def _ajax_save_user( self, req ):
userID, componentID, projectID, active = self._get_args(( 'user',
'component', 'project', 'active' ), req )
active = 'true' == active
if not userID or ( not projectID and not componentID ):
return
userFactory = UserFactory( self._db )
user = userFactory.getByUsername( userID )
if projectID:
projectFactory = ProjectFactory( self.config )
project = projectFactory.getByName( projectID )
if active:
project.grantAccessFor( user )
else:
project.forbidAccessFor( user )
if componentID:
componentFactory = ComponentFactory( self._db )
component = componentFactory.getByName( componentID )
if active:
component.grantAccessFor( user )
else:
component.forbidAccessFor( user )
self._terminate_ajax_request( True, req )
class CustomPolicies(Component):
implements( IPermissionPolicy )
def __init__( self ):
self._db = self.env.get_db_cnx()
# wiring factories ( dependency injection pattern )
self._userFactory = UserFactory( self._db )
self._componentFactory = ComponentFactory( self._db )
self._projectFactory = ProjectFactory( self.config )
self._milestoneFactory = MilestoneFactory( self._db,
self._componentFactory, self._projectFactory )
self._ticketFactory = TicketFactory ( self._db,
self._componentFactory, self._projectFactory )
def check_permission( self, action, username, resource, perm ):
self.log.info( 'check_permission: %s, %s, %s, %s, )' % ( action, username, resource, perm ))
self._user = self._userFactory.getByUsername( username )
#self.log.info( 'user: %s %s' % ( username, user._permissions ))
args = [ action, username, resource, perm ]
if action == 'TICKET_VIEW':
return self._check_ticket_permission( *args )
if action == 'MILESTONE_VIEW':
return self._check_milestone_permission( *args )
if action == 'COMPONENT_VIEW':
return self._check_component_permission( *args )
if action == 'PROJECT_VIEW':
return self._check_project_permission( *args )
return None
def _check_ticket_permission( self, action, username, resource, perm ):
if not resource:
return None
self.log.debug( 'Ticket id: %s' % resource.id )
ticket = self._ticketFactory.getById( resource.id )
access = ticket.canBeAccessedBy( self._user )
self.log.debug( 'component: %s, access: %s' % ( ticket._component, ticket._component and ticket._component.canBeAccessedBy( self._user )))
self.log.debug( 'project: %s, access: %s' % ( ticket._project, ticket._project and ticket._project.canBeAccessedBy( self._user )))
self.log.debug( 'Ticket can be accessed: %s' % access )
return access
def _check_milestone_permission( self, action, username, resource, perm ):
if not resource:
return None
self.log.debug( 'Milestone realm: %s' % resource.realm )
self.log.debug( 'Milestone id: %s' % resource.id )
milestone = self._milestoneFactory.getByName( resource.id )
result = milestone.canBeAccessedBy( self._user )
self.log.debug( 'Access: %s' % result )
return result
def _check_component_permission( self, action, username, resource, perm ):
if not resource:
return None
self.log.debug( 'Component realm: %s' % resource.realm )
self.log.debug( 'Component id: %s' % resource.id )
component = self._componentFactory.getByName( resource.realm )
result = component.canBeAccessedBy( self._user )
self.log.debug( 'Access: %s' % result )
return result
def _check_project_permission( self, action, username, resource, perm ):
if not resource:
return None
self.log.debug( 'Project realm: %s' % resource.realm )
self.log.debug( 'Project id: %s' % resource.id )
project = self._projectFactory.getByName( resource.realm )
result = project.canBeAccessedBy( self._user )
self.log.debug( 'Access: %s' % result )
return result