cco/loops
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix swapping of role and principal; other minor improvements

Browse source
This commit is contained in:
Helmut Merz 2013-01-17 11:28:17 +01:00
parent 3fa9cee5e6
commit e52543ce8b
1 changed files with 12 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
security/setter.py
View file

@ -38,7 +38,7 @@ from loops.config.base import DummyOptions
from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter
from loops.organize.util import getPrincipalFolder, getGroupsFolder, getGroupId from loops.organize.util import getPrincipalFolder, getGroupsFolder, getGroupId
from loops.security.common import overrides, setRolePermission, setPrincipalRole from loops.security.common import overrides, setRolePermission, setPrincipalRole
from loops.security.common import acquiringPredicateNames from loops.security.common import allRolesExceptOwner, acquiringPredicateNames
from loops.security.interfaces import ISecuritySetter from loops.security.interfaces import ISecuritySetter
from loops.versioning.interfaces import IVersionable from loops.versioning.interfaces import IVersionable
@ -157,11 +157,13 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
setRolePermission(self.rolePermissionManager, p, r, s) setRolePermission(self.rolePermissionManager, p, r, s)
def acquirePrincipalRoles(self): def acquirePrincipalRoles(self):
#if baseObject(self.context).workspaceInformation:
# return # do not remove/overwrite workspace settings
settings = {} settings = {}
for p in self.parents: for parent in self.parents:
if p == self.baseObject: if parent == self.baseObject:
continue continue
wi = p.workspaceInformation wi = parent.workspaceInformation
if wi: if wi:
if not wi.propagateParentSecurity: if not wi.propagateParentSecurity:
continue continue
@ -169,12 +171,12 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
for r, p, s in prm.getPrincipalsAndRoles(): for r, p, s in prm.getPrincipalsAndRoles():
current = settings.get((r, p)) current = settings.get((r, p))
if current is None or overrides(s, current): if current is None or overrides(s, current):
settings[(p, r)] = s settings[(r, p)] = s
prm = IPrincipalRoleMap(p) prm = IPrincipalRoleMap(parent)
for r, p, s in prm.getPrincipalsAndRoles(): for r, p, s in prm.getPrincipalsAndRoles():
current = settings.get((r, p)) current = settings.get((r, p))
if current is None or overrides(s, current): if current is None or overrides(s, current):
settings[(p, r)] = s settings[(r, p)] = s
self.setDefaultPrincipalRoles() self.setDefaultPrincipalRoles()
for setter in self.versionSetters: for setter in self.versionSetters:
setter.setPrincipalRoles(settings) setter.setPrincipalRoles(settings)
@ -185,10 +187,10 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
def setDefaultPrincipalRoles(self): def setDefaultPrincipalRoles(self):
prm = self.principalRoleManager prm = self.principalRoleManager
# TODO: only for local roles # TODO: set loops.Person roles for Person
# TODO: set loops.Person roles for Person parents
for r, p, s in prm.getPrincipalsAndRoles(): for r, p, s in prm.getPrincipalsAndRoles():
setPrincipalRole(prm, r, p, Unset) if r in allRolesExceptOwner:
setPrincipalRole(prm, r, p, Unset)
def setPrincipalRoles(self, settings): def setPrincipalRoles(self, settings):
prm = self.principalRoleManager prm = self.principalRoleManager