def evolve(site):
offices = site.get('offices')
if offices is None:
return
for doc in postorder(offices):
if hasattr(doc, '__custom_acl__'):
continue
try:
ct = get_content_type(doc)
except:
continue
if ct is None:
continue
wf = get_workflow(ct, 'security', doc)
if wf is None:
continue
if wf.name != 'intranet-content':
continue
print 'Resetting workflow for', model_path(doc)
wf.reset(doc)
_reindex(offices)
def _reindex(ob, texts=False):
catalog = find_catalog(ob)
if catalog is None:
return # Will be true for a mailin test trace
# XXX reindexing the 'path' index can be removed once we've
# removed the last ACLChecker spelled in catalog queries from the
# code; this is the "old" way of doing security filtering.
path_index = catalog['path']
path_index.reindex_doc(ob.docid, ob)
# In some cases changing the workflow state of an object can change its
# ranking in text search.
if texts:
text_index = catalog['texts']
text_index.reindex_doc(ob.docid, ob)
# if the object is folderish, we need to reindex it plus all its
# subobjects' 'allowed' index entries recursively; each object's
# allowed value depends on its parents in the lineage
allowed_index = catalog.get('allowed')
if allowed_index is not None:
for node in postorder(ob):
if hasattr(node, 'docid'):
allowed_index.reindex_doc(node.docid, node)
def mothball_community(community):
catalog = find_catalog(community)
tags = find_tags(community)
def get_docid(doc):
return catalog.document_map.docid_for_address(resource_path(doc))
# Unindex all documents, remove top level tools
# Make copy of items so we're not mutating a BTree while traversing it
for name, tool in list(community.items()):
if name == 'members':
# We probably want to hang on to historical membership data
continue
for doc in postorder(tool): # includes tool in traversal
log.info("Removing %s", resource_path(doc))
docid = get_docid(doc)
tags.delete(docid)
catalog.unindex_doc(docid)
del community[name]
log.info("Removing tags")
docid = get_docid(community)
tags.delete(docid)
catalog.unindex_doc(docid)
community.description = 'This community has been archived.'
community.text = render('templates/archived_community_text.pt',
{'settings': get_current_registry().settings})
community.archive_status = 'archived'
community.default_tool = None
log.info("Finished removing content: %s", resource_path(community))
def mothball_community(community):
catalog = find_catalog(community)
tags = find_tags(community)
def get_docid(doc):
return catalog.document_map.docid_for_address(resource_path(doc))
# Unindex all documents, remove top level tools
# Make copy of items so we're not mutating a BTree while traversing it
for name, tool in list(community.items()):
if name == 'members':
# We probably want to hang on to historical membership data
continue
for doc in postorder(tool): # includes tool in traversal
log.info("Removing %s", resource_path(doc))
docid = get_docid(doc)
tags.delete(docid)
catalog.unindex_doc(docid)
del community[name]
log.info("Removing tags")
docid = get_docid(community)
tags.delete(docid)
catalog.unindex_doc(docid)
community.description = 'This community has been archived.'
community.text = render('templates/archived_community_text.pt', {
'settings': get_current_registry().settings})
community.archive_status = 'archived'
community.default_tool = None
log.info("Finished removing content: %s", resource_path(community))
def evolve(site):
offices = site.get('offices')
if offices is None:
return
for doc in postorder(offices):
if hasattr(doc, '__custom_acl__'):
continue
try:
ct = get_content_type(doc)
except:
continue
if ct is None:
continue
wf = get_workflow(ct, 'security', doc)
if wf is None:
continue
if wf.name != 'intranet-content':
continue
print 'Resetting workflow for', resource_path(doc)
wf.reset(doc)
_reindex(offices)
def _reindex(ob, texts=False):
catalog = find_catalog(ob)
if catalog is None:
return # Will be true for a mailin test trace
# XXX reindexing the 'path' index can be removed once we've
# removed the last ACLChecker spelled in catalog queries from the
# code; this is the "old" way of doing security filtering.
path_index = catalog['path']
path_index.reindex_doc(ob.docid, ob)
# In some cases changing the workflow state of an object can change its
# ranking in text search.
if texts:
text_index = catalog['texts']
text_index.reindex_doc(ob.docid, ob)
# if the object is folderish, we need to reindex it plus all its
# subobjects' 'allowed' index entries recursively; each object's
# allowed value depends on its parents in the lineage
allowed_index = catalog.get('allowed')
if allowed_index is not None:
for node in postorder(ob):
if hasattr(node, 'docid'):
allowed_index.reindex_doc(node.docid, node)
def modify_acl(context, acl):
context.__custom_acl__ = acl # added so we can find customized obs later
context.__acl__ = acl
catalog = find_catalog(context)
# Some objects w/ ACLs may not be indexed in the catalog. E.g.,
# People Directory entities. If not, they won't have 'docid'.
docid = getattr(context, 'docid', None)
if docid is not None and catalog is not None:
allowed = catalog.get('allowed')
if allowed is not None:
for node in postorder(context):
allowed.reindex_doc(node.docid, node)
catalog.invalidate()
def _reindex(ob):
catalog = find_catalog(ob)
# XXX reindexing the 'path' index can be removed once we've
# removed the last ACLChecker spelled in catalog queries from the
# code; this is the "old" way of doing security filtering.
path_index = catalog['path']
path_index.reindex_doc(ob.docid, ob)
# if the object is folderish, we need to reindex it plus all its
# subobjects' 'allowed' index entries recursively; each object's
# allowed value depends on its parents in the lineage
allowed_index = catalog.get('allowed')
if allowed_index is not None:
for node in postorder(ob):
if hasattr(node, 'docid'):
allowed_index.reindex_doc(node.docid, node)
def edit_acl_view(context, request):
acl = original_acl = getattr(context, '__acl__', [])
if acl and acl[-1] == NO_INHERIT:
acl = acl[:-1]
epilog = [NO_INHERIT]
else:
epilog = []
if 'form.move_up' in request.POST:
index = int(request.POST['index'])
if index > 0:
new = acl[:]
new[index-1], new[index] = new[index], new[index-1]
acl = new
elif 'form.move_down' in request.POST:
index = int(request.POST['index'])
if index < len(acl) - 1:
new = acl[:]
new[index+1], new[index] = new[index], new[index+1]
acl = new
elif 'form.remove' in request.POST:
index = int(request.POST['index'])
new = acl[:]
del new[index]
acl = new
elif 'form.add' in request.POST:
verb = request.POST['verb']
principal = request.POST['principal']
permissions = tuple(filter(None,
COMMA_WS.split(request.POST['permissions'])))
new = acl[:]
new.append((verb, principal, permissions))
acl = new
elif 'form.inherit' in request.POST:
no_inherit = request.POST['inherit'] == 'disabled'
if no_inherit:
epilog = [NO_INHERIT]
else:
epilog = []
elif 'form.security_state' in request.POST:
new_state = request.POST['security_state']
if new_state != 'CUSTOM':
workflow = get_context_workflow(context)
if hasattr(context, '__custom_acl__'):
workflow.reset(context)
del context.__custom_acl__
workflow.transition_to_state(context, request, new_state)
acl = acl + epilog
if acl != original_acl:
context.__custom_acl__ = acl # added so we can find customized obs later
context.__acl__ = acl
catalog = find_catalog(context)
if catalog is not None:
allowed = catalog.get('allowed')
if allowed is not None:
for node in postorder(context):
allowed.reindex_doc(node.docid, node)
catalog.invalidate()
workflow = get_context_workflow(context)
if workflow is not None:
if hasattr(context, '__custom_acl__'):
security_state = 'CUSTOM'
security_states = [s['name'] for s in
workflow.state_info(context, request)]
security_states.insert(0, 'CUSTOM')
else:
security_state = workflow.state_of(context)
security_states = [s['name'] for s in
get_security_states(workflow, context, request)]
else:
security_state = None
security_states = None
parent = context.__parent__
parent_acl = []
while parent is not None:
p_acl = getattr(parent, '__acl__', ())
stop = False
for ace in p_acl:
if ace == NO_INHERIT:
stop = True
else:
parent_acl.append(ace)
if stop:
break
parent = parent.__parent__
local_acl = []
inheriting = 'enabled'
l_acl = getattr(context, '__acl__', ())
for l_ace in l_acl:
if l_ace == NO_INHERIT:
inheriting = 'disabled'
break
local_acl.append(l_ace)
return render_to_response(
'templates/edit_acl.pt',
dict(parent_acl=parent_acl or (),
local_acl=local_acl,
inheriting=inheriting,
security_state=security_state,
security_states=security_states),
request=request,
)
def _callFUT(self, node):
from karl.security.workflow import postorder
return postorder(node)
def _callFUT(self, node):
from karl.security.workflow import postorder
return postorder(node)
def edit_acl_view(context, request):
acl = original_acl = getattr(context, '__acl__', [])
if acl and acl[-1] == NO_INHERIT:
acl = acl[:-1]
epilog = [NO_INHERIT]
else:
epilog = []
if 'form.move_up' in request.POST:
index = int(request.POST['index'])
if index > 0:
new = acl[:]
new[index - 1], new[index] = new[index], new[index - 1]
acl = new
elif 'form.move_down' in request.POST:
index = int(request.POST['index'])
if index < len(acl) - 1:
new = acl[:]
new[index + 1], new[index] = new[index], new[index + 1]
acl = new
elif 'form.remove' in request.POST:
index = int(request.POST['index'])
new = acl[:]
del new[index]
acl = new
elif 'form.add' in request.POST:
verb = request.POST['verb']
principal = request.POST['principal']
permissions = tuple(
filter(None, COMMA_WS.split(request.POST['permissions'])))
new = acl[:]
new.append((verb, principal, permissions))
acl = new
elif 'form.inherit' in request.POST:
no_inherit = request.POST['inherit'] == 'disabled'
if no_inherit:
epilog = [NO_INHERIT]
else:
epilog = []
elif 'form.security_state' in request.POST:
new_state = request.POST['security_state']
if new_state != 'CUSTOM':
workflow = get_context_workflow(context)
if hasattr(context, '__custom_acl__'):
workflow.reset(context)
del context.__custom_acl__
workflow.transition_to_state(context, request, new_state)
acl = acl + epilog
if acl != original_acl:
context.__custom_acl__ = acl # added so we can find customized obs later
context.__acl__ = acl
catalog = find_catalog(context)
if catalog is not None:
allowed = catalog.get('allowed')
if allowed is not None:
for node in postorder(context):
allowed.reindex_doc(node.docid, node)
catalog.invalidate()
workflow = get_context_workflow(context)
if workflow is not None:
if hasattr(context, '__custom_acl__'):
security_state = 'CUSTOM'
security_states = [
s['name'] for s in workflow.state_info(context, request)
]
security_states.insert(0, 'CUSTOM')
else:
security_state = workflow.state_of(context)
security_states = [
s['name']
for s in get_security_states(workflow, context, request)
]
else:
security_state = None
security_states = None
parent = context.__parent__
parent_acl = []
while parent is not None:
p_acl = getattr(parent, '__acl__', ())
stop = False
for ace in p_acl:
if ace == NO_INHERIT:
stop = True
else:
parent_acl.append(ace)
if stop:
break
parent = parent.__parent__
local_acl = []
inheriting = 'enabled'
l_acl = getattr(context, '__acl__', ())
for l_ace in l_acl:
if l_ace == NO_INHERIT:
inheriting = 'disabled'
break
local_acl.append(l_ace)
return render_to_response(
'templates/edit_acl.pt',
dict(parent_acl=parent_acl or (),
local_acl=local_acl,
inheriting=inheriting,
security_state=security_state,
security_states=security_states),
request=request,
)
