Index: AccessControl/Role.py =================================================================== RCS file: /cvs-repository/Zope2/lib/python/AccessControl/Role.py,v retrieving revision 1.39 diff -u -r1.39 Role.py --- Role.py 2000/06/20 01:59:40 1.39 +++ Role.py 2000/07/23 18:46:03 @@ -365,9 +365,12 @@ keys.sort() return keys - def get_local_roles_for_userid(self, userid): + def get_local_roles_for_userid(self, userid, roles=()): dict=self.__ac_local_roles__ or {} return dict.get(userid, []) + + def get_local_roles_for_user(self, user, roles=()): + return self.get_local_roles_for_userid(user.getUserName(),roles) def manage_addLocalRoles(self, userid, roles, REQUEST=None): """Set local roles for a user.""" Index: AccessControl/User.py =================================================================== RCS file: /cvs-repository/Zope2/lib/python/AccessControl/User.py,v retrieving revision 1.112 diff -u -r1.112 User.py --- User.py 2000/07/11 18:42:48 1.112 +++ User.py 2000/07/23 18:46:04 @@ -137,22 +137,27 @@ """Return the list of roles assigned to a user.""" raise NotImplemented - def getRolesInContext(self, object): + def getRolesInContext(self, object, findRoles=()): """Return the list of roles assigned to the user, including local roles assigned in context of - the passed in object.""" - name=self.getUserName() + the passed in object. If asked to find specific + roles, return true if any of the specified roles + is found, false otherwise. + """ + roles=self.getRoles() + for r in findRoles: + if r in roles: return roles + local={} object=getattr(object, 'aq_inner', object) + while 1: - if hasattr(object, '__ac_local_roles__'): - local_roles=object.__ac_local_roles__ - if callable(local_roles): - local_roles=local_roles() - dict=local_roles or {} - for r in dict.get(name, []): + if hasattr(object, 'get_local_roles_for_user'): + for r in object.get_local_roles_for_user(self): local[r]=1 + if r in findRoles: return list(roles)+local.keys() + if hasattr(object, 'aq_parent'): object=object.aq_parent continue @@ -161,6 +166,9 @@ object=getattr(object, 'aq_inner', object) continue break + + if findRoles: return () + roles=list(roles) + local.keys() return roles @@ -204,26 +212,26 @@ def allowed(self, parent, roles=None): """Check whether the user has access to parent, assuming that parent.__roles__ is the given roles.""" + if roles is None or 'Anonymous' in roles: return 1 - usr_roles=self.getRolesInContext(parent) - for role in roles: - if role in usr_roles: - if (hasattr(self,'aq_parent') and - hasattr(self.aq_parent,'aq_parent')): - if parent is None: return 1 - if (not hasattr(parent, 'aq_inContextOf') and - hasattr(parent, 'im_self')): - # This is a method, grab it's self. - parent=parent.im_self - if not parent.aq_inContextOf(self.aq_parent.aq_parent,1): - if 'Shared' in roles: - # Damn, old role setting. Waaa - roles=self._shared_roles(parent) - if 'Anonymous' in roles: return 1 - return None - return 1 + if self.getRolesInContext(parent,roles): + if (hasattr(self,'aq_parent') and + hasattr(self.aq_parent,'aq_parent')): + if parent is None: return 1 + if (not hasattr(parent, 'aq_inContextOf') and + hasattr(parent, 'im_self')): + # This is a method, grab it's self. + parent=parent.im_self + if not parent.aq_inContextOf(self.aq_parent.aq_parent,1): + if 'Shared' in roles: + # Damn, old role setting. Waaa + roles=self._shared_roles(parent) + if 'Anonymous' in roles: return 1 + return None + return 1 + if 'Shared' in roles: # Damn, old role setting. Waaa roles=self._shared_roles(parent) @@ -314,13 +322,30 @@ 'No access file found at %s - see INSTALL.txt' % INSTANCE_HOME ) try: - data=split(strip(f.readline()),':') - f.close() - _remote_user_mode=not data[1] - try: ds=split(data[2], ' ') - except: ds=[] - super=Super(data[0],data[1],('manage',), ds) - del data + d=f.readlines(); f.close(); del f + rootUsers = SpecialUsers.rootUsers = {} + + for data in map(strip,d): + if not data or data[0]=='#': continue + data=split(data+':::',':') # allow for missing fields + + n = data[0] + ds = split(strip(data[2])) # space-delimited domains + pw = data[1] + r = split(strip(data[3])) # space-delimited roles + + if rootUsers or r: + # If not first user in file, or if roles are specified, + # user is a "normal" user object + rootUsers[n] = SimpleUser(n,data[1],tuple(split(data[3])),data[2]) + else: + super = rootUsers[n] = Super(n,pw,('manage',), ds) + _remote_user_mode=not pw + + del data,n,ds,pw,r + + del d + except: raise 'InstallError', 'Invalid format for access file - see INSTALL.txt' @@ -383,6 +408,11 @@ """ try: return self.getUser(id) except: + + # Don't return the superuser, so that super can't own things + if rootUsers.has_key(id) and id!=super.getUserName(): + return rootUsers[id].__of__(self) + if default is _marker: raise return default @@ -405,7 +435,6 @@ _remote_user_mode=_remote_user_mode - _super=super _nobody=nobody def validate(self,request,auth='',roles=None): @@ -440,11 +469,11 @@ return None name,password=tuple(split(decodestring(split(auth)[-1]), ':', 1)) - # Check for superuser - super=self._super - if self._isTop() and (name==super.getUserName()) and \ - super.authenticate(password, request): - return super + # Check for superuser/root users + if self._isTop() and rootUsers.has_key(name): + user = rootUsers[name].__of__(self) + if user.authenticate(password, request): + return user # Try to get user user=self.getUser(name) @@ -508,10 +537,9 @@ return ob return None - # Check for superuser - super=self._super - if self._isTop() and (name==super.getUserName()): - return super + # Check for superuser/root users + if self._isTop() and rootUsers.has_key(name): + return rootUsers[name].__of__(self) # Try to get user user=self.getUser(name) @@ -560,7 +588,7 @@ title ='Illegal value', message='Password and confirmation must be specified', action ='manage_main') - if self.getUser(name) or (name==self._super.getUserName()): + if self.getUser(name) or (rootUsers.has_key(name)): return MessageDialog( title ='Illegal value', message='A user with the specified name already exists',