prepare for hiding concepts from parents portlet for certain roles

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3833 fd906abe-77d9-0310-91a1-e0d9ade77398

browser/concept.py

@@ -48,6 +48,7 @@ from cybertools.browser.action import actions
 from cybertools.composer.interfaces import IInstance
 from cybertools.composer.schema.grid.interfaces import Grid
 from cybertools.composer.schema.interfaces import ISchemaFactory
+from cybertools.meta.interfaces import IOptions
 from cybertools.typology.interfaces import IType, ITypeManager
 from cybertools.util.jeep import Jeep
 from loops.browser.common import EditForm, BaseView, LoopsTerms, concept_macros
@@ -55,6 +56,7 @@ from loops.common import adapted
 from loops.concept import Concept, ConceptTypeSourceList, PredicateSourceList
 from loops.i18n.browser import I18NView
 from loops.interfaces import IConcept, IConceptSchema, ITypeConcept, IResource
+from loops.organize.util import getRolesForPrincipal
 from loops.schema.base import RelationSet, Relation
 from loops import util
 from loops.util import _
@@ -308,8 +310,18 @@ class ConceptView(BaseView):
             result[typeName] = list(group)
         return result
 
+    def isHidden(self, pr):
+        hideRoles = IOptions(adapted(pr.first.conceptType))('hide_for', None)
+        if hideRoles is not None:
+            roles = getRolesForPrincipal(self.request.principal.id, self.context)
+            for r in roles:
+                if r in hideRoles:
+                    return True
+        return False
+
     def parents(self):
-        rels = sorted(self.context.getParentRelations(),
+        rels = sorted((pr for pr in self.context.getParentRelations()
+                          if not self.isHidden(pr)),
                       key=(lambda x: x.first.title.lower()))
         for r in rels:
             yield self.childViewFactory(r, self.request)

organize/util.py

@@ -26,6 +26,9 @@ from zope import interface, component, schema
 from zope.app.authentication.interfaces import IPluggableAuthentication
 from zope.app.authentication.interfaces import IAuthenticatorPlugin
 from zope.app.security.interfaces import IAuthentication, PrincipalLookupError
+from zope.app.security.settings import Allow, Deny, Unset
+from zope.app.securitypolicy.interfaces import IPrincipalRoleManager
+from zope.traversing.api import getParents
 from loops.common import adapted
 from loops.type import getOptionsDict
 
@@ -99,6 +102,28 @@ def getPrincipalForUserId(id, context=None):
         return None
 
 
+def getRolesForPrincipal(id, context):
+    prinrole = IPrincipalRoleManager(context, None)
+    if prinrole is None:
+        return []
+    result = []
+    denied = []
+    for role, setting in prinrole.getRolesForPrincipal(id):
+        if setting == Allow:
+            result.append(role)
+        elif setting == Deny:
+            denied.append(role)
+    for obj in getParents(context):
+        prinrole = IPrincipalRoleManager(obj, None)
+        if prinrole is not None:
+            for role, setting in prinrole.getRolesForPrincipal(id):
+                if setting == Allow and role not in denied and role not in result:
+                    result.append(role)
+                elif setting == Deny and role not in denied:
+                    denied.append(role)
+    return result
+
+
 def getTrackingStorage(obj, name):
     records = obj.getLoopsRoot().getRecordManager()
     if records is not None: