work in progress: workspace management: control permissions for subobjects

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3622 fd906abe-77d9-0310-91a1-e0d9ade77398

security/browser.py

@@ -0,0 +1,51 @@
+#
+#  Copyright (c) 2009 Helmut Merz helmutm@cy55.de
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+"""
+Security-related views.
+
+$Id$
+"""
+
+from zope.app.pagetemplate import ViewPageTemplateFile
+from zope import component
+from zope.interface import implements
+from zope.cachedescriptors.property import Lazy
+from zope.security.proxy import removeSecurityProxy
+
+from loops.security.common import WorkspaceInformation
+from loops.security.perm import PermissionView
+
+
+permission_template = ViewPageTemplateFile('manage_permissionform.pt')
+
+
+class ManageWorkspaceView(PermissionView):
+    """ View for managing workspace information.
+    """
+
+    def __init__(self, context, request):
+        context = removeSecurityProxy(context)
+        wi = context.workspaceInformation
+        if wi is None:
+            wi = context.workspaceInformation = WorkspaceInformation(context)
+        PermissionView.__init__(self, wi, request)
+
+    @Lazy
+    def permission_macros(self):
+        return permission_template.macros

security/configure.zcml

@@ -33,21 +33,15 @@
         name="permissions.html"
         permission="zope.Security"
         template="manage_permissionform.pt"
-        class=".perm.PermissionView"
+        class="loops.security.perm.PermissionView"
         menu="zmi_actions" title="Edit Permissions" />
 
   <browser:page
         for="loops.interfaces.IConcept"
-        name="grantchildren.html"
+        name="manage_workspace.html"
         permission="zope.Security"
-        template="manage_grantchildrenform.pt"
+        template="manage_workspace.pt"
-        class=".perm.GrantChildrenView" />
+        class="loops.security.browser.ManageWorkspaceView"
-
+        menu="zmi_actions" title="Manage Workspace" />
-  <browser:menuItem
-        for="loops.interfaces.IConcept"
-        action="@@grantchildren.html"
-        permission="zope.Security"
-        menu="zmi_actions" title="Grant Children"
-        filter="python: context.isWorkspace" />
 
 </configure>

security/manage_grantchildrenform.pt

@@ -1,84 +0,0 @@
-<html metal:use-macro="context/@@standard_macros/page"
-    i18n:domain="zope">
-<body>
-<div metal:fill-slot="body" i18n:domain="zope">
-  <h2 i18n:translate="">Grant Roles for Children of this Object to Principals</h2>
-  <p tal:define="status view/status"
-     tal:condition="status"
-     tal:content="status" i18n:translate=""/>
-  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-
-  <div class="form-element"
-       tal:define="perm view/permission"
-       tal:condition="not: view/principal">
-    <table width="100%" cellspacing="0" cellpadding="2" border="0"
-        nowrap="nowrap">
-      <tr class="list-header">
-        <td><strong i18n:translate="">Role</strong></td>
-        <td><strong i18n:translate="">Users/Groups</strong></td>
-      </tr>
-      <tr class="row-normal"
-          tal:repeat="setting perm/roleSettings"
-          tal:attributes="class python:
-                path('repeat/setting/even') and 'row-normal' or 'row-hilite'">
-        <tal:role define="ir repeat/setting/index;
-                          roleId python:path('view/roles')[ir].id">
-          <td align="left" valign="top"
-              tal:content="roleId">Manager</td>
-          <td>
-            <span tal:define="users python: view.listUsersForRole(roleId)"
-                  tal:replace="structure users">User xy</span></td>
-        </tal:role>
-      </tr>
-    </table>
-  </div>
-
-  <form action="" method="POST">
-
-    <div tal:content="structure view/principal_widget">...</div>
-
-    <div tal:condition="view/principal">
-
-      <h2 i18n:translate="">Grants for the selected principal</h2>
-      <input type="submit" name="GRANT_SUBMIT" value="Change" 
-             i18n:attributes="value grant-submit" />
-
-      <table width="100%" border="0">
-        <tr>
-          <td valign="top">
-            <table class="matrix">
-              <tr>
-                <td i18n:translate=""><strong>Roles</strong>&nbsp;</td>
-                <td i18n:translate=""><strong>Allow</strong>&nbsp;</td>
-                <td i18n:translate=""><strong>Unset</strong>&nbsp;</td>
-                <td i18n:translate=""><strong>Deny</strong>&nbsp;</td>
-              </tr>
-              <tr tal:repeat="widget view/roles">
-                <td valign="top" nowrap>
-                  <div class="label">
-                    <label for="field.name" title="The widget's hint"
-                           tal:attributes="for widget/name; title widget/hint"
-                           tal:content="widget/label"
-                           i18n:translate="">The Label</label>
-                  </div>
-                </td>
-                <tal:block tal:content="structure widget">
-                  roles widget
-                </tal:block>
-              </tr>
-              <tr>
-                <td colspan="2"><a href="#top" i18n:translate="">^ top</a></td>
-              </tr>
-            </table>
-          </td>
-        </tr>
-      </table>
-      <input type="submit" name="GRANT_SUBMIT" value="Change" 
-             i18n:attributes="value grant-submit" />
-
-    </div>
-  </form>
-</div>
-</body>
-</html>

security/manage_permissionform.pt

@@ -5,9 +5,11 @@
 <div metal:fill-slot="body">
   <p tal:define="status view/update"
      tal:condition="status"
-     tal:content="status" />
+     tal:content="status"
+     i18n:translate="" />
 
-  <div tal:define="permId view/permissionId;
+  <div metal:define-macro="permission_form"
+       tal:define="permId view/permissionId;
                    perm view/permission;">
     <form>
       <select name="permission_to_manage"

security/manage_workspace.pt

@@ -0,0 +1,14 @@
+<html metal:use-macro="context/@@standard_macros/view"
+    i18n:domain="zope">
+<body>
+<div metal:fill-slot="body" i18n:domain="zope">
+  <h2 i18n:translate="">Assign Permissions to Roles for Children of this Object</h2>
+  <p tal:define="status view/update"
+     tal:condition="status"
+     tal:content="status" i18n:translate=""/><br />
+
+  <metal:permissions use-macro="view/permission_macros/permission_form" />
+
+</div>
+</body>
+</html>

security/perm.py

@@ -35,8 +35,6 @@ from zope.app.securitypolicy.zopepolicy import SettingAsBoolean
 from zope.security.proxy import removeSecurityProxy
 from zope.traversing.api import getParents
 
-from loops.security.common import WorkspaceInformation
-
 
 class PermissionView(object):
     """ View for permission editing.
@@ -139,16 +137,3 @@ class PermissionView(object):
     def getPermissions(self):
         return sorted(name for name, perm in component.getUtilitiesFor(IPermission))
 
-
-class GrantChildrenView(Granting, PermissionView):
-    """ View for editing grants for children of workspace objects.
-    """
-
-    def __init__(self, context, request):
-        context = removeSecurityProxy(context)
-        wi = context.workspaceInformation
-        if wi is None:
-            wi = context.workspaceInformation = WorkspaceInformation(context)
-        #self.context = wi
-        #self.request = request
-        PermissionView.__init__(self, wi, request)