cco/loops
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

implement group membership automatics when assigning or deassigning a person to a workspace concept via ismaster or ismember predicate

Browse source 
git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3893 fd906abe-77d9-0310-91a1-e0d9ade77398
This commit is contained in:
helmutm 2010-06-13 11:43:07 +00:00
parent 39d147a97f
commit 010acc1eaf
2 changed files with 56 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
security/common.py
View file

@ -35,6 +35,7 @@ from zope.lifecycleevent import IObjectCreatedEvent, IObjectModifiedEvent
from zope.security import canAccess, canWrite from zope.security import canAccess, canWrite
from zope.security import checkPermission as baseCheckPermission from zope.security import checkPermission as baseCheckPermission
from zope.security.management import getInteraction from zope.security.management import getInteraction
from zope.traversing.api import getName
from zope.traversing.interfaces import IPhysicallyLocatable from zope.traversing.interfaces import IPhysicallyLocatable
from loops.common import adapted from loops.common import adapted
@ -173,7 +174,7 @@ def revokeAcquiredSecurity(obj, event):
setter.setAcquiredSecurity(event.relation, revert=True) setter.setAcquiredSecurity(event.relation, revert=True)
# helper stuff # workspace handling
class WorkspaceInformation(Persistent): class WorkspaceInformation(Persistent):
""" For storing security-related stuff pertaining to """ For storing security-related stuff pertaining to
@ -197,3 +198,54 @@ class WorkspaceInformation(Persistent):
def getParent(self): def getParent(self):
return self.__parent__ return self.__parent__
def getWorkspaceGroup(obj, predicate):
wsi = obj.workspaceInformation
if wsi is None:
return None
pn = getName(predicate)
if pn in wsi.allocationPredicateNames:
gn = wsi.workspaceGroupNames
if not isinstance(gn, dict): # backwards compatibility
return None
groupName = gn.get(pn)
if groupName:
gfName = wsi.workspaceGroupsFolderName
if gfName:
from loops.organize.util import getGroupsFolder
gf = getGroupsFolder(wsi, gfName)
if gf is not None:
return gf.get(groupName)
return None
@component.adapter(ILoopsObject, IAssignmentEvent)
def addGroupMembershipOnAssignment(obj, event):
group = getWorkspaceGroup(obj, event.relation.predicate)
if group is not None:
person = adapted(event.relation.second)
from loops.organize.interfaces import IPerson
if IPerson.providedBy(person):
userId = person.getUserId()
if userId:
members = list(group.principals)
if userId not in members:
members.append(userId)
group.principals = tuple(members)
#print '*** assign', group.__name__, userId, group.principals
@component.adapter(ILoopsObject, IDeassignmentEvent)
def removeGroupMembershipOnDeassignment(obj, event):
group = getWorkspaceGroup(obj, event.relation.predicate)
if group is not None:
person = adapted(event.relation.second)
from loops.organize.interfaces import IPerson
if IPerson.providedBy(person):
userId = person.getUserId()
if userId:
members = list(group.principals)
if userId in members:
members.remove(userId)
group.principals = tuple(members)
#print '*** remove', group.__name__, userId, group.principals

3
security/configure.zcml
View file

@ -34,6 +34,9 @@
<zope:subscriber handler="loops.security.common.grantAcquiredSecurity" /> <zope:subscriber handler="loops.security.common.grantAcquiredSecurity" />
<zope:subscriber handler="loops.security.common.revokeAcquiredSecurity" /> <zope:subscriber handler="loops.security.common.revokeAcquiredSecurity" />
<zope:subscriber handler="loops.security.common.addGroupMembershipOnAssignment" />
<zope:subscriber handler="loops.security.common.removeGroupMembershipOnDeassignment" />
<browser:page <browser:page
for="zope.annotation.interfaces.IAnnotatable" for="zope.annotation.interfaces.IAnnotatable"
name="permissions.html" name="permissions.html"