diff --git a/security/common.py b/security/common.py index 6d5c55e..31ac6f2 100644 --- a/security/common.py +++ b/security/common.py @@ -190,8 +190,8 @@ class WorkspaceInformation(Persistent): #propagateRolePermissions = 'object' # or 'none' propagateRolePermissions = 'workspace' - #propagateParentSecurity = True # False - propagateParentSecurity = False + propagateParentSecurity = True # False + #propagateParentSecurity = False allocationPredicateNames = allocationPredicateNames workspaceGroupsFolderName = workspaceGroupsFolderName diff --git a/security/setter.py b/security/setter.py index 2992f88..5c9e0c0 100644 --- a/security/setter.py +++ b/security/setter.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2009 Helmut Merz helmutm@cy55.de +# Copyright (c) 2011 Helmut Merz helmutm@cy55.de # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -34,11 +34,12 @@ from zope.interface import implements, Interface from zope.security.proxy import isinstance from loops.common import adapted, AdapterBase, baseObject +from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter from loops.organize.util import getPrincipalFolder, getGroupsFolder, getGroupId from loops.security.common import overrides, setRolePermission, setPrincipalRole from loops.security.common import acquiringPredicateNames -from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter from loops.security.interfaces import ISecuritySetter +from loops.versioning.interfaces import IVersionable class BaseSecuritySetter(object): @@ -126,6 +127,9 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter): if current is None or overrides(s, current): settings[(p, r)] = s self.setDefaultRolePermissions() + self.setRolePermissions(settings) + + def setRolePermissions(self, settings): for (p, r), s in settings.items(): setRolePermission(self.rolePermissionManager, p, r, s) @@ -182,3 +186,28 @@ class ResourceSecuritySetter(LoopsObjectSecuritySetter): def parents(self): return self.baseObject.getConcepts(self.acquiringPredicates) + def setRolePermissions(self, settings): + vSetters = [self] + vr = IVersionable(baseObject(self.context)) + versions = list(vr.versions.values()) + if versions: + vSetters = [ISecuritySetter(adapted(v)) for v in versions] + for v in vSetters: + for (p, r), s in settings.items(): + setRolePermission(v.rolePermissionManager, p, r, s) + + def copyPrincipalRoles(self, source, revert=False): + vSetters = [self] + vr = IVersionable(baseObject(self.context)) + versions = list(vr.versions.values()) + if versions: + vSetters = [ISecuritySetter(adapted(v)) for v in versions] + prm = IPrincipalRoleMap(baseObject(source.context)) + for r, p, s in prm.getPrincipalsAndRoles(): + if p in self.workspacePrincipals: + for v in vSetters: + if revert: + setPrincipalRole(v.principalRoleManager, r, p, Unset) + else: + setPrincipalRole(v.principalRoleManager, r, p, s) + diff --git a/tests/setup.py b/tests/setup.py index 50e6e1c..22a39a4 100644 --- a/tests/setup.py +++ b/tests/setup.py @@ -78,6 +78,7 @@ from loops.security.setter import BaseSecuritySetter from loops.security.setter import ConceptSecuritySetter, ResourceSecuritySetter from loops.setup import SetupManager, addObject from loops.type import LoopsType, ConceptType, ResourceType, TypeConcept +from loops.versioning.versionable import VersionableResource from loops.view import Node, NodeAdapter #from loops.wiki.link import LoopsLinkProcessor from loops.wiki.setup import SetupManager as WikiSetupManager @@ -143,6 +144,7 @@ class TestSite(object): component.provideAdapter(QueryOptions) component.provideAdapter(TypeOptions) component.provideUtility(GlobalOptions()) + component.provideAdapter(VersionableResource) component.provideAdapter(Instance) component.provideAdapter(Editor, name='editor')