[Checkins] SVN: zope.app.securitypolicy/trunk/ - Moved the following views to `zope.app.authentication` to inverse
Michael Howitz
mh at gocept.com
Sat Sep 25 05:05:05 EDT 2010
Log message for revision 116802:
- Moved the following views to `zope.app.authentication` to inverse
dependency between these two packages, as `zope.app.securitypolicy` is
deprecated in ZTK 1.0 (leaving BBB imports in place):
- ``@@grant.html``
- ``@@AllRolePermissions.html``
- ``@@RolePermissions.html``
- ``@@RolesWithPermission.html``
Changed:
U zope.app.securitypolicy/trunk/CHANGES.txt
U zope.app.securitypolicy/trunk/setup.py
U zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/configure.zcml
D zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.pt
U zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.py
D zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.txt
D zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_access.pt
D zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_permissionform.pt
D zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_roleform.pt
U zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/rolepermissionview.py
D zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/rolepermissionmanager.py
D zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/test_granting.py
D zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/test_rolepermissionview.py
-=-
Modified: zope.app.securitypolicy/trunk/CHANGES.txt
===================================================================
--- zope.app.securitypolicy/trunk/CHANGES.txt 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/CHANGES.txt 2010-09-25 09:05:05 UTC (rev 116802)
@@ -2,13 +2,22 @@
CHANGES
=======
-3.5.3 (unreleased)
+3.6.0 (unreleased)
------------------
- LP: #161906: Remove superfluous "helpful" message. Improve wording of of the
relation between roles and permissions in the manage_permissionform.
+- Moved the following views to `zope.app.authentication` to inverse
+ dependency between these two packages, as `zope.app.securitypolicy` is
+ deprecated in ZTK 1.0 (leaving BBB imports in place):
+ - ``@@grant.html``
+ - ``@@AllRolePermissions.html``
+ - ``@@RolePermissions.html``
+ - ``@@RolesWithPermission.html``
+
+
3.5.2 (2010-01-08)
------------------
Modified: zope.app.securitypolicy/trunk/setup.py
===================================================================
--- zope.app.securitypolicy/trunk/setup.py 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/setup.py 2010-09-25 09:05:05 UTC (rev 116802)
@@ -29,7 +29,7 @@
return open(os.path.join(os.path.dirname(__file__), *rnames)).read()
setup(name='zope.app.securitypolicy',
- version = '3.5.3dev',
+ version = '3.6.0dev',
author='Zope Corporation and Contributors',
author_email='zope-dev at zope.org',
description="ZMI-based management views for zope.securitypolicy",
@@ -54,16 +54,20 @@
packages=find_packages('src'),
package_dir = {'': 'src'},
namespace_packages=['zope', 'zope.app'],
- extras_require = dict(test=['zope.app.testing',
- 'zope.app.zcmlfiles',
- 'zope.login',
- 'zope.publisher >= 3.12',
- ]),
+ extras_require = dict(
+ test=[
+ 'zope.app.testing',
+ 'zope.app.zcmlfiles',
+ 'zope.login',
+ 'zope.publisher >= 3.12',
+ 'zope.testing >= 3.8',
+ ]),
install_requires=['setuptools',
'zope.annotation',
- 'zope.browser',
+ 'zope.app.authentication',
'zope.app.form',
'zope.app.security',
+ 'zope.browser',
'zope.component [hook]',
'zope.configuration',
'zope.exceptions',
Modified: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/configure.zcml
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/configure.zcml 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/configure.zcml 2010-09-25 09:05:05 UTC (rev 116802)
@@ -3,16 +3,6 @@
xmlns="http://namespaces.zope.org/browser"
i18n_domain="zope">
-<!-- RadioWidget for build a matrix for granting permissions -->
- <zope:view
- type="zope.publisher.interfaces.browser.IBrowserRequest"
- for="zope.schema.interfaces.IChoice
- zope.securitypolicy.interfaces.IGrantVocabulary"
- provides="zope.app.form.interfaces.IInputWidget"
- factory="zope.app.securitypolicy.browser.granting.GrantWidget"
- permission="zope.Public"
- />
-
<!-- Role Utility -->
<addform
@@ -45,52 +35,9 @@
/>
<!-- Role Permissions -->
-
- <!-- Note that we've moved this to the site manager! -->
- <!-- The role-permission mapping is really the domain of programmers -->
-
- <pages
- for="zope.app.component.interfaces.ILocalSiteManager"
- permission="zope.Security"
- class=".rolepermissionview.RolePermissionView">
- <page
- name="AllRolePermissions.html"
- template="manage_access.pt"
- menu="zmi_actions" title="Role-Permissions"
- />
- <!-- menu="zmi_actions" title="Role Permissions" / -->
- <page
- name="RolePermissions.html"
- template="manage_roleform.pt"
- />
- <page
- name="RolesWithPermission.html"
- template="manage_permissionform.pt"
- />
- </pages>
-
- <zope:class class=".rolepermissionview.PermissionRoles">
- <zope:require
- permission="zope.Security"
- attributes="roles rolesInfo id title description" />
- </zope:class>
-
- <zope:class class=".rolepermissionview.RolePermissions">
- <zope:require
- permission="zope.Security"
- attributes="permissions permissionsInfo id title description" />
- </zope:class>
-
+<!-- RadioWidget for build a matrix for granting permissions -->
<!-- Granting Roles and Permissions to Principals -->
- <page
- for="zope.annotation.interfaces.IAnnotatable"
- name="grant.html"
- permission="zope.Security"
- template="granting.pt"
- class=".granting.Granting"
- menu="zmi_actions" title="Grant"
- />
+ <include package="zope.app.authentication.browser" file="grant.zcml" />
-
</zope:configure>
Deleted: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.pt
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.pt 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.pt 2010-09-25 09:05:05 UTC (rev 116802)
@@ -1,85 +0,0 @@
-<html metal:use-macro="context/@@standard_macros/page"
- i18n:domain="zope">
-<body>
-<div metal:fill-slot="body" i18n:domain="zope">
- <h2 i18n:translate="">Granting Roles and Permissions to Principals</h2>
- <p tal:define="status view/status"
- tal:condition="status"
- tal:content="status" i18n:translate=""/>
-
-
-
- <form action="" method="POST">
-
- <div tal:content="structure view/principal_widget">...</div>
-
- <div tal:condition="view/principal">
-
- <h2 i18n:translate="">Grants for the selected principal</h2>
- <input type="submit" name="GRANT_SUBMIT" value="Change"
- i18n:attributes="value grant-submit" />
-
- <table width="100%" border="0">
- <tr>
- <td valign="top">
- <table class="matrix">
- <tr>
- <td i18n:translate=""><strong>Roles</strong> </td>
- <td i18n:translate=""><strong>Allow</strong> </td>
- <td i18n:translate=""><strong>Unset</strong> </td>
- <td i18n:translate=""><strong>Deny</strong> </td>
- </tr>
- <tr tal:repeat="widget view/roles">
- <td valign="top" nowrap>
- <div class="label">
- <label for="field.name" title="The widget's hint"
- tal:attributes="for widget/name; title widget/hint"
- tal:content="widget/label"
- i18n:translate="">The Label</label>
- </div>
- </td>
- <tal:block tal:content="structure widget">
- roles widget
- </tal:block>
- </tr>
- <tr>
- <td colspan="2"><a href="#top" i18n:translate="">^ top</a></td>
- </tr>
- </table>
- </td>
- <td valign="top">
- <table class="matrix">
- <tr>
- <td i18n:translate=""><strong>Permissions</strong> </td>
- <td i18n:translate=""><strong>Allow</strong> </td>
- <td i18n:translate=""><strong>Unset</strong> </td>
- <td i18n:translate=""><strong>Deny</strong> </td>
- </tr>
- <tr tal:repeat="widget view/permissions">
- <td valign="top" nowrap>
- <div class="label">
- <label for="field.name" title="The widget's hint"
- tal:attributes="for widget/name; title widget/hint"
- tal:content="widget/label"
- i18n:translate="">The Label</label>
- </div>
- </td>
- <tal:block tal:content="structure widget">
- permission widget
- </tal:block>
- </tr>
- <tr>
- <td colspan="2"><a href="#top" i18n:translate="">^ top</a></td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- <input type="submit" name="GRANT_SUBMIT" value="Change"
- i18n:attributes="value grant-submit" />
-
- </div>
- </form>
-</div>
-</body>
-</html>
Modified: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.py
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.py 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.py 2010-09-25 09:05:05 UTC (rev 116802)
@@ -11,231 +11,8 @@
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
-"""Granting Roles and Permissions to Principals
+"""Granting Roles and Permissions to Principals"""
-$Id$
-"""
-__docformat__ = "reStructuredText"
-
-import zope.schema
-from zope.component import getUtilitiesFor
-from zope.schema.vocabulary import SimpleTerm
-from zope.i18nmessageid import ZopeMessageFactory as _
-from zope.securitypolicy.interfaces import Allow, Unset, Deny
-from zope.securitypolicy.interfaces import IPrincipalPermissionManager
-from zope.securitypolicy.interfaces import IPrincipalRoleManager
-from zope.securitypolicy.interfaces import IRole
-from zope.securitypolicy.vocabulary import GrantVocabulary
-
-from zope.authentication.principal import PrincipalSource
-from zope.app.form.utility import setUpWidget
-from zope.app.form.browser import RadioWidget
-from zope.app.form.browser.widget import renderElement
-from zope.app.form.interfaces import MissingInputError
-from zope.app.form.interfaces import IInputWidget
-from zope.security.interfaces import IPermission
-
-
-settings_vocabulary = GrantVocabulary(
- [SimpleTerm(Allow, token="allow", title=_('Allow')),
- SimpleTerm(Unset, token="unset", title=_('Unset')),
- SimpleTerm(Deny, token='deny', title=_('Deny')),
- ])
-
-
-class GrantWidget(RadioWidget):
- """Grant widget for building a colorized matrix.
-
- The matrix shows anytime the status if you edit the radio widgets.
- This special widget shows the radio input field without labels.
- The labels are added in the header of the table. The order of the radio
- input fields is 'Allowed', 'Unset', 'Deny'.
-
- """
- orientation = "horizontal"
- _tdTemplate = (
- u'\n<td class="%s">\n<center>\n<label for="%s" title="%s">\n'
- u'%s\n</label>\n</center>\n</td>\n'
- )
-
- def __call__(self):
- """See IBrowserWidget."""
- value = self._getFormValue()
- contents = []
- have_results = False
-
- return self.renderValue(value)
-
-
- def renderItem(self, index, text, value, name, cssClass):
- """Render an item of the list.
-
- Revert the order of label and text. Added field id to the lable
- attribute.
-
- Added tabel td tags for fit in the matrix table.
-
- """
-
- tdClass = ''
- id = '%s.%s' % (name, index)
- elem = renderElement(u'input',
- value=value,
- name=name,
- id=id,
- cssClass=cssClass,
- type='radio',
- extra = 'onclick="changeMatrix(this);"')
- return self._tdTemplate % (tdClass, id, text, elem)
-
- def renderSelectedItem(self, index, text, value, name, cssClass):
- """Render a selected item of the list.
-
- Revert the order of label and text. Added field id to the lable
- attribute.
- """
-
- tdClass = 'default'
- id = '%s.%s' % (name, index)
- elem = renderElement(u'input',
- value=value,
- name=name,
- id=id,
- cssClass=cssClass,
- checked="checked",
- type='radio',
- extra = 'onclick="changeMatrix(this);"')
- return self._tdTemplate % (tdClass, id, text, elem)
-
- def renderItems(self, value):
- # check if we want to select first item, the previously selected item
- # or the "no value" item.
- no_value = None
- if (value == self.context.missing_value
- and getattr(self, 'firstItem', False)
- and len(self.vocabulary) > 0):
- if self.context.required:
- # Grab the first item from the iterator:
- values = [iter(self.vocabulary).next().value]
- else:
- # the "no value" option will be checked
- no_value = 'checked'
- elif value != self.context.missing_value:
- values = [value]
- else:
- values = []
-
- items = self.renderItemsWithValues(values)
- return items
-
- def renderValue(self, value):
- rendered_items = self.renderItems(value)
- return " ".join(rendered_items)
-
-
-
-class Granting(object):
-
- principal = None
-
- principal_field = zope.schema.Choice(
- __name__ = 'principal',
- source=PrincipalSource(),
- required=True)
-
- def __init__(self, context, request):
- self.context = context
- self.request = request
-
- def status(self):
- setUpWidget(self, 'principal', self.principal_field, IInputWidget)
- if not self.principal_widget.hasInput():
- return u''
- try:
- principal = self.principal_widget.getInputValue()
- except MissingInputError:
- return u''
-
- self.principal = principal
-
- # Make sure we can use the principal id in a form by base64ing it
- principal_token = unicode(principal).encode('base64').strip().replace(
- '=', '_')
-
- roles = [role for name, role in getUtilitiesFor(IRole)]
- roles.sort(lambda x, y: cmp(x.title, y.title))
- principal_roles = IPrincipalRoleManager(self.context)
-
- self.roles = []
- for role in roles:
- name = principal_token + '.role.'+role.id
- field = zope.schema.Choice(__name__= name,
- title=role.title,
- vocabulary=settings_vocabulary)
- setUpWidget(self, name, field, IInputWidget,
- principal_roles.getSetting(role.id, principal))
- self.roles.append(getattr(self, name+'_widget'))
-
- perms = [perm for name, perm in getUtilitiesFor(IPermission)]
- perms.sort(lambda x, y: cmp(x.title, y.title))
- principal_perms = IPrincipalPermissionManager(self.context)
-
- self.permissions = []
- for perm in perms:
- if perm.id == 'zope.Public':
- continue
- name = principal_token + '.permission.'+perm.id
- field = zope.schema.Choice(__name__=name,
- title=perm.title,
- vocabulary=settings_vocabulary)
- setUpWidget(self, name, field, IInputWidget,
- principal_perms.getSetting(perm.id, principal))
- self.permissions.append(
- getattr(self, name+'_widget'))
-
- if 'GRANT_SUBMIT' not in self.request:
- return u''
-
- for role in roles:
- name = principal_token + '.role.'+role.id
- role_widget = getattr(self, name+'_widget')
- if role_widget.hasInput():
- try:
- setting = role_widget.getInputValue()
- except MissingInputError:
- pass
- else:
- # Arrgh!
- if setting is Allow:
- principal_roles.assignRoleToPrincipal(
- role.id, principal)
- elif setting is Deny:
- principal_roles.removeRoleFromPrincipal(
- role.id, principal)
- else:
- principal_roles.unsetRoleForPrincipal(
- role.id, principal)
-
- for perm in perms:
- if perm.id == 'zope.Public':
- continue
- name = principal_token + '.permission.'+perm.id
- perm_widget = getattr(self, name+'_widget')
- if perm_widget.hasInput():
- try:
- setting = perm_widget.getInputValue()
- except MissingInputError:
- pass
- else:
- # Arrgh!
- if setting is Allow:
- principal_perms.grantPermissionToPrincipal(
- perm.id, principal)
- elif setting is Deny:
- principal_perms.denyPermissionToPrincipal(
- perm.id, principal)
- else:
- principal_perms.unsetPermissionForPrincipal(
- perm.id, principal)
-
- return _('Grants updated.')
+# BBB imports
+from zope.app.authentication.browser.granting import (
+ settings_vocabulary, GrantWidget, Granting)
Deleted: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.txt
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.txt 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/granting.txt 2010-09-25 09:05:05 UTC (rev 116802)
@@ -1,203 +0,0 @@
-Granting View
-=============
-
-The granting view allows the user to grant permissions and roles to
-principals. The view unfortunately depends on a lot of other components:
-
- - Roles
-
- >>> from zope.app.testing import ztapi
- >>> from zope.securitypolicy.role import Role
- >>> from zope.securitypolicy.interfaces import IRole
- >>> ztapi.provideUtility(IRole, Role(u'role1', u'Role 1'), u'role1')
- >>> ztapi.provideUtility(IRole, Role(u'role2', u'Role 2'), u'role2')
- >>> ztapi.provideUtility(IRole, Role(u'role3', u'Role 3'), u'role3')
-
- - Permissions
-
- >>> from zope.security.permission import Permission
- >>> from zope.security.interfaces import IPermission
- >>> ztapi.provideUtility(IPermission, Permission(u'permission1',
- ... u'Permission 1'), u'permission1')
- >>> ztapi.provideUtility(IPermission, Permission(u'permission2',
- ... u'Permission 2'), u'permission2')
- >>> ztapi.provideUtility(IPermission, Permission(u'permission3',
- ... u'Permission 3'), u'permission3')
-
- - Authentication Utility
-
- >>> class Principal:
- ... def __init__(self, id, title): self.id, self.title = id, title
-
- >>> from zope.app.security.interfaces import IAuthentication
- >>> from zope.app.security.interfaces import PrincipalLookupError
- >>> from zope.interface import implements
- >>> class AuthUtility:
- ... implements(IAuthentication)
- ... data = {'jim': Principal('jim', 'Jim Fulton'),
- ... 'stephan': Principal('stephan', 'Stephan Richter')}
- ...
- ... def getPrincipal(self, id):
- ... try:
- ... return self.data.get(id)
- ... except KeyError:
- ... raise PrincipalLookupError(id)
- ...
- ... def getPrincipals(self, search):
- ... return [principal
- ... for principal in self.data.values()
- ... if search in principal.title]
-
- >>> ztapi.provideUtility(IAuthentication, AuthUtility())
-
- - Security-related Adapters
-
- >>> from zope.annotation.interfaces import IAnnotatable
- >>> from zope.securitypolicy.interfaces import IPrincipalRoleManager
- >>> from zope.securitypolicy.principalrole import \
- ... AnnotationPrincipalRoleManager
-
- >>> ztapi.provideAdapter(IAnnotatable, IPrincipalRoleManager,
- ... AnnotationPrincipalRoleManager)
-
- >>> from zope.securitypolicy.interfaces import \
- ... IPrincipalPermissionManager
- >>> from zope.securitypolicy.principalpermission import \
- ... AnnotationPrincipalPermissionManager
-
- >>> ztapi.provideAdapter(IAnnotatable, IPrincipalPermissionManager,
- ... AnnotationPrincipalPermissionManager)
-
- - Vocabulary Choice Widgets
-
- >>> from zope.schema.interfaces import IChoice
- >>> from zope.app.form.browser import ChoiceInputWidget
- >>> from zope.app.form.interfaces import IInputWidget
- >>> ztapi.browserViewProviding(IChoice, ChoiceInputWidget, IInputWidget)
-
- >>> from zope.schema.interfaces import IVocabularyTokenized
- >>> from zope.publisher.interfaces.browser import IBrowserRequest
- >>> from zope.app.form.browser import DropdownWidget
- >>> ztapi.provideMultiView((IChoice, IVocabularyTokenized),
- ... IBrowserRequest, IInputWidget, '',
- ... DropdownWidget)
-
- - Support Views for the Principal Source Widget
-
- >>> from zope.app.security.interfaces import IPrincipalSource
- >>> from zope.app.security.browser.principalterms import PrincipalTerms
- >>> from zope.browser.interfaces import ITerms
- >>> ztapi.browserViewProviding(IPrincipalSource, PrincipalTerms, ITerms)
-
- >>> from zope.app.security.browser.auth import AuthUtilitySearchView
- >>> from zope.app.form.browser.interfaces import ISourceQueryView
- >>> ztapi.browserViewProviding(IAuthentication,
- ... AuthUtilitySearchView,
- ... ISourceQueryView)
-
-
- >>> from zope.schema.interfaces import ISource
- >>> from zope.app.form.browser.source import SourceInputWidget
- >>> ztapi.provideMultiView((IChoice, ISource), IBrowserRequest,
- ... IInputWidget, '', SourceInputWidget)
-
- - Attribute Annotatable Adapter
-
- >>> from zope.app.testing import setup
- >>> setup.setUpAnnotations()
- >>> setup.setUpSiteManagerLookup()
-
- - Content Object
-
- >>> from zope.annotation.interfaces import IAttributeAnnotatable
- >>> class Content:
- ... implements(IAttributeAnnotatable)
- ... __annotations__ = {}
-
- (This is Jim's understanding of a "easy" setup!)
-
-Now that we have all the components we need, let's create *the* view.
-
- >>> ob = Content()
- >>> from zope.publisher.browser import TestRequest
- >>> request = TestRequest()
-
- >>> from zope.app.securitypolicy.browser.granting import Granting
- >>> view = Granting(ob, request)
-
-If we call status, we get nothing and the view's principal attribute is `None`:
-
- >>> view.status()
- u''
- >>> view.principal
-
-Since we have not selected a principal, we have no role or permission widgets:
-
- >>> getattr(view, 'roles', None)
- >>> getattr(view, 'permissions', None)
-
-Now that we have a selected principal, then
-
-
- >>> view.request.form['field.principal.displayed'] = 'y'
- >>> view.request.form['field.principal'] = 'amlt'
-
-(Yes, 'amlt' is the base 64 code for 'jim'.)
-
- >>> view.status()
- u''
-
-and now the `view.principal` is set:
-
- >>> view.principal
- 'jim'
-
-Now we should have a list of role and permission widgets, and all of them
-should be unset, because do not have any settings for 'jim'.
-
- >>> [role.context.title for role in view.roles]
- [u'Role 1', u'Role 2', u'Role 3']
- >>> [perm.context.title for perm in view.permissions]
- [u'Permission 1', u'Permission 2', u'Permission 3']
-
-Now we change some settings and submit the form:
-
- >>> from zope.securitypolicy.interfaces import Allow, Deny, Unset
-
- >>> view.request.form['field.amlt.role.role1'] = 'unset'
- >>> view.request.form['field.amlt.role.role1-empty-makrer'] = 1
- >>> view.request.form['field.amlt.role.role2'] = 'allow'
- >>> view.request.form['field.amlt.role.role2-empty-makrer'] = 1
- >>> view.request.form['field.amlt.role.role3'] = 'deny'
- >>> view.request.form['field.amlt.role.role3-empty-makrer'] = 1
-
- >>> view.request.form['field.amlt.permission.permission1'] = 'unset'
- >>> view.request.form['field.amlt.permission.permission1-empty-makrer'] = 1
- >>> view.request.form['field.amlt.permission.permission2'] = 'allow'
- >>> view.request.form['field.amlt.permission.permission2-empty-makrer'] = 1
- >>> view.request.form['field.amlt.permission.permission3'] = 'deny'
- >>> view.request.form['field.amlt.permission.permission3-empty-makrer'] = 1
-
- >>> view.request.form['GRANT_SUBMIT'] = 'Submit'
-
-If we get the status now, the data should be written and a status message
-should be returned:
-
- >>> view.status()
- u'Grants updated.'
-
- >>> roles = IPrincipalRoleManager(ob)
- >>> roles.getSetting('role1', 'jim') is Unset
- True
- >>> roles.getSetting('role2', 'jim') is Allow
- True
- >>> roles.getSetting('role3', 'jim') is Deny
- True
-
- >>> roles = IPrincipalPermissionManager(ob)
- >>> roles.getSetting('permission1', 'jim') is Unset
- True
- >>> roles.getSetting('permission2', 'jim') is Allow
- True
- >>> roles.getSetting('permission3', 'jim') is Deny
- True
Deleted: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_access.pt
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_access.pt 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_access.pt 2010-09-25 09:05:05 UTC (rev 116802)
@@ -1,94 +0,0 @@
-<html metal:use-macro="context/@@standard_macros/dialog" i18n:domain="zope">
-<head>
- <tal:block
- metal:fill-slot="headers"
- tal:define="global pagetip view/pagetip"
- />
-</head>
-<body>
-<div metal:fill-slot="body">
-
- <p tal:define="status view/update"
- tal:condition="status"
- tal:content="status" i18n:translate=""/>
-
- <form action="AllRolePermissions.html" method="POST">
-
- <table width="100%" cellspacing="0" cellpadding="2" border="0"
- nowrap="nowrap">
-
- <tr class="list-header">
- <td align="left" valign="top">
- <div class="form-label">
- <strong i18n:translate="">Permission</strong>
- </div>
- </td>
- <td align="left">
- <div class="form-label">
- <strong i18n:translate="">Roles</strong>
- </div>
- </td>
- </tr>
-
- <tr class="row-normal">
- <td></td>
- <td align="center" tal:repeat="role view/roles">
- <div class="list-item">
- <a href="RolePermissions.html"
- tal:attributes="
- href string:RolePermissions.html?role_to_manage=${role/id}"
- tal:content="role/title" i18n:translate="">Anonymous</a>
- <input type="hidden" name="r0" value=""
- tal:attributes="
- name string:r${repeat/role/index};
- value string:${role/id}" />
-
- </div>
- </td>
- </tr>
-
- <tbody tal:repeat="perm view/permissionRoles">
- <tr class="row-normal"
- tal:attributes="class
- python:path('repeat/perm/even') and 'row-normal' or 'row-hilite'">
- <td align="left" nowrap="nowrap">
- <div class="list-item">
- <a href="RolesWithPermission.html"
- tal:attributes="href
- string:RolesWithPermission.html?permission_to_manage=${perm/id}"
- tal:content="perm/title"
- i18n:translate="">Access Transient Objects</a>
- <input type="hidden" name="r0" value=""
- tal:attributes="
- name string:p${repeat/perm/index};
- value string:${perm/id}" />
- </div>
- </td>
- <td align="center" tal:repeat="setting perm/roleSettings">
- <select name="p0r0"
- tal:attributes="name
- string:p${repeat/perm/index}r${repeat/setting/index}">
- <option value="Unset"
- tal:repeat="option view/availableSettings"
- tal:attributes="value option/id;
- selected python:setting == option['id']"
- tal:content="option/shorttitle">+</option>
- </select>
- </td>
- </tr>
- </tbody>
-
- <tr>
- <td colspan="5" align="left">
- <div class="form-element">
- <input class="form-element" type="submit" name="SUBMIT"
- value="Save Changes" i18n:attributes="value" />
- </div>
- </td>
- </tr>
- </table>
- </form>
-
-</div>
-</body>
-</html>
Deleted: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_permissionform.pt
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_permissionform.pt 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_permissionform.pt 2010-09-25 09:05:05 UTC (rev 116802)
@@ -1,92 +0,0 @@
-<html metal:use-macro="context/@@standard_macros/page"
- i18n:domain="zope">
-<head>
- <style metal:fill-slot="headers" type="text/css">
- <!--
- .row-normal {
- background-color: #ffffff;
- border: none;
- }
-
- .row-hilite {
- background-color: #efefef;
- border: none;
- }
- -->
- </style>
-</head>
-<body>
-<div metal:fill-slot="body">
-
- <p tal:define="status view/update"
- tal:condition="status"
- tal:content="status" />
-
- <div tal:define="perm
- python:view.permissionForID(request.get('permission_to_manage'))">
-
- <p class="form-text" i18n:translate="">
- Roles which are granted the permission
- <strong tal:content="perm/title"
- i18n:name="perm_title" i18n:translate="">Change DTML Methods</strong>
- (id: <strong tal:content="perm/id"
- i18n:name="perm_id">Zope.Some.Permission</strong>)
- </p>
-
- <form action="AllRolePermissions.html" method="post">
-
- <input type="hidden" name="permission_id" value="Permission Name"
- tal:attributes="value perm/id" />
-
- <div class="form-element">
-
- <table width="100%" cellspacing="0" cellpadding="2" border="0"
- nowrap="nowrap">
-
- <tr class="list-header">
- <td align="left" valign="top">
- <div class="form-label">
- <strong i18n:translate="">Role</strong>
- </div>
- </td>
- <td align="left">
- <div class="form-label">
- <strong i18n:translate="">Setting</strong>
- </div>
- </td>
- </tr>
-
- <tr class="row-normal"
- tal:repeat="setting perm/roleSettings"
- tal:attributes="class
- python:path('repeat/setting/even') and 'row-normal' or 'row-hilite'">
- <td align="left" valign="top"
- tal:define="ir repeat/setting/index"
- tal:content="python:path('view/roles')[ir].id">
- Manager
- </td>
- <td>
- <select name="settings:list">
- <option value="Unset"
- tal:repeat="option view/availableSettings"
- tal:attributes="value option/id;
- selected python:setting == option['id']"
- tal:content="option/shorttitle"
- i18n:translate="">+</option>
- </select>
- </td>
- </tr>
- </table>
-
- </div>
-
- <div class="form-element">
- <input class="form-element" type="submit" name="SUBMIT_PERMS"
- value="Save Changes" i18n:attributes="value save-changes-button"/>
- </div>
- </form>
-
- </div>
-</div>
-</body>
-</html>
Deleted: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_roleform.pt
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_roleform.pt 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/manage_roleform.pt 2010-09-25 09:05:05 UTC (rev 116802)
@@ -1,76 +0,0 @@
-<html metal:use-macro="context/@@standard_macros/page"
- i18n:domain="zope">
-<body>
-<div metal:fill-slot="body">
-
- <p tal:define="status view/update"
- tal:condition="status"
- tal:content="status" i18n:translate=""/>
-
-
- <div tal:define="role
- python:view.roleForID(request.get('role_to_manage'))" tal:omit-tag="">
-
- <p class="form-help" i18n:translate="">
- This page shows the permissions allowed and denied the role
- <strong tal:content="role/title"
- i18n:name="role_title"
- i18n:translate="">Great Master Guru</strong>
- (id: <strong tal:content="role/id"
- i18n:name="role_id">Zope.Some.Role</strong>).
- To change settings, simply select different permissions in the
- Allow or Deny lists. Make sure you don't select the same
- permission in both lists though.
- </p>
-
-
- <form action="AllRolePermissions.html" method="POST">
- <input type="hidden" name="role_id" value="Role ID"
- tal:attributes="value role/id" />
-
- <table width="100%" cellspacing="0" cellpadding="2" border="0"
- nowrap="nowrap"
- tal:define="availableSettings
- python:view.availableSettings(noacquire=True)">
-
- <tr class="list-header">
- <td align="left" valign="top"
- tal:repeat="setting availableSettings">
- <div class="form-label">
- <strong tal:content="setting/title"
- i18n:translate="">Allow</strong>
- </div>
- </td>
- </tr>
-
- <tr>
- <td align="left" valign="top"
- tal:repeat="settinginfo availableSettings">
- <div class="form-element">
- <select name="Unset:list" multiple="multiple" size="20"
- tal:define="setting settinginfo/id"
- tal:attributes="name string:${setting}:list">
- <option tal:repeat="permissioninfo role/permissionsInfo"
- tal:content="permissioninfo/title"
- i18n:translate=""
- tal:attributes="selected
- python:path('permissioninfo/setting') == setting;
- value permissioninfo/id"
- >Sample Permission</option>
- </select>
- </div>
- </td>
- </tr>
- </table>
-
- <div class="form-element">
- <input class="form-element" type="submit" name="SUBMIT_ROLE"
- value="Save Changes" i18n:attributes="value save-changes-button"/>
- </div>
- </form>
-
- </div>
-
-</div>
-</body>
-</html>
Modified: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/rolepermissionview.py
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/rolepermissionview.py 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/rolepermissionview.py 2010-09-25 09:05:05 UTC (rev 116802)
@@ -11,230 +11,8 @@
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
-"""Role Permission View Classes
+"""Role Permission View Classes"""
-$Id$
-"""
-from datetime import datetime
-
-from zope.component import getUtilitiesFor, getUtility
-from zope.i18n import translate
-from zope.interface import implements
-from zope.exceptions.interfaces import UserError
-from zope.i18nmessageid import ZopeMessageFactory as _
-
-from zope.security.interfaces import IPermission
-from zope.securitypolicy.interfaces import Unset, Allow, Deny
-from zope.securitypolicy.interfaces import IRole, IRolePermissionManager
-
-class RolePermissionView(object):
-
- _pagetip = _("""For each permission you want to grant (or deny) to a role,
- set the entry for that permission and role to a '+' (or '-').
- Permissions are shown on the left side, going down.
- Roles are shown accross the top.
- """)
-
- def pagetip(self):
- return translate(self._pagetip, context=self.request)
-
- def roles(self):
- roles = getattr(self, '_roles', None)
- if roles is None:
- roles = [
- (translate(role.title, context=self.request).strip(), role)
- for name, role in getUtilitiesFor(IRole)]
- roles.sort()
- roles = self._roles = [role for name, role in roles]
- return roles
-
- def permissions(self):
- permissions = getattr(self, '_permissions', None)
- if permissions is None:
- permissions = [
- (translate(perm.title, context=self.request).strip(), perm)
- for name, perm in getUtilitiesFor(IPermission)
- if name != 'zope.Public']
- permissions.sort()
- permissions = self._permissions = [perm
- for name, perm in permissions]
-
- return permissions
-
- def availableSettings(self, noacquire=False):
- aq = {'id': Unset.getName(), 'shorttitle': ' ',
- 'title': _('permission-acquire', 'Acquire')}
- rest = [{'id': Allow.getName(), 'shorttitle': '+',
- 'title': _('permission-allow', 'Allow')},
- {'id': Deny.getName(), 'shorttitle': '-',
- 'title': _('permission-deny', 'Deny')},
- ]
- if noacquire:
- return rest
- else:
- return [aq]+rest
-
- def permissionRoles(self):
- context = self.context.__parent__
- roles = self.roles()
- return [PermissionRoles(permission, context, roles)
- for permission in self.permissions()]
-
- def permissionForID(self, pid):
- roles = self.roles()
- perm = getUtility(IPermission, pid)
- return PermissionRoles(perm, self.context.__parent__, roles)
-
- def roleForID(self, rid):
- permissions = self.permissions()
- role = getUtility(IRole, rid)
- return RolePermissions(role, self.context.__parent__, permissions)
-
-
- def update(self, testing=None):
- status = ''
- changed = False
-
- if 'SUBMIT' in self.request:
- roles = [r.id for r in self.roles()]
- permissions = [p.id for p in self.permissions()]
- prm = IRolePermissionManager(self.context.__parent__)
- for ip in range(len(permissions)):
- rperm = self.request.get("p%s" % ip)
- if rperm not in permissions: continue
- for ir in range(len(roles)):
- rrole = self.request.get("r%s" % ir)
- if rrole not in roles: continue
- setting = self.request.get("p%sr%s" % (ip, ir), None)
- if setting is not None:
- if setting == Unset.getName():
- prm.unsetPermissionFromRole(rperm, rrole)
- elif setting == Allow.getName():
- prm.grantPermissionToRole(rperm, rrole)
- elif setting == Deny.getName():
- prm.denyPermissionToRole(rperm, rrole)
- else:
- raise ValueError("Incorrect setting: %s" % setting)
- changed = True
-
- if 'SUBMIT_PERMS' in self.request:
- prm = IRolePermissionManager(self.context.__parent__)
- roles = self.roles()
- rperm = self.request.get('permission_id')
- settings = self.request.get('settings', ())
- for ir in range(len(roles)):
- rrole = roles[ir].id
- setting = settings[ir]
- if setting == Unset.getName():
- prm.unsetPermissionFromRole(rperm, rrole)
- elif setting == Allow.getName():
- prm.grantPermissionToRole(rperm, rrole)
- elif setting == Deny.getName():
- prm.denyPermissionToRole(rperm, rrole)
- else:
- raise ValueError("Incorrect setting: %s" % setting)
- changed = True
-
- if 'SUBMIT_ROLE' in self.request:
- role_id = self.request.get('role_id')
- prm = IRolePermissionManager(self.context.__parent__)
- allowed = self.request.get(Allow.getName(), ())
- denied = self.request.get(Deny.getName(), ())
- for permission in self.permissions():
- rperm = permission.id
- if rperm in allowed and rperm in denied:
- permission_translated = translate(
- permission.title, context=self.request)
- msg = _('You choose both allow and deny for permission'
- ' "${permission}". This is not allowed.',
- mapping = {'permission': permission_translated})
- raise UserError(msg)
- if rperm in allowed:
- prm.grantPermissionToRole(rperm, role_id)
- elif rperm in denied:
- prm.denyPermissionToRole(rperm, role_id)
- else:
- prm.unsetPermissionFromRole(rperm, role_id)
- changed = True
-
- if changed:
- formatter = self.request.locale.dates.getFormatter(
- 'dateTime', 'medium')
- status = _("Settings changed at ${date_time}",
- mapping={'date_time':
- formatter.format(datetime.utcnow())})
-
- return status
-
-
-class PermissionRoles(object):
-
- implements(IPermission)
-
- def __init__(self, permission, context, roles):
- self._permission = permission
- self._context = context
- self._roles = roles
-
- def _getId(self):
- return self._permission.id
-
- id = property(_getId)
-
- def _getTitle(self):
- return self._permission.title
-
- title = property(_getTitle)
-
- def _getDescription(self):
- return self._permission.description
-
- description = property(_getDescription)
-
- def roleSettings(self):
- """
- Returns the list of setting names of each role for this permission.
- """
- prm = IRolePermissionManager(self._context)
- proles = prm.getRolesForPermission(self._permission.id)
- settings = {}
- for role, setting in proles:
- settings[role] = setting.getName()
- nosetting = Unset.getName()
- return [settings.get(role.id, nosetting) for role in self._roles]
-
-class RolePermissions(object):
-
- implements(IRole)
-
- def __init__(self, role, context, permissions):
- self._role = role
- self._context = context
- self._permissions = permissions
-
- def _getId(self):
- return self._role.id
-
- id = property(_getId)
-
- def _getTitle(self):
- return self._role.title
-
- title = property(_getTitle)
-
- def _getDescription(self):
- return self._role.description
-
- description = property(_getDescription)
-
- def permissionsInfo(self):
- prm = IRolePermissionManager(self._context)
- rperms = prm.getPermissionsForRole(self._role.id)
- settings = {}
- for permission, setting in rperms:
- settings[permission] = setting.getName()
- nosetting = Unset.getName()
- return [{'id': permission.id,
- 'title': permission.title,
- 'setting': settings.get(permission.id, nosetting)}
- for permission in self._permissions]
+# BBB imports
+from zope.app.authentication.browser.rolepermissionview import (
+ RolePermissionView, PermissionRoles, RolePermissions)
Deleted: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/rolepermissionmanager.py
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/rolepermissionmanager.py 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/rolepermissionmanager.py 2010-09-25 09:05:05 UTC (rev 116802)
@@ -1,87 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Test IRolePermissionManager class that has no context.
-
-$Id$
-"""
-
-from zope.interface import implements
-from zope.securitypolicy.interfaces import Allow, Deny, Unset
-from zope.securitypolicy.interfaces import IRolePermissionManager
-from zope.securitypolicy.interfaces import IRolePermissionMap
-from zope.securitypolicy.securitymap import SecurityMap
-
-class RolePermissionManager(object):
- """
- provide adapter that manages role permission data in an object attribute
- """
-
- implements(IRolePermissionManager, IRolePermissionMap)
-
- def __init__(self):
- self._rp = SecurityMap()
-
- def grantPermissionToRole(self, permission_id, role_id):
- ''' See the interface IRolePermissionManager '''
- rp = self._getRolePermissions(create=1)
- rp.addCell(permission_id, role_id, Allow)
-
- def denyPermissionToRole(self, permission_id, role_id):
- ''' See the interface IRolePermissionManager '''
- rp = self._getRolePermissions(create=1)
- rp.addCell(permission_id, role_id, Deny)
-
- def unsetPermissionFromRole(self, permission_id, role_id):
- ''' See the interface IRolePermissionManager '''
- rp = self._getRolePermissions()
- # Only unset if there is a security map, otherwise, we're done
- if rp:
- rp.delCell(permission_id, role_id)
-
- def getRolesForPermission(self, permission_id):
- '''See interface IRolePermissionMap'''
- rp = self._getRolePermissions()
- if rp:
- return rp.getRow(permission_id)
- else:
- return []
-
- def getPermissionsForRole(self, role_id):
- '''See interface IRolePermissionMap'''
- rp = self._getRolePermissions()
- if rp:
- return rp.getCol(role_id)
- else:
- return []
-
- def getRolesAndPermissions(self):
- '''See interface IRolePermissionMap'''
- rp = self._getRolePermissions()
- if rp:
- return rp.getAllCells()
- else:
- return []
-
- def getSetting(self, permission_id, role_id):
- '''See interface IRolePermissionMap'''
- rp = self._getRolePermissions()
- if rp:
- return rp.queryCell(permission_id, role_id)
- else:
- return Unset
-
- def _getRolePermissions(self, create=0):
- """Get the role permission map stored in the context, optionally
- creating one if necessary"""
- return self._rp
Deleted: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/test_granting.py
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/test_granting.py 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/test_granting.py 2010-09-25 09:05:05 UTC (rev 116802)
@@ -1,32 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2004 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Security Policy Granting Views Tests
-
-$Id$
-"""
-__docformat__ = "reStructuredText"
-import unittest
-from zope.testing import doctest
-from zope.app.testing import placelesssetup
-
-def test_suite():
- return unittest.TestSuite((
- doctest.DocFileSuite('../granting.txt',
- setUp=placelesssetup.setUp,
- tearDown=placelesssetup.tearDown),
- ))
-
-if __name__ == '__main__':
- unittest.main(defaultTest='test_suite')
-
Deleted: zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/test_rolepermissionview.py
===================================================================
--- zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/test_rolepermissionview.py 2010-09-25 09:04:32 UTC (rev 116801)
+++ zope.app.securitypolicy/trunk/src/zope/app/securitypolicy/browser/tests/test_rolepermissionview.py 2010-09-25 09:05:05 UTC (rev 116802)
@@ -1,221 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Role-Permission View Tests
-
-$Id$
-"""
-import unittest
-
-import zope.interface
-from zope.i18n.interfaces import ITranslationDomain
-from zope.i18nmessageid import Message
-from zope.publisher.browser import TestRequest, BrowserView
-from zope.exceptions.interfaces import UserError
-from zope.security.permission import Permission
-from zope.security.interfaces import IPermission
-
-from zope.app.testing import ztapi
-from zope.app.component.testing import PlacefulSetup
-
-from zope.securitypolicy.role import Role
-from zope.securitypolicy.interfaces import IRole
-
-from zope.app.securitypolicy.browser.tests.rolepermissionmanager import \
- RolePermissionManager
-from zope.app.securitypolicy.browser.rolepermissionview import \
- RolePermissionView
-
-class RolePermissionView(RolePermissionView, BrowserView):
- """Adding BrowserView to Utilities; this is usually done by ZCML."""
-
-class TranslationDomain:
- zope.interface.implements(ITranslationDomain)
-
- def __init__(self, **translations):
- self.translations = translations
-
- def translate(self, msgid, *ignored, **also_ignored):
- return self.translations.get(msgid, msgid)
-
-
-def defineRole(id, title=None, description=None):
- role = Role(id, title, description)
- ztapi.provideUtility(IRole, role, name=role.id)
- return role
-
-def definePermission(id, title=None, description=None):
- permission = Permission(id, title, description)
- ztapi.provideUtility(IPermission, permission, name=permission.id)
- return permission
-
-class FakeSiteManager:
-
- def __init__(self, site):
- self.__parent__ = site
-
-class Test(PlacefulSetup, unittest.TestCase):
-
- def setUp(self):
- PlacefulSetup.setUp(self)
- defineRole('manager', Message('Manager', 'testdomain'))
- defineRole('member', Message('Member', 'testdomain'))
- definePermission('read', Message('Read', 'testdomain'))
- definePermission('write', Message('Write', 'testdomain'))
- site = RolePermissionManager()
- self.view = RolePermissionView(FakeSiteManager(site), None)
- ztapi.provideUtility(ITranslationDomain,
- TranslationDomain(Member="A Member",
- Write="A Write",
- ),
- 'testdomain')
-
- def testRoles(self):
- self.assertEqual([role.title for role in self.view.roles()],
- ["Member", "Manager"])
-
- def testPermisssions(self):
- self.assertEqual([role.title for role in self.view.permissions()],
- ["Write", "Read"])
-
- def testMatrix(self):
- roles = self.view.roles()
- permissions = self.view.permissions()
-
- # manager member
- # read +
- # write . -
- env = {
- 'p0': 'read', 'p1': 'write',
- 'r0': 'manager', 'r1': 'member',
- 'p0r0': 'Allow',
- 'p1r0': 'Unset', 'p1r1': 'Deny',
- 'SUBMIT': 1
- }
- self.view.request = TestRequest(environ=env)
- self.view.update()
- permissionRoles = self.view.permissionRoles()
- for ip in range(len(permissionRoles)):
- permissionRole = permissionRoles[ip]
- rset = permissionRole.roleSettings()
- for ir in range(len(rset)):
- setting = rset[ir]
- r = roles[ir].id
- p = permissions[ip].id
- if setting == 'Allow':
- self.failUnless(r == 'manager' and p == 'read')
- elif setting == 'Deny':
- self.failUnless(r == 'member' and p == 'write')
- else:
- self.failUnless(setting == 'Unset')
-
- # manager member
- # read -
- # write +
- env = {
- 'p0': 'read', 'p1': 'write',
- 'r0': 'manager', 'r1': 'member',
- 'p0r0': 'Deny',
- 'p1r0': 'Allow', 'p1r1': 'Unset',
- 'SUBMIT': 1
- }
- self.view.request = TestRequest(environ=env)
- self.view.update()
- permissionRoles = self.view.permissionRoles()
- for ip in range(len(permissionRoles)):
- permissionRole = permissionRoles[ip]
- rset = permissionRole.roleSettings()
- for ir in range(len(rset)):
- setting = rset[ir]
- r = roles[ir].id
- p = permissions[ip].id
- if setting == 'Allow':
- self.failUnless(r == 'manager' and p == 'write')
- elif setting == 'Deny':
- self.failUnless(r == 'manager' and p == 'read')
- else:
- self.failUnless(setting == 'Unset')
-
- def testPermissionRoles(self):
- env={'permission_id': 'write',
- 'settings': ['Allow', 'Unset'],
- 'SUBMIT_PERMS': 1}
- self.view.request = TestRequest(environ=env)
- self.view.update()
- permission = self.view.permissionForID('write')
- settings = permission.roleSettings()
- self.assertEquals(settings, ['Allow', 'Unset'])
-
-
- env={'permission_id': 'write',
- 'settings': ['Unset', 'Deny'],
- 'SUBMIT_PERMS': 1}
- self.view.request = TestRequest(environ=env)
- self.view.update()
- permission = self.view.permissionForID('write')
- settings = permission.roleSettings()
- self.assertEquals(settings, ['Unset', 'Deny'])
-
- env={'permission_id': 'write',
- 'settings': ['Unset', 'foo'],
- 'SUBMIT_PERMS': 1}
- self.view.request = TestRequest(environ=env)
- self.assertRaises(ValueError, self.view.update)
-
- def testRolePermissions(self):
- env={'Allow': ['read'],
- 'Deny': ['write'],
- 'SUBMIT_ROLE': 1,
- 'role_id': 'member'}
- self.view.request = TestRequest(environ=env)
- self.view.update(1)
- role = self.view.roleForID('member')
- pinfos = role.permissionsInfo()
- for pinfo in pinfos:
- pid = pinfo['id']
- if pid == 'read':
- self.assertEquals(pinfo['setting'], 'Allow')
- if pid == 'write':
- self.assertEquals(pinfo['setting'], 'Deny')
-
- env={'Allow': [],
- 'Deny': ['read'],
- 'SUBMIT_ROLE': 1,
- 'role_id': 'member'}
- self.view.request = TestRequest(environ=env)
- self.view.update()
- role = self.view.roleForID('member')
- pinfos = role.permissionsInfo()
- for pinfo in pinfos:
- pid = pinfo['id']
- if pid == 'read':
- self.assertEquals(pinfo['setting'], 'Deny')
- if pid == 'write':
- self.assertEquals(pinfo['setting'], 'Unset')
-
-
- def testRolePermissions_UserError(self):
- env={'Allow': ['read'],
- 'Deny': ['read'],
- 'SUBMIT_ROLE': 1,
- 'role_id': 'member'}
- self.view.request = TestRequest(environ=env)
- self.assertRaises(UserError, self.view.update, 1)
-
-
-def test_suite():
- loader=unittest.TestLoader()
- return loader.loadTestsFromTestCase(Test)
-
-if __name__=='__main__':
- unittest.TextTestRunner().run(test_suite())
More information about the checkins
mailing list