def filterFields(context, form_fields):
omit_names = []
if IAlchemistContent.providedBy(context):
md = utils.get_descriptor(context.__class__)
for field in form_fields:
# field:zope.formlib.form.FormField
try:
can_write = security.canWrite(context, field.__name__)
can_read = security.canAccess(context, field.__name__)
except AttributeError:
log.warn('filterFields: item [%s] has no field named "%s"',
context, field.__name__)
can_write = can_read = False
if can_write:
continue
if can_read:
field.for_display = True
field.custom_widget = md.get(field.__name__).view_widget
else:
omit_names.append(field.__name__)
elif not IAlchemistContainer.providedBy(context):
ctx = getattr(context, "context", None)
if ctx:
filterFields(ctx, form_fields)
else:
raise NotImplementedError
return form_fields.omit(*omit_names)
def filterFields(context, form_fields):
omit_names = []
if IAlchemistContent.providedBy(context):
md = utils.get_descriptor(context.__class__)
for field in form_fields:
# field:zope.formlib.form.FormField
try:
can_write = security.canWrite(context, field.__name__)
can_read = security.canAccess(context, field.__name__)
except AttributeError:
log.warn('filterFields: item [%s] has no field named "%s"', context, field.__name__)
can_write = can_read = False
if can_write:
continue
if can_read:
field.for_display = True
field.custom_widget = md.get(field.__name__).view_widget
else:
omit_names.append(field.__name__)
elif not IAlchemistContainer.providedBy(context):
ctx = getattr(context, "context", None)
if ctx:
filterFields(ctx, form_fields)
else:
raise NotImplementedError
return form_fields.omit(*omit_names)
def _extractContentInfo(self, item):
request = self.request
rename_ids = {}
if "container_rename_button" in request:
for rename_id in request.get('ids', ()):
rename_ids[rename_id] = rename_id
elif "rename_ids" in request:
for rename_id in request.get('rename_ids', ()):
rename_ids[rename_id] = rename_id
retitle_id = request.get('retitle_id')
id, obj = item
info = {}
info['id'] = info['cb_id'] = id
info['object'] = obj
info['url'] = urllib.quote(id.encode('utf-8'))
info['rename'] = rename_ids.get(id)
info['retitle'] = id == retitle_id
zmi_icon = zapi.queryMultiAdapter((obj, self.request), name='zmi_icon')
if zmi_icon is None:
info['icon'] = None
else:
info['icon'] = zmi_icon()
dc = IZopeDublinCore(obj, None)
if dc is not None:
info['retitleable'] = canWrite(dc, 'title')
info['plaintitle'] = not info['retitleable']
title = self.safe_getattr(dc, 'title', None)
if title:
info['title'] = title
formatter = self.request.locale.dates.getFormatter(
'dateTime', 'short')
created = self.safe_getattr(dc, 'created', None)
if created is not None:
info['created'] = formatter.format(created)
modified = self.safe_getattr(dc, 'modified', None)
if modified is not None:
info['modified'] = formatter.format(modified)
else:
info['retitleable'] = 0
info['plaintitle'] = 1
sized_adapter = ISized(obj, None)
if sized_adapter is not None:
info['size'] = sized_adapter
return info
def _extractContentInfo(self, item):
request = self.request
rename_ids = {}
if "container_rename_button" in request:
for rename_id in request.get('ids', ()):
rename_ids[rename_id] = rename_id
elif "rename_ids" in request:
for rename_id in request.get('rename_ids', ()):
rename_ids[rename_id] = rename_id
retitle_id = request.get('retitle_id')
id, obj = item
info = {}
info['id'] = info['cb_id'] = id
info['object'] = obj
info['url'] = urllib.quote(id.encode('utf-8'))
info['rename'] = rename_ids.get(id)
info['retitle'] = id == retitle_id
zmi_icon = queryMultiAdapter((obj, self.request), name='zmi_icon')
if zmi_icon is None:
info['icon'] = None
else:
info['icon'] = zmi_icon()
dc = IZopeDublinCore(obj, None)
if dc is not None:
info['retitleable'] = canWrite(dc, 'title')
info['plaintitle'] = not info['retitleable']
title = self.safe_getattr(dc, 'title', None)
if title:
info['title'] = title
formatter = self.request.locale.dates.getFormatter(
'dateTime', 'short')
created = self.safe_getattr(dc, 'created', None)
if created is not None:
info['created'] = formatter.format(created)
modified = self.safe_getattr(dc, 'modified', None)
if modified is not None:
info['modified'] = formatter.format(modified)
else:
info['retitleable'] = 0
info['plaintitle'] = 1
sized_adapter = ISized(obj, None)
if sized_adapter is not None:
info['size'] = sized_adapter
return info
def render(self):
content = self.content
if content.__name__ not in self.globalenviron['activeIds']:
return super(RenameTitleColumn, self).render()
if IItem.providedBy(content):
if not canWrite(content, 'title'):
return super(RenameTitleColumn, self).render()
else:
dc = ICMFDublinCore(content, None)
if dc is not None:
if not canWrite(dc, 'title'):
return super(RenameTitleColumn, self).render()
if IDocument.providedBy(content):
return super(RenameTitleColumn, self).render()
return u'<input type="text" name="newTitles:list" '\
'size="14" value="%s" />' % cgi.escape(self.query())
def has_write_permission(self, context):
"""check that the user has the rights to edit
the object, if not we assume he has no rights
to make a version
assumption is here that if he has the rights on any of the fields
he may create a version."""
table = orm.class_mapper(context.__class__).mapped_table
for column in table.columns:
if canWrite(context, column.name):
return True
else:
return False
def has_write_permission(self, context):
"""check that the user has the rights to edit
the object, if not we assume he has no rights
to make a version
assumption is here that if he has the rights on any of the fields
he may create a version."""
table = orm.class_mapper(context.__class__).mapped_table
for column in table.columns:
if canWrite(context, column.name):
return True
else:
return False
def _copy_writeableFields(self, source, dest, context):
"""Only revert the fields which the user has edit rights for
"""
table = get_mapped_table(source.__class__)
for column in table.columns:
if column.primary_key:
continue
value = getattr(source, column.name)
try:
if canWrite(context, column.name):
setattr(dest, column.name, value)
except ForbiddenAttribute:
setattr(dest, column.name, value)
def has_write_permission(self, context):
"""check that the user has the rights to edit
the object, if not we assume he has no rights
to make a version
assumption is here that if he has the rights on any of the fields
he may create a version."""
trusted = removeSecurityProxy(self.context)
table = orm.class_mapper(trusted.__class__).mapped_table
for column in table.columns:
try:
if canWrite(self.context, column.name):
return True
except ForbiddenAttribute:
pass
else:
return False
def has_write_permission(self, context):
"""check that the user has the rights to edit
the object, if not we assume he has no rights
to make a version
assumption is here that if he has the rights on any of the fields
he may create a version."""
trusted = removeSecurityProxy(self.context)
table = orm.class_mapper(trusted.__class__).mapped_table
for column in table.columns:
try:
if canWrite(self.context, column.name):
return True
except ForbiddenAttribute:
pass
else:
return False
def has_write_permission(self, context):
"""Check that the user has the rights to edit the object, if not we
assume he has no rights to make a version assumption is here that if
he has the rights on any of the fields he may create a version.
"""
trusted = removeSecurityProxy(self.context)
# !+extended attributes? get complete list of attribuites off kls, as
# in core.audit...get_field_names_to_audit(kls)
# !+ replace with a more explict permission check?
table = orm.class_mapper(trusted.__class__).mapped_table
for column in table.columns:
try:
if canWrite(self.context, column.name):
return True
else:
return False
except ForbiddenAttribute:
pass
else:
return False
def filterFields(context, form_fields):
omit_names = []
if IAlchemistContent.providedBy(context):
md = queryModelDescriptor(context.__class__)
for field in form_fields:
try:
can_write = security.canWrite(context, field.__name__)
can_read = security.canAccess(context, field.__name__)
except AttributeError:
can_write = can_read = False
if can_write:
continue
if can_read:
field.for_display = True
field.custom_widget = md.get(field.__name__).view_widget
else:
omit_names.append(field.__name__)
elif not IAlchemistContainer.providedBy(context):
ctx = getattr(context, "context", None)
if ctx:
filterFields(ctx, form_fields)
else:
raise NotImplementedError
return form_fields.omit(*omit_names)
def filterFields(context, form_fields):
omit_names = []
if IAlchemistContent.providedBy(context):
md = queryModelDescriptor(context.__class__)
for field in form_fields:
try:
can_write = security.canWrite( context, field.__name__)
can_read = security.canAccess( context, field.__name__)
except AttributeError:
can_write = can_read = False
if can_write:
continue
if can_read:
field.for_display = True
field.custom_widget = md.get(field.__name__).view_widget
else:
omit_names.append(field.__name__)
elif not IAlchemistContainer.providedBy(context):
ctx=getattr(context, 'context', None)
if ctx:
filterFields(ctx, form_fields)
else:
raise NotImplementedError
return form_fields.omit(*omit_names)
def setUpEditWidgets(view, schema, source=None, prefix=None,
ignoreStickyValues=False, names=None, context=None,
degradeInput=False, degradeDisplay=False):
"""Sets up widgets to collect input on a view.
See `setUpWidgets` for details on `view`, `schema`, `prefix`,
`ignoreStickyValues`, `names`, and `context`.
`source`, if specified, is an object from which initial widget values are
read. If source is not specified, the view context is used as the source.
`degradeInput` is a flag that changes the behavior when a user does not
have permission to edit a field in the names. By default, the function
raises Unauthorized. If degradeInput is True, the field is changed to
an IDisplayWidget.
`degradeDisplay` is a flag that changes the behavior when a user does not
have permission to access a field in the names. By default, the function
raises Unauthorized. If degradeDisplay is True, the field is removed from
the form.
Returns a list of names, equal to or a subset of the names that were
supposed to be drawn, with uninitialized undrawn fields missing.
"""
if context is None:
context = view.context
if source is None:
source = view.context
security_proxied = isProxy(source, Proxy)
res_names = []
for name, field in _fieldlist(names, schema):
try:
value = field.get(source)
except ForbiddenAttribute:
raise
except AttributeError:
value = no_value
except Unauthorized:
if degradeDisplay:
continue
else:
raise
if field.readonly:
viewType = IDisplayWidget
else:
if security_proxied:
is_accessor = IMethod.providedBy(field)
if is_accessor:
set_name = field.writer.__name__
authorized = security.canAccess(source, set_name)
else:
set_name = name
authorized = security.canWrite(source, name)
if not authorized:
if degradeInput:
viewType = IDisplayWidget
else:
raise Unauthorized(set_name)
else:
viewType = IInputWidget
else:
# if object is not security proxied, might be a standard
# adapter without a registered checker. If the feature of
# paying attention to the users ability to actually set a
# field is decided to be a must-have for the form machinery,
# then we ought to change this case to have a deprecation
# warning.
viewType = IInputWidget
setUpWidget(view, name, field, viewType, value, prefix,
ignoreStickyValues, context)
res_names.append(name)
return res_names
except Unauthorized:
if degradeDisplay:
continue
else:
raise
if field.readonly:
viewType = IDisplayWidget
else:
if security_proxied:
is_accessor = IMethod.providedBy(field)
if is_accessor:
set_name = field.writer.__name__
authorized = security.canAccess(source, set_name)
else:
set_name = name
authorized = security.canWrite(source, name)
if not authorized:
if degradeInput:
viewType = IDisplayWidget
else:
raise Unauthorized(set_name)
else:
viewType = IInputWidget
else:
# if object is not security proxied, might be a standard
# adapter without a registered checker. If the feature of
# paying attention to the users ability to actually set a
# field is decided to be a must-have for the form machinery,
# then we ought to change this case to have a deprecation
# warning.
viewType = IInputWidget
def can_write(self):
"""See pyams_utils.interfaces.form.IDataManager"""
context = self.adapted_context
if isinstance(context, Proxy):
return canWrite(context, self.field.__name__)
return True
except Unauthorized:
if degradeDisplay:
continue
else:
raise
if field.readonly:
viewType = IDisplayWidget
else:
if security_proxied:
is_accessor = IMethod.providedBy(field)
if is_accessor:
set_name = field.writer.__name__
authorized = security.canAccess(source, set_name)
else:
set_name = name
authorized = security.canWrite(source, name)
if not authorized:
if degradeInput:
viewType = IDisplayWidget
else:
raise Unauthorized(set_name)
else:
viewType = IInputWidget
else:
# if object is not security proxied, might be a standard
# adapter without a registered checker. If the feature of
# paying attention to the users ability to actually set a
# field is decided to be a must-have for the form machinery,
# then we ought to change this case to have a deprecation
# warning.
viewType = IInputWidget
def setUpEditWidgets(view,
schema,
source=None,
prefix=None,
ignoreStickyValues=False,
names=None,
context=None,
degradeInput=False,
degradeDisplay=False):
"""Sets up widgets to collect input on a view.
See `setUpWidgets` for details on `view`, `schema`, `prefix`,
`ignoreStickyValues`, `names`, and `context`.
`source`, if specified, is an object from which initial widget values are
read. If source is not specified, the view context is used as the source.
`degradeInput` is a flag that changes the behavior when a user does not
have permission to edit a field in the names. By default, the function
raises Unauthorized. If degradeInput is True, the field is changed to
an IDisplayWidget.
`degradeDisplay` is a flag that changes the behavior when a user does not
have permission to access a field in the names. By default, the function
raises Unauthorized. If degradeDisplay is True, the field is removed from
the form.
Returns a list of names, equal to or a subset of the names that were
supposed to be drawn, with uninitialized undrawn fields missing.
"""
if context is None:
context = view.context
if source is None:
source = view.context
security_proxied = isProxy(source, Proxy)
res_names = []
for name, field in _fieldlist(names, schema):
try:
value = field.get(source)
except ForbiddenAttribute:
raise
except AttributeError:
value = no_value
except Unauthorized:
if degradeDisplay:
continue
else:
raise
if field.readonly:
viewType = IDisplayWidget
else:
if security_proxied:
is_accessor = IMethod.providedBy(field)
if is_accessor:
set_name = field.writer.__name__
authorized = security.canAccess(source, set_name)
else:
set_name = name
authorized = security.canWrite(source, name)
if not authorized:
if degradeInput:
viewType = IDisplayWidget
else:
raise Unauthorized(set_name)
else:
viewType = IInputWidget
else:
# if object is not security proxied, might be a standard
# adapter without a registered checker. If the feature of
# paying attention to the users ability to actually set a
# field is decided to be a must-have for the form machinery,
# then we ought to change this case to have a deprecation
# warning.
viewType = IInputWidget
setUpWidget(view, name, field, viewType, value, prefix,
ignoreStickyValues, context)
res_names.append(name)
return res_names
