[Zope-Checkins] SVN: Zope/trunk/src/ Deal with circular import problems and do some real deprecation
Hanno Schlichting
hannosch at hannosch.eu
Sat Jun 19 08:22:23 EDT 2010
Log message for revision 113637:
Deal with circular import problems and do some real deprecation
Changed:
U Zope/trunk/src/AccessControl/AccessControl.txt
U Zope/trunk/src/AccessControl/Role.py
U Zope/trunk/src/AccessControl/User.py
A Zope/trunk/src/AccessControl/rolemanager.py
U Zope/trunk/src/AccessControl/tests/testRole.py
U Zope/trunk/src/App/Permission.py
U Zope/trunk/src/OFS/DTMLMethod.py
U Zope/trunk/src/OFS/Folder.py
U Zope/trunk/src/OFS/Image.py
U Zope/trunk/src/OFS/SimpleItem.py
U Zope/trunk/src/OFS/role.py
U Zope/trunk/src/Products/ExternalMethod/ExternalMethod.py
U Zope/trunk/src/Products/MailHost/MailHost.py
U Zope/trunk/src/Products/Sessions/BrowserIdManager.py
U Zope/trunk/src/Products/Sessions/SessionDataManager.py
U Zope/trunk/src/Shared/DC/ZRDB/Aqueduct.py
U Zope/trunk/src/Shared/DC/ZRDB/Connection.py
U Zope/trunk/src/Shared/DC/ZRDB/DA.py
-=-
Modified: Zope/trunk/src/AccessControl/AccessControl.txt
===================================================================
--- Zope/trunk/src/AccessControl/AccessControl.txt 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/AccessControl/AccessControl.txt 2010-06-19 12:22:23 UTC (rev 113637)
@@ -165,10 +165,8 @@
o Change configuration
-
-
To support the architecture, developers must derive an
-object from the AccessControl.RoleManager mixin class,
+object from the AccessControl.rolemanager.BaseRoleManager mixin class,
and define in their class an __ac_permissions__ attribute.
This should be a tuple of tuples, where each tuple represents
@@ -191,9 +189,7 @@
('Delete properties', ['manage_delProperties']),
('Default permission', ['']),
)
-
-
The developer may also predefine useful types of access, by
specifying an __ac_types__ attribute. This should be a tuple of
tuples, where each tuple represents a type of access and contains
@@ -214,8 +210,6 @@
)
-
-
Developers may also provide pre-defined role names that are
not deletable via the interface by specifying an __ac_roles__
attribute. This is probably not something we'll ever use under
@@ -224,29 +218,3 @@
Example:
__ac_roles__=('Manager', 'Anonymous')
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Modified: Zope/trunk/src/AccessControl/Role.py
===================================================================
--- Zope/trunk/src/AccessControl/Role.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/AccessControl/Role.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -12,509 +12,23 @@
##############################################################################
"""Access control support
"""
-from cgi import escape
-from Acquisition import Acquired
-from Acquisition import aq_base
-from Acquisition import aq_get
-from ExtensionClass import Base
-from zope.interface import implements
+# BBB
+from .rolemanager import DEFAULTMAXLISTUSERS
+from .rolemanager import _isBeingUsedAsAMethod
+from .rolemanager import _isNotBeingUsedAsAMethod
+from .rolemanager import BaseRoleManager
+from .rolemanager import reqattr
+from .rolemanager import classattr
+from .rolemanager import instance_dict
+from .rolemanager import class_dict
+from .rolemanager import instance_attrs
+from .rolemanager import class_attrs
+from .rolemanager import gather_permissions
-from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
-from AccessControl.interfaces import IRoleManager
-from AccessControl.Permission import getPermissions
-from AccessControl.Permission import Permission
-from AccessControl.PermissionMapping import RoleManager
-from AccessControl.Permissions import change_permissions
-from AccessControl.SecurityManagement import newSecurityManager
-
-DEFAULTMAXLISTUSERS = 250
-
-
-def _isBeingUsedAsAMethod(self):
- return aq_get(self, '_isBeingUsedAsAMethod_', 0)
-
-
-def _isNotBeingUsedAsAMethod(self):
- return not aq_get(self, '_isBeingUsedAsAMethod_', 0)
-
-
-class BaseRoleManager(Base, RoleManager):
- """An object that has configurable permissions"""
-
- implements(IRoleManager)
- permissionMappingPossibleValues=Acquired
- security = ClassSecurityInfo()
-
- __ac_roles__ = ('Manager', 'Owner', 'Anonymous', 'Authenticated')
- __ac_local_roles__ = None
-
- security.declareProtected(change_permissions, 'ac_inherited_permissions')
- def ac_inherited_permissions(self, all=0):
- # Get all permissions not defined in ourself that are inherited
- # This will be a sequence of tuples with a name as the first item and
- # an empty tuple as the second.
- d = {}
- perms = self.__ac_permissions__
- for p in perms:
- d[p[0]] = None
-
- r = gather_permissions(self.__class__, [], d)
- if all:
- if hasattr(self, '_subobject_permissions'):
- for p in self._subobject_permissions():
- pname=p[0]
- if not pname in d:
- d[pname] = 1
- r.append(p)
-
- r = list(perms) + r
- r.sort()
-
- return tuple(r)
-
- security.declareProtected(change_permissions, 'permission_settings')
- def permission_settings(self, permission=None):
- """Return user-role permission settings.
-
- If 'permission' is passed to the method then only the settings for
- 'permission' is returned.
- """
- result=[]
- valid=self.valid_roles()
- indexes=range(len(valid))
- ip=0
-
- permissions = self.ac_inherited_permissions(1)
- # Filter permissions
- if permission:
- permissions = [p for p in permissions if p[0] == permission]
-
- for p in permissions:
- name, value = p[:2]
- p=Permission(name, value, self)
- roles = p.getRoles(default=[])
- d={'name': name,
- 'acquire': isinstance(roles, list) and 'CHECKED' or '',
- 'roles': map(
- lambda ir, roles=roles, valid=valid, ip=ip:
- {
- 'name': "p%dr%d" % (ip, ir),
- 'checked': (valid[ir] in roles) and 'CHECKED' or '',
- },
- indexes)
- }
- ip = ip + 1
- result.append(d)
- return result
-
- security.declareProtected(change_permissions, 'manage_role')
- def manage_role(self, role_to_manage, permissions=[]):
- """Change the permissions given to the given role.
- """
- for p in self.ac_inherited_permissions(1):
- name, value = p[:2]
- p=Permission(name, value, self)
- p.setRole(role_to_manage, name in permissions)
-
- security.declareProtected(change_permissions, 'manage_acquiredPermissions')
- def manage_acquiredPermissions(self, permissions=[]):
- """Change the permissions that acquire.
- """
- for p in self.ac_inherited_permissions(1):
- name, value = p[:2]
- p = Permission(name, value, self)
- roles = p.getRoles()
- if roles is None:
- continue
- if name in permissions:
- p.setRoles(list(roles))
- else:
- p.setRoles(tuple(roles))
-
- def manage_getUserRolesAndPermissions(self, user_id):
- """ Used for permission/role reporting for a given user_id.
- Returns a dict mapping
-
- 'user_defined_in' -> path where the user account is defined
- 'roles' -> global roles,
- 'roles_in_context' -> roles in context of the current object,
- 'allowed_permissions' -> permissions allowed for the user,
- 'disallowed_permissions' -> all other permissions
- """
- d = {}
- current = self
-
- while 1:
- try:
- uf = current.acl_users
- except AttributeError:
- raise ValueError('User %s could not be found' % user_id)
-
- userObj = uf.getUser(user_id)
- if userObj:
- break
- else:
- current = current.__parent__
-
- newSecurityManager(None, userObj) # necessary?
- userObj = userObj.__of__(uf)
-
- d = {'user_defined_in': '/' + uf.absolute_url(1)}
-
- # roles
- roles = list(userObj.getRoles())
- roles.sort()
- d['roles'] = roles
-
- # roles in context
- roles = list(userObj.getRolesInContext(self))
- roles.sort()
- d['roles_in_context'] = roles
-
- # permissions
- allowed = []
- disallowed = []
- permMap = self.manage_getPermissionMapping()
- for item in permMap:
- p = item['permission_name']
- if userObj.has_permission(p, self):
- allowed.append(p)
- else:
- disallowed.append(p)
-
- d['allowed_permissions'] = allowed
- d['disallowed_permissions'] = disallowed
-
- return d
-
- security.declareProtected(change_permissions, 'manage_permission')
- def manage_permission(self, permission_to_manage, roles=[], acquire=0):
- """Change the settings for the given permission.
-
- If optional arg acquire is true, then the roles for the permission
- are acquired, in addition to the ones specified, otherwise the
- permissions are restricted to only the designated roles.
- """
- for p in self.ac_inherited_permissions(1):
- name, value = p[:2]
- if name == permission_to_manage:
- p = Permission(name, value, self)
- if acquire:
- roles=list(roles)
- else:
- roles=tuple(roles)
- p.setRoles(roles)
- return
-
- raise ValueError(
- "The permission <em>%s</em> is invalid." %
- escape(permission_to_manage))
-
- security.declareProtected(change_permissions, 'permissionsOfRole')
- def permissionsOfRole(self, role):
- """Returns a role to permission mapping.
- """
- r = []
- for p in self.ac_inherited_permissions(1):
- name, value = p[:2]
- p = Permission(name, value, self)
- roles = p.getRoles()
- r.append({'name': name,
- 'selected': role in roles and 'SELECTED' or '',
- })
- return r
-
- security.declareProtected(change_permissions, 'rolesOfPermission')
- def rolesOfPermission(self, permission):
- """Returns a permission to role mapping.
- """
- valid_roles = self.valid_roles()
- for p in self.ac_inherited_permissions(1):
- name, value = p[:2]
- if name==permission:
- p = Permission(name, value, self)
- roles = p.getRoles()
- return map(
- lambda role, roles=roles:
- {'name': role,
- 'selected': role in roles and 'SELECTED' or '',
- },
- valid_roles)
-
- raise ValueError(
- "The permission <em>%s</em> is invalid." % escape(permission))
-
- security.declareProtected(change_permissions, 'acquiredRolesAreUsedBy')
- def acquiredRolesAreUsedBy(self, permission):
- """
- """
- for p in self.ac_inherited_permissions(1):
- name, value = p[:2]
- if name==permission:
- p=Permission(name, value, self)
- roles = p.getRoles()
- return isinstance(roles, list) and 'CHECKED' or ''
-
- raise ValueError(
- "The permission <em>%s</em> is invalid." % escape(permission))
-
- # Local roles support
- # -------------------
- #
- # Local roles allow a user to be given extra roles in the context
- # of a particular object (and its children). When a user is given
- # extra roles in a particular object, an entry for that user is made
- # in the __ac_local_roles__ dict containing the extra roles.
-
- def has_local_roles(self):
- dict=self.__ac_local_roles__ or {}
- return len(dict)
-
- def get_local_roles(self):
- dict=self.__ac_local_roles__ or {}
- keys=dict.keys()
- keys.sort()
- info=[]
- for key in keys:
- value=tuple(dict[key])
- info.append((key, value))
- return tuple(info)
-
- def users_with_local_role(self, role):
- got = {}
- for user, roles in self.get_local_roles():
- if role in roles:
- got[user] = 1
- return got.keys()
-
- def get_valid_userids(self):
- item=self
- dict={}
- _notfound = []
- while 1:
- aclu = getattr(aq_base(item), '__allow_groups__', _notfound)
- if aclu is not _notfound:
- mlu = getattr(aclu, 'maxlistusers', _notfound)
- if not isinstance(mlu, int):
- mlu = DEFAULTMAXLISTUSERS
- if mlu < 0:
- raise OverflowError
- un = getattr(aclu, 'user_names', _notfound)
- if un is not _notfound:
- un = aclu.__of__(item).user_names # rewrap
- unl = un()
- # maxlistusers of 0 is list all
- if len(unl) > mlu and mlu != 0:
- raise OverflowError
- for name in unl:
- dict[name]=1
- item = getattr(item, '__parent__', _notfound)
- if item is _notfound:
- break
- keys=dict.keys()
- keys.sort()
- return tuple(keys)
-
- def get_local_roles_for_userid(self, userid):
- dict=self.__ac_local_roles__ or {}
- return tuple(dict.get(userid, []))
-
- security.declareProtected(change_permissions, 'manage_addLocalRoles')
- def manage_addLocalRoles(self, userid, roles):
- """Set local roles for a user."""
- if not roles:
- raise ValueError('One or more roles must be given!')
- dict = self.__ac_local_roles__
- if dict is None:
- self.__ac_local_roles__ = dict = {}
- local_roles = list(dict.get(userid, []))
- for r in roles:
- if r not in local_roles:
- local_roles.append(r)
- dict[userid] = local_roles
- self._p_changed=True
-
- security.declareProtected(change_permissions, 'manage_setLocalRoles')
- def manage_setLocalRoles(self, userid, roles):
- """Set local roles for a user."""
- if not roles:
- raise ValueError('One or more roles must be given!')
- dict = self.__ac_local_roles__
- if dict is None:
- self.__ac_local_roles__ = dict = {}
- dict[userid]=roles
- self._p_changed = True
-
- security.declareProtected(change_permissions, 'manage_delLocalRoles')
- def manage_delLocalRoles(self, userids):
- """Remove all local roles for a user."""
- dict = self.__ac_local_roles__
- if dict is None:
- self.__ac_local_roles__ = dict = {}
- for userid in userids:
- if userid in dict:
- del dict[userid]
- self._p_changed=True
-
- #------------------------------------------------------------
-
- security.declarePrivate('access_debug_info')
- def access_debug_info(self):
- """Return debug info.
- """
- clas=class_attrs(self)
- inst=instance_attrs(self)
- data=[]
- _add=data.append
- for key, value in inst.items():
- if key.find('__roles__') >= 0:
- _add({'name': key, 'value': value, 'class': 0})
- if hasattr(value, '__roles__'):
- _add({'name': '%s.__roles__' % key, 'value': value.__roles__,
- 'class': 0})
- for key, value in clas.items():
- if key.find('__roles__') >= 0:
- _add({'name': key, 'value': value, 'class': 1})
- if hasattr(value, '__roles__'):
- _add({'name': '%s.__roles__' % key, 'value': value.__roles__,
- 'class': 1})
- return data
-
- def valid_roles(self):
- """Return list of valid roles.
- """
- obj=self
- dict={}
- dup =dict.has_key
- x=0
- while x < 100:
- if hasattr(obj, '__ac_roles__'):
- roles=obj.__ac_roles__
- for role in roles:
- if not dup(role):
- dict[role]=1
- if getattr(obj, '__parent__', None) is None:
- break
- obj=obj.__parent__
- x=x+1
- roles=dict.keys()
- roles.sort()
- return tuple(roles)
-
- def validate_roles(self, roles):
- """Return true if all given roles are valid.
- """
- valid=self.valid_roles()
- for role in roles:
- if role not in valid:
- return 0
- return 1
-
- security.declareProtected(change_permissions, 'userdefined_roles')
- def userdefined_roles(self):
- """Return list of user-defined roles.
- """
- roles = list(self.__ac_roles__)
- for role in classattr(self.__class__, '__ac_roles__'):
- try:
- roles.remove(role)
- except:
- pass
- return tuple(roles)
-
- def possible_permissions(self):
- d = {}
- permissions = getPermissions()
- for p in permissions:
- d[p[0]] = 1
- for p in self.ac_inherited_permissions(1):
- d[p[0]] = 1
-
- d = d.keys()
- d.sort()
- return d
-
-InitializeClass(BaseRoleManager)
-
-
-def reqattr(request, attr):
- try:
- return request[attr]
- except:
- return None
-
-
-def classattr(cls, attr):
- if hasattr(cls, attr):
- return getattr(cls, attr)
- try:
- bases = cls.__bases__
- except:
- bases = ()
- for base in bases:
- if classattr(base, attr):
- return attr
- return None
-
-
-def instance_dict(inst):
- try:
- return inst.__dict__
- except:
- return {}
-
-
-def class_dict(_class):
- try:
- return _class.__dict__
- except:
- return {}
-
-
-def instance_attrs(inst):
- return instance_dict(inst)
-
-
-def class_attrs(inst, _class=None, data=None):
- if _class is None:
- _class=inst.__class__
- data={}
-
- clas_dict=class_dict(_class)
- inst_dict=instance_dict(inst)
- inst_attr=inst_dict.has_key
- for key, value in clas_dict.items():
- if not inst_attr(key):
- data[key]=value
- for base in _class.__bases__:
- data=class_attrs(inst, base, data)
- return data
-
-
-def gather_permissions(klass, result, seen):
- for base in klass.__bases__:
- if '__ac_permissions__' in base.__dict__:
- for p in base.__ac_permissions__:
- name=p[0]
- if name in seen:
- continue
- result.append((name, ()))
- seen[name] = None
- gather_permissions(base, result, seen)
- return result
-
-
-# BBB - this is a bit odd, but the class variable RoleManager.manage_options
-# is used by a lot of code and this isn't available on the deferredimport
-# wrapper
-try:
- from OFS.role import RoleManager
- RoleManager # pyflakes
-except ImportError:
- from zope.deferredimport import deprecated
- deprecated("RoleManager is no longer part of AccessControl, please "
- "depend on Zope2 and import from OFS.role",
- RoleManager = 'OFS.role:RoleManager',
- )
+from zope.deferredimport import deprecated
+deprecated("RoleManager is no longer part of AccessControl, please "
+ "depend on Zope2 and import from OFS.role or use the "
+ "BaseRoleManager class from AccessControl.rolemanager.",
+ RoleManager = 'OFS.role:RoleManager',
+)
Modified: Zope/trunk/src/AccessControl/User.py
===================================================================
--- Zope/trunk/src/AccessControl/User.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/AccessControl/User.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -35,18 +35,20 @@
from App.Management import Tabs
from App.special_dtml import DTMLFile
from App.Dialogs import MessageDialog
+from OFS.role import RoleManager
from OFS.SimpleItem import Item
-import AuthEncoding
-import SpecialUsers
-from interfaces import IStandardUserFolder
-from requestmethod import requestmethod
-from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
-from Role import RoleManager, DEFAULTMAXLISTUSERS
-from SecurityManagement import getSecurityManager
-from SecurityManagement import newSecurityManager
-from SecurityManagement import noSecurityManager
-from ZopeSecurityPolicy import _noroles
+from AccessControl import AuthEncoding
+from AccessControl import SpecialUsers
+from .interfaces import IStandardUserFolder
+from .requestmethod import requestmethod
+from .PermissionRole import _what_not_even_god_should_do
+from .PermissionRole import rolesForPermissionOn
+from .rolemanager import DEFAULTMAXLISTUSERS
+from .SecurityManagement import getSecurityManager
+from .SecurityManagement import newSecurityManager
+from .SecurityManagement import noSecurityManager
+from .ZopeSecurityPolicy import _noroles
_marker=[]
Copied: Zope/trunk/src/AccessControl/rolemanager.py (from rev 113636, Zope/trunk/src/AccessControl/Role.py)
===================================================================
--- Zope/trunk/src/AccessControl/rolemanager.py (rev 0)
+++ Zope/trunk/src/AccessControl/rolemanager.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -0,0 +1,506 @@
+##############################################################################
+#
+# Copyright (c) 2002 Zope Foundation and Contributors.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+"""Access control support
+"""
+from cgi import escape
+
+from Acquisition import Acquired
+from Acquisition import aq_base
+from Acquisition import aq_get
+from ExtensionClass import Base
+from zope.interface import implements
+
+from AccessControl import ClassSecurityInfo
+from AccessControl.class_init import InitializeClass
+from AccessControl.interfaces import IRoleManager
+from AccessControl.Permission import getPermissions
+from AccessControl.Permission import Permission
+from AccessControl.PermissionMapping import RoleManager
+from AccessControl.Permissions import change_permissions
+from AccessControl.SecurityManagement import newSecurityManager
+
+DEFAULTMAXLISTUSERS = 250
+
+
+def _isBeingUsedAsAMethod(self):
+ return aq_get(self, '_isBeingUsedAsAMethod_', 0)
+
+
+def _isNotBeingUsedAsAMethod(self):
+ return not aq_get(self, '_isBeingUsedAsAMethod_', 0)
+
+
+class BaseRoleManager(Base, RoleManager):
+ """An object that has configurable permissions"""
+
+ implements(IRoleManager)
+ permissionMappingPossibleValues=Acquired
+ security = ClassSecurityInfo()
+
+ __ac_roles__ = ('Manager', 'Owner', 'Anonymous', 'Authenticated')
+ __ac_local_roles__ = None
+
+ security.declareProtected(change_permissions, 'ac_inherited_permissions')
+ def ac_inherited_permissions(self, all=0):
+ # Get all permissions not defined in ourself that are inherited
+ # This will be a sequence of tuples with a name as the first item and
+ # an empty tuple as the second.
+ d = {}
+ perms = self.__ac_permissions__
+ for p in perms:
+ d[p[0]] = None
+
+ r = gather_permissions(self.__class__, [], d)
+ if all:
+ if hasattr(self, '_subobject_permissions'):
+ for p in self._subobject_permissions():
+ pname=p[0]
+ if not pname in d:
+ d[pname] = 1
+ r.append(p)
+
+ r = list(perms) + r
+ r.sort()
+
+ return tuple(r)
+
+ security.declareProtected(change_permissions, 'permission_settings')
+ def permission_settings(self, permission=None):
+ """Return user-role permission settings.
+
+ If 'permission' is passed to the method then only the settings for
+ 'permission' is returned.
+ """
+ result=[]
+ valid=self.valid_roles()
+ indexes=range(len(valid))
+ ip=0
+
+ permissions = self.ac_inherited_permissions(1)
+ # Filter permissions
+ if permission:
+ permissions = [p for p in permissions if p[0] == permission]
+
+ for p in permissions:
+ name, value = p[:2]
+ p=Permission(name, value, self)
+ roles = p.getRoles(default=[])
+ d={'name': name,
+ 'acquire': isinstance(roles, list) and 'CHECKED' or '',
+ 'roles': map(
+ lambda ir, roles=roles, valid=valid, ip=ip:
+ {
+ 'name': "p%dr%d" % (ip, ir),
+ 'checked': (valid[ir] in roles) and 'CHECKED' or '',
+ },
+ indexes)
+ }
+ ip = ip + 1
+ result.append(d)
+ return result
+
+ security.declareProtected(change_permissions, 'manage_role')
+ def manage_role(self, role_to_manage, permissions=[]):
+ """Change the permissions given to the given role.
+ """
+ for p in self.ac_inherited_permissions(1):
+ name, value = p[:2]
+ p=Permission(name, value, self)
+ p.setRole(role_to_manage, name in permissions)
+
+ security.declareProtected(change_permissions, 'manage_acquiredPermissions')
+ def manage_acquiredPermissions(self, permissions=[]):
+ """Change the permissions that acquire.
+ """
+ for p in self.ac_inherited_permissions(1):
+ name, value = p[:2]
+ p = Permission(name, value, self)
+ roles = p.getRoles()
+ if roles is None:
+ continue
+ if name in permissions:
+ p.setRoles(list(roles))
+ else:
+ p.setRoles(tuple(roles))
+
+ def manage_getUserRolesAndPermissions(self, user_id):
+ """ Used for permission/role reporting for a given user_id.
+ Returns a dict mapping
+
+ 'user_defined_in' -> path where the user account is defined
+ 'roles' -> global roles,
+ 'roles_in_context' -> roles in context of the current object,
+ 'allowed_permissions' -> permissions allowed for the user,
+ 'disallowed_permissions' -> all other permissions
+ """
+ d = {}
+ current = self
+
+ while 1:
+ try:
+ uf = current.acl_users
+ except AttributeError:
+ raise ValueError('User %s could not be found' % user_id)
+
+ userObj = uf.getUser(user_id)
+ if userObj:
+ break
+ else:
+ current = current.__parent__
+
+ newSecurityManager(None, userObj) # necessary?
+ userObj = userObj.__of__(uf)
+
+ d = {'user_defined_in': '/' + uf.absolute_url(1)}
+
+ # roles
+ roles = list(userObj.getRoles())
+ roles.sort()
+ d['roles'] = roles
+
+ # roles in context
+ roles = list(userObj.getRolesInContext(self))
+ roles.sort()
+ d['roles_in_context'] = roles
+
+ # permissions
+ allowed = []
+ disallowed = []
+ permMap = self.manage_getPermissionMapping()
+ for item in permMap:
+ p = item['permission_name']
+ if userObj.has_permission(p, self):
+ allowed.append(p)
+ else:
+ disallowed.append(p)
+
+ d['allowed_permissions'] = allowed
+ d['disallowed_permissions'] = disallowed
+
+ return d
+
+ security.declareProtected(change_permissions, 'manage_permission')
+ def manage_permission(self, permission_to_manage, roles=[], acquire=0):
+ """Change the settings for the given permission.
+
+ If optional arg acquire is true, then the roles for the permission
+ are acquired, in addition to the ones specified, otherwise the
+ permissions are restricted to only the designated roles.
+ """
+ for p in self.ac_inherited_permissions(1):
+ name, value = p[:2]
+ if name == permission_to_manage:
+ p = Permission(name, value, self)
+ if acquire:
+ roles=list(roles)
+ else:
+ roles=tuple(roles)
+ p.setRoles(roles)
+ return
+
+ raise ValueError(
+ "The permission <em>%s</em> is invalid." %
+ escape(permission_to_manage))
+
+ security.declareProtected(change_permissions, 'permissionsOfRole')
+ def permissionsOfRole(self, role):
+ """Returns a role to permission mapping.
+ """
+ r = []
+ for p in self.ac_inherited_permissions(1):
+ name, value = p[:2]
+ p = Permission(name, value, self)
+ roles = p.getRoles()
+ r.append({'name': name,
+ 'selected': role in roles and 'SELECTED' or '',
+ })
+ return r
+
+ security.declareProtected(change_permissions, 'rolesOfPermission')
+ def rolesOfPermission(self, permission):
+ """Returns a permission to role mapping.
+ """
+ valid_roles = self.valid_roles()
+ for p in self.ac_inherited_permissions(1):
+ name, value = p[:2]
+ if name==permission:
+ p = Permission(name, value, self)
+ roles = p.getRoles()
+ return map(
+ lambda role, roles=roles:
+ {'name': role,
+ 'selected': role in roles and 'SELECTED' or '',
+ },
+ valid_roles)
+
+ raise ValueError(
+ "The permission <em>%s</em> is invalid." % escape(permission))
+
+ security.declareProtected(change_permissions, 'acquiredRolesAreUsedBy')
+ def acquiredRolesAreUsedBy(self, permission):
+ """
+ """
+ for p in self.ac_inherited_permissions(1):
+ name, value = p[:2]
+ if name==permission:
+ p=Permission(name, value, self)
+ roles = p.getRoles()
+ return isinstance(roles, list) and 'CHECKED' or ''
+
+ raise ValueError(
+ "The permission <em>%s</em> is invalid." % escape(permission))
+
+ # Local roles support
+ # -------------------
+ #
+ # Local roles allow a user to be given extra roles in the context
+ # of a particular object (and its children). When a user is given
+ # extra roles in a particular object, an entry for that user is made
+ # in the __ac_local_roles__ dict containing the extra roles.
+
+ def has_local_roles(self):
+ dict=self.__ac_local_roles__ or {}
+ return len(dict)
+
+ def get_local_roles(self):
+ dict=self.__ac_local_roles__ or {}
+ keys=dict.keys()
+ keys.sort()
+ info=[]
+ for key in keys:
+ value=tuple(dict[key])
+ info.append((key, value))
+ return tuple(info)
+
+ def users_with_local_role(self, role):
+ got = {}
+ for user, roles in self.get_local_roles():
+ if role in roles:
+ got[user] = 1
+ return got.keys()
+
+ def get_valid_userids(self):
+ item=self
+ dict={}
+ _notfound = []
+ while 1:
+ aclu = getattr(aq_base(item), '__allow_groups__', _notfound)
+ if aclu is not _notfound:
+ mlu = getattr(aclu, 'maxlistusers', _notfound)
+ if not isinstance(mlu, int):
+ mlu = DEFAULTMAXLISTUSERS
+ if mlu < 0:
+ raise OverflowError
+ un = getattr(aclu, 'user_names', _notfound)
+ if un is not _notfound:
+ un = aclu.__of__(item).user_names # rewrap
+ unl = un()
+ # maxlistusers of 0 is list all
+ if len(unl) > mlu and mlu != 0:
+ raise OverflowError
+ for name in unl:
+ dict[name]=1
+ item = getattr(item, '__parent__', _notfound)
+ if item is _notfound:
+ break
+ keys=dict.keys()
+ keys.sort()
+ return tuple(keys)
+
+ def get_local_roles_for_userid(self, userid):
+ dict=self.__ac_local_roles__ or {}
+ return tuple(dict.get(userid, []))
+
+ security.declareProtected(change_permissions, 'manage_addLocalRoles')
+ def manage_addLocalRoles(self, userid, roles):
+ """Set local roles for a user."""
+ if not roles:
+ raise ValueError('One or more roles must be given!')
+ dict = self.__ac_local_roles__
+ if dict is None:
+ self.__ac_local_roles__ = dict = {}
+ local_roles = list(dict.get(userid, []))
+ for r in roles:
+ if r not in local_roles:
+ local_roles.append(r)
+ dict[userid] = local_roles
+ self._p_changed=True
+
+ security.declareProtected(change_permissions, 'manage_setLocalRoles')
+ def manage_setLocalRoles(self, userid, roles):
+ """Set local roles for a user."""
+ if not roles:
+ raise ValueError('One or more roles must be given!')
+ dict = self.__ac_local_roles__
+ if dict is None:
+ self.__ac_local_roles__ = dict = {}
+ dict[userid]=roles
+ self._p_changed = True
+
+ security.declareProtected(change_permissions, 'manage_delLocalRoles')
+ def manage_delLocalRoles(self, userids):
+ """Remove all local roles for a user."""
+ dict = self.__ac_local_roles__
+ if dict is None:
+ self.__ac_local_roles__ = dict = {}
+ for userid in userids:
+ if userid in dict:
+ del dict[userid]
+ self._p_changed=True
+
+ #------------------------------------------------------------
+
+ security.declarePrivate('access_debug_info')
+ def access_debug_info(self):
+ """Return debug info.
+ """
+ clas=class_attrs(self)
+ inst=instance_attrs(self)
+ data=[]
+ _add=data.append
+ for key, value in inst.items():
+ if key.find('__roles__') >= 0:
+ _add({'name': key, 'value': value, 'class': 0})
+ if hasattr(value, '__roles__'):
+ _add({'name': '%s.__roles__' % key, 'value': value.__roles__,
+ 'class': 0})
+ for key, value in clas.items():
+ if key.find('__roles__') >= 0:
+ _add({'name': key, 'value': value, 'class': 1})
+ if hasattr(value, '__roles__'):
+ _add({'name': '%s.__roles__' % key, 'value': value.__roles__,
+ 'class': 1})
+ return data
+
+ def valid_roles(self):
+ """Return list of valid roles.
+ """
+ obj=self
+ dict={}
+ dup =dict.has_key
+ x=0
+ while x < 100:
+ if hasattr(obj, '__ac_roles__'):
+ roles=obj.__ac_roles__
+ for role in roles:
+ if not dup(role):
+ dict[role]=1
+ if getattr(obj, '__parent__', None) is None:
+ break
+ obj=obj.__parent__
+ x=x+1
+ roles=dict.keys()
+ roles.sort()
+ return tuple(roles)
+
+ def validate_roles(self, roles):
+ """Return true if all given roles are valid.
+ """
+ valid=self.valid_roles()
+ for role in roles:
+ if role not in valid:
+ return 0
+ return 1
+
+ security.declareProtected(change_permissions, 'userdefined_roles')
+ def userdefined_roles(self):
+ """Return list of user-defined roles.
+ """
+ roles = list(self.__ac_roles__)
+ for role in classattr(self.__class__, '__ac_roles__'):
+ try:
+ roles.remove(role)
+ except:
+ pass
+ return tuple(roles)
+
+ def possible_permissions(self):
+ d = {}
+ permissions = getPermissions()
+ for p in permissions:
+ d[p[0]] = 1
+ for p in self.ac_inherited_permissions(1):
+ d[p[0]] = 1
+
+ d = d.keys()
+ d.sort()
+ return d
+
+InitializeClass(BaseRoleManager)
+
+
+def reqattr(request, attr):
+ try:
+ return request[attr]
+ except:
+ return None
+
+
+def classattr(cls, attr):
+ if hasattr(cls, attr):
+ return getattr(cls, attr)
+ try:
+ bases = cls.__bases__
+ except:
+ bases = ()
+ for base in bases:
+ if classattr(base, attr):
+ return attr
+ return None
+
+
+def instance_dict(inst):
+ try:
+ return inst.__dict__
+ except:
+ return {}
+
+
+def class_dict(_class):
+ try:
+ return _class.__dict__
+ except:
+ return {}
+
+
+def instance_attrs(inst):
+ return instance_dict(inst)
+
+
+def class_attrs(inst, _class=None, data=None):
+ if _class is None:
+ _class=inst.__class__
+ data={}
+
+ clas_dict=class_dict(_class)
+ inst_dict=instance_dict(inst)
+ inst_attr=inst_dict.has_key
+ for key, value in clas_dict.items():
+ if not inst_attr(key):
+ data[key]=value
+ for base in _class.__bases__:
+ data=class_attrs(inst, base, data)
+ return data
+
+
+def gather_permissions(klass, result, seen):
+ for base in klass.__bases__:
+ if '__ac_permissions__' in base.__dict__:
+ for p in base.__ac_permissions__:
+ name=p[0]
+ if name in seen:
+ continue
+ result.append((name, ()))
+ seen[name] = None
+ gather_permissions(base, result, seen)
+ return result
Modified: Zope/trunk/src/AccessControl/tests/testRole.py
===================================================================
--- Zope/trunk/src/AccessControl/tests/testRole.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/AccessControl/tests/testRole.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -5,7 +5,7 @@
def test_interfaces(self):
from AccessControl.interfaces import IRoleManager
- from AccessControl.Role import BaseRoleManager
+ from AccessControl.rolemanager import BaseRoleManager
from zope.interface.verify import verifyClass
verifyClass(IRoleManager, BaseRoleManager)
Modified: Zope/trunk/src/App/Permission.py
===================================================================
--- Zope/trunk/src/App/Permission.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/App/Permission.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -15,9 +15,9 @@
from AccessControl.class_init import InitializeClass
-from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Implicit
+from OFS.role import RoleManager
from OFS.SimpleItem import Item
from Persistence import Persistent
Modified: Zope/trunk/src/OFS/DTMLMethod.py
===================================================================
--- Zope/trunk/src/OFS/DTMLMethod.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/OFS/DTMLMethod.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -16,7 +16,6 @@
from AccessControl.class_init import InitializeClass
from AccessControl.SecurityInfo import ClassSecurityInfo
-from AccessControl.Role import RoleManager
from Acquisition import Implicit
from App.special_dtml import DTMLFile
from App.special_dtml import HTML
@@ -33,6 +32,7 @@
from OFS.Cache import Cacheable
from OFS.History import Historical
from OFS.History import html_diff
+from OFS.role import RoleManager
from OFS.SimpleItem import Item_w__name__
from OFS.ZDOM import ElementWithTitle
from webdav.Lockable import ResourceLockedError
Modified: Zope/trunk/src/OFS/Folder.py
===================================================================
--- Zope/trunk/src/OFS/Folder.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/OFS/Folder.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -20,7 +20,6 @@
from AccessControl.class_init import InitializeClass
from AccessControl.Permissions import add_page_templates
from AccessControl.Permissions import add_user_folders
-from AccessControl.Role import RoleManager
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.unauthorized import Unauthorized
from App.special_dtml import DTMLFile
@@ -31,6 +30,7 @@
from OFS.interfaces import IFolder
from OFS.ObjectManager import ObjectManager
from OFS.PropertyManager import PropertyManager
+from OFS.role import RoleManager
from OFS.SimpleItem import Item
Modified: Zope/trunk/src/OFS/Image.py
===================================================================
--- Zope/trunk/src/OFS/Image.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/OFS/Image.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -25,7 +25,6 @@
from AccessControl.Permissions import view as View
from AccessControl.Permissions import ftp_access
from AccessControl.Permissions import delete_objects
-from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Implicit
from App.special_dtml import DTMLFile
@@ -44,6 +43,7 @@
from OFS.Cache import Cacheable
from OFS.PropertyManager import PropertyManager
+from OFS.role import RoleManager
from OFS.SimpleItem import Item_w__name__
from zope.event import notify
Modified: Zope/trunk/src/OFS/SimpleItem.py
===================================================================
--- Zope/trunk/src/OFS/SimpleItem.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/OFS/SimpleItem.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -30,7 +30,6 @@
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.Owned import Owned
from AccessControl.Permissions import view as View
-from AccessControl.Role import RoleManager
from AccessControl.unauthorized import Unauthorized
from AccessControl.ZopeSecurityPolicy import getRoles
from Acquisition import Acquired
@@ -58,6 +57,7 @@
from OFS.interfaces import IItemWithName
from OFS.interfaces import ISimpleItem
from OFS.CopySupport import CopySource
+from OFS.role import RoleManager
from OFS.Traversable import Traversable
from OFS.ZDOM import Element
Modified: Zope/trunk/src/OFS/role.py
===================================================================
--- Zope/trunk/src/OFS/role.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/OFS/role.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -19,8 +19,8 @@
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
-from AccessControl.Role import BaseRoleManager
-from AccessControl.Role import reqattr
+from AccessControl.rolemanager import BaseRoleManager
+from AccessControl.rolemanager import reqattr
from AccessControl.Permission import Permission
from AccessControl.Permissions import change_permissions
from AccessControl.requestmethod import requestmethod
Modified: Zope/trunk/src/Products/ExternalMethod/ExternalMethod.py
===================================================================
--- Zope/trunk/src/Products/ExternalMethod/ExternalMethod.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/Products/ExternalMethod/ExternalMethod.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -26,7 +26,6 @@
from AccessControl.Permissions import change_external_methods
from AccessControl.Permissions import view_management_screens
from AccessControl.Permissions import view as View
-from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Acquired
from Acquisition import Explicit
@@ -36,6 +35,7 @@
from App.Extensions import FuncCode
from App.special_dtml import DTMLFile
from App.special_dtml import HTML
+from OFS.role import RoleManager
from OFS.SimpleItem import Item
from OFS.SimpleItem import pretty_tb
from Persistence import Persistent
Modified: Zope/trunk/src/Products/MailHost/MailHost.py
===================================================================
--- Zope/trunk/src/Products/MailHost/MailHost.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/Products/MailHost/MailHost.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -40,11 +40,11 @@
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.Permissions import change_configuration, view
from AccessControl.Permissions import use_mailhost_services
-from AccessControl.Role import RoleManager
from Acquisition import Implicit
from App.special_dtml import DTMLFile
from DateTime.DateTime import DateTime
from Persistence import Persistent
+from OFS.role import RoleManager
from OFS.SimpleItem import Item
from zope.interface import implements
Modified: Zope/trunk/src/Products/Sessions/BrowserIdManager.py
===================================================================
--- Zope/trunk/src/Products/Sessions/BrowserIdManager.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/Products/Sessions/BrowserIdManager.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -24,7 +24,6 @@
from AccessControl.class_init import InitializeClass
from AccessControl.Owned import Owned
-from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Implicit
from Acquisition import aq_parent
@@ -33,6 +32,7 @@
from App.special_dtml import DTMLFile
from Persistence import Persistent
from persistent import TimeStamp
+from OFS.role import RoleManager
from OFS.SimpleItem import Item
from ZPublisher.BeforeTraverse import registerBeforeTraverse
from ZPublisher.BeforeTraverse import unregisterBeforeTraverse
Modified: Zope/trunk/src/Products/Sessions/SessionDataManager.py
===================================================================
--- Zope/trunk/src/Products/Sessions/SessionDataManager.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/Products/Sessions/SessionDataManager.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -16,11 +16,11 @@
from AccessControl.class_init import InitializeClass
from AccessControl.Owned import Owned
-from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Implicit
from App.special_dtml import DTMLFile
from App.Management import Tabs
+from OFS.role import RoleManager
from OFS.SimpleItem import Item
from Persistence import Persistent
from ZPublisher.BeforeTraverse import registerBeforeTraverse
Modified: Zope/trunk/src/Shared/DC/ZRDB/Aqueduct.py
===================================================================
--- Zope/trunk/src/Shared/DC/ZRDB/Aqueduct.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/Shared/DC/ZRDB/Aqueduct.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -21,12 +21,12 @@
import re
import string
-from AccessControl.Role import RoleManager
from Acquisition import Implicit
from App.Common import package_home
from DateTime.DateTime import DateTime
from DocumentTemplate import File
from DocumentTemplate import HTML
+from OFS.role import RoleManager
from OFS.SimpleItem import Item
from Persistence import Persistent
from zExceptions import Redirect
Modified: Zope/trunk/src/Shared/DC/ZRDB/Connection.py
===================================================================
--- Zope/trunk/src/Shared/DC/ZRDB/Connection.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/Shared/DC/ZRDB/Connection.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -26,13 +26,13 @@
from AccessControl.Permissions import change_database_connections
from AccessControl.Permissions import test_database_connections
from AccessControl.Permissions import open_close_database_connection
-from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from Acquisition import Implicit
from App.Dialogs import MessageDialog
from App.special_dtml import DTMLFile
from DateTime.DateTime import DateTime
from DocumentTemplate import HTML
+from OFS.role import RoleManager
from OFS.SimpleItem import Item
from Persistence import Persistent
from zExceptions import BadRequest
Modified: Zope/trunk/src/Shared/DC/ZRDB/DA.py
===================================================================
--- Zope/trunk/src/Shared/DC/ZRDB/DA.py 2010-06-19 11:59:53 UTC (rev 113636)
+++ Zope/trunk/src/Shared/DC/ZRDB/DA.py 2010-06-19 12:22:23 UTC (rev 113637)
@@ -23,7 +23,6 @@
from AccessControl.Permissions import change_database_methods
from AccessControl.Permissions import use_database_methods
from AccessControl.Permissions import view_management_screens
-from AccessControl.Role import RoleManager
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.SecurityManagement import getSecurityManager
from Acquisition import Implicit
@@ -35,6 +34,7 @@
from DateTime.DateTime import DateTime
from ExtensionClass import Base
from BTrees.OOBTree import OOBucket as Bucket
+from OFS.role import RoleManager
from OFS.SimpleItem import Item
from Persistence import Persistent
from webdav.Resource import Resource
More information about the Zope-Checkins
mailing list