From c2a5a9cca88825c7b9116084b710430d170faa7a Mon Sep 17 00:00:00 2001 From: helmutm Date: Sun, 2 May 2010 12:33:06 +0000 Subject: [PATCH] prepare for hiding concepts from parents portlet for certain roles git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3833 fd906abe-77d9-0310-91a1-e0d9ade77398 --- browser/concept.py | 14 +++++++++++++- organize/util.py | 25 +++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/browser/concept.py b/browser/concept.py index f3f49b1..97d8dc2 100644 --- a/browser/concept.py +++ b/browser/concept.py @@ -48,6 +48,7 @@ from cybertools.browser.action import actions from cybertools.composer.interfaces import IInstance from cybertools.composer.schema.grid.interfaces import Grid from cybertools.composer.schema.interfaces import ISchemaFactory +from cybertools.meta.interfaces import IOptions from cybertools.typology.interfaces import IType, ITypeManager from cybertools.util.jeep import Jeep from loops.browser.common import EditForm, BaseView, LoopsTerms, concept_macros @@ -55,6 +56,7 @@ from loops.common import adapted from loops.concept import Concept, ConceptTypeSourceList, PredicateSourceList from loops.i18n.browser import I18NView from loops.interfaces import IConcept, IConceptSchema, ITypeConcept, IResource +from loops.organize.util import getRolesForPrincipal from loops.schema.base import RelationSet, Relation from loops import util from loops.util import _ @@ -308,8 +310,18 @@ class ConceptView(BaseView): result[typeName] = list(group) return result + def isHidden(self, pr): + hideRoles = IOptions(adapted(pr.first.conceptType))('hide_for', None) + if hideRoles is not None: + roles = getRolesForPrincipal(self.request.principal.id, self.context) + for r in roles: + if r in hideRoles: + return True + return False + def parents(self): - rels = sorted(self.context.getParentRelations(), + rels = sorted((pr for pr in self.context.getParentRelations() + if not self.isHidden(pr)), key=(lambda x: x.first.title.lower())) for r in rels: yield self.childViewFactory(r, self.request) diff --git a/organize/util.py b/organize/util.py index 43558d6..cc2e4bc 100644 --- a/organize/util.py +++ b/organize/util.py @@ -26,6 +26,9 @@ from zope import interface, component, schema from zope.app.authentication.interfaces import IPluggableAuthentication from zope.app.authentication.interfaces import IAuthenticatorPlugin from zope.app.security.interfaces import IAuthentication, PrincipalLookupError +from zope.app.security.settings import Allow, Deny, Unset +from zope.app.securitypolicy.interfaces import IPrincipalRoleManager +from zope.traversing.api import getParents from loops.common import adapted from loops.type import getOptionsDict @@ -99,6 +102,28 @@ def getPrincipalForUserId(id, context=None): return None +def getRolesForPrincipal(id, context): + prinrole = IPrincipalRoleManager(context, None) + if prinrole is None: + return [] + result = [] + denied = [] + for role, setting in prinrole.getRolesForPrincipal(id): + if setting == Allow: + result.append(role) + elif setting == Deny: + denied.append(role) + for obj in getParents(context): + prinrole = IPrincipalRoleManager(obj, None) + if prinrole is not None: + for role, setting in prinrole.getRolesForPrincipal(id): + if setting == Allow and role not in denied and role not in result: + result.append(role) + elif setting == Deny and role not in denied: + denied.append(role) + return result + + def getTrackingStorage(obj, name): records = obj.getLoopsRoot().getRecordManager() if records is not None: