cco/loops
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

revert some changes; provide optional logging of acquired security settings

Browse source
This commit is contained in:
Helmut Merz 2015-04-18 15:40:43 +02:00
parent 8d66ee3830
commit 2c548a3df6
1 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
security/setter.py
View file

@ -21,6 +21,7 @@ Base classes for security setters, i.e. adapters that provide standardized
methods for setting role permissions and other security-related stuff. methods for setting role permissions and other security-related stuff.
""" """
from logging import getLogger
from zope.app.security.settings import Allow, Deny, Unset from zope.app.security.settings import Allow, Deny, Unset
from zope.app.securitypolicy.interfaces import \ from zope.app.securitypolicy.interfaces import \
IRolePermissionMap, IRolePermissionManager, \ IRolePermissionMap, IRolePermissionManager, \
@ -43,6 +44,8 @@ from loops.security.common import getOption
from loops.security.interfaces import ISecuritySetter from loops.security.interfaces import ISecuritySetter
from loops.versioning.interfaces import IVersionable from loops.versioning.interfaces import IVersionable
logger = getLogger('loops.security')
class BaseSecuritySetter(object): class BaseSecuritySetter(object):
@ -142,16 +145,16 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
def acquireRolePermissions(self): def acquireRolePermissions(self):
settings = {} settings = {}
rpm = self.rolePermissionManager #rpm = IRolePermissionMap(self.baseObject)
for p, r, s in rpm.getRolesAndPermissions(): #for p, r, s in rpm.getRolesAndPermissions():
settings[(p, r)] = s # settings[(p, r)] = s
for p in self.parents: for parent in self.parents:
if p == self.baseObject: if parent == self.baseObject:
continue continue
if getOption(p, 'security.no_propagate', checkType=False): if getOption(parent, 'security.no_propagate', checkType=False):
continue continue
secProvider = p secProvider = parent
wi = p.workspaceInformation wi = parent.workspaceInformation
if wi: if wi:
if wi.propagateRolePermissions == 'none': if wi.propagateRolePermissions == 'none':
continue continue
@ -161,6 +164,10 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
for p, r, s in rpm.getRolesAndPermissions(): for p, r, s in rpm.getRolesAndPermissions():
current = settings.get((p, r)) current = settings.get((p, r))
if current is None or overrides(s, current): if current is None or overrides(s, current):
if self.globalOptions('security.log_acquired_setting'):
logger.info('*** %s: %s, %s: current %s; new from %s: %s' %
(self.baseObject.__name__, p, r, current,
parent.__name__, s))
settings[(p, r)] = s settings[(p, r)] = s
self.setDefaultRolePermissions() self.setDefaultRolePermissions()
self.setRolePermissions(settings) self.setRolePermissions(settings)