[Checkins] SVN: z3ext.security/trunk/ Added 'getPrincipalsForPermission' to IExtendedGrantInfo interface
Nikolay Kim
fafhrd at datacom.kz
Mon Jan 12 00:04:16 EST 2009
Log message for revision 94691:
Added 'getPrincipalsForPermission' to IExtendedGrantInfo interface
Changed:
U z3ext.security/trunk/CHANGES.txt
U z3ext.security/trunk/src/z3ext/security/grantinfo.py
U z3ext.security/trunk/src/z3ext/security/grantinfo.txt
U z3ext.security/trunk/src/z3ext/security/interfaces.py
-=-
Modified: z3ext.security/trunk/CHANGES.txt
===================================================================
--- z3ext.security/trunk/CHANGES.txt 2009-01-11 17:24:09 UTC (rev 94690)
+++ z3ext.security/trunk/CHANGES.txt 2009-01-12 05:04:15 UTC (rev 94691)
@@ -2,6 +2,12 @@
CHANGES
=======
+1.2.3 (2009-01-??)
+------------------
+
+- Added 'getPrincipalsForPermission' to IExtendedGrantInfo interface
+
+
1.2.2 (2009-01-09)
------------------
Modified: z3ext.security/trunk/src/z3ext/security/grantinfo.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/grantinfo.py 2009-01-11 17:24:09 UTC (rev 94690)
+++ z3ext.security/trunk/src/z3ext/security/grantinfo.py 2009-01-12 05:04:15 UTC (rev 94691)
@@ -19,13 +19,18 @@
from zope import interface, component
from zope.component import getAdapters
from zope.security.proxy import removeSecurityProxy
+from zope.securitypolicy.interfaces import Unset
from zope.securitypolicy.interfaces import IPrincipalRoleMap
from zope.securitypolicy.interfaces import IRolePermissionMap
+from zope.securitypolicy.interfaces import IPrincipalPermissionMap
from zope.securitypolicy.principalrole import principalRoleManager
globalPrincipalsForRole = principalRoleManager.getPrincipalsForRole
+from zope.securitypolicy.principalpermission import principalPermissionManager
+globalPrincipalPermission = principalPermissionManager.getPrincipalsForPermission
+
from interfaces import IExtendedGrantInfo
from securitypolicy import globalRolesForPrincipal, globalRolesForPermission
@@ -102,3 +107,25 @@
principals[principal] = setting
return principals.items()
+
+ def getPrincipalsForPermission(self, permission):
+ context = removeSecurityProxy(self.context)
+
+ principals = {}
+ for name, prinper in getAdapters((context,), IPrincipalPermissionMap):
+ for principal, setting in prinper.getPrincipalsForPermission(permission):
+ if principal not in principals:
+ principals[principal] = setting
+
+ parent = getattr(context, '__parent__', None)
+ if parent is None:
+ for principal, setting in globalPrincipalPermission(permission):
+ if principal not in principals:
+ principals[principal] = setting
+ else:
+ info = IExtendedGrantInfo(parent)
+ for principal, setting in info.getPrincipalsForPermission(permission):
+ if principal not in principals:
+ principals[principal] = setting
+
+ return principals.items()
Modified: z3ext.security/trunk/src/z3ext/security/grantinfo.txt
===================================================================
--- z3ext.security/trunk/src/z3ext/security/grantinfo.txt 2009-01-11 17:24:09 UTC (rev 94690)
+++ z3ext.security/trunk/src/z3ext/security/grantinfo.txt 2009-01-12 05:04:15 UTC (rev 94691)
@@ -51,6 +51,10 @@
>>> grantinfo.getRolesForPermission('P1')
[]
+
+getRolesForPermission
+---------------------
+
This is standard behaviour:
>>> roleper = interfaces.IRolePermissionManager(ob3)
@@ -92,7 +96,15 @@
>>> grantinfo.getRolesForPermission('P1')
[('role3', PermissionSetting: Deny)]
+global RolesForPermission
+ >>> from zope.securitypolicy.rolepermission import rolePermissionManager
+ >>> rolePermissionManager.grantPermissionToRole('P1', 'role4', False)
+
+ >>> grantinfo.getRolesForPermission('P1')
+ [('role4', PermissionSetting: Allow), ('role3', PermissionSetting: Deny)]
+
+
getRolesForPrincipal
--------------------
@@ -150,3 +162,20 @@
>>> grantinfo.getPrincipalsForRole('role1')
[('bob', PermissionSetting: Allow), ('bob2', PermissionSetting: Allow), ('bob1', PermissionSetting: Allow)]
+
+
+getPrincipalsForPermission
+--------------------------
+
+ >>> from zope.securitypolicy.interfaces import IPrincipalPermissionManager
+ >>> from zope.securitypolicy.principalpermission import principalPermissionManager
+
+ >>> principalPermissionManager.grantPermissionToPrincipal('perm1', 'user1', False)
+
+ >>> grantinfo = IExtendedGrantInfo(ob3)
+ >>> grantinfo.getPrincipalsForPermission('perm1')
+ [('user1', PermissionSetting: Allow)]
+
+ >>> IPrincipalPermissionManager(ob2).denyPermissionToPrincipal('perm1', 'user1')
+ >>> grantinfo.getPrincipalsForPermission('perm1')
+ [('user1', PermissionSetting: Deny)]
Modified: z3ext.security/trunk/src/z3ext/security/interfaces.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/interfaces.py 2009-01-11 17:24:09 UTC (rev 94690)
+++ z3ext.security/trunk/src/z3ext/security/interfaces.py 2009-01-12 05:04:15 UTC (rev 94691)
@@ -38,3 +38,6 @@
def getPrincipalsForRole(role_id):
""" Get the principals that have been granted a role. """
+
+ def getPrincipalsForPermission(permission):
+ """ Get principals for permission """
More information about the Checkins
mailing list