allow blocking of security acquisition by option; try to keep current role permission setting on object if any

security/common.py

@@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2013 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2015 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@@ -71,6 +71,8 @@ def getOption(obj, option, checkType=True):
     opts = component.queryAdapter(adapted(obj), IOptions)
     if opts is not None:
         opt = opts(option, None)
+        if opt is True:
+            return opt
         if opt:
             return opt[0]
     if not checkType:
@@ -79,7 +81,9 @@ def getOption(obj, option, checkType=True):
     if typeMethod is not None:
         opts = component.queryAdapter(adapted(typeMethod()), IOptions)
         if opts is not None:
-            opt = opts(option, [None])
+            opt = opts(option, None)
+            if opt is True:
+                return opt
             if opt:
                 return opt[0]
     return None

security/setter.py

@@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2013 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2015 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@@ -39,6 +39,7 @@ from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter
 from loops.organize.util import getPrincipalFolder, getGroupsFolder, getGroupId
 from loops.security.common import overrides, setRolePermission, setPrincipalRole
 from loops.security.common import allRolesExceptOwner, acquiringPredicateNames
+from loops.security.common import getOption
 from loops.security.interfaces import ISecuritySetter
 from loops.versioning.interfaces import IVersionable
 
@@ -55,10 +56,18 @@ class BaseSecuritySetter(object):
     def baseObject(self):
         return baseObject(self.context)
 
+    @Lazy
+    def adapted(self):
+        return adapted(self.context)
+
     @Lazy
     def conceptManager(self):
         return self.baseObject.getLoopsRoot().getConceptManager()
 
+    @Lazy
+    def options(self):
+        return IOptions(self.adapted)
+
     @Lazy
     def typeOptions(self):
         type = self.baseObject.getType()
@@ -133,9 +142,14 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
 
     def acquireRolePermissions(self):
         settings = {}
+        rpm = self.rolePermissionManager
+        for p, r, s in rpm.getRolesAndPermissions():
+            settings[(p, r)] = s
         for p in self.parents:
             if p == self.baseObject:
                 continue
+            if getOption(p, 'security.no_propagate', checkType=False):
+                continue
             secProvider = p
             wi = p.workspaceInformation
             if wi: