From 6fad66ea34bf27dffc258cd83ed10b7c7d04f499 Mon Sep 17 00:00:00 2001
From: Helmut Merz <helmutm@cy55.de>
Date: Tue, 8 Jan 2013 12:16:37 +0100
Subject: [PATCH] provide security settings for publishable task states; (+
 update source file header infos)

---
 compound/blog/schema.py   |  4 +---
 expert/field.py           |  2 +-
 organize/stateful/task.py | 49 ++++++++++++++++++++++++++++++++-------
 organize/work/report.py   |  2 +-
 schema/factory.py         |  4 +---
 5 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/compound/blog/schema.py b/compound/blog/schema.py
index 2985ec8..bea6b13 100644
--- a/compound/blog/schema.py
+++ b/compound/blog/schema.py
@@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2008 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2013 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@@ -18,8 +18,6 @@
 
 """
 Specialized schema factories
-
-$Id$
 """
 
 from zope.component import adapts
diff --git a/expert/field.py b/expert/field.py
index 5006d02..c98df2a 100644
--- a/expert/field.py
+++ b/expert/field.py
@@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2012 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2013 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/organize/stateful/task.py b/organize/stateful/task.py
index 3d4dd39..c77746b 100644
--- a/organize/stateful/task.py
+++ b/organize/stateful/task.py
@@ -20,6 +20,7 @@
 Basic implementations for stateful objects and adapters.
 """
 
+from zope.app.security.settings import Allow, Deny, Unset
 from zope import component
 from zope.component import adapter
 from zope.interface import implementer
@@ -30,6 +31,15 @@ from cybertools.stateful.definition import State, Transition
 from cybertools.stateful.interfaces import IStatesDefinition, IStateful
 from loops.common import adapted
 from loops.organize.stateful.base import StatefulLoopsObject
+from loops.security.interfaces import ISecuritySetter
+
+
+def setPermissionsForRoles(settings):
+    def setSecurity(obj):
+        setter = ISecuritySetter(obj.context)
+        setter.setRolePermissions(settings)
+        setter.propagateSecurity()
+    return setSecurity
 
 
 @implementer(IStatesDefinition)
@@ -56,23 +66,44 @@ def taskStates():
 def publishableTask():
     return StatesDefinition('publishable_task',
         State('draft', 'draft', ('release', 'release_publish', 'cancel',),
-              color='yellow'),
-        State('active', 'active', ('finish', 'publish', 'cancel',),
-              color='lightblue'),
+              color='yellow',
+              setSecurity=setPermissionsForRoles({
+                  ('zope.View', 'zope.Member'): Deny,
+                  ('zope.View', 'loops.Member'): Deny,})),
+        State('active', 'active', ('retract', 'finish', 'publish', 'cancel',),
+              color='lightblue',
+              setSecurity=setPermissionsForRoles({
+                  ('zope.View', 'zope.Member'): Deny,
+                  ('zope.View', 'loops.Member'): Allow,})),
         State('active_published', 'active (published)', 
-              ('finish_published', 'retract', 'cancel',), color='blue'),
+              ('retract', 'finish_published', 'retract', 'cancel',), color='blue',
+              setSecurity=setPermissionsForRoles({
+                  ('zope.View', 'zope.Member'): Allow,
+                  ('zope.View', 'loops.Member'): Allow,})),
         State('finished', 'finished', ('reopen', 'archive',),
-              color='lightgreen'),
+              color='lightgreen',
+              setSecurity=setPermissionsForRoles({
+                  ('zope.View', 'zope.Member'): Deny,
+                  ('zope.View', 'loops.Member'): Allow,})),
         State('finished_published', 'finished (published)', ('reopen', 'archive',),
-              color='green'),
+              color='green',
+              setSecurity=setPermissionsForRoles({
+                  ('zope.View', 'zope.Member'): Allow,
+                  ('zope.View', 'loops.Member'): Allow,})),
         State('cancelled', 'cancelled', ('reopen',),
-              color='x'),
+              color='x',
+              setSecurity=setPermissionsForRoles({
+                  ('zope.View', 'zope.Member'): Deny,
+                  ('zope.View', 'loops.Member'): Deny,})),
         State('archived', 'archived', ('reopen',),
-              color='grey'),
+              color='grey',
+              setSecurity=setPermissionsForRoles({
+                  ('zope.View', 'zope.Member'): Deny,
+                  ('zope.View', 'loops.Member'): Deny,})),
         Transition('release', 'release', 'active'),
         Transition('release_publish', 'release, publish', 'active_published'),
         Transition('publish', 'publish', 'active_published'),
-        Transition('retract', 'retract', 'active'),
+        Transition('retract', 'retract', 'draft'),
         Transition('finish', 'finish', 'finished'),
         Transition('finish_published', 'finish (published)', 'finished_published'),
         Transition('cancel', 'cancel', 'cancelled'),
diff --git a/organize/work/report.py b/organize/work/report.py
index 954cece..238151d 100644
--- a/organize/work/report.py
+++ b/organize/work/report.py
@@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2012 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2013 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/schema/factory.py b/schema/factory.py
index 153727d..ece539e 100644
--- a/schema/factory.py
+++ b/schema/factory.py
@@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2009 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2013 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@@ -18,8 +18,6 @@
 
 """
 Specialized fields factories.
-
-$Id$
 """
 
 from zope.component import adapts