From 68c5dbbc0866702a951d206a8eb8b482702562e4 Mon Sep 17 00:00:00 2001
From: helmutm <helmutm@fd906abe-77d9-0310-91a1-e0d9ade77398>
Date: Sun, 15 Nov 2009 10:29:36 +0000
Subject: [PATCH] improvements and fixes for automatic setting of role
 permissions

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3628 fd906abe-77d9-0310-91a1-e0d9ade77398
---
 browser/common.py     |  3 +++
 compound/blog/post.py |  2 +-
 config/base.py        |  7 ++++++-
 config/configure.zcml |  5 +++++
 security/setter.py    | 25 ++++++++++++++++---------
 5 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/browser/common.py b/browser/common.py
index ec4fb41..ace43b9 100644
--- a/browser/common.py
+++ b/browser/common.py
@@ -416,6 +416,9 @@ class BaseView(GenericView, I18NView):
     def typeOptions(self):
         return IOptions(adapted(self.typeProvider))
 
+    def getPredicateOptions(self, relation):
+        return IOptions(adapted(relation.predicate), None) or DummyOptions()
+
     # versioning
 
     @Lazy
diff --git a/compound/blog/post.py b/compound/blog/post.py
index a62cf9a..b43e956 100644
--- a/compound/blog/post.py
+++ b/compound/blog/post.py
@@ -82,8 +82,8 @@ class BlogPost(Compound):
             res = addAndConfigureObject(self.resourceManager, Resource, name,
                     title=self.title, contentType=self.defaultTextContentType,
                     resourceType=tTextDocument)
+            #notify(ObjectCreatedEvent(res))
             self.add(res, position=0)
-            notify(ObjectCreatedEvent(res))
             res = adapted(res)
         res.data = value
         notify(ObjectModifiedEvent(res.context))
diff --git a/config/base.py b/config/base.py
index 56081c2..7d8c0f8 100644
--- a/config/base.py
+++ b/config/base.py
@@ -33,7 +33,7 @@ from cybertools.meta.config import GlobalOptions as BaseGlobalOptions
 from cybertools.meta.interfaces import IOptions
 from cybertools.meta.namespace import Executor, ExecutionError
 from cybertools.typology.interfaces import IType
-from loops.interfaces import ILoops, ILoopsObject, ITypeConcept
+from loops.interfaces import ILoops, ILoopsObject, ITypeConcept, IPredicate
 #from loops.query import IQueryConcept
 from loops.expert.concept import IQueryConcept
 from loops import util
@@ -101,6 +101,11 @@ class QueryOptions(LoopsOptions):
     adapts(IQueryConcept)
 
 
+class PredicateOptions(LoopsOptions):
+
+    adapts(IPredicate)
+
+
 class DummyOptions(Options):
 
     def __getitem__(self, key):
diff --git a/config/configure.zcml b/config/configure.zcml
index c8f975b..0a2bfe3 100644
--- a/config/configure.zcml
+++ b/config/configure.zcml
@@ -22,6 +22,11 @@
     <allow interface="cybertools.meta.interfaces.IOptions" />
   </zope:class>
 
+  <zope:adapter factory="loops.config.base.PredicateOptions" trusted="True" />
+  <zope:class class="loops.config.base.PredicateOptions">
+    <allow interface="cybertools.meta.interfaces.IOptions" />
+  </zope:class>
+
   <!-- backward compatibility -->
   <zope:adapter factory="loops.config.base.QueryOptions" trusted="True"
                 for="loops.query.IQueryConcept" />
diff --git a/security/setter.py b/security/setter.py
index d785fde..9a38ab2 100644
--- a/security/setter.py
+++ b/security/setter.py
@@ -70,6 +70,8 @@ class BaseSecuritySetter(object):
 
 class LoopsObjectSecuritySetter(BaseSecuritySetter):
 
+    parents = []
+
     @Lazy
     def baseObject(self):
         obj = self.context
@@ -77,13 +79,19 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
             obj = obj.context
         return obj
 
+    @Lazy
+    def rolePermissionManager(self):
+        return IRolePermissionManager(self.baseObject)
+
+    def setDefaultRolePermissions(self):
+        rpm = self.rolePermissionManager
+        for p, r, s in rpm.getRolesAndPermissions():
+            setRolePermission(rpm, p, r, Unset)
+
     def acquireRolePermissions(self):
-        obj = self.baseObject
-        if isinstance(obj, AdapterBase):
-            obj = obj.context
         settings = {}
         for p in self.parents:
-            if p == obj:
+            if p == self.baseObject:
                 continue
             secProvider = p
             wi = p.workspaceInformation
@@ -97,12 +105,9 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
                 current = settings.get((p, r))
                 if current is None or overrides(s, current):
                     settings[(p, r)] = s
-        rpm = IRolePermissionManager(obj)
-        for p, r, s in rpm.getRolesAndPermissions():
-            # clear previous settings
-            setRolePermission(rpm, p, r, Unset)
+        self.setDefaultRolePermissions()
         for (p, r), s in settings.items():
-            setRolePermission(rpm, p, r, s)
+            setRolePermission(self.rolePermissionManager, p, r, s)
 
 
 class ConceptSecuritySetter(LoopsObjectSecuritySetter):
@@ -127,6 +132,8 @@ class ConceptSecuritySetter(LoopsObjectSecuritySetter):
         updated.add(obj)
         for r in obj.getChildRelations():
             self.setAcquiredRolePermissions(r, updated=updated)
+        for r in obj.getResourceRelations():
+            self.setAcquiredRolePermissions(r, updated=updated)
 
     def propagatePrincipalRoles(self, updated=None):
         pass