diff --git a/compound/blog/security.py b/compound/blog/security.py index aff9715..75470ee 100644 --- a/compound/blog/security.py +++ b/compound/blog/security.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2008 Helmut Merz helmutm@cy55.de +# Copyright (c) 2013 Helmut Merz helmutm@cy55.de # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,8 +18,6 @@ """ Security settings for blogs and blog posts. - -$Id$ """ from zope.cachedescriptors.property import Lazy @@ -30,10 +28,10 @@ from zope.traversing.api import getName from loops.compound.blog.interfaces import IBlogPost from loops.security.common import allowEditingForOwner, assignOwner, restrictView from loops.security.common import getCurrentPrincipal -from loops.security.setter import BaseSecuritySetter +from loops.security.setter import LoopsObjectSecuritySetter -class BlogPostSecuritySetter(BaseSecuritySetter): +class BlogPostSecuritySetter(LoopsObjectSecuritySetter): adapts(IBlogPost) diff --git a/security/setter.py b/security/setter.py index 62e0ed4..39c6147 100644 --- a/security/setter.py +++ b/security/setter.py @@ -93,6 +93,9 @@ class BaseSecuritySetter(object): def acquireRolePermissions(self): pass + def acquirePrincipalRoles(self): + pass + def copyPrincipalRoles(self, source, revert=False): pass @@ -153,6 +156,44 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter): for (p, r), s in settings.items(): setRolePermission(self.rolePermissionManager, p, r, s) + def acquirePrincipalRoles(self): + settings = {} + for p in self.parents: + if p == self.baseObject: + continue + wi = p.workspaceInformation + if wi: + if not wi.propagateParentSecurity: + continue + prm = IPrincipalRoleMap(wi) + for r, p, s in prm.getPrincipalsAndRoles(): + current = settings.get((r, p)) + if current is None or overrides(s, current): + settings[(p, r)] = s + prm = IPrincipalRoleMap(p) + for r, p, s in prm.getPrincipalsAndRoles(): + current = settings.get((r, p)) + if current is None or overrides(s, current): + settings[(p, r)] = s + self.setDefaultPrincipalRoles() + for setter in self.versionSetters: + setter.setPrincipalRoles(settings) + + @Lazy + def versionSetters(self): + return [self] + + def setDefaultPrincipalRoles(self): + prm = self.principalRoleManager + for r, p, s in prm.getPrincipalsAndRoles(): + setPrincipalRole(prm, r, p, Unset) + + def setPrincipalRoles(self, settings): + prm = self.principalRoleManager + for (r, p), s in settings.items(): + if r != 'loops.Owner': + setPrincipalRole(prm, r, p, s) + def copyPrincipalRoles(self, source, revert=False): prm = IPrincipalRoleMap(baseObject(source.context)) for r, p, s in prm.getPrincipalsAndRoles(): @@ -176,13 +217,13 @@ class ConceptSecuritySetter(LoopsObjectSecuritySetter): setter = ISecuritySetter(adapted(relation.second)) setter.setDefaultRolePermissions() setter.acquireRolePermissions() - # TODO: use setter.acquirePrincipalRoles() instead of copyPrincipalRoles() - wi = baseObject(self.context).workspaceInformation - if wi and not wi.propagateParentSecurity: - return - setter.copyPrincipalRoles(self, revert) - if wi: - setter.copyPrincipalRoles(ISecuritySetter(wi), revert) + setter.acquirePrincipalRoles() + #wi = baseObject(self.context).workspaceInformation + #if wi and not wi.propagateParentSecurity: + # return + #setter.copyPrincipalRoles(self, revert) + #if wi: + # setter.copyPrincipalRoles(ISecuritySetter(wi), revert) setter.propagateSecurity(revert, updated) def propagateSecurity(self, revert=False, updated=None): @@ -240,3 +281,10 @@ class ResourceSecuritySetter(LoopsObjectSecuritySetter): else: setPrincipalRole(v.principalRoleManager, r, p, s) + @Lazy + def versionSetters(self): + vr = IVersionable(baseObject(self.context)) + versions = list(vr.versions.values()) + if versions: + return [ISecuritySetter(adapted(v)) for v in versions] + return [self]