def query_iterator(query, parent, permission=None):
"""Generator of the items in a query.
If a permission is specified, then checkPermission() is called.
Note that -- in some cases -- NOT calling checkPermission() on an item
has resulted in SQLAlchemy-related data errors downstream.
"""
for item in query:
item.__parent__ = parent
if (permission is None
or checkPermission(permission, proxy.ProxyFactory(item))):
yield item
def apply_security(ti):
domain_model, descriptor_model = ti.domain_model, ti.descriptor_model
type_key = naming.polymorphic_identity(domain_model)
log.debug("APPLY SECURITY: %s %s", type_key, domain_model)
# first, "inherit" security settings of super classes i.e. equivalent of
# something like <require like_class=".domain.Doc" />
for c in domain_model.__bases__:
if c is object:
continue
log.debug(" LIKE_CLASS: %s", c)
protectLikeUnto(domain_model, c)
# !+DECL permissions here--for CUSTOM types only, and SINCE r9946--override
# what is defined in domain.zcml, as opposed to vice-versa (probably
# because CUSTOM types are setup at a later stage).
# So (for CUSTOM types only?) we use the parametrized
# bungeni.{type_key}.{Mode} as the view/edit permission:
pv_type = "zope.Public" # view permission, for type
pe_type = "zope.Public" # edit permission, for type
if descriptor_model.scope == "custom":
pv_type = "bungeni.%s.View" % (type_key)
pe_type = "bungeni.%s.Edit" % (type_key)
# !+SCHEMA_FIELDS(mr, oct-2012) all this seems superfluous anyway, as is
# (always?) overwritten further down? Switch to base loop on superset of
# names (dir(cls)?) and then decide ONCE on various criteria how to
# protect the name.
_view_protected = set() # remember names protected for view
_edit_protected = set() # remember names protected for edit
# sorted (for clearer logging) list of attr names that are BOTH defined
# by the db mapped-table schema AND have a dedicated UI Field.
dts_attrs = [ n for n in ti.derived_table_schema.names(all=True) ]
df_attrs = [ f.get("name") for f in descriptor_model.fields ]
attrs = sorted(set(dts_attrs).union(set(df_attrs)))
log.debug(" DTS+Fields: %s, %s",
ti.derived_table_schema.__name__, descriptor_model.__name__)
for n in attrs:
# !+DECL special cases, do not override domain.zcml...
if n in ("response_text",):
continue
_view_protected.add(n); _edit_protected.add(n)
pv = pv_type
pe = pe_type
model_field = descriptor_model.get(n)
if model_field:
if descriptor_model.scope != "custom":
# !+DECL proceed as before for now
pv = model_field.view_permission # always "zope.Public"
pe = model_field.edit_permission # always "zope.ManageContent"
# !+DECL parametrize all permissions by type AND mode, ensure to grant
# to appropriate roles. What about non-workflows or non-catalyzed types?
protectName(domain_model, n, pv)
protectSetAttribute(domain_model, n, pe)
DTS = n in dts_attrs and "dts" or " "
DF = n in df_attrs and "df" or " "
log.debug(" %s %s [%s] view:%s edit:%s %x",
DTS, DF, n, pv, pe, id(model_field))
if n not in domain_model.__dict__:
log.debug(" ---- [%s] !+SCHEMA_FIELDS not in %s.__dict__",
n, domain_model)
# container attributes (never a UI Field for these)
log.debug(" __dict__: %s" % (domain_model))
for k in sorted(domain_model.__dict__.keys()):
# !+ if IManagedContainer.providedBy(v): ?
v = domain_model.__dict__[k]
if isinstance(v, ManagedContainerDescriptor):
if k in _view_protected:
log.debug(" ---- %s RESETTING...", k)
_view_protected.add(k)
log.debug(" managed %s view:%s" % (k, "zope.Public"))
elif isinstance(v, orm.attributes.InstrumentedAttribute):
if k in _view_protected:
log.debug(" ---- %s RESETTING...", k)
_view_protected.add(k)
log.debug(" instrumented [%s] view:%s", k, "zope.Public")
else:
log.debug(" ---- [%s] !+SCHEMA_FIELD IN __dict__ but NOT "
"instrumented OR managed", k)
continue
if k not in attrs:
log.debug(" ---- [%s] !+SCHEMA_FIELDS not in attrs", k)
protectName(domain_model, k, "zope.Public") #!+pv_type
# Dump permission_id required to getattr/setattr for "custom" types.
# We only dump the security settings for "custom" types as it only these
# are processed AFTER that domain.zcml has been executed (for other types,
# loaded earlier during app startup, it is the settings in domain.zcml
# (executed later during app startup) that ends up applying.
if descriptor_model.scope == "custom":
from zope.security import proxy, checker
dmc = checker.getChecker(proxy.ProxyFactory(domain_model()))
log.debug(" checker: %s", dmc)
for n in sorted(_view_protected.union(["response_text"])):
g = dmc.get_permissions.get(n)
s = dmc.set_permissions.get(n) #dmc.setattr_permission_id(n)
log.debug(" [%s] get:%s set:%s",
n, getattr(g, "__name__", g), s)