async def sharing_get(context, request): roleperm = IRolePermissionMap(context) prinperm = IPrincipalPermissionMap(context) prinrole = IPrincipalRoleMap(context) result = { 'local': {}, 'inherit': [] } result['local']['roleperm'] = roleperm._bycol result['local']['prinperm'] = prinperm._bycol result['local']['prinrole'] = prinrole._bycol for obj in iter_parents(context): roleperm = IRolePermissionMap(obj, None) url_factory = query_multi_adapter((obj, request), IAbsoluteURL) if roleperm is not None and url_factory is not None: prinperm = IPrincipalPermissionMap(obj) prinrole = IPrincipalRoleMap(obj) result['inherit'].append({ '@id': url_factory(), 'roleperm': roleperm._bycol, 'prinperm': prinperm._bycol, 'prinrole': prinrole._bycol, }) await notify(ObjectPermissionsViewEvent(context)) return result
def settings_for_object(ob): """Analysis tool to show all of the grants to a process """ result = [] while ob is not None: data = {} result.append({getattr(ob, '__name__', None) or '(no name)': data}) principal_permissions = IPrincipalPermissionMap(ob, None) if principal_permissions is not None: settings = principal_permissions.get_principals_and_permissions() settings.sort() data['prinperm'] = [ {'principal': pr, 'permission': p, 'setting': s} for (p, pr, s) in settings] principal_roles = IPrincipalRoleMap(ob, None) if principal_roles is not None: settings = principal_roles.get_principals_and_roles() data['prinrole'] = [ {'principal': p, 'role': r, 'setting': s} for (r, p, s) in settings] role_permissions = IRolePermissionMap(ob, None) if role_permissions is not None: settings = role_permissions.get_roles_and_permissions() data['roleperm'] = [ {'permission': p, 'role': r, 'setting': s} for (p, r, s) in settings] ob = getattr(ob, '__parent__', None) data = {} result.append({'system': data}) settings = principal_permission_manager.get_principals_and_permissions() settings.sort() data['prinperm'] = [ {'principal': pr, 'permission': p, 'setting': s} for (p, pr, s) in settings] settings = principal_role_manager.get_principals_and_roles() data['prinrole'] = [ {'principal': p, 'role': r, 'setting': s} for (r, p, s) in settings] settings = role_permission_manager.get_roles_and_permissions() data['roleperm'] = [ {'permission': p, 'role': r, 'setting': s} for (p, r, s) in settings] return result
def cached_roles(parent: IBaseObject, permission: str, level: str) -> typing.Dict[str, int]: """ Get the roles for a specific permission. Global + Local + Code """ try: cache = parent.__volatile__.setdefault('security_cache', {}) except AttributeError: cache = {} try: cache_roles = cache['roles'] except KeyError: cache_roles = cache['roles'] = {} try: return cache_roles[permission + level] except KeyError: pass if parent is None: roles = dict([(role, 1) for (role, setting) in code_roles_for_permission(permission) if setting is Allow]) cache_roles[permission + level] = roles return roles perminhe = IInheritPermissionMap(parent, None) if perminhe is None or perminhe.get_inheritance(permission) is Allow: roles = cached_roles(getattr(parent, '__parent__', None), permission, 'p') else: # We don't apply global permissions also # Its dangerous as may lead to an object who nobody can see roles = dict() roleper = IRolePermissionMap(parent, None) if roleper: roles = roles.copy() for role, setting in roleper.get_roles_for_permission(permission): if setting is Allow: roles[role] = 1 elif setting is AllowSingle and level == 'o': roles[role] = 1 elif setting is Deny and role in roles: del roles[role] cache_roles[permission + level] = roles return roles
def cached_roles(self, parent, permission, level): """Get the roles for a specific permission. Global + Local + Code """ cache = self.cache(parent) try: cache_roles = cache.roles except AttributeError: cache_roles = cache.roles = {} try: return cache_roles[permission] except KeyError: pass if parent is None: roles = dict([ (role, 1) for (role, setting) in code_roles_for_permission(permission) if setting is Allow ]) cache_roles[permission] = roles return roles perminhe = IInheritPermissionMap(parent, None) if perminhe is None or perminhe.get_inheritance(permission) is Allow: roles = self.cached_roles(getattr(parent, '__parent__', None), permission, 'p') else: # We don't apply global permissions also # Its dangerous as may lead to an object who nobody can see roles = dict() roleper = IRolePermissionMap(parent, None) if roleper: roles = roles.copy() for role, setting in roleper.get_roles_for_permission(permission): if setting is Allow: roles[role] = 1 elif setting is AllowSingle and level == 'o': roles[role] = 1 elif setting is Deny and role in roles: del roles[role] if level != 'o': # Only cache on non 1rst level queries needs new way cache_roles[permission] = roles return roles
def cached_roles(self, parent, permission, level): """Get the roles for a specific permission. Global + Local + Code """ cache = self.cache(parent) try: cache_roles = cache.roles except AttributeError: cache_roles = cache.roles = {} try: return cache_roles[permission] except KeyError: pass if parent is None: roles = dict( [(role, 1) for (role, setting) in code_roles_for_permission(permission) if setting is Allow]) cache_roles[permission] = roles return roles perminhe = IInheritPermissionMap(parent, None) if perminhe is None or perminhe.get_inheritance(permission) is Allow: roles = self.cached_roles( getattr(parent, '__parent__', None), permission, 'p') else: # We don't apply global permissions also # Its dangerous as may lead to an object who nobody can see roles = dict() roleper = IRolePermissionMap(parent, None) if roleper: roles = roles.copy() for role, setting in roleper.get_roles_for_permission(permission): if setting is Allow: roles[role] = 1 elif setting is AllowSingle and level == 'o': roles[role] = 1 elif setting is Deny and role in roles: del roles[role] if level != 'o': # Only cache on non 1rst level queries needs new way cache_roles[permission] = roles return roles
def cached_roles(self, parent, permission, level): """Get the roles for a specific permission. Global + Local + Code """ cache = self.cache(parent) try: cache_roles = cache.roles except AttributeError: cache_roles = cache.roles = {} try: return cache_roles[permission] except KeyError: pass if parent is None: roles = dict([ (role, 1) for (role, setting) in code_roles_for_permission(permission) if setting is Allow ]) cache_roles[permission] = roles return roles roles = self.cached_roles(getattr(parent, '__parent__', None), permission, 'p') roleper = IRolePermissionMap(parent, None) if roleper: roles = roles.copy() for role, setting in roleper.get_roles_for_permission(permission): if setting is Allow: roles[role] = 1 elif setting is AllowSingle and level == 'o': roles[role] = 1 elif setting is Deny and role in roles: del roles[role] if level != 'o': # Only cache on non 1rst level queries needs new way cache_roles[permission] = roles return roles
async def sharing_get(context, request): roleperm = IRolePermissionMap(context) prinperm = IPrincipalPermissionMap(context) prinrole = IPrincipalRoleMap(context) result = {"local": {}, "inherit": []} result["local"]["roleperm"] = roleperm._bycol result["local"]["prinperm"] = prinperm._bycol result["local"]["prinrole"] = prinrole._bycol for obj in iter_parents(context): roleperm = IRolePermissionMap(obj, None) url = get_object_url(obj, request) if roleperm is not None and url is not None: prinperm = IPrincipalPermissionMap(obj) prinrole = IPrincipalRoleMap(obj) result["inherit"].append({ "@id": url, "roleperm": roleperm._bycol, "prinperm": prinperm._bycol, "prinrole": prinrole._bycol, }) await notify(ObjectPermissionsViewEvent(context)) return result
def settings_for_object(ob): """Analysis tool to show all of the grants to a process """ result = [] locked_permissions = [] while ob is not None: data = {} result.append({getattr(ob, "__name__", None) or "(no name)": data}) principal_permissions = IPrincipalPermissionMap(ob, None) if principal_permissions is not None: settings = principal_permissions.get_principals_and_permissions() settings.sort() data["prinperm"] = [{ "principal": pr, "permission": p, "setting": s } for (p, pr, s) in settings] principal_roles = IPrincipalRoleMap(ob, None) if principal_roles is not None: settings = principal_roles.get_principals_and_roles() data["prinrole"] = [{ "principal": p, "role": r, "setting": s } for (r, p, s) in settings] role_permissions = IRolePermissionMap(ob, None) if role_permissions is not None: settings = role_permissions.get_roles_and_permissions() data["roleperm"] = [{ "permission": p, "role": r, "setting": s } for (p, r, s) in settings if p not in locked_permissions] inherit_permissions = IInheritPermissionMap(ob) if inherit_permissions is not None: settings = inherit_permissions.get_locked_permissions() data["perminhe"] = [] for (p, s) in settings: if s is Deny: locked_permissions.append(p) data["perminhe"].append({"permission": p, "setting": s}) ob = getattr(ob, "__parent__", None) data = {} result.append({"system": data}) settings = principal_permission_manager.get_principals_and_permissions() settings.sort() data["prinperm"] = [{ "principal": pr, "permission": p, "setting": s } for (p, pr, s) in settings] settings = principal_role_manager.get_principals_and_roles() data["prinrole"] = [{ "principal": p, "role": r, "setting": s } for (r, p, s) in settings] settings = role_permission_manager.get_roles_and_permissions() data["roleperm"] = [{ "permission": p, "role": r, "setting": s } for (p, r, s) in settings if p not in locked_permissions] return result
def settings_for_object(ob): """Analysis tool to show all of the grants to a process """ result = [] locked_permissions = [] while ob is not None: data = {} result.append({getattr(ob, '__name__', None) or '(no name)': data}) principal_permissions = IPrincipalPermissionMap(ob, None) if principal_permissions is not None: settings = principal_permissions.get_principals_and_permissions() settings.sort() data['prinperm'] = [ {'principal': pr, 'permission': p, 'setting': s} for (p, pr, s) in settings] principal_roles = IPrincipalRoleMap(ob, None) if principal_roles is not None: settings = principal_roles.get_principals_and_roles() data['prinrole'] = [ {'principal': p, 'role': r, 'setting': s} for (r, p, s) in settings] role_permissions = IRolePermissionMap(ob, None) if role_permissions is not None: settings = role_permissions.get_roles_and_permissions() data['roleperm'] = [ {'permission': p, 'role': r, 'setting': s} for (p, r, s) in settings if p not in locked_permissions] inherit_permissions = IInheritPermissionMap(ob) if inherit_permissions is not None: settings = inherit_permissions.get_locked_permissions() data['perminhe'] = [] for (p, s) in settings: if s is Deny: locked_permissions.append(p) data['perminhe'].append({'permission': p, 'setting': s}) ob = getattr(ob, '__parent__', None) data = {} result.append({'system': data}) settings = principal_permission_manager.get_principals_and_permissions() settings.sort() data['prinperm'] = [ {'principal': pr, 'permission': p, 'setting': s} for (p, pr, s) in settings] settings = principal_role_manager.get_principals_and_roles() data['prinrole'] = [ {'principal': p, 'role': r, 'setting': s} for (r, p, s) in settings] settings = role_permission_manager.get_roles_and_permissions() data['roleperm'] = [ {'permission': p, 'role': r, 'setting': s} for (p, r, s) in settings if p not in locked_permissions] return result