cco/loops
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

propagate security settings to all versions of a resource

Browse source 
git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@4208 fd906abe-77d9-0310-91a1-e0d9ade77398
This commit is contained in:
helmutm 2011-03-24 09:32:09 +00:00
parent bb49e938e4
commit 6aa174b494
3 changed files with 35 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
security/common.py
View file

@ -190,8 +190,8 @@ class WorkspaceInformation(Persistent):
#propagateRolePermissions = 'object' # or 'none' #propagateRolePermissions = 'object' # or 'none'
propagateRolePermissions = 'workspace' propagateRolePermissions = 'workspace'
#propagateParentSecurity = True # False propagateParentSecurity = True # False
propagateParentSecurity = False #propagateParentSecurity = False
allocationPredicateNames = allocationPredicateNames allocationPredicateNames = allocationPredicateNames
workspaceGroupsFolderName = workspaceGroupsFolderName workspaceGroupsFolderName = workspaceGroupsFolderName

33
security/setter.py
View file

@ -1,5 +1,5 @@
# #
# Copyright (c) 2009 Helmut Merz helmutm@cy55.de # Copyright (c) 2011 Helmut Merz helmutm@cy55.de
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -34,11 +34,12 @@ from zope.interface import implements, Interface
from zope.security.proxy import isinstance from zope.security.proxy import isinstance
from loops.common import adapted, AdapterBase, baseObject from loops.common import adapted, AdapterBase, baseObject
from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter
from loops.organize.util import getPrincipalFolder, getGroupsFolder, getGroupId from loops.organize.util import getPrincipalFolder, getGroupsFolder, getGroupId
from loops.security.common import overrides, setRolePermission, setPrincipalRole from loops.security.common import overrides, setRolePermission, setPrincipalRole
from loops.security.common import acquiringPredicateNames from loops.security.common import acquiringPredicateNames
from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter
from loops.security.interfaces import ISecuritySetter from loops.security.interfaces import ISecuritySetter
from loops.versioning.interfaces import IVersionable
class BaseSecuritySetter(object): class BaseSecuritySetter(object):
@ -126,6 +127,9 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
if current is None or overrides(s, current): if current is None or overrides(s, current):
settings[(p, r)] = s settings[(p, r)] = s
self.setDefaultRolePermissions() self.setDefaultRolePermissions()
self.setRolePermissions(settings)
def setRolePermissions(self, settings):
for (p, r), s in settings.items(): for (p, r), s in settings.items():
setRolePermission(self.rolePermissionManager, p, r, s) setRolePermission(self.rolePermissionManager, p, r, s)
@ -182,3 +186,28 @@ class ResourceSecuritySetter(LoopsObjectSecuritySetter):
def parents(self): def parents(self):
return self.baseObject.getConcepts(self.acquiringPredicates) return self.baseObject.getConcepts(self.acquiringPredicates)
def setRolePermissions(self, settings):
vSetters = [self]
vr = IVersionable(baseObject(self.context))
versions = list(vr.versions.values())
if versions:
vSetters = [ISecuritySetter(adapted(v)) for v in versions]
for v in vSetters:
for (p, r), s in settings.items():
setRolePermission(v.rolePermissionManager, p, r, s)
def copyPrincipalRoles(self, source, revert=False):
vSetters = [self]
vr = IVersionable(baseObject(self.context))
versions = list(vr.versions.values())
if versions:
vSetters = [ISecuritySetter(adapted(v)) for v in versions]
prm = IPrincipalRoleMap(baseObject(source.context))
for r, p, s in prm.getPrincipalsAndRoles():
if p in self.workspacePrincipals:
for v in vSetters:
if revert:
setPrincipalRole(v.principalRoleManager, r, p, Unset)
else:
setPrincipalRole(v.principalRoleManager, r, p, s)

2
tests/setup.py
View file

@ -78,6 +78,7 @@ from loops.security.setter import BaseSecuritySetter
from loops.security.setter import ConceptSecuritySetter, ResourceSecuritySetter from loops.security.setter import ConceptSecuritySetter, ResourceSecuritySetter
from loops.setup import SetupManager, addObject from loops.setup import SetupManager, addObject
from loops.type import LoopsType, ConceptType, ResourceType, TypeConcept from loops.type import LoopsType, ConceptType, ResourceType, TypeConcept
from loops.versioning.versionable import VersionableResource
from loops.view import Node, NodeAdapter from loops.view import Node, NodeAdapter
#from loops.wiki.link import LoopsLinkProcessor #from loops.wiki.link import LoopsLinkProcessor
from loops.wiki.setup import SetupManager as WikiSetupManager from loops.wiki.setup import SetupManager as WikiSetupManager
@ -143,6 +144,7 @@ class TestSite(object):
component.provideAdapter(QueryOptions) component.provideAdapter(QueryOptions)
component.provideAdapter(TypeOptions) component.provideAdapter(TypeOptions)
component.provideUtility(GlobalOptions()) component.provideUtility(GlobalOptions())
component.provideAdapter(VersionableResource)
component.provideAdapter(Instance) component.provideAdapter(Instance)
component.provideAdapter(Editor, name='editor') component.provideAdapter(Editor, name='editor')