[Zope-Checkins] SVN: Zope/trunk/src/ Split up RoleManager into a base class and a ZMI / request facing version in OFS.role
Hanno Schlichting
hannosch at hannosch.eu
Sat Jun 19 07:59:53 EDT 2010
Log message for revision 113636:
Split up RoleManager into a base class and a ZMI / request facing version in OFS.role
Changed:
U Zope/trunk/src/AccessControl/PermissionMapping.py
U Zope/trunk/src/AccessControl/Role.py
D Zope/trunk/src/AccessControl/dtml/access.dtml
D Zope/trunk/src/AccessControl/dtml/acquiredEdit.dtml
D Zope/trunk/src/AccessControl/dtml/editLocalRoles.dtml
D Zope/trunk/src/AccessControl/dtml/listLocalRoles.dtml
D Zope/trunk/src/AccessControl/dtml/permissionEdit.dtml
D Zope/trunk/src/AccessControl/dtml/reportUserPermissions.dtml
D Zope/trunk/src/AccessControl/dtml/roleEdit.dtml
U Zope/trunk/src/AccessControl/interfaces.py
U Zope/trunk/src/AccessControl/tests/testRole.py
A Zope/trunk/src/OFS/dtml/access.dtml
A Zope/trunk/src/OFS/dtml/acquiredEdit.dtml
A Zope/trunk/src/OFS/dtml/editLocalRoles.dtml
A Zope/trunk/src/OFS/dtml/listLocalRoles.dtml
A Zope/trunk/src/OFS/dtml/permissionEdit.dtml
A Zope/trunk/src/OFS/dtml/reportUserPermissions.dtml
A Zope/trunk/src/OFS/dtml/roleEdit.dtml
A Zope/trunk/src/OFS/role.py
-=-
Modified: Zope/trunk/src/AccessControl/PermissionMapping.py
===================================================================
--- Zope/trunk/src/AccessControl/PermissionMapping.py 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/PermissionMapping.py 2010-06-19 11:59:53 UTC (rev 113636)
@@ -13,7 +13,7 @@
"""Permission Mapping
Sometimes, we need an object's permissions to be remapped to other permissions
-when the object is used in specual ways. This is rather hard, since we
+when the object is used in special ways. This is rather hard, since we
need the object's ordinary permissions intact so we can manage it.
"""
@@ -32,7 +32,7 @@
class RoleManager:
implements(IPermissionMappingSupport)
-
+
# XXX: No security declarations?
def manage_getPermissionMapping(self):
Modified: Zope/trunk/src/AccessControl/Role.py
===================================================================
--- Zope/trunk/src/AccessControl/Role.py 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/Role.py 2010-06-19 11:59:53 UTC (rev 113636)
@@ -18,20 +18,15 @@
from Acquisition import aq_base
from Acquisition import aq_get
from ExtensionClass import Base
-from PermissionMapping import RoleManager
from zope.interface import implements
-# TODO dependencies
-from App.Dialogs import MessageDialog
-from App.special_dtml import DTMLFile
-
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from AccessControl.interfaces import IRoleManager
from AccessControl.Permission import getPermissions
from AccessControl.Permission import Permission
+from AccessControl.PermissionMapping import RoleManager
from AccessControl.Permissions import change_permissions
-from AccessControl.requestmethod import requestmethod
from AccessControl.SecurityManagement import newSecurityManager
DEFAULTMAXLISTUSERS = 250
@@ -45,24 +40,16 @@
return not aq_get(self, '_isBeingUsedAsAMethod_', 0)
-class RoleManager(Base, RoleManager):
-
+class BaseRoleManager(Base, RoleManager):
"""An object that has configurable permissions"""
implements(IRoleManager)
-
+ permissionMappingPossibleValues=Acquired
security = ClassSecurityInfo()
- manage_options=(
- {'label': 'Security', 'action': 'manage_access'},
- )
+ __ac_roles__ = ('Manager', 'Owner', 'Anonymous', 'Authenticated')
+ __ac_local_roles__ = None
- __ac_roles__=('Manager', 'Owner', 'Anonymous', 'Authenticated')
-
- permissionMappingPossibleValues=Acquired
-
- #------------------------------------------------------------
-
security.declareProtected(change_permissions, 'ac_inherited_permissions')
def ac_inherited_permissions(self, all=0):
# Get all permissions not defined in ourself that are inherited
@@ -122,13 +109,8 @@
result.append(d)
return result
- security.declareProtected(change_permissions, 'manage_roleForm')
- manage_roleForm=DTMLFile('dtml/roleEdit', globals(),
- management_view='Security')
-
security.declareProtected(change_permissions, 'manage_role')
- @requestmethod('POST')
- def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
+ def manage_role(self, role_to_manage, permissions=[]):
"""Change the permissions given to the given role.
"""
for p in self.ac_inherited_permissions(1):
@@ -136,16 +118,8 @@
p=Permission(name, value, self)
p.setRole(role_to_manage, name in permissions)
- if REQUEST is not None:
- return self.manage_access(REQUEST)
-
- security.declareProtected(change_permissions, 'manage_acquiredForm')
- manage_acquiredForm=DTMLFile('dtml/acquiredEdit', globals(),
- management_view='Security')
-
security.declareProtected(change_permissions, 'manage_acquiredPermissions')
- @requestmethod('POST')
- def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
+ def manage_acquiredPermissions(self, permissions=[]):
"""Change the permissions that acquire.
"""
for p in self.ac_inherited_permissions(1):
@@ -159,9 +133,6 @@
else:
p.setRoles(tuple(roles))
- if REQUEST is not None:
- return self.manage_access(REQUEST)
-
def manage_getUserRolesAndPermissions(self, user_id):
""" Used for permission/role reporting for a given user_id.
Returns a dict mapping
@@ -172,10 +143,9 @@
'allowed_permissions' -> permissions allowed for the user,
'disallowed_permissions' -> all other permissions
"""
-
d = {}
-
current = self
+
while 1:
try:
uf = current.acl_users
@@ -188,7 +158,6 @@
else:
current = current.__parent__
-
newSecurityManager(None, userObj) # necessary?
userObj = userObj.__of__(uf)
@@ -199,7 +168,6 @@
roles.sort()
d['roles'] = roles
-
# roles in context
roles = list(userObj.getRolesInContext(self))
roles.sort()
@@ -221,15 +189,8 @@
return d
-
- security.declareProtected(change_permissions, 'manage_permissionForm')
- manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(),
- management_view='Security')
-
security.declareProtected(change_permissions, 'manage_permission')
- @requestmethod('POST')
- def manage_permission(self, permission_to_manage,
- roles=[], acquire=0, REQUEST=None):
+ def manage_permission(self, permission_to_manage, roles=[], acquire=0):
"""Change the settings for the given permission.
If optional arg acquire is true, then the roles for the permission
@@ -245,61 +206,15 @@
else:
roles=tuple(roles)
p.setRoles(roles)
- if REQUEST is not None:
- return self.manage_access(REQUEST)
return
raise ValueError(
"The permission <em>%s</em> is invalid." %
escape(permission_to_manage))
- _normal_manage_access=DTMLFile('dtml/access', globals())
- manage_reportUserPermissions=DTMLFile(
- 'dtml/reportUserPermissions', globals())
-
- security.declareProtected(change_permissions, 'manage_access')
- def manage_access(self, REQUEST, **kw):
- """Return an interface for making permissions settings.
- """
- return apply(self._normal_manage_access, (), kw)
-
- security.declareProtected(change_permissions, 'manage_changePermissions')
- @requestmethod('POST')
- def manage_changePermissions(self, REQUEST):
- """Change all permissions settings, called by management screen.
- """
- valid_roles=self.valid_roles()
- indexes=range(len(valid_roles))
- have=REQUEST.has_key
- permissions=self.ac_inherited_permissions(1)
- fails = []
- for ip in range(len(permissions)):
- roles = []
- for ir in indexes:
- if have("p%dr%d" % (ip, ir)):
- roles.append(valid_roles[ir])
- name, value = permissions[ip][:2]
- try:
- p = Permission(name, value, self)
- if not have('a%d' % ip):
- roles=tuple(roles)
- p.setRoles(roles)
- except:
- fails.append(name)
-
- if fails:
- return MessageDialog(title="Warning!",
- message="Some permissions had errors: "
- + escape(', '.join(fails)),
- action='manage_access')
- return MessageDialog(
- title = 'Success!',
- message = 'Your changes have been saved',
- action = 'manage_access')
-
security.declareProtected(change_permissions, 'permissionsOfRole')
def permissionsOfRole(self, role):
- """Used by management screen.
+ """Returns a role to permission mapping.
"""
r = []
for p in self.ac_inherited_permissions(1):
@@ -313,7 +228,7 @@
security.declareProtected(change_permissions, 'rolesOfPermission')
def rolesOfPermission(self, permission):
- """Used by management screen.
+ """Returns a permission to role mapping.
"""
valid_roles = self.valid_roles()
for p in self.ac_inherited_permissions(1):
@@ -333,8 +248,8 @@
security.declareProtected(change_permissions, 'acquiredRolesAreUsedBy')
def acquiredRolesAreUsedBy(self, permission):
- """Used by management screen.
"""
+ """
for p in self.ac_inherited_permissions(1):
name, value = p[:2]
if name==permission:
@@ -353,16 +268,6 @@
# extra roles in a particular object, an entry for that user is made
# in the __ac_local_roles__ dict containing the extra roles.
- __ac_local_roles__=None
-
- security.declareProtected(change_permissions, 'manage_listLocalRoles')
- manage_listLocalRoles=DTMLFile('dtml/listLocalRoles', globals(),
- management_view='Security')
-
- security.declareProtected(change_permissions, 'manage_editLocalRoles')
- manage_editLocalRoles=DTMLFile('dtml/editLocalRoles', globals(),
- management_view='Security')
-
def has_local_roles(self):
dict=self.__ac_local_roles__ or {}
return len(dict)
@@ -417,8 +322,7 @@
return tuple(dict.get(userid, []))
security.declareProtected(change_permissions, 'manage_addLocalRoles')
- @requestmethod('POST')
- def manage_addLocalRoles(self, userid, roles, REQUEST=None):
+ def manage_addLocalRoles(self, userid, roles):
"""Set local roles for a user."""
if not roles:
raise ValueError('One or more roles must be given!')
@@ -431,13 +335,9 @@
local_roles.append(r)
dict[userid] = local_roles
self._p_changed=True
- if REQUEST is not None:
- stat='Your changes have been saved.'
- return self.manage_listLocalRoles(self, REQUEST, stat=stat)
security.declareProtected(change_permissions, 'manage_setLocalRoles')
- @requestmethod('POST')
- def manage_setLocalRoles(self, userid, roles, REQUEST=None):
+ def manage_setLocalRoles(self, userid, roles):
"""Set local roles for a user."""
if not roles:
raise ValueError('One or more roles must be given!')
@@ -446,13 +346,9 @@
self.__ac_local_roles__ = dict = {}
dict[userid]=roles
self._p_changed = True
- if REQUEST is not None:
- stat='Your changes have been saved.'
- return self.manage_listLocalRoles(self, REQUEST, stat=stat)
security.declareProtected(change_permissions, 'manage_delLocalRoles')
- @requestmethod('POST')
- def manage_delLocalRoles(self, userids, REQUEST=None):
+ def manage_delLocalRoles(self, userids):
"""Remove all local roles for a user."""
dict = self.__ac_local_roles__
if dict is None:
@@ -461,9 +357,6 @@
if userid in dict:
del dict[userid]
self._p_changed=True
- if REQUEST is not None:
- stat='Your changes have been saved.'
- return self.manage_listLocalRoles(self, REQUEST, stat=stat)
#------------------------------------------------------------
@@ -531,70 +424,6 @@
pass
return tuple(roles)
- security.declareProtected(change_permissions, 'manage_defined_roles')
- def manage_defined_roles(self, submit=None, REQUEST=None):
- """Called by management screen.
- """
-
- if submit=='Add Role':
- role=reqattr(REQUEST, 'role').strip()
- return self._addRole(role, REQUEST)
-
- if submit=='Delete Role':
- roles=reqattr(REQUEST, 'roles')
- return self._delRoles(roles, REQUEST)
-
- return self.manage_access(REQUEST)
-
- @requestmethod('POST')
- def _addRole(self, role, REQUEST=None):
- if not role:
- return MessageDialog(
- title='Incomplete',
- message='You must specify a role name',
- action='manage_access')
- if role in self.__ac_roles__:
- return MessageDialog(
- title='Role Exists',
- message='The given role is already defined',
- action='manage_access')
- data = list(self.__ac_roles__)
- data.append(role)
- self.__ac_roles__=tuple(data)
- if REQUEST is not None:
- return self.manage_access(REQUEST)
-
- @requestmethod('POST')
- def _delRoles(self, roles, REQUEST=None):
- if not roles:
- return MessageDialog(
- title='Incomplete',
- message='You must specify a role name',
- action='manage_access')
- data = list(self.__ac_roles__)
- for role in roles:
- try:
- data.remove(role)
- except:
- pass
- self.__ac_roles__ = tuple(data)
- if REQUEST is not None:
- return self.manage_access(REQUEST)
-
- def _has_user_defined_role(self, role):
- return role in self.__ac_roles__
-
- # Compatibility names only!!
-
- smallRolesWidget=selectedRoles=aclAChecked=aclPChecked=aclEChecked=''
- validRoles=valid_roles
-
- def manage_editRoles(self, REQUEST, acl_type='A', acl_roles=[]):
- pass
-
- def _setRoles(self, acl_type, acl_roles):
- pass
-
def possible_permissions(self):
d = {}
permissions = getPermissions()
@@ -607,7 +436,7 @@
d.sort()
return d
-InitializeClass(RoleManager)
+InitializeClass(BaseRoleManager)
def reqattr(request, attr):
@@ -675,3 +504,17 @@
seen[name] = None
gather_permissions(base, result, seen)
return result
+
+
+# BBB - this is a bit odd, but the class variable RoleManager.manage_options
+# is used by a lot of code and this isn't available on the deferredimport
+# wrapper
+try:
+ from OFS.role import RoleManager
+ RoleManager # pyflakes
+except ImportError:
+ from zope.deferredimport import deprecated
+ deprecated("RoleManager is no longer part of AccessControl, please "
+ "depend on Zope2 and import from OFS.role",
+ RoleManager = 'OFS.role:RoleManager',
+ )
Deleted: Zope/trunk/src/AccessControl/dtml/access.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/access.dtml 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/access.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,166 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
-</dtml-with>
-<p class="form-help">
-The listing below shows the current security settings for this item.
-Permissions are rows and roles are columns. Checkboxes are used to
-indicate where roles are assigned permissions. You can also assign
-<strong><a href="manage_listLocalRoles">local roles</a></strong> to
-users, which give users extra roles in the context of this object and
-its subobjects.
-</p>
-
-<p class="form-help">
-When a role is assigned to a permission, users with the given role
-will be able to perform tasks associated with the permission on this
-item. When the <em>Acquire permission settings</em> checkbox is selected
-then the containing objects's permission settings are used. Note: the
-acquired permission settings may be augmented by selecting Roles for
-a permission in addition to selecting to acquire permissions.
-</p>
-
-
-<div>
- <form action="manage_reportUserPermissions" method="GET">
- Username:
- <input type="text" name="user" size="20" />
- <input type="submit" value="Show me the user permissions and roles in the context of the current object" />
- </form>
-</div>
-
-<dtml-with expr="_.namespace(valid_roles=valid_roles())">
-<form action="manage_changePermissions" method="post">
-
-<table width="100%" cellspacing="0" cellpadding="2" border="0" nowrap>
-<tr class="list-header">
- <dtml-unless isTopLevelPrincipiaApplicationObject>
- <td> </td>
- </dtml-unless>
- <td align="left" valign="top">
- <div class="form-label">
- <strong>Permission</strong>
- </div>
- </td>
- <td align="left" colspan="<dtml-var expr="_.len(valid_roles)">">
- <div class="form-label">
- <strong>Roles</strong>
- </div>
- </td>
-</tr>
-
-<dtml-in permission_settings mapping>
-
-<dtml-if "not (_['sequence-index']%10)">
-<tr class="row-normal">
- <dtml-unless isTopLevelPrincipiaApplicationObject>
- <td align="left" valign="top">
- <div class="form-label">
- <strong>
- <a href="manage_acquiredForm">Acquire<dtml-unless sequence-index><BR>permission<BR>settings</dtml-unless></a>?
- </strong>
- </div>
- </td>
- </dtml-unless>
- <td></td>
- <dtml-in valid_roles>
- <td align="left">
- <div class="list-item">
- <a href="manage_roleForm?role_to_manage=&dtml.url_quote-sequence-item;">&dtml-sequence-item;</a>
- </div>
- </td>
- </dtml-in valid_roles>
-</tr>
-</dtml-if>
-
-<dtml-if sequence-odd>
-<tr class="row-normal">
-<dtml-else>
-<tr class="row-hilite">
-</dtml-if>
-
- <dtml-unless isTopLevelPrincipiaApplicationObject>
- <td align="left" valign="top">
- <input type="checkbox" name="a&dtml-sequence-index;" &dtml-acquire; />
- </td>
- </dtml-unless>
- <td align="left" nowrap>
- <div class="list-item">
- <a href="manage_permissionForm?permission_to_manage=&dtml.url_quote-name;">&dtml-name;</a>
- </div>
- </td>
- <dtml-in roles mapping>
- <td align="center">
- <input type="checkbox" name="&dtml-name;" &dtml-checked; />
- </td>
- </dtml-in>
-</tr>
-</dtml-in permission_settings>
-
-<tr>
-<dtml-if isTopLevelPrincipiaApplicationObject>
-<td colspan="<dtml-var expr="_.len(valid_roles)+1">" align="left">
-<dtml-else>
-<td colspan="<dtml-var expr="_.len(valid_roles)+2">" align="left">
-</dtml-if>
-<div class="form-element">
-<input class="form-element" type="submit" name="submit" value="Save Changes" />
-</div>
-</td>
-</tr>
-</table>
-</form>
-</dtml-with>
-
-<dtml-if "_['id'] != 'acl_users'">
-<p class="form-help" >
-You can define new roles by entering a role name and clicking the
-"Add Role" button.
-</p>
-
-<form action="manage_defined_roles" method="post">
-<table cellpadding="2">
-<tr>
- <td align="left" valign="top">
- <div class="form-label">
- User defined roles
- </td>
- <td align="left" valign="top">
-
- </td>
-</tr>
-<tr>
- <td align="left" valign="top">
- <input type="text" name="role" size="16" value="" />
- </td>
- <td align="left" valign="top">
- <div class="form-element">
- <input class="form-element" type="submit" name="submit" value="Add Role" />
- </div>
- </td>
-</tr>
-<dtml-if userdefined_roles>
-<tr>
- <td align="left" valign="top">
- <div class="form-element">
- <select name="roles:list">
- <dtml-in userdefined_roles>
- <option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
- </dtml-in userdefined_roles>
- </select>
- </div>
- </td>
- <td align="left" valign="top">
- <div class="form-element">
- <input class="form-element" type="submit" name="submit"
- value="Delete Role" />
- </div>
- </td>
-</tr>
-</dtml-if userdefined_roles>
-</table>
-</form>
-</dtml-if>
-
-<dtml-var manage_page_footer>
-
Deleted: Zope/trunk/src/AccessControl/dtml/acquiredEdit.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/acquiredEdit.dtml 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/acquiredEdit.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,22 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
-</dtml-with>
-<p class="form-help">
-Select permissions that acquire permission settings:
-</p>
-
-<form action="manage_acquiredPermissions" method="post">
-<select name="permissions:list" multiple size="10">
-<dtml-in permission_settings mapping>
- <option<dtml-if acquire> selected</dtml-if>>&dtml-name;</option>
-</dtml-in>
-</select>
-<p>
-<div class="form-element">
-<input class="form-element" type="submit" name="submit" value="Save Changes" />
-</div>
-</p>
-</form>
-
-<dtml-var manage_page_footer>
Deleted: Zope/trunk/src/AccessControl/dtml/editLocalRoles.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/editLocalRoles.dtml 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/editLocalRoles.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,56 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
-</dtml-with>
-<p class="form-help">
-Local roles allow you to give particular users extra roles in the
-context of this object, in addition to the roles they already have.
-</p>
-
-<p class="form-help">
-To change the local roles for this user, select the extra roles this
-user should have in the context of this object and click the <em>
-Save Changes</em> button.
-</p>
-
-<form action="manage_setLocalRoles" method="post">
-<table cellspacing="0" cellpadding="2" border="0">
-<tr>
- <td align="left" valign="top">
- <div class="form-label">User</div>
- </td>
- <td align="left" valign="top">
- <div class="form-label">Roles</div>
- </td>
-</tr>
-<tr>
- <td align="left" valign="top">
- <div class="form-text">&dtml-userid;</div>
- </td>
- <td align="left" valign="top">
- <div class="form-element">
- <input type="hidden" name="userid" value="&dtml-userid;">
-<dtml-with "_(user_roles=get_local_roles_for_userid(userid))">
- <select name="roles:list" size="5" multiple>
-<dtml-in valid_roles><dtml-if
-"_vars['sequence-item'] not in ('Anonymous', 'Shared', 'Authenticated')">
-<option value="&dtml-sequence-item;"<dtml-if
-"_['sequence-item'] in user_roles"> selected</dtml-if>>&dtml-sequence-item;
-</dtml-if>
-</dtml-in>
- </select>
-</dtml-with>
- </div>
- </td>
-</tr>
-<tr>
- <td align="left" valign="top" colspan="2">
- <div class="form-element">
- <input class="form-element" type="submit" value="Save Changes" />
- </div>
- </td>
-</tr>
-</table>
-</form>
-
-<dtml-var manage_page_footer>
Deleted: Zope/trunk/src/AccessControl/dtml/listLocalRoles.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/listLocalRoles.dtml 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/listLocalRoles.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,111 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
-</dtml-with>
-<dtml-if stat>
-<hr>
-<font color="red">&dtml-stat;</font>
-<hr>
-</dtml-if>
-
-<p class="form-help">
-Local roles allow you to give particular users extra roles in the context
-of this object, in addition to the roles they already have.
-</p>
-
-<dtml-if has_local_roles>
-<p class="form-help">
-The following users have been given local roles. To modify the local roles
-given to a particular user, click on the name of the user. To remove all
-local roles from a user, select the checkbox next to the name of the user
-and click the <em>Remove</em> button.
-</p>
-<form action="manage_delLocalRoles" method="POST">
-<table cellspacing="0" cellpadding="2" border="0">
-<dtml-in get_local_roles>
-<tr>
- <td align="left" valign="top">
- <input type="checkbox" name="userids:list" value="&dtml-sequence-key;" />
- </td>
- <td align="left" valign="top">
- <div class="form-text">
- <a href="manage_editLocalRoles?userid=&dtml.url_quote-sequence-key;">&dtml-sequence-key;</a> (<dtml-in
- sequence-item>&dtml-sequence-item;<dtml-unless
- sequence-end>, </dtml-unless></dtml-in>)
- </div>
- </td>
-</tr>
-</dtml-in>
-<tr>
- <td align="left" valign="top">
- </td>
- <td align="left" valign="top">
- <div class="form-element">
- <input class="form-element" type="submit" name="submit" value="Remove" />
- </div>
- </td>
-</tr>
-</table>
-</form>
-</dtml-if>
-
-<p>
-To give a user extra roles when accessing this object (and its children),
-select a user from the <em>User</em> list below, select the extra
-roles that should be given to that user from the <em>Roles</em> list.
-</p>
-
-<form action="manage_setLocalRoles" method="POST">
-<table cellpadding="2" cellspacing="0" border="0">
-<tr>
- <td align="left" valign="top">
- <div class="form-label">
- User
- </div>
- </td>
- <td align="left" valign="top">
- <div class="form-label">
- Roles
- </div>
- </td>
-</tr>
-<tr>
- <td align="left" valign="top">
- <div class="form-element">
- <dtml-try>
- <select name="userid" size="5">
- <dtml-in get_valid_userids>
- <option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
- </dtml-in>
- </select>
- <dtml-except OverflowError>
-
- <input name="userid" size=10>
-
- </dtml-try>
- </div>
- </td>
- <td align="left" valign="top">
- <div class="form-element">
- <select name="roles:list" size="5" multiple>
-<dtml-in valid_roles><dtml-if
-"_vars['sequence-item'] not in ('Anonymous', 'Shared', 'Authenticated')">
-<option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
-</dtml-if>
-</dtml-in>
- </select>
- </div>
- </td>
-</tr>
-<tr>
- <td align="left" valign="top">
- <div class="form-element">
- <input class="form-element" type="submit" name="submit" value=" Add " />
- </div>
- </td>
- <td></td>
-</tr>
-</table>
-</form>
-
-<dtml-var manage_page_footer>
Deleted: Zope/trunk/src/AccessControl/dtml/permissionEdit.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/permissionEdit.dtml 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/permissionEdit.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,36 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
-</dtml-with>
-<p class="form-text">
-Roles assigned to the permission <strong>&dtml-permission_to_manage;</strong>
-</p>
-
-<form action="manage_permission" method="post">
-<p>
-<input type="hidden" name="permission_to_manage" value="&dtml-permission_to_manage;" />
-<div class="form-element">
-<select name="roles:list" multiple size="10">
-<dtml-in expr="rolesOfPermission(permission_to_manage)" mapping=1>
- <option &dtml-selected;>&dtml-name;</option>
-</dtml-in>
-</select>
-</div>
-</p>
-
-<dtml-unless isTopLevelPrincipiaApplicationObject>
-<p>
-<div class="form-text">
-<input type="checkbox" name="acquire" <dtml-var expr="acquiredRolesAreUsedBy(permission_to_manage)">>
-Also use roles acquired from folders containing this object
-</p>
-</dtml-unless>
-
-<p>
-<div class="form-element">
-<input class="form-element" type="submit" name="submit" value="Save Changes" />
-</div>
-</p>
-</form>
-
-<dtml-var manage_page_footer>
Deleted: Zope/trunk/src/AccessControl/dtml/reportUserPermissions.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/reportUserPermissions.dtml 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/reportUserPermissions.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,79 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
-</dtml-with>
-
-<p class="form-help">
-This listing shows the permissions and roles for particular user
-in the context of the current object.
-</p>
-
-<dtml-let result="manage_getUserRolesAndPermissions(user)">
-
-<b>User account </b>: &dtml-user;
-<br/>
-<b>User account defined in</b>: <dtml-var "result['user_defined_in']">
-<br/>
-<br/>
-
-<table width="50%" cellspacing="0" cellpadding="4" border="1" nowrap>
- <thead>
- <tr>
- <th>Roles</th>
- <th>Roles in context</th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td valign="top">
- <ul>
- <dtml-in "result['roles']">
- <li>&dtml-sequence-item;
- </dtml-in>
- </ul>
- </td>
- <td valign="top">
- <ul>
- <dtml-in "result['roles_in_context']">
- <li>&dtml-sequence-item;
- </dtml-in>
- </ul>
- </td>
- </tr>
- </tbody>
-</table>
-
-<br/>
-
-<table width="50%" cellspacing="0" cellpadding="4" border="1" nowrap>
- <thead>
- <tr>
- <th>Allowed permissions</th>
- <th>Disallowed permissions</th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td valign="top">
- <ul>
- <dtml-in "result['allowed_permissions']">
- <li>&dtml-sequence-item;
- </dtml-in>
- </ul>
- </td>
- <td valign="top">
- <ul>
- <dtml-in "result['disallowed_permissions']">
- <li>&dtml-sequence-item;
- </dtml-in>
- </ul>
- </td>
- </tr>
- </tbody>
-</table>
-
-
-</dtml-let>
-
-<dtml-var manage_page_footer>
-
Deleted: Zope/trunk/src/AccessControl/dtml/roleEdit.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/roleEdit.dtml 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/roleEdit.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,32 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
-
-<p class="form-text">
-Permissions assigned to the role <strong>&dtml-role_to_manage;</strong>
-</p>
-
-<form action="manage_role" method="post">
-<p>
-<input type=hidden name=role_to_manage value="&dtml-role_to_manage;">
-<div class="form-element">
-<select name="permissions:list" multiple size="10">
-<dtml-in expr="permissionsOfRole(role_to_manage)" mapping=1>
- <option &dtml-selected;>&dtml-name;</option>
-</dtml-in>
-</select>
-</div>
-</p>
-
-<p>
-<div class="form-element">
-<input class="form-element" type="submit" name="submit" value="Save Changes" />
-</div>
-</p>
-</form>
-
-<dtml-var manage_page_footer>
-
-
-
-
-
Modified: Zope/trunk/src/AccessControl/interfaces.py
===================================================================
--- Zope/trunk/src/AccessControl/interfaces.py 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/interfaces.py 2010-06-19 11:59:53 UTC (rev 113636)
@@ -85,9 +85,6 @@
"""
-# XXX: might contain non-API methods and outdated comments;
-# not synced with ZopeBook API Reference;
-# based on AccessControl.PermissionMapping.RoleManager
class IPermissionMappingSupport(Interface):
def manage_getPermissionMapping():
@@ -107,11 +104,7 @@
"""
-# XXX: might contain non-API methods and outdated comments;
-# not synced with ZopeBook API Reference;
-# based on AccessControl.Role.RoleManager
class IRoleManager(IPermissionMappingSupport):
-
"""An object that has configurable permissions"""
permissionMappingPossibleValues = Attribute("""Acquired attribute""")
@@ -130,22 +123,15 @@
'permission' is returned.
"""
- manage_roleForm = Attribute(""" """)
-
- def manage_role(role_to_manage, permissions=[], REQUEST=None):
+ def manage_role(role_to_manage, permissions=[]):
"""Change the permissions given to the given role.
"""
- manage_acquiredForm = Attribute(""" """)
-
- def manage_acquiredPermissions(permissions=[], REQUEST=None):
+ def manage_acquiredPermissions(permissions=[]):
"""Change the permissions that acquire.
"""
- manage_permissionForm = Attribute(""" """)
-
- def manage_permission(permission_to_manage,
- roles=[], acquire=0, REQUEST=None):
+ def manage_permission(permission_to_manage, roles=[], acquire=0):
"""Change the settings for the given permission.
If optional arg acquire is true, then the roles for the permission
@@ -153,41 +139,18 @@
permissions are restricted to only the designated roles.
"""
- def manage_access(REQUEST, **kw):
- """Return an interface for making permissions settings.
- """
-
- def manage_changePermissions(REQUEST):
- """Change all permissions settings, called by management screen.
- """
-
def permissionsOfRole(role):
- """Used by management screen.
+ """Returns a role to permission mapping.
"""
def rolesOfPermission(permission):
- """Used by management screen.
+ """Returns a permission to role mapping.
"""
def acquiredRolesAreUsedBy(permission):
- """Used by management screen.
"""
+ """
-
- # Local roles support
- # -------------------
- #
- # Local roles allow a user to be given extra roles in the context
- # of a particular object (and its children). When a user is given
- # extra roles in a particular object, an entry for that user is made
- # in the __ac_local_roles__ dict containing the extra roles.
-
- __ac_local_roles__ = Attribute(""" """)
-
- manage_listLocalRoles = Attribute(""" """)
-
- manage_editLocalRoles = Attribute(""" """)
-
def has_local_roles():
"""
"""
@@ -208,13 +171,13 @@
"""
"""
- def manage_addLocalRoles(userid, roles, REQUEST=None):
+ def manage_addLocalRoles(userid, roles):
"""Set local roles for a user."""
- def manage_setLocalRoles(userid, roles, REQUEST=None):
+ def manage_setLocalRoles(userid, roles):
"""Set local roles for a user."""
- def manage_delLocalRoles(userids, REQUEST=None):
+ def manage_delLocalRoles(userids):
"""Remove all local roles for a user."""
#------------------------------------------------------------
@@ -235,30 +198,6 @@
"""Return list of user-defined roles.
"""
- def manage_defined_roles(submit=None, REQUEST=None):
- """Called by management screen.
- """
-
- def _addRole(role, REQUEST=None):
- """
- """
-
- def _delRoles(roles, REQUEST=None):
- """
- """
-
- def _has_user_defined_role(role):
- """
- """
-
- def manage_editRoles(REQUEST, acl_type='A', acl_roles=[]):
- """
- """
-
- def _setRoles(acl_type, acl_roles):
- """
- """
-
def possible_permissions():
"""
"""
Modified: Zope/trunk/src/AccessControl/tests/testRole.py
===================================================================
--- Zope/trunk/src/AccessControl/tests/testRole.py 2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/tests/testRole.py 2010-06-19 11:59:53 UTC (rev 113636)
@@ -5,10 +5,10 @@
def test_interfaces(self):
from AccessControl.interfaces import IRoleManager
- from AccessControl.Role import RoleManager
+ from AccessControl.Role import BaseRoleManager
from zope.interface.verify import verifyClass
- verifyClass(IRoleManager, RoleManager)
+ verifyClass(IRoleManager, BaseRoleManager)
def test_suite():
Copied: Zope/trunk/src/OFS/dtml/access.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/access.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/access.dtml (rev 0)
+++ Zope/trunk/src/OFS/dtml/access.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,166 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
+</dtml-with>
+<p class="form-help">
+The listing below shows the current security settings for this item.
+Permissions are rows and roles are columns. Checkboxes are used to
+indicate where roles are assigned permissions. You can also assign
+<strong><a href="manage_listLocalRoles">local roles</a></strong> to
+users, which give users extra roles in the context of this object and
+its subobjects.
+</p>
+
+<p class="form-help">
+When a role is assigned to a permission, users with the given role
+will be able to perform tasks associated with the permission on this
+item. When the <em>Acquire permission settings</em> checkbox is selected
+then the containing objects's permission settings are used. Note: the
+acquired permission settings may be augmented by selecting Roles for
+a permission in addition to selecting to acquire permissions.
+</p>
+
+
+<div>
+ <form action="manage_reportUserPermissions" method="GET">
+ Username:
+ <input type="text" name="user" size="20" />
+ <input type="submit" value="Show me the user permissions and roles in the context of the current object" />
+ </form>
+</div>
+
+<dtml-with expr="_.namespace(valid_roles=valid_roles())">
+<form action="manage_changePermissions" method="post">
+
+<table width="100%" cellspacing="0" cellpadding="2" border="0" nowrap>
+<tr class="list-header">
+ <dtml-unless isTopLevelPrincipiaApplicationObject>
+ <td> </td>
+ </dtml-unless>
+ <td align="left" valign="top">
+ <div class="form-label">
+ <strong>Permission</strong>
+ </div>
+ </td>
+ <td align="left" colspan="<dtml-var expr="_.len(valid_roles)">">
+ <div class="form-label">
+ <strong>Roles</strong>
+ </div>
+ </td>
+</tr>
+
+<dtml-in permission_settings mapping>
+
+<dtml-if "not (_['sequence-index']%10)">
+<tr class="row-normal">
+ <dtml-unless isTopLevelPrincipiaApplicationObject>
+ <td align="left" valign="top">
+ <div class="form-label">
+ <strong>
+ <a href="manage_acquiredForm">Acquire<dtml-unless sequence-index><BR>permission<BR>settings</dtml-unless></a>?
+ </strong>
+ </div>
+ </td>
+ </dtml-unless>
+ <td></td>
+ <dtml-in valid_roles>
+ <td align="left">
+ <div class="list-item">
+ <a href="manage_roleForm?role_to_manage=&dtml.url_quote-sequence-item;">&dtml-sequence-item;</a>
+ </div>
+ </td>
+ </dtml-in valid_roles>
+</tr>
+</dtml-if>
+
+<dtml-if sequence-odd>
+<tr class="row-normal">
+<dtml-else>
+<tr class="row-hilite">
+</dtml-if>
+
+ <dtml-unless isTopLevelPrincipiaApplicationObject>
+ <td align="left" valign="top">
+ <input type="checkbox" name="a&dtml-sequence-index;" &dtml-acquire; />
+ </td>
+ </dtml-unless>
+ <td align="left" nowrap>
+ <div class="list-item">
+ <a href="manage_permissionForm?permission_to_manage=&dtml.url_quote-name;">&dtml-name;</a>
+ </div>
+ </td>
+ <dtml-in roles mapping>
+ <td align="center">
+ <input type="checkbox" name="&dtml-name;" &dtml-checked; />
+ </td>
+ </dtml-in>
+</tr>
+</dtml-in permission_settings>
+
+<tr>
+<dtml-if isTopLevelPrincipiaApplicationObject>
+<td colspan="<dtml-var expr="_.len(valid_roles)+1">" align="left">
+<dtml-else>
+<td colspan="<dtml-var expr="_.len(valid_roles)+2">" align="left">
+</dtml-if>
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+</div>
+</td>
+</tr>
+</table>
+</form>
+</dtml-with>
+
+<dtml-if "_['id'] != 'acl_users'">
+<p class="form-help" >
+You can define new roles by entering a role name and clicking the
+"Add Role" button.
+</p>
+
+<form action="manage_defined_roles" method="post">
+<table cellpadding="2">
+<tr>
+ <td align="left" valign="top">
+ <div class="form-label">
+ User defined roles
+ </td>
+ <td align="left" valign="top">
+
+ </td>
+</tr>
+<tr>
+ <td align="left" valign="top">
+ <input type="text" name="role" size="16" value="" />
+ </td>
+ <td align="left" valign="top">
+ <div class="form-element">
+ <input class="form-element" type="submit" name="submit" value="Add Role" />
+ </div>
+ </td>
+</tr>
+<dtml-if userdefined_roles>
+<tr>
+ <td align="left" valign="top">
+ <div class="form-element">
+ <select name="roles:list">
+ <dtml-in userdefined_roles>
+ <option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
+ </dtml-in userdefined_roles>
+ </select>
+ </div>
+ </td>
+ <td align="left" valign="top">
+ <div class="form-element">
+ <input class="form-element" type="submit" name="submit"
+ value="Delete Role" />
+ </div>
+ </td>
+</tr>
+</dtml-if userdefined_roles>
+</table>
+</form>
+</dtml-if>
+
+<dtml-var manage_page_footer>
+
Copied: Zope/trunk/src/OFS/dtml/acquiredEdit.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/acquiredEdit.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/acquiredEdit.dtml (rev 0)
+++ Zope/trunk/src/OFS/dtml/acquiredEdit.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,22 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
+</dtml-with>
+<p class="form-help">
+Select permissions that acquire permission settings:
+</p>
+
+<form action="manage_acquiredPermissions" method="post">
+<select name="permissions:list" multiple size="10">
+<dtml-in permission_settings mapping>
+ <option<dtml-if acquire> selected</dtml-if>>&dtml-name;</option>
+</dtml-in>
+</select>
+<p>
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+</div>
+</p>
+</form>
+
+<dtml-var manage_page_footer>
Copied: Zope/trunk/src/OFS/dtml/editLocalRoles.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/editLocalRoles.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/editLocalRoles.dtml (rev 0)
+++ Zope/trunk/src/OFS/dtml/editLocalRoles.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,56 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
+</dtml-with>
+<p class="form-help">
+Local roles allow you to give particular users extra roles in the
+context of this object, in addition to the roles they already have.
+</p>
+
+<p class="form-help">
+To change the local roles for this user, select the extra roles this
+user should have in the context of this object and click the <em>
+Save Changes</em> button.
+</p>
+
+<form action="manage_setLocalRoles" method="post">
+<table cellspacing="0" cellpadding="2" border="0">
+<tr>
+ <td align="left" valign="top">
+ <div class="form-label">User</div>
+ </td>
+ <td align="left" valign="top">
+ <div class="form-label">Roles</div>
+ </td>
+</tr>
+<tr>
+ <td align="left" valign="top">
+ <div class="form-text">&dtml-userid;</div>
+ </td>
+ <td align="left" valign="top">
+ <div class="form-element">
+ <input type="hidden" name="userid" value="&dtml-userid;">
+<dtml-with "_(user_roles=get_local_roles_for_userid(userid))">
+ <select name="roles:list" size="5" multiple>
+<dtml-in valid_roles><dtml-if
+"_vars['sequence-item'] not in ('Anonymous', 'Shared', 'Authenticated')">
+<option value="&dtml-sequence-item;"<dtml-if
+"_['sequence-item'] in user_roles"> selected</dtml-if>>&dtml-sequence-item;
+</dtml-if>
+</dtml-in>
+ </select>
+</dtml-with>
+ </div>
+ </td>
+</tr>
+<tr>
+ <td align="left" valign="top" colspan="2">
+ <div class="form-element">
+ <input class="form-element" type="submit" value="Save Changes" />
+ </div>
+ </td>
+</tr>
+</table>
+</form>
+
+<dtml-var manage_page_footer>
Copied: Zope/trunk/src/OFS/dtml/listLocalRoles.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/listLocalRoles.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/listLocalRoles.dtml (rev 0)
+++ Zope/trunk/src/OFS/dtml/listLocalRoles.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,111 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
+</dtml-with>
+<dtml-if stat>
+<hr>
+<font color="red">&dtml-stat;</font>
+<hr>
+</dtml-if>
+
+<p class="form-help">
+Local roles allow you to give particular users extra roles in the context
+of this object, in addition to the roles they already have.
+</p>
+
+<dtml-if has_local_roles>
+<p class="form-help">
+The following users have been given local roles. To modify the local roles
+given to a particular user, click on the name of the user. To remove all
+local roles from a user, select the checkbox next to the name of the user
+and click the <em>Remove</em> button.
+</p>
+<form action="manage_delLocalRoles" method="POST">
+<table cellspacing="0" cellpadding="2" border="0">
+<dtml-in get_local_roles>
+<tr>
+ <td align="left" valign="top">
+ <input type="checkbox" name="userids:list" value="&dtml-sequence-key;" />
+ </td>
+ <td align="left" valign="top">
+ <div class="form-text">
+ <a href="manage_editLocalRoles?userid=&dtml.url_quote-sequence-key;">&dtml-sequence-key;</a> (<dtml-in
+ sequence-item>&dtml-sequence-item;<dtml-unless
+ sequence-end>, </dtml-unless></dtml-in>)
+ </div>
+ </td>
+</tr>
+</dtml-in>
+<tr>
+ <td align="left" valign="top">
+ </td>
+ <td align="left" valign="top">
+ <div class="form-element">
+ <input class="form-element" type="submit" name="submit" value="Remove" />
+ </div>
+ </td>
+</tr>
+</table>
+</form>
+</dtml-if>
+
+<p>
+To give a user extra roles when accessing this object (and its children),
+select a user from the <em>User</em> list below, select the extra
+roles that should be given to that user from the <em>Roles</em> list.
+</p>
+
+<form action="manage_setLocalRoles" method="POST">
+<table cellpadding="2" cellspacing="0" border="0">
+<tr>
+ <td align="left" valign="top">
+ <div class="form-label">
+ User
+ </div>
+ </td>
+ <td align="left" valign="top">
+ <div class="form-label">
+ Roles
+ </div>
+ </td>
+</tr>
+<tr>
+ <td align="left" valign="top">
+ <div class="form-element">
+ <dtml-try>
+ <select name="userid" size="5">
+ <dtml-in get_valid_userids>
+ <option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
+ </dtml-in>
+ </select>
+ <dtml-except OverflowError>
+
+ <input name="userid" size=10>
+
+ </dtml-try>
+ </div>
+ </td>
+ <td align="left" valign="top">
+ <div class="form-element">
+ <select name="roles:list" size="5" multiple>
+<dtml-in valid_roles><dtml-if
+"_vars['sequence-item'] not in ('Anonymous', 'Shared', 'Authenticated')">
+<option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
+</dtml-if>
+</dtml-in>
+ </select>
+ </div>
+ </td>
+</tr>
+<tr>
+ <td align="left" valign="top">
+ <div class="form-element">
+ <input class="form-element" type="submit" name="submit" value=" Add " />
+ </div>
+ </td>
+ <td></td>
+</tr>
+</table>
+</form>
+
+<dtml-var manage_page_footer>
Copied: Zope/trunk/src/OFS/dtml/permissionEdit.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/permissionEdit.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/permissionEdit.dtml (rev 0)
+++ Zope/trunk/src/OFS/dtml/permissionEdit.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,36 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
+</dtml-with>
+<p class="form-text">
+Roles assigned to the permission <strong>&dtml-permission_to_manage;</strong>
+</p>
+
+<form action="manage_permission" method="post">
+<p>
+<input type="hidden" name="permission_to_manage" value="&dtml-permission_to_manage;" />
+<div class="form-element">
+<select name="roles:list" multiple size="10">
+<dtml-in expr="rolesOfPermission(permission_to_manage)" mapping=1>
+ <option &dtml-selected;>&dtml-name;</option>
+</dtml-in>
+</select>
+</div>
+</p>
+
+<dtml-unless isTopLevelPrincipiaApplicationObject>
+<p>
+<div class="form-text">
+<input type="checkbox" name="acquire" <dtml-var expr="acquiredRolesAreUsedBy(permission_to_manage)">>
+Also use roles acquired from folders containing this object
+</p>
+</dtml-unless>
+
+<p>
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+</div>
+</p>
+</form>
+
+<dtml-var manage_page_footer>
Copied: Zope/trunk/src/OFS/dtml/reportUserPermissions.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/reportUserPermissions.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/reportUserPermissions.dtml (rev 0)
+++ Zope/trunk/src/OFS/dtml/reportUserPermissions.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,79 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
+</dtml-with>
+
+<p class="form-help">
+This listing shows the permissions and roles for particular user
+in the context of the current object.
+</p>
+
+<dtml-let result="manage_getUserRolesAndPermissions(user)">
+
+<b>User account </b>: &dtml-user;
+<br/>
+<b>User account defined in</b>: <dtml-var "result['user_defined_in']">
+<br/>
+<br/>
+
+<table width="50%" cellspacing="0" cellpadding="4" border="1" nowrap>
+ <thead>
+ <tr>
+ <th>Roles</th>
+ <th>Roles in context</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td valign="top">
+ <ul>
+ <dtml-in "result['roles']">
+ <li>&dtml-sequence-item;
+ </dtml-in>
+ </ul>
+ </td>
+ <td valign="top">
+ <ul>
+ <dtml-in "result['roles_in_context']">
+ <li>&dtml-sequence-item;
+ </dtml-in>
+ </ul>
+ </td>
+ </tr>
+ </tbody>
+</table>
+
+<br/>
+
+<table width="50%" cellspacing="0" cellpadding="4" border="1" nowrap>
+ <thead>
+ <tr>
+ <th>Allowed permissions</th>
+ <th>Disallowed permissions</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td valign="top">
+ <ul>
+ <dtml-in "result['allowed_permissions']">
+ <li>&dtml-sequence-item;
+ </dtml-in>
+ </ul>
+ </td>
+ <td valign="top">
+ <ul>
+ <dtml-in "result['disallowed_permissions']">
+ <li>&dtml-sequence-item;
+ </dtml-in>
+ </ul>
+ </td>
+ </tr>
+ </tbody>
+</table>
+
+
+</dtml-let>
+
+<dtml-var manage_page_footer>
+
Copied: Zope/trunk/src/OFS/dtml/roleEdit.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/roleEdit.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/roleEdit.dtml (rev 0)
+++ Zope/trunk/src/OFS/dtml/roleEdit.dtml 2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,32 @@
+<dtml-var manage_page_header>
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
+
+<p class="form-text">
+Permissions assigned to the role <strong>&dtml-role_to_manage;</strong>
+</p>
+
+<form action="manage_role" method="post">
+<p>
+<input type=hidden name=role_to_manage value="&dtml-role_to_manage;">
+<div class="form-element">
+<select name="permissions:list" multiple size="10">
+<dtml-in expr="permissionsOfRole(role_to_manage)" mapping=1>
+ <option &dtml-selected;>&dtml-name;</option>
+</dtml-in>
+</select>
+</div>
+</p>
+
+<p>
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+</div>
+</p>
+</form>
+
+<dtml-var manage_page_footer>
+
+
+
+
+
Copied: Zope/trunk/src/OFS/role.py (from rev 113633, Zope/trunk/src/AccessControl/Role.py)
===================================================================
--- Zope/trunk/src/OFS/role.py (rev 0)
+++ Zope/trunk/src/OFS/role.py 2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,228 @@
+##############################################################################
+#
+# Copyright (c) 2002 Zope Foundation and Contributors.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+"""Access control support
+"""
+from cgi import escape
+
+from App.Dialogs import MessageDialog
+from App.special_dtml import DTMLFile
+
+from AccessControl import ClassSecurityInfo
+from AccessControl.class_init import InitializeClass
+from AccessControl.Role import BaseRoleManager
+from AccessControl.Role import reqattr
+from AccessControl.Permission import Permission
+from AccessControl.Permissions import change_permissions
+from AccessControl.requestmethod import requestmethod
+
+
+class RoleManager(BaseRoleManager):
+ """An object that has configurable permissions"""
+
+ security = ClassSecurityInfo()
+
+ manage_options=(
+ {'label': 'Security', 'action': 'manage_access'},
+ )
+
+ security.declareProtected(change_permissions, 'manage_roleForm')
+ manage_roleForm=DTMLFile('dtml/roleEdit', globals(),
+ management_view='Security')
+
+ security.declareProtected(change_permissions, 'manage_role')
+ @requestmethod('POST')
+ def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
+ """Change the permissions given to the given role.
+ """
+ BaseRoleManager.manage_role(
+ self, role_to_manage, permissions=permissions)
+ if REQUEST is not None:
+ return self.manage_access(REQUEST)
+
+ security.declareProtected(change_permissions, 'manage_acquiredForm')
+ manage_acquiredForm=DTMLFile('dtml/acquiredEdit', globals(),
+ management_view='Security')
+
+ security.declareProtected(change_permissions, 'manage_acquiredPermissions')
+ @requestmethod('POST')
+ def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
+ """Change the permissions that acquire.
+ """
+ BaseRoleManager.manage_acquiredPermissions(
+ self, permissions=permissions)
+ if REQUEST is not None:
+ return self.manage_access(REQUEST)
+
+ security.declareProtected(change_permissions, 'manage_permissionForm')
+ manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(),
+ management_view='Security')
+
+ security.declareProtected(change_permissions, 'manage_permission')
+ @requestmethod('POST')
+ def manage_permission(self, permission_to_manage,
+ roles=[], acquire=0, REQUEST=None):
+ """Change the settings for the given permission.
+
+ If optional arg acquire is true, then the roles for the permission
+ are acquired, in addition to the ones specified, otherwise the
+ permissions are restricted to only the designated roles.
+ """
+ BaseRoleManager.manage_permission(
+ self, permission_to_manage, roles=roles, acquire=acquire)
+ if REQUEST is not None:
+ return self.manage_access(REQUEST)
+
+ _normal_manage_access=DTMLFile('dtml/access', globals())
+ manage_reportUserPermissions=DTMLFile(
+ 'dtml/reportUserPermissions', globals())
+
+ security.declareProtected(change_permissions, 'manage_access')
+ def manage_access(self, REQUEST, **kw):
+ """Return an interface for making permissions settings.
+ """
+ return apply(self._normal_manage_access, (), kw)
+
+ security.declareProtected(change_permissions, 'manage_changePermissions')
+ @requestmethod('POST')
+ def manage_changePermissions(self, REQUEST):
+ """Change all permissions settings, called by management screen.
+ """
+ valid_roles=self.valid_roles()
+ indexes=range(len(valid_roles))
+ have=REQUEST.has_key
+ permissions=self.ac_inherited_permissions(1)
+ fails = []
+ for ip in range(len(permissions)):
+ roles = []
+ for ir in indexes:
+ if have("p%dr%d" % (ip, ir)):
+ roles.append(valid_roles[ir])
+ name, value = permissions[ip][:2]
+ try:
+ p = Permission(name, value, self)
+ if not have('a%d' % ip):
+ roles=tuple(roles)
+ p.setRoles(roles)
+ except:
+ fails.append(name)
+
+ if fails:
+ return MessageDialog(title="Warning!",
+ message="Some permissions had errors: "
+ + escape(', '.join(fails)),
+ action='manage_access')
+ return MessageDialog(
+ title = 'Success!',
+ message = 'Your changes have been saved',
+ action = 'manage_access')
+
+ security.declareProtected(change_permissions, 'manage_listLocalRoles')
+ manage_listLocalRoles=DTMLFile('dtml/listLocalRoles', globals(),
+ management_view='Security')
+
+ security.declareProtected(change_permissions, 'manage_editLocalRoles')
+ manage_editLocalRoles=DTMLFile('dtml/editLocalRoles', globals(),
+ management_view='Security')
+
+ security.declareProtected(change_permissions, 'manage_addLocalRoles')
+ @requestmethod('POST')
+ def manage_addLocalRoles(self, userid, roles, REQUEST=None):
+ """Set local roles for a user."""
+ BaseRoleManager.manage_addLocalRoles(self, userid, roles)
+ if REQUEST is not None:
+ stat='Your changes have been saved.'
+ return self.manage_listLocalRoles(self, REQUEST, stat=stat)
+
+ security.declareProtected(change_permissions, 'manage_setLocalRoles')
+ @requestmethod('POST')
+ def manage_setLocalRoles(self, userid, roles, REQUEST=None):
+ """Set local roles for a user."""
+ BaseRoleManager.manage_setLocalRoles(self, userid, roles)
+ if REQUEST is not None:
+ stat='Your changes have been saved.'
+ return self.manage_listLocalRoles(self, REQUEST, stat=stat)
+
+ security.declareProtected(change_permissions, 'manage_delLocalRoles')
+ @requestmethod('POST')
+ def manage_delLocalRoles(self, userids, REQUEST=None):
+ """Remove all local roles for a user."""
+ BaseRoleManager.manage_delLocalRoles(self, userids)
+ if REQUEST is not None:
+ stat='Your changes have been saved.'
+ return self.manage_listLocalRoles(self, REQUEST, stat=stat)
+
+ security.declareProtected(change_permissions, 'manage_defined_roles')
+ def manage_defined_roles(self, submit=None, REQUEST=None):
+ """Called by management screen.
+ """
+
+ if submit=='Add Role':
+ role=reqattr(REQUEST, 'role').strip()
+ return self._addRole(role, REQUEST)
+
+ if submit=='Delete Role':
+ roles=reqattr(REQUEST, 'roles')
+ return self._delRoles(roles, REQUEST)
+
+ return self.manage_access(REQUEST)
+
+ @requestmethod('POST')
+ def _addRole(self, role, REQUEST=None):
+ if not role:
+ return MessageDialog(
+ title='Incomplete',
+ message='You must specify a role name',
+ action='manage_access')
+ if role in self.__ac_roles__:
+ return MessageDialog(
+ title='Role Exists',
+ message='The given role is already defined',
+ action='manage_access')
+ data = list(self.__ac_roles__)
+ data.append(role)
+ self.__ac_roles__=tuple(data)
+ if REQUEST is not None:
+ return self.manage_access(REQUEST)
+
+ @requestmethod('POST')
+ def _delRoles(self, roles, REQUEST=None):
+ if not roles:
+ return MessageDialog(
+ title='Incomplete',
+ message='You must specify a role name',
+ action='manage_access')
+ data = list(self.__ac_roles__)
+ for role in roles:
+ try:
+ data.remove(role)
+ except:
+ pass
+ self.__ac_roles__ = tuple(data)
+ if REQUEST is not None:
+ return self.manage_access(REQUEST)
+
+ def _has_user_defined_role(self, role):
+ return role in self.__ac_roles__
+
+ # Compatibility names only!!
+
+ smallRolesWidget=selectedRoles=aclAChecked=aclPChecked=aclEChecked=''
+ validRoles=BaseRoleManager.valid_roles
+
+ def manage_editRoles(self, REQUEST, acl_type='A', acl_roles=[]):
+ pass
+
+ def _setRoles(self, acl_type, acl_roles):
+ pass
+
+InitializeClass(RoleManager)
More information about the Zope-Checkins
mailing list