implement group membership automatics when assigning or deassigning a person to a workspace concept via ismaster or ismember predicate

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3893 fd906abe-77d9-0310-91a1-e0d9ade77398
2010-06-13 11:43:07 +00:00 · 2010-06-13 11:43:07 +00:00 · 010acc1eaf
commit 010acc1eaf
parent 39d147a97f
2 changed files with 56 additions and 1 deletions
--- a/security/common.py
+++ b/security/common.py
@ -35,6 +35,7 @@ from zope.lifecycleevent import IObjectCreatedEvent, IObjectModifiedEvent
 from zope.security import canAccess, canWrite
 from zope.security import checkPermission as baseCheckPermission
 from zope.security.management import getInteraction
+from zope.traversing.api import getName
 from zope.traversing.interfaces import IPhysicallyLocatable

 from loops.common import adapted
@ -173,7 +174,7 @@ def revokeAcquiredSecurity(obj, event):
    setter.setAcquiredSecurity(event.relation, revert=True)


-# helper stuff
+# workspace handling

 class WorkspaceInformation(Persistent):
    """ For storing security-related stuff pertaining to
@ -197,3 +198,54 @@ class WorkspaceInformation(Persistent):

    def getParent(self):
        return self.__parent__
+
+
+def getWorkspaceGroup(obj, predicate):
+    wsi = obj.workspaceInformation
+    if wsi is None:
+        return None
+    pn = getName(predicate)
+    if pn in wsi.allocationPredicateNames:
+        gn = wsi.workspaceGroupNames
+        if not isinstance(gn, dict):    # backwards compatibility
+            return None
+        groupName = gn.get(pn)
+        if groupName:
+            gfName = wsi.workspaceGroupsFolderName
+            if gfName:
+                from loops.organize.util import getGroupsFolder
+                gf = getGroupsFolder(wsi, gfName)
+                if gf is not None:
+                    return gf.get(groupName)
+    return None
+
+
+@component.adapter(ILoopsObject, IAssignmentEvent)
+def addGroupMembershipOnAssignment(obj, event):
+    group = getWorkspaceGroup(obj, event.relation.predicate)
+    if group is not None:
+        person = adapted(event.relation.second)
+        from loops.organize.interfaces import IPerson
+        if IPerson.providedBy(person):
+            userId = person.getUserId()
+            if userId:
+                members = list(group.principals)
+                if userId not in members:
+                    members.append(userId)
+                    group.principals = tuple(members)
+                #print '*** assign', group.__name__, userId, group.principals
+
+@component.adapter(ILoopsObject, IDeassignmentEvent)
+def removeGroupMembershipOnDeassignment(obj, event):
+    group = getWorkspaceGroup(obj, event.relation.predicate)
+    if group is not None:
+        person = adapted(event.relation.second)
+        from loops.organize.interfaces import IPerson
+        if IPerson.providedBy(person):
+            userId = person.getUserId()
+            if userId:
+                members = list(group.principals)
+                if userId in members:
+                    members.remove(userId)
+                    group.principals = tuple(members)
+                #print '*** remove', group.__name__, userId, group.principals
--- a/security/configure.zcml
+++ b/security/configure.zcml
@ -34,6 +34,9 @@
  <zope:subscriber handler="loops.security.common.grantAcquiredSecurity" />
  <zope:subscriber handler="loops.security.common.revokeAcquiredSecurity" />

+  <zope:subscriber handler="loops.security.common.addGroupMembershipOnAssignment" />
+  <zope:subscriber handler="loops.security.common.removeGroupMembershipOnDeassignment" />
+
  <browser:page
        for="zope.annotation.interfaces.IAnnotatable"
        name="permissions.html"