From 5592ffb73459b84f01bf6e6e23166ef4c7350e5f Mon Sep 17 00:00:00 2001
From: Helmut Merz <helmutm@cy55.de>
Date: Thu, 10 Jan 2013 13:36:07 +0100
Subject: [PATCH] set state-based security as part of default security settings

---
 security/setter.py | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/security/setter.py b/security/setter.py
index f0bec54..62e0ed4 100644
--- a/security/setter.py
+++ b/security/setter.py
@@ -31,7 +31,10 @@ from zope.cachedescriptors.property import Lazy
 from zope.interface import implements, Interface
 from zope.security.proxy import isinstance
 
+from cybertools.meta.interfaces import IOptions
+from cybertools.stateful.interfaces import IStateful
 from loops.common import adapted, AdapterBase, baseObject
+from loops.config.base import DummyOptions
 from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter
 from loops.organize.util import getPrincipalFolder, getGroupsFolder, getGroupId
 from loops.security.common import overrides, setRolePermission, setPrincipalRole
@@ -56,6 +59,17 @@ class BaseSecuritySetter(object):
     def conceptManager(self):
         return self.baseObject.getLoopsRoot().getConceptManager()
 
+    @Lazy
+    def typeOptions(self):
+        type = self.baseObject.getType()
+        if type is None:
+            return DummyOptions()
+        return IOptions(adapted(type), DummyOptions())
+
+    @Lazy
+    def globalOptions(self):
+        return IOptions(self.baseObject.getLoopsRoot())
+
     @Lazy
     def acquiringPredicates(self):
         return [self.conceptManager.get(n) for n in acquiringPredicateNames]
@@ -106,6 +120,14 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
         rpm = self.rolePermissionManager
         for p, r, s in rpm.getRolesAndPermissions():
             setRolePermission(rpm, p, r, Unset)
+        self.setStateSecurity()
+
+    def setStateSecurity(self):
+        statesDefs = (self.globalOptions('organize.stateful.concept', []) +
+                      (self.typeOptions('organize.stateful') or []))
+        for std in statesDefs:
+            stf = component.getAdapter(self.baseObject, IStateful, name=std)
+            stf.getStateObject().setSecurity(stf)
 
     def acquireRolePermissions(self):
         settings = {}
@@ -186,6 +208,12 @@ class ResourceSecuritySetter(LoopsObjectSecuritySetter):
     def parents(self):
         return self.baseObject.getConcepts(self.acquiringPredicates)
 
+    def setStateSecurity(self):
+        statesDefs = (self.globalOptions('organize.stateful.resource', []))
+        for std in statesDefs:
+            stf = component.getAdapter(self.target, IStateful, name=std)
+            stf.getStateObject().setSecurity(self.context)
+
     def setRolePermissions(self, settings):
         vSetters = [self]
         vr = IVersionable(baseObject(self.context))