class ManageViewAccess:
    security = ClassSecurityInfo()

    security.declareProtected(Perm.ADMIN_ONLY, 'list_local_roles')
    def list_local_roles(self):
        path = aq_chain(self)
        info=[]
        for entry in path:
            if not hasattr(entry, '__ac_local_roles__'):
                continue
            l = []
            info.append((entry.getId(), l))
            dict = entry.__ac_local_roles__ or {}
            keys = dict.keys()
            keys.sort()
            for key in keys:
                value=tuple(dict[key])
                l.append((key, value))
        return info

    security.declareProtected(Perm.ADMIN_ONLY, 'list_permission_use')
    def list_permission_use(self):
        """ Return permission usage """
        l = gather_permissions(self.__class__, [], {})
        l.sort()
        return l

    security.declareProtected(Perm.ADMIN_ONLY, 'list_permission_roles')
    def list_permission_roles(self):
        """ Return user-role permission settings """
        # only care about permission names that mean anything at this level
        names = [p[0] for p in self.ac_inherited_permissions(1)]
        result = {}
        for obj in aq_chain(self):
            if not hasattr(obj, 'valid_roles'):
                break
            valid = obj.valid_roles()
            for ip in obj.ac_inherited_permissions(1):
                name, value = ip[:2]
                if name not in names:
                    continue
                l = result.get(name, [])
                if l:
                    # no acquiring above this point
                    if type(l[-1]['roles']) == types.TupleType:
                        continue
                d = rolesForPermission(obj, name, value)
                if d['roles'] != []:
                    result.setdefault(name, []).append(d)
        l = result.items()
        l.sort()
        return l

    security.declareProtected(Perm.ADMIN_ONLY, 'manage_view_access')
    manage_view_access = _DTML('manage_view_access', globals())

def gather_permissions(klass, result, seen):
    for p in klass.__ac_permissions__:
        if type(p[1]) not in (type(()), type([])):
            l = [p[1]]
        else:
            l = p[1]
        for on in l:
            if seen.has_key(on):
                continue
            result.append((on, {'perm': p[0], 'from':
                '%s.%s'%(klass.__module__, klass.__name__)}))
            seen[on] = None

    for base in klass.__bases__:
        if base.__dict__.has_key('__ac_permissions__'):
            gather_permissions(base, result, seen)
    return result

def rolesForPermission(obj, name, value):
    p=Permission(name, value, obj)
    roles=p.getRoles(default=[])
    return {
        'from': obj.getId() or '*default*',
        'roles': roles,
    }

InitializeClass(MangeViewAccess)