allow blocking of security acquisition by option; try to keep current role permission setting on object if any

2015-04-18 13:43:44 +02:00 · 2015-04-18 13:43:44 +02:00 · 8d66ee3830
commit 8d66ee3830
parent c3b9e1b665
2 changed files with 21 additions and 3 deletions
--- a/security/common.py
+++ b/security/common.py
@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2013 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2015 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@ -71,6 +71,8 @@ def getOption(obj, option, checkType=True):
    opts = component.queryAdapter(adapted(obj), IOptions)
    if opts is not None:
        opt = opts(option, None)
+        if opt is True:
+            return opt
        if opt:
            return opt[0]
    if not checkType:
@ -79,7 +81,9 @@ def getOption(obj, option, checkType=True):
    if typeMethod is not None:
        opts = component.queryAdapter(adapted(typeMethod()), IOptions)
        if opts is not None:
-            opt = opts(option, [None])
+            opt = opts(option, None)
+            if opt is True:
+                return opt
            if opt:
                return opt[0]
    return None
--- a/security/setter.py
+++ b/security/setter.py
@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2013 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2015 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@ -39,6 +39,7 @@ from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter
 from loops.organize.util import getPrincipalFolder, getGroupsFolder, getGroupId
 from loops.security.common import overrides, setRolePermission, setPrincipalRole
 from loops.security.common import allRolesExceptOwner, acquiringPredicateNames
+from loops.security.common import getOption
 from loops.security.interfaces import ISecuritySetter
 from loops.versioning.interfaces import IVersionable

@ -55,10 +56,18 @@ class BaseSecuritySetter(object):
    def baseObject(self):
        return baseObject(self.context)

+    @Lazy
+    def adapted(self):
+        return adapted(self.context)
+
    @Lazy
    def conceptManager(self):
        return self.baseObject.getLoopsRoot().getConceptManager()

+    @Lazy
+    def options(self):
+        return IOptions(self.adapted)
+
    @Lazy
    def typeOptions(self):
        type = self.baseObject.getType()
@ -133,9 +142,14 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):

    def acquireRolePermissions(self):
        settings = {}
+        rpm = self.rolePermissionManager
+        for p, r, s in rpm.getRolesAndPermissions():
+            settings[(p, r)] = s
        for p in self.parents:
            if p == self.baseObject:
                continue
+            if getOption(p, 'security.no_propagate', checkType=False):
+                continue
            secProvider = p
            wi = p.workspaceInformation
            if wi: