a dictionary of type id -> chain before we made changes
old_chains = dict([(t, chains_by_type.get(t, default_chain))
for t in type_ids])
# Work out which permissions were managed by the old chain, but not
# by the new chain. This may vary by type id.
# Update the workflow chain in portal_workflows.
# XXX: There is no decent API for this it seems :-(
if chain == '(Default)':
cbt = portal_workflow._chains_by_type
for type_id in type_ids:
if type_id in cbt:
del cbt[type_id]
else:
portal_workflow.setChainForPortalTypes(type_ids, chain)
# Now remap, and fix permissions
# For each portal type, work out which workflows were controlling them
# before, and which permissions were in that, which are not in the new
# chain. These permissions need to be reset to 'Acquire'.
chain_workflows = {}
new_chain_permissions = set()
permissions_to_reset = {}
if chain == '(Default)':
chain = default_chain
for c in chain:
if c not in chain_workflows:
chain_workflows[c] = getattr(portal_workflow, c)
for permission in chain_workflows[c].permissions:
new_chain_permissions.add(permission)
for typeid, oc in old_chains.items():
if oc == '(Default)':
oc = default_chain
permissions_to_reset[typeid] = set()
for c in oc:
if c not in chain_workflows:
chain_workflows[c] = getattr(portal_workflow, c)
for permission in chain_workflows[c].permissions:
if permission not in new_chain_permissions:
permissions_to_reset[typeid].add(permission)
portal_catalog = getToolByName(context, 'portal_catalog')
# Then update the state of each
remapped_count = 0
threshold_count = 0
for brain in portal_catalog(portal_type=type_ids):
obj = brain.getObject()
portal_type = brain.portal_type
# If there are permissions to reset to acquire, do so now
for permission in permissions_to_reset[brain.portal_type]:
# A list makes it acquire ... if it was a tuple, it wouldn't
modifyRolesForPermission(obj, permission, [])
# Work out what, if any, the previous state of the object was
if len(chain) > 0:
old_chain = old_chains[portal_type]
old_wf = None
if len(old_chain) > 0:
old_wf = chain_workflows[old_chain[0]]
old_state = None
if old_wf is not None:
old_status = portal_workflow.getStatusOf(old_wf.getId(), obj)
if old_status is not None:
old_state = old_status.get('review_state', None)
# Now add a transition
for new_wf_name in chain:
new_wf = chain_workflows[new_wf_name]
new_status = {
'action': None,
'actor': None,
'comments': 'State remapped from control panel',
'review_state': state_map.get(old_state,
new_wf.initial_state),
'time': DateTime()
}
portal_workflow.setStatusOf(new_wf_name, obj, new_status)
# Trigger any automatic transitions, or else just make sure the role mappings are right
auto_transition = new_wf._findAutomaticTransition(
obj, new_wf._getWorkflowStateOf(obj))
if auto_transition is not None:
new_wf._changeStateOf(obj, auto_transition)
else:
new_wf.updateRoleMappingsFor(obj)
obj.reindexObject(idxs=['allowedRolesAndUsers', 'review_state'])
remapped_count += 1
threshold_count += 1
if threshold_count > SAVE_THRESHOLD:
transaction.savepoint()
threshold_count = 0
return remapped_count
def hide(self, doc):
modifyRolesForPermission(doc, 'View', ('Manager', 'Owner'))
def remap_workflow(context, type_ids, chain, state_map={}):
"""Change the workflow for each type in type_ids to use the workflow
chain given. state_map is a dictionary of old state names to
new ones. States that are not found will be remapped to the default
state of the new workflow.
"""
if chain is None:
chain = '(Default)'
portal_workflow = getToolByName(context, 'portal_workflow')
default_chain = portal_workflow.getDefaultChain()
chains_by_type = dict(portal_workflow.listChainOverrides())
# Build a dictionary of type id -> chain before we made changes
old_chains = dict([(t, chains_by_type.get(t, default_chain)) for t in type_ids])
# Work out which permissions were managed by the old chain, but not
# by the new chain. This may vary by type id.
# Update the workflow chain in portal_workflows.
# XXX: There is no decent API for this it seems :-(
if chain == '(Default)':
cbt = portal_workflow._chains_by_type
for type_id in type_ids:
if type_id in cbt:
del cbt[type_id]
else:
portal_workflow.setChainForPortalTypes(type_ids, chain)
# Now remap, and fix permissions
# For each portal type, work out which workflows were controlling them
# before, and which permissions were in that, which are not in the new
# chain. These permissions need to be reset to 'Acquire'.
chain_workflows = {}
new_chain_permissions = set()
permissions_to_reset = {}
if chain == '(Default)':
chain = default_chain
for c in chain:
if c not in chain_workflows:
chain_workflows[c] = getattr(portal_workflow, c)
for permission in chain_workflows[c].permissions:
new_chain_permissions.add(permission)
for typeid, oc in old_chains.items():
if oc == '(Default)':
oc = default_chain
permissions_to_reset[typeid] = set()
for c in oc:
if c not in chain_workflows:
chain_workflows[c] = getattr(portal_workflow, c)
for permission in chain_workflows[c].permissions:
if permission not in new_chain_permissions:
permissions_to_reset[typeid].add(permission)
portal_catalog = getToolByName(context, 'portal_catalog')
# Then update the state of each
remapped_count = 0
threshold_count = 0
for brain in portal_catalog(portal_type=type_ids):
obj = brain.getObject()
portal_type = brain.portal_type
# If there are permissions to reset to acquire, do so now
for permission in permissions_to_reset[brain.portal_type]:
# A list makes it acquire ... if it was a tuple, it wouldn't
modifyRolesForPermission(obj, permission, [])
# Work out what, if any, the previous state of the object was
if len(chain) > 0:
old_chain = old_chains[portal_type]
old_wf = None
if len(old_chain) > 0:
old_wf = chain_workflows[old_chain[0]]
old_state = None
if old_wf is not None:
old_status = portal_workflow.getStatusOf(old_wf.getId(), obj)
if old_status is not None:
old_state = old_status.get('review_state', None)
# Now add a transition
for new_wf_name in chain:
new_wf = chain_workflows[new_wf_name]
new_status = {'action': None,
'actor': None,
'comments': 'State remapped from control panel',
'review_state': state_map.get(old_state, new_wf.initial_state),
'time': DateTime()}
portal_workflow.setStatusOf(new_wf_name, obj, new_status)
# Trigger any automatic transitions, or else just make sure the role mappings are right
auto_transition = new_wf._findAutomaticTransition(obj, new_wf._getWorkflowStateOf(obj))
if auto_transition is not None:
new_wf._changeStateOf(obj, auto_transition)
else:
new_wf.updateRoleMappingsFor(obj)
obj.reindexObject(idxs=['allowedRolesAndUsers', 'review_state'])
remapped_count += 1
threshold_count += 1
if threshold_count > SAVE_THRESHOLD:
transaction.savepoint()
threshold_count = 0
return remapped_count
