[CMF-checkins] CVS: CMF/DCWorkflow - DCWorkflow.py:1.31
Guard.py:1.8 utils.py:1.8
Shane Hathaway
shane at zope.com
Mon Jan 26 18:07:09 EST 2004
Update of /cvs-repository/CMF/DCWorkflow
In directory cvs.zope.org:/tmp/cvs-serv15092
Modified Files:
DCWorkflow.py Guard.py utils.py
Log Message:
Guards can now require group membership.
Also removed the local group mapping, since other machinery now
takes care of local group mappings.
=== CMF/DCWorkflow/DCWorkflow.py 1.30 => 1.31 ===
--- CMF/DCWorkflow/DCWorkflow.py:1.30 Thu Jan 15 15:52:06 2004
+++ CMF/DCWorkflow/DCWorkflow.py Mon Jan 26 18:06:37 2004
@@ -37,7 +37,7 @@
from Products.CMFCore.WorkflowTool import addWorkflowFactory
# DCWorkflow
-from utils import _dtmldir, modifyRolesForPermission, modifyExpandedGroups
+from utils import _dtmldir, modifyRolesForPermission, modifyRolesForGroup
from WorkflowUIMixin import WorkflowUIMixin
from Transitions import TRIGGER_AUTOMATIC, TRIGGER_USER_ACTION, \
TRIGGER_WORKFLOW_METHOD
@@ -400,10 +400,8 @@
security.declarePrivate('updateRoleMappingsFor')
def updateRoleMappingsFor(self, ob):
- '''
- Changes the object permissions according to the current
- state.
- '''
+ """Changes the object permissions according to the current state.
+ """
changed = 0
sdef = self._getWorkflowStateOf(ob)
if sdef is None:
@@ -424,7 +422,7 @@
roles = ()
if sdef.group_roles is not None:
roles = sdef.group_roles.get(group, ())
- if modifyExpandedGroups(ob, group, roles, managed_roles):
+ if modifyRolesForGroup(ob, group, roles, managed_roles):
changed = 1
return changed
=== CMF/DCWorkflow/Guard.py 1.7 => 1.8 ===
--- CMF/DCWorkflow/Guard.py:1.7 Thu Oct 17 15:31:00 2002
+++ CMF/DCWorkflow/Guard.py Mon Jan 26 18:06:37 2004
@@ -21,7 +21,7 @@
import Globals
from Globals import DTMLFile, Persistent
from AccessControl import ClassSecurityInfo
-from Acquisition import Explicit
+from Acquisition import Explicit, aq_base
from Products.CMFCore.CMFCorePermissions import ManagePortal
@@ -32,6 +32,7 @@
class Guard (Persistent, Explicit):
permissions = ()
roles = ()
+ groups = ()
expr = None
security = ClassSecurityInfo()
@@ -43,25 +44,31 @@
'''
Checks conditions in this guard.
'''
- pp = self.permissions
- if pp:
- found = 0
- for p in pp:
+ if self.permissions:
+ for p in self.permissions:
if sm.checkPermission(p, ob):
- found = 1
break
- if not found:
+ else:
return 0
- roles = self.roles
- if roles:
+ if self.roles:
# Require at least one of the given roles.
- found = 0
u_roles = sm.getUser().getRolesInContext(ob)
- for role in roles:
+ for role in self.roles:
if role in u_roles:
- found = 1
break
- if not found:
+ else:
+ return 0
+ if self.groups:
+ # Require at least one of the specified groups.
+ u = sm.getUser()
+ if hasattr(aq_base(u), 'getContextualGroupMonikers'):
+ u_groups = u.getContextualGroupMonikers(ob)
+ else:
+ u_groups = ()
+ for group in self.groups:
+ if ('(Group) %s' % group) in u_groups:
+ break
+ else:
return 0
expr = self.expr
if expr is not None:
@@ -77,26 +84,17 @@
res = []
if self.permissions:
res.append('Requires permission:')
- for idx in range(len(self.permissions)):
- p = self.permissions[idx]
- if idx > 0:
- if idx < len(self.permissions) - 1:
- res.append(';')
- else:
- res.append('or')
- res.append('<code>' + escape(p) + '</code>')
+ res.append(formatNameUnion(self.permissions))
if self.roles:
if res:
res.append('<br/>')
res.append('Requires role:')
- for idx in range(len(self.roles)):
- r = self.roles[idx]
- if idx > 0:
- if idx < len(self.roles) - 1:
- res.append(';')
- else:
- res.append('or')
- res.append('<code>' + escape(r) + '</code>')
+ res.append(formatNameUnion(self.roles))
+ if self.groups:
+ if res:
+ res.append('<br/>')
+ res.append('Requires group:')
+ res.append(formatNameUnion(self.groups))
if self.expr is not None:
if res:
res.append('<br/>')
@@ -121,6 +119,11 @@
res = 1
r = map(strip, split(s, ';'))
self.roles = tuple(r)
+ s = props.get('guard_groups', None)
+ if s:
+ res = 1
+ r = map(strip, split(s, ';'))
+ self.groups = tuple(r)
s = props.get('guard_expr', None)
if s:
res = 1
@@ -139,6 +142,12 @@
return ''
return join(self.roles, '; ')
+ security.declareProtected(ManagePortal, 'getGroupsText')
+ def getGroupsText(self):
+ if not self.groups:
+ return ''
+ return join(self.groups, '; ')
+
security.declareProtected(ManagePortal, 'getExprText')
def getExprText(self):
if not self.expr:
@@ -146,3 +155,12 @@
return str(self.expr.text)
Globals.InitializeClass(Guard)
+
+
+def formatNameUnion(names):
+ escaped = ['<code>' + escape(name) + '</code>' for name in names]
+ if len(escaped) == 2:
+ return ' or '.join(escaped)
+ elif len(escaped) > 2:
+ escaped[-1] = ' or ' + escaped[-1]
+ return '; '.join(escaped)
=== CMF/DCWorkflow/utils.py 1.7 => 1.8 ===
--- CMF/DCWorkflow/utils.py:1.7 Mon Jan 19 12:14:02 2004
+++ CMF/DCWorkflow/utils.py Mon Jan 26 18:06:37 2004
@@ -22,6 +22,8 @@
from AccessControl.Role import gather_permissions
from AccessControl.Permission import Permission
+from Acquisition import aq_base
+
def ac_inherited_permissions(ob, all=0):
# Get all permissions not defined in ourself that are inherited
@@ -94,22 +96,4 @@
else:
local_roles[moniker] = roles
ob.__ac_local_roles__ = local_roles
- return changed
-
-def modifyExpandedGroups(ob, group, grant_roles, managed_roles):
- """Modifies local roles for a group.
-
- The group may expand into multiple groups as defined by a
- context-sensitive aggregated group mapping.
- """
- groups = [group]
- if hasattr(ob, "__group_mapping__"):
- map = ob.getAggregatedGroupMapping()
- expanded = map.get(group)
- if expanded:
- groups = expanded
- changed = 0
- for g in groups:
- if modifyRolesForGroup(ob, g, grant_roles, managed_roles):
- changed = 1
return changed
More information about the CMF-checkins
mailing list