def getPermissionAcquiredMapping(self): """ """ parent = self.getObjectParent() acquiring_permissions = self.getPermissionsWithAcquiredRoles() mapping = {} for permission in self.permissions: if permission in acquiring_permissions: mapping[permission] = rolesForPermissionOn(permission, parent) else: mapping[permission] = [] return mapping
def rolesForPermissionOn(ob): im_self = ob.im_self name = '%s__roles__' % ob.__name__ # we explictly call _aq_dynamic to prevent acquiering the attribute # from container roles = getattr(im_self.__class__, name, im_self) if roles is im_self: roles = im_self._aq_dynamic(name) if roles is None: return rolesForPermissionOn(None, im_self, ('Manager',), '_Access_contents_information_Permission') return getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
def rolesForPermissionOn(ob): im_self = ob.im_self name = '%s__roles__' % ob.__name__ # we explictly call _aq_dynamic to prevent acquiering the attribute # from container roles = getattr(im_self.__class__, name, im_self) if roles is im_self: roles = im_self._aq_dynamic(name) if roles is None: return rolesForPermissionOn( None, im_self, ('Manager', ), '_Access_contents_information_Permission') return getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
def rolesForPermissionOn(ob): im_self = ob.im_self name = '%s__roles__' % ob.__name__ # Lookup on the class, as getRoles gives priority to ob.__roles__ # over class.ob__roles__, this way we have an opportunity to define # security on the class for generated methods. # We explictly call _aq_dynamic to prevent acquiering the attribute # from container roles = getattr(im_self.__class__, name, im_self) if roles is im_self: roles = im_self._aq_dynamic(name) if roles is None: return rolesForPermissionOn(None, im_self, ('Manager',), '_Modify_portal_content_Permission') # if roles has an __of__ method, call it explicitly, as the Method # already has an __of__ method that has been already called at this # point. return getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
def rolesForPermissionOn(ob): im_self = ob.im_self name = '%s__roles__' % ob.__name__ # Lookup on the class, as getRoles gives priority to ob.__roles__ # over class.ob__roles__, this way we have an opportunity to define # security on the class for generated methods. # We explictly call _aq_dynamic to prevent acquiering the attribute # from container roles = getattr(im_self.__class__, name, im_self) if roles is im_self: roles = im_self._aq_dynamic(name) if roles is None: return rolesForPermissionOn( None, im_self, ('Manager', ), '_Modify_portal_content_Permission') # if roles has an __of__ method, call it explicitly, as the Method # already has an __of__ method that has been already called at this # point. return getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
def allowedAdminRolesAndUsers(self): """ Return a list of roles and users with reportek_dataflow_admin permission. Used by Catalog to filter out items you're not allowed to see. """ ob = self allowed = {} for r in rolesForPermissionOn(reportek_dataflow_admin, ob): allowed[r] = 1 localroles = self._mergedLocalRoles(ob) for user, roles in localroles.items(): for role in roles: if role in allowed: allowed['user:'******'Owner' in allowed: del allowed['Owner'] return list(allowed.keys())
def has_permission(permission=None, username=None, user=None, obj=None): """Check if the user has the specified permission on the given object. Arguments ``username`` and ``user`` are mutually exclusive. You can either set one or the other, but not both. If no ``username` or ``user`` are provided, check the permission for the currently logged-in user. :param permission: [required] Permission of the user to check for :type permission: string :param username: Username of the user that we are checking the permission for :type username: string :param user: User that we are checking the permission for :type user: MemberData object :param obj: Object that we are checking the permission for :type obj: object :returns: True if user has the specified permission, False otherwise. :rtype: bool :raises: ValueError :Example: :ref:`user_has_permission_example` """ if not permission: ValueError if username and user: raise ValueError if not obj: raise ValueError portal_membership = getToolByName(portal.get(), "portal_membership") if username: user = portal_membership.getMemberById(username) if not user or user == portal_membership.getAuthenticatedMember(): return portal_membership.checkPermission(permission, obj) else: roles = rolesForPermissionOn(permission, obj) return user.allowed(obj, roles)
def _recipient_roles(self): roles = getToolByName(self.context, 'portal_properties').site_properties.sendToRecipientRoles roles = [r for r in roles if r in rolesForPermissionOn('View', self.context)] return roles