propagate principal roles via new acquirePrincipalRoles() method (instead of copyPrincipalRoles())

2013-01-10 15:52:56 +01:00 · 2013-01-10 15:52:56 +01:00 · e920fc9786
commit e920fc9786
parent 5592ffb734
2 changed files with 58 additions and 12 deletions
--- a/compound/blog/security.py
+++ b/compound/blog/security.py
@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2008 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2013 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@ -18,8 +18,6 @@
 """
 Security settings for blogs and blog posts.
 $Id$
 """
 from zope.cachedescriptors.property import Lazy
@ -30,10 +28,10 @@ from zope.traversing.api import getName
 from loops.compound.blog.interfaces import IBlogPost
 from loops.security.common import allowEditingForOwner, assignOwner, restrictView
 from loops.security.common import getCurrentPrincipal
-from loops.security.setter import BaseSecuritySetter
+from loops.security.setter import LoopsObjectSecuritySetter
-class BlogPostSecuritySetter(BaseSecuritySetter):
+class BlogPostSecuritySetter(LoopsObjectSecuritySetter):
    adapts(IBlogPost)
--- a/security/setter.py
+++ b/security/setter.py
@ -93,6 +93,9 @@ class BaseSecuritySetter(object):
    def acquireRolePermissions(self):
        pass
    def acquirePrincipalRoles(self):
        pass
    def copyPrincipalRoles(self, source, revert=False):
        pass
@ -153,6 +156,44 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
        for (p, r), s in settings.items():
            setRolePermission(self.rolePermissionManager, p, r, s)
    def acquirePrincipalRoles(self):
        settings = {}
        for p in self.parents:
            if p == self.baseObject:
                continue
            wi = p.workspaceInformation
            if wi:
                if not wi.propagateParentSecurity:
                    continue
                prm = IPrincipalRoleMap(wi)
                for r, p, s in prm.getPrincipalsAndRoles():
                    current = settings.get((r, p))
                    if current is None or overrides(s, current):
                        settings[(p, r)] = s
            prm = IPrincipalRoleMap(p)
            for r, p, s in prm.getPrincipalsAndRoles():
                current = settings.get((r, p))
                if current is None or overrides(s, current):
                    settings[(p, r)] = s
        self.setDefaultPrincipalRoles()
        for setter in self.versionSetters:
            setter.setPrincipalRoles(settings)
    @Lazy
    def versionSetters(self):
        return [self]
    def setDefaultPrincipalRoles(self):
        prm = self.principalRoleManager
        for r, p, s in prm.getPrincipalsAndRoles():
            setPrincipalRole(prm, r, p, Unset)
    def setPrincipalRoles(self, settings):
        prm = self.principalRoleManager
        for (r, p), s in settings.items():
            if r != 'loops.Owner':
                setPrincipalRole(prm, r, p, s)
    def copyPrincipalRoles(self, source, revert=False):
        prm = IPrincipalRoleMap(baseObject(source.context))
        for r, p, s in prm.getPrincipalsAndRoles():
@ -176,13 +217,13 @@ class ConceptSecuritySetter(LoopsObjectSecuritySetter):
        setter = ISecuritySetter(adapted(relation.second))
        setter.setDefaultRolePermissions()
        setter.acquireRolePermissions()
-        # TODO: use setter.acquirePrincipalRoles() instead of copyPrincipalRoles()
+        setter.acquirePrincipalRoles()
-        wi = baseObject(self.context).workspaceInformation
+        #wi = baseObject(self.context).workspaceInformation
-        if wi and not wi.propagateParentSecurity:
+        #if wi and not wi.propagateParentSecurity:
-             return
+        #     return
-        setter.copyPrincipalRoles(self, revert)
+        #setter.copyPrincipalRoles(self, revert)
-        if wi: 
+        #if wi: 
-            setter.copyPrincipalRoles(ISecuritySetter(wi), revert)
+        #    setter.copyPrincipalRoles(ISecuritySetter(wi), revert)
        setter.propagateSecurity(revert, updated)
    def propagateSecurity(self, revert=False, updated=None):
@ -240,3 +281,10 @@ class ResourceSecuritySetter(LoopsObjectSecuritySetter):
                    else:
                        setPrincipalRole(v.principalRoleManager, r, p, s)
    @Lazy
    def versionSetters(self):
        vr = IVersionable(baseObject(self.context))
        versions = list(vr.versions.values())
        if versions:
            return [ISecuritySetter(adapted(v)) for v in versions]
        return [self]