def clean_permissions(context, permission_id, setting=Allow):
"""Remove given permission for all principals"""
prinper = IPrincipalPermissionManager(context)
old = prinper.getPrincipalsForPermission(permission_id)
for x in old:
if x[1] == setting:
prinper.unsetPermissionForPrincipal(permission_id, x[0])
def add_view_permission(event):
obj = event.object
if not IAdHocContent.providedBy(obj):
return
if event.destination in (PUBLISHED, PROGRESS):
ppm = IPrincipalPermissionManager(obj)
ppm.grantPermissionToPrincipal('uvc.ViewContent', obj.principal.id)
def clean_permissions(context, permission_id, setting=Allow):
"""Remove given permission for all principals"""
prinper = IPrincipalPermissionManager(context)
old = prinper.getPrincipalsForPermission(permission_id)
for x in old:
if x[1] == setting:
prinper.unsetPermissionForPrincipal(permission_id, x[0])
def change_permissions(event):
if event.destination == Workflow.states.PUBLISHED:
try:
principal = uvcsite.utils.shorties.getPrincipal()
except zope.security.interfaces.NoInteraction:
return
else:
if not uvcsite.auth.interfaces.ICOUser.providedBy(principal):
return
prinper = IPrincipalPermissionManager(event.object)
roleper = IRolePermissionManager(event.object)
roleper.denyPermissionToRole(named(uvcsite.permissions.View),
named(uvcsite.permissions.Editor))
prinper.grantPermissionToPrincipal(named(uvcsite.permissions.View),
event.object.principal.id)
def deliver_some(how_many=1, note=None, grants=None, event='created'):
for _ in range(how_many):
tx = transaction.begin()
if note:
tx.note(note)
content = Folder()
if grants:
# Make sure we can use the default (annotatable)
# permission managers.
interface.alsoProvides(content, IAttributeAnnotatable)
prin_perm = IPrincipalPermissionManager(content)
for principal_id, perm_id in grants.items():
prin_perm.grantPermissionToPrincipal(perm_id, principal_id)
sender = getattr(lifecycleevent, event)
sender(content)
transaction.commit()
def __call__(self, data):
portal = self.context
site = getSite()
setSite(portal)
request = None
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
request = participation
break
if request is None:
request = TestRequest()
sm = portal.getSiteManager()
# setup default skin
skintool = sm.queryUtility(IConfiglet, 'ui.portalskin')
skintool.skin = u'zojax'
interface.directlyProvides(request, *skintool.generate())
# setup portlets
portlets = sm.queryMultiAdapter(
(portal, request, None), IPortletManager, 'columns.left')
portlets.status = ENABLED
portlets.__data__['portletIds'] = ('portlet.login', 'portlet.actions')
# set portal access to open
manager = IPrincipalPermissionManager(portal)
everyone = sm.queryUtility(IEveryoneGroup)
if everyone is not None:
manager.grantPermissionToPrincipal(
'zojax.AccessSite', everyone.id)
authenticated = sm.queryUtility(IAuthenticatedGroup)
if authenticated is not None:
manager.unsetPermissionForPrincipal(
'zojax.AccessSite', authenticated.id)
# install catalog
#sm.getUtility(IConfiglet, 'system.catalog').install()
setSite(site)
def authenticateCredentials(self, credentials):
if not isinstance(credentials, dict):
return None
if not ('login' in credentials and 'password' in credentials):
return None
# hardcoded admin account TODO Arghhh
if credentials['login'] != 'admin' or credentials[
'password'] != 'barcamp':
return None
# grant permission to the hardcoded admin
IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
'zope.ManageContent', 'admin')
IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
'afpy.barcamp.managemeetings', 'admin')
IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
'afpy.barcamp.editseance', 'admin')
IPrincipalPermissionManager(grok.getSite()).grantPermissionToPrincipal(
'afpy.barcamp.seances.list', 'admin')
return PrincipalInfo(id='admin',
title=_(u'admin'),
description=_(u'admin'))
def __call__(self, data):
auth = zope.component.getUtility(IAuthentication, context=self.context)
# Add a Admin to the administrators group
login = data['member.login']
admin = authentication.WebSiteMember(login, data['member.password'],
data['member.firstName'],
data['member.lastName'],
data['member.email'])
zope.event.notify(zope.lifecycleevent.ObjectCreatedEvent(admin))
auth['members'].add(admin)
adminGroup = auth['groups']['groups.Administrators']
adminGroup.setPrincipals(adminGroup.principals + (admin.__name__, ),
check=False)
# grant permissions to roles
role_manager = IRolePermissionManager(self.context)
role_manager.grantPermissionToRole(permissions.MANAGESITE,
roles.ADMINISTRATOR)
role_manager.grantPermissionToRole(permissions.MANAGECONTENT,
roles.ADMINISTRATOR)
role_manager.grantPermissionToRole(permissions.MANAGEUSERS,
roles.ADMINISTRATOR)
role_manager.grantPermissionToRole(permissions.VIEW,
roles.ADMINISTRATOR)
role_manager.grantPermissionToRole(permissions.MANAGECONTENT,
roles.MEMBER)
role_manager.grantPermissionToRole(permissions.VIEW, roles.MEMBER)
# grant VIEW to unauthenticated users.
prin_manager = IPrincipalPermissionManager(self.context)
unauth = zope.component.queryUtility(IUnauthenticatedGroup,
context=self.context)
if unauth is not None:
prin_manager.grantPermissionToPrincipal(permissions.VIEW,
unauth.id)
def create_user(self, site, sm, data,
site_roles=(), site_permissions=(),
prefix='bbru.principal.', folder_key=u'principals'):
auth = sm.getUtility(IAuthentication)
principalfolder = auth[folder_key]
key = data['login'] # convenient
principal = InternalPrincipal(
data['login'], data['password'],
data.get('title') or data['login'].title(),
data.get('description') or u'',
data.get('passwordManagerName') or 'SSHA')
if key not in principalfolder:
principalfolder[key] = principal
roles = IPrincipalRoleManager(site)
for role in site_roles:
roles.assignRoleToPrincipal(role, prefix + data['login'])
permissions = IPrincipalPermissionManager(site)
for permission in site_permissions:
permissions.grantPermissionToPrincipal(
permission, prefix + data['login'])
def traverse(self, name):
group = self.context[name]
principal_id = self.request.principal.id
uid = principal_id.split('.')[-1]
# grant permissions if user belongs to group
ppm = IPrincipalPermissionManager(grok.getApplication())
if uid in group.uids:
ppm.grantPermissionToPrincipal(u'gum.EditGroup', principal_id)
# grant permissions if the user is Admin
grant_info = IGrantInfo(grok.getApplication())
for role, perm in grant_info.getRolesForPrincipal(principal_id):
if role == u'gum.Admin' and perm == Allow:
ppm.grantPermissionToPrincipal(u'gum.EditGroup', principal_id)
return group
def traverse(self, name):
principal_id = self.request.principal.id
__name__ = principal_id.split('.')[-1]
if __name__ == self.context.__name__:
ppm = IPrincipalPermissionManager(grok.getApplication())
ppm.grantPermissionToPrincipal(u'gum.Edit', principal_id)
def authenticated(user):
''' Come here when a user has been authenticated via OAuth '''
user = user.object
print 'Authenticated user [%s]' % user.title
pm = IPrincipalPermissionManager(grok.getApplication())
pm.grantPermissionToPrincipal('builder.Authenticated', user.id)
def traverse(self, name):
principal_id = self.request.principal.id
__name__ = principal_id.split('.')[-1]
if __name__ == self.context.__name__:
ppm = IPrincipalPermissionManager(grok.getApplication())
ppm.grantPermissionToPrincipal(u'gum.Edit', principal_id)
def _default_security_setter(subscription):
prin_per = IPrincipalPermissionManager(subscription)
for perm_id in _DEFAULT_PERMISSIONS:
# pylint:disable=too-many-function-args
prin_per.grantPermissionToPrincipal(perm_id, subscription.owner_id)
def status(self):
setUpWidget(self, 'principal', self.principal_field, IInputWidget)
if not self.principal_widget.hasInput():
return u''
try:
principal = self.principal_widget.getInputValue()
except MissingInputError:
return u''
self.principal = principal
# Make sure we can use the principal id in a form by base64ing it
principal_token = unicode(principal).encode('base64').strip().replace(
'=', '_')
roles = [role for name, role in getUtilitiesFor(IRole)]
roles.sort(lambda x, y: cmp(x.title, y.title))
principal_roles = IPrincipalRoleManager(self.context)
self.roles = []
for role in roles:
name = principal_token + '.role.'+role.id
field = zope.schema.Choice(__name__= name,
title=role.title,
vocabulary=settings_vocabulary)
setUpWidget(self, name, field, IInputWidget,
principal_roles.getSetting(role.id, principal))
self.roles.append(getattr(self, name+'_widget'))
perms = [perm for name, perm in getUtilitiesFor(IPermission)]
perms.sort(lambda x, y: cmp(x.title, y.title))
principal_perms = IPrincipalPermissionManager(self.context)
self.permissions = []
for perm in perms:
if perm.id == 'zope.Public':
continue
name = principal_token + '.permission.'+perm.id
field = zope.schema.Choice(__name__=name,
title=perm.title,
vocabulary=settings_vocabulary)
setUpWidget(self, name, field, IInputWidget,
principal_perms.getSetting(perm.id, principal))
self.permissions.append(
getattr(self, name+'_widget'))
if 'GRANT_SUBMIT' not in self.request:
return u''
for role in roles:
name = principal_token + '.role.'+role.id
role_widget = getattr(self, name+'_widget')
if role_widget.hasInput():
try:
setting = role_widget.getInputValue()
except MissingInputError:
pass
else:
# Arrgh!
if setting is Allow:
principal_roles.assignRoleToPrincipal(
role.id, principal)
elif setting is Deny:
principal_roles.removeRoleFromPrincipal(
role.id, principal)
else:
principal_roles.unsetRoleForPrincipal(
role.id, principal)
for perm in perms:
if perm.id == 'zope.Public':
continue
name = principal_token + '.permission.'+perm.id
perm_widget = getattr(self, name+'_widget')
if perm_widget.hasInput():
try:
setting = perm_widget.getInputValue()
except MissingInputError:
pass
else:
# Arrgh!
if setting is Allow:
principal_perms.grantPermissionToPrincipal(
perm.id, principal)
elif setting is Deny:
principal_perms.denyPermissionToPrincipal(
perm.id, principal)
else:
principal_perms.unsetPermissionForPrincipal(
perm.id, principal)
return _('Grants updated.')
def update(self):
self.everyone = getUtility(IEveryoneGroup).id
self.authgroup = getUtility(IAuthenticatedGroup).id
manager = IPrincipalPermissionManager(removeSecurityProxy(self.context))
if 'site.access.save' in self.request:
val = self.request.get('site.access', None)
if val == 'open':
manager.grantPermissionToPrincipal(
'zojax.AccessSite', self.everyone)
manager.unsetPermissionForPrincipal(
'zojax.AccessSite', self.authgroup)
if val == 'private':
manager.grantPermissionToPrincipal(
'zojax.AccessSite', self.authgroup)
manager.unsetPermissionForPrincipal(
'zojax.AccessSite', self.everyone)
IStatusMessage(self.request).add(
_('Site access settings has been changed.'))
self.everyoneAllowed = manager.getSetting(
'zojax.AccessSite', self.everyone) is Allow
self.authgroupAllowed = manager.getSetting(
'zojax.AccessSite', self.authgroup) is Allow
def __call__(self, data):
portal = self.context
# create site manager
try:
sm = portal.getSiteManager()
except:
sm = None
if sm is None:
sm = LocalSiteManager(portal)
portal.setSiteManager(sm)
setSite(portal)
if 'system' not in sm:
system = SiteManagementFolder()
event.notify(ObjectCreatedEvent(system))
sm['system'] = system
else:
system = sm['system']
# IIntId utility
if 'ids' not in system:
ids = component.createObject('zope.app.intid.IntIds')
event.notify(ObjectCreatedEvent(ids))
system['ids'] = ids
else:
system['ids'].__init__()
ids = system['ids']
sm.registerUtility(system['ids'], IIntIds)
ids.register(portal)
# Principal Annotations
if 'principalannotations' not in system:
pa = component.createObject('zope.app.PrincipalAnnotationUtility')
event.notify(ObjectCreatedEvent(pa))
system['principalannotations'] = pa
sm.registerUtility(pa, IPrincipalAnnotationUtility)
# session data container
configlet = sm.getUtility(IConfiglet, 'system.session')
configlet.sessiontype = 'ram'
# set password
password = sm.getUtility(IConfiglet, 'principals.password')
password.passwordManager = 'MD5'
# set site timezone
fomratter = sm.getUtility(IConfiglet, 'system.formatter')
fomratter.timezone = u'UTC'
# set portal access to open
manager = IPrincipalPermissionManager(portal)
everyone = sm.queryUtility(IEveryoneGroup)
if everyone is not None:
manager.grantPermissionToPrincipal(
'zojax.AccessPortal', everyone.id)
authenticated = sm.queryUtility(IAuthenticatedGroup)
if authenticated is not None:
manager.unsetPermissionForPrincipal(
'zojax.AccessPortal', authenticated.id)
# setup default role
roles = sm.getUtility(IPortalRoles)
if 'site.member' not in roles:
role = PortalRole(title = u'Site Member')
event.notify(ObjectCreatedEvent(role))
roles['site.member'] = role
roleId = role.id
sm.getUtility(IDefaultPortalRole).roles = [role.id]
roleperm = IRolePermissionManager(portal)
for permId in ('zojax.PersonalContent', 'zojax.PersonalSpace',
'zojax.forum.addMessage', 'zojax.forum.addTopic',
'zojax.SubmitBlogPost', 'zojax.SubmitDocuments',
'zojax.forum.SubmitTopic', 'zojax.SubmitPhoto',
'zojax.contenttype.SubmitNewsItem',):
roleperm.grantPermissionToRole(permId, roleId)
# install catalog
sm.getUtility(IConfiglet, 'system.catalog').install()
# install workspaces
portal.workspaces = ('overview', 'people', 'news', 'documents')
event.notify(ObjectModifiedEvent(portal))
setSite(None)
