[CMF-checkins] CVS: CMF/DCWorkflow - DCWorkflow.py:1.31 Guard.py:1.8 utils.py:1.8

Shane Hathaway shane at zope.com
Mon Jan 26 18:07:09 EST 2004


Update of /cvs-repository/CMF/DCWorkflow
In directory cvs.zope.org:/tmp/cvs-serv15092

Modified Files:
	DCWorkflow.py Guard.py utils.py 
Log Message:
Guards can now require group membership.

Also removed the local group mapping, since other machinery now
takes care of local group mappings.


=== CMF/DCWorkflow/DCWorkflow.py 1.30 => 1.31 ===
--- CMF/DCWorkflow/DCWorkflow.py:1.30	Thu Jan 15 15:52:06 2004
+++ CMF/DCWorkflow/DCWorkflow.py	Mon Jan 26 18:06:37 2004
@@ -37,7 +37,7 @@
 from Products.CMFCore.WorkflowTool import addWorkflowFactory
 
 # DCWorkflow
-from utils import _dtmldir, modifyRolesForPermission, modifyExpandedGroups
+from utils import _dtmldir, modifyRolesForPermission, modifyRolesForGroup
 from WorkflowUIMixin import WorkflowUIMixin
 from Transitions import TRIGGER_AUTOMATIC, TRIGGER_USER_ACTION, \
      TRIGGER_WORKFLOW_METHOD
@@ -400,10 +400,8 @@
 
     security.declarePrivate('updateRoleMappingsFor')
     def updateRoleMappingsFor(self, ob):
-        '''
-        Changes the object permissions according to the current
-        state.
-        '''
+        """Changes the object permissions according to the current state.
+        """
         changed = 0
         sdef = self._getWorkflowStateOf(ob)
         if sdef is None:
@@ -424,7 +422,7 @@
                 roles = ()
                 if sdef.group_roles is not None:
                     roles = sdef.group_roles.get(group, ())
-                if modifyExpandedGroups(ob, group, roles, managed_roles):
+                if modifyRolesForGroup(ob, group, roles, managed_roles):
                     changed = 1
         return changed
 


=== CMF/DCWorkflow/Guard.py 1.7 => 1.8 ===
--- CMF/DCWorkflow/Guard.py:1.7	Thu Oct 17 15:31:00 2002
+++ CMF/DCWorkflow/Guard.py	Mon Jan 26 18:06:37 2004
@@ -21,7 +21,7 @@
 import Globals
 from Globals import DTMLFile, Persistent
 from AccessControl import ClassSecurityInfo
-from Acquisition import Explicit
+from Acquisition import Explicit, aq_base
 
 from Products.CMFCore.CMFCorePermissions import ManagePortal
 
@@ -32,6 +32,7 @@
 class Guard (Persistent, Explicit):
     permissions = ()
     roles = ()
+    groups = ()
     expr = None
 
     security = ClassSecurityInfo()
@@ -43,25 +44,31 @@
         '''
         Checks conditions in this guard.
         '''
-        pp = self.permissions
-        if pp:
-            found = 0
-            for p in pp:
+        if self.permissions:
+            for p in self.permissions:
                 if sm.checkPermission(p, ob):
-                    found = 1
                     break
-            if not found:
+            else:
                 return 0
-        roles = self.roles
-        if roles:
+        if self.roles:
             # Require at least one of the given roles.
-            found = 0
             u_roles = sm.getUser().getRolesInContext(ob)
-            for role in roles:
+            for role in self.roles:
                 if role in u_roles:
-                    found = 1
                     break
-            if not found:
+            else:
+                return 0
+        if self.groups:
+            # Require at least one of the specified groups.
+            u = sm.getUser()
+            if hasattr(aq_base(u), 'getContextualGroupMonikers'):
+                u_groups = u.getContextualGroupMonikers(ob)
+            else:
+                u_groups = ()
+            for group in self.groups:
+                if ('(Group) %s' % group) in u_groups:
+                    break
+            else:
                 return 0
         expr = self.expr
         if expr is not None:
@@ -77,26 +84,17 @@
         res = []
         if self.permissions:
             res.append('Requires permission:')
-            for idx in range(len(self.permissions)):
-                p = self.permissions[idx]
-                if idx > 0:
-                    if idx < len(self.permissions) - 1:
-                        res.append(';')
-                    else:
-                        res.append('or')
-                res.append('<code>' + escape(p) + '</code>')
+            res.append(formatNameUnion(self.permissions))
         if self.roles:
             if res:
                 res.append('<br/>')
             res.append('Requires role:')
-            for idx in range(len(self.roles)):
-                r = self.roles[idx]
-                if idx > 0:
-                    if idx < len(self.roles) - 1:
-                        res.append(';')
-                    else:
-                        res.append('or')
-                res.append('<code>' + escape(r) + '</code>')
+            res.append(formatNameUnion(self.roles))
+        if self.groups:
+            if res:
+                res.append('<br/>')
+            res.append('Requires group:')
+            res.append(formatNameUnion(self.groups))
         if self.expr is not None:
             if res:
                 res.append('<br/>')
@@ -121,6 +119,11 @@
             res = 1
             r = map(strip, split(s, ';'))
             self.roles = tuple(r)
+        s = props.get('guard_groups', None)
+        if s:
+            res = 1
+            r = map(strip, split(s, ';'))
+            self.groups = tuple(r)
         s = props.get('guard_expr', None)
         if s:
             res = 1
@@ -139,6 +142,12 @@
             return ''
         return join(self.roles, '; ')
 
+    security.declareProtected(ManagePortal, 'getGroupsText')
+    def getGroupsText(self):
+        if not self.groups:
+            return ''
+        return join(self.groups, '; ')
+
     security.declareProtected(ManagePortal, 'getExprText')
     def getExprText(self):
         if not self.expr:
@@ -146,3 +155,12 @@
         return str(self.expr.text)
 
 Globals.InitializeClass(Guard)
+
+
+def formatNameUnion(names):
+    escaped = ['<code>' + escape(name) + '</code>' for name in names]
+    if len(escaped) == 2:
+        return ' or '.join(escaped)
+    elif len(escaped) > 2:
+        escaped[-1] = ' or ' + escaped[-1]
+    return '; '.join(escaped)


=== CMF/DCWorkflow/utils.py 1.7 => 1.8 ===
--- CMF/DCWorkflow/utils.py:1.7	Mon Jan 19 12:14:02 2004
+++ CMF/DCWorkflow/utils.py	Mon Jan 26 18:06:37 2004
@@ -22,6 +22,8 @@
 
 from AccessControl.Role import gather_permissions
 from AccessControl.Permission import Permission
+from Acquisition import aq_base
+
 
 def ac_inherited_permissions(ob, all=0):
     # Get all permissions not defined in ourself that are inherited
@@ -94,22 +96,4 @@
         else:
             local_roles[moniker] = roles
         ob.__ac_local_roles__ = local_roles
-    return changed
-
-def modifyExpandedGroups(ob, group, grant_roles, managed_roles):
-    """Modifies local roles for a group.
-
-    The group may expand into multiple groups as defined by a
-    context-sensitive aggregated group mapping.
-    """
-    groups = [group]
-    if hasattr(ob, "__group_mapping__"):
-        map = ob.getAggregatedGroupMapping()
-        expanded = map.get(group)
-        if expanded:
-            groups = expanded
-    changed = 0
-    for g in groups:
-        if modifyRolesForGroup(ob, g, grant_roles, managed_roles):
-            changed = 1
     return changed




More information about the CMF-checkins mailing list