def cached_principals(self, parent, roles, permission, level): """Get the roles for a specific permission. Global + Local + Code """ cache = self.cache(parent) try: cache_principals = cache.principals except AttributeError: cache_principals = cache.principals = {} try: return cache_principals[permission] except KeyError: pass if parent is None: principals = dict([ (role, 1) for (role, setting) in code_principals_for_permission(permission) if setting is Allow ]) cache_principals[permission] = principals return principals principals = self.cached_principals( getattr(parent, '__parent__', None), roles, permission, 'p') prinperm = IPrincipalPermissionMap(parent, None) if prinperm: principals = principals.copy() for principal, setting in prinperm.get_principals_for_permission( permission): if setting is Allow: principals[principal] = 1 elif setting is AllowSingle and level == 'o': principals[principal] = 1 elif setting is Deny and principal in principals: del principals[principal] prinrole = IPrincipalRoleMap(parent, None) if prinrole: for role in roles: for principal, setting in prinrole.get_principals_for_role( role): if setting is Allow: principals[principal] = 1 elif setting is AllowSingle and level == 'o': principals[principal] = 1 elif setting is Deny and principal in principals: del principals[principal] if level != 'o': # Only cache on non 1rst level queries needs new way cache_principals[permission] = principals return principals
def cached_principals(parent: IBaseObject, roles: typing.List[str], permission: str, level: str) -> typing.Dict[str, int]: """Get the roles for a specific permission. Global + Local + Code """ try: cache = parent.__volatile__.setdefault('security_cache', {}) except AttributeError: cache = {} try: cache_principals = cache['principals'] except KeyError: cache_principals = cache['principals'] = {} try: return cache_principals[permission + level] except KeyError: pass if parent is None: principals = dict([ (role, 1) for (role, setting) in code_principals_for_permission(permission) if setting is Allow ]) cache_principals[permission + level] = principals return principals principals = cached_principals(getattr(parent, '__parent__', None), roles, permission, 'p') prinperm = IPrincipalPermissionMap(parent, None) if prinperm: principals = principals.copy() for principal, setting in prinperm.get_principals_for_permission( permission): if setting is Allow: principals[principal] = 1 elif setting is AllowSingle and level == 'o': principals[principal] = 1 elif setting is Deny and principal in principals: del principals[principal] prinrole = IPrincipalRoleMap(parent, None) if prinrole: for role in roles: for principal, setting in prinrole.get_principals_for_role(role): if setting is Allow: principals[principal] = 1 elif setting is AllowSingle and level == 'o': principals[principal] = 1 elif setting is Deny and principal in principals: del principals[principal] cache_principals[permission + level] = principals return principals
def cached_principals(self, parent, roles, permission, level): """Get the roles for a specific permission. Global + Local + Code """ cache = self.cache(parent) try: cache_principals = cache.principals except AttributeError: cache_principals = cache.principals = {} try: return cache_principals[permission] except KeyError: pass if parent is None: principals = dict( [(role, 1) for (role, setting) in code_principals_for_permission(permission) if setting is Allow]) cache_principals[permission] = principals return principals principals = self.cached_principals( getattr(parent, '__parent__', None), roles, permission, 'p') prinperm = IPrincipalPermissionMap(parent, None) if prinperm: principals = principals.copy() for principal, setting in prinperm.get_principals_for_permission(permission): if setting is Allow: principals[principal] = 1 elif setting is AllowSingle and level == 'o': principals[principal] = 1 elif setting is Deny and principal in principals: del principals[principal] prinrole = IPrincipalRoleMap(parent, None) if prinrole: for role in roles: for principal, setting in prinrole.get_principals_for_role(role): if setting is Allow: principals[principal] = 1 elif setting is AllowSingle and level == 'o': principals[principal] = 1 elif setting is Deny and principal in principals: del principals[principal] if level != 'o': # Only cache on non 1rst level queries needs new way cache_principals[permission] = principals return principals