[Zope3-checkins] CVS: Zope3/src/zope/app/browser/security/grants - __init__.py:1.1.2.1 configure.zcml:1.1.2.1 manage_access.pt:1.1.2.1 manage_permissionform.pt:1.1.2.1 manage_roleform.pt:1.1.2.1 principal_permission_edit.pt:1.1.2.1 principal_role_association.pt:1.1.2.1 principalpermissionview.py:1.1.2.1 principalroleview.py:1.1.2.1 rolepermissionview.py:1.1.2.1

Jim Fulton jim@zope.com
Mon, 23 Dec 2002 14:31:12 -0500


Update of /cvs-repository/Zope3/src/zope/app/browser/security/grants
In directory cvs.zope.org:/tmp/cvs-serv19908/zope/app/browser/security/grants

Added Files:
      Tag: NameGeddon-branch
	__init__.py configure.zcml manage_access.pt 
	manage_permissionform.pt manage_roleform.pt 
	principal_permission_edit.pt principal_role_association.pt 
	principalpermissionview.py principalroleview.py 
	rolepermissionview.py 
Log Message:
Initial renaming before debugging

=== Added File Zope3/src/zope/app/browser/security/grants/__init__.py ===
#
# This file is necessary to make this directory a package.


=== Added File Zope3/src/zope/app/browser/security/grants/configure.zcml ===
<zopeConfigure
   xmlns='http://namespaces.zope.org/zope'
   xmlns:browser='http://namespaces.zope.org/browser'
>

<!-- Role-Permission management view -->

  <browser:view for="zope.app.interfaces.annotation.IAnnotatable"
                permission="Zope.Security"
                factory="zope.app.browser.security.grants.rolepermissionview.RolePermissionView">

    <browser:page name="AllRolePermissions.html"
                  attribute="index" />
    <browser:page name="ChangeAllRolePermissions.html"
                  attribute="action" />
    <browser:page name="RolePermissions.html"
                  attribute="manage_roleForm" />
    <browser:page name="ChangeRolePermissions.html"
                  attribute="update_role" />
    <browser:page name="RolesWithPermission.html"
                  attribute="manage_permissionForm" />
    <browser:page name="ChangeRolesWithPermission.html"
                  attribute="update_permission" />
  </browser:view>


  <browser:view for="zope.app.interfaces.annotation.IAnnotatable"
                permission="Zope.Security"
                factory="zope.app.browser.security.grants.principalroleview.PrincipalRoleView">
    <browser:page name="PrincipalRoles.html"
                  attribute="index" />
    <browser:page name="ChangePrincipalRoles.html"
                  attribute="action" />
  </browser:view>


  <content class="zope.app.browser.security.grants.principalpermissionview.PrincipalPermissionView">
    <require
        permission="Zope.Security"
        attributes="index get_principal unsetPermissions denyPermissions
                    grantPermissions getUnsetPermissionsForPrincipal
                    getPermissionsForPrincipal" />
  </content>

  <browser:view
      name="PrincipalPermissionsManagement"
      for="zope.app.interfaces.annotation.IAnnotatable"
      factory="zope.app.browser.security.grants.principalpermissionview.PrincipalPermissionView" />

</zopeConfigure>


=== Added File Zope3/src/zope/app/browser/security/grants/manage_access.pt ===
<html metal:use-macro="views/standard_macros/page">
<head>
<style metal:fill-slot="headers" type="text/css">
<!--

h1 {
  font-family: Verdana, Helvetica, sans-serif; 
  font-size: 24pt; 
  font-weight: bold; 
}

h2 {
  font-family: Verdana, Helvetica, sans-serif; 
  font-size: 18pt; 
  font-weight: bold; 
}

h3 {
  font-family: Verdana, Helvetica, sans-serif; 
  font-size: 14pt; 
  font-weight: bold; 
}

a:hover {  
  font-family: Verdana, Helvetica, sans-serif; 
  text-decoration: underline;
  color: #333333; 
}

a:link {
  font-family: Verdana, Helvetica, sans-serif; 
  text-decoration: none;
  color: #000099;
}

a {
  font-family: Verdana, Helvetica, sans-serif; 
  text-decoration: none;
  color: #000099;
}

a.strong-link {
  font-family: Verdana, Helvetica, sans-serif;
  text-decoration: underline;
  color: #000099;
}

p {
  font-family: Verdana, Helvetica, sans-serif;
  font-size: 10pt;
  color: #333333;
}

th {
  font-family: Verdana, Helvetica, sans-serif; 
  font-weight: bold;
  font-size: 10pt; 
  color: #333333;
}

.form-help {
  font-family: Verdana, Helvetica, sans-serif;
  font-size: 10pt;
  color: #333333;
}

.std-text {
  font-family: Verdana, Helvetica, sans-serif;
  font-size: 10pt;
  color: #333333;
}

.tab-small {
  font-family: Verdana, Helvetica, sans-serif; 
  font-size: 8pt; 
  color: #333333;
}

.location-bar {
  background-color: #efefef;
  border: none;
}

.strong-header {
  font-family: Verdana, Helvetica, sans-serif;
  font-size: 12pt;
  font-weight: bold;
  background-color: #000000;
  color: #ffffff;
}

.list-header {
  background-color: #c0c0c0;
  border: none;
}

.list-item {
  font-family: Verdana, Helvetica, sans-serif; 
  font-size: 10pt; 
}

.list-nav {
  font-family: Verdana, Helvetica, sans-serif; 
  font-size: 10pt; 
  font-weight: bold;
}

.row-normal {
  background-color: #ffffff;
  border: none;

}

.row-hilite {
  background-color: #efefef;
  border: none;
}

.section-bar {
  background-color: #c0c0c0;
  border: none;
}

.system-msg {
  font-family: Verdana, Helvetica, sans-serif; 
  font-size: 10pt; 
  background-color: #ffffff;
  border:  1px solid #000000;
  margin-bottom: 6px;
  margin-top: 6px;
  padding: 4px;
  width: 100%;
  color: #660033;
}

.form-title {
  font-family: Verdana, Helvetica, sans-serif; 
  font-weight: bold;
  font-size: 12pt; 
  color: #333333;
}

.form-label {
  font-family: Verdana, Helvetica, sans-serif; 
  font-weight: bold;
  font-size: 10pt; 
  color: #333333;
}

.form-optional {
  font-family: Verdana, Helvetica, sans-serif; 
  font-weight: bold;
  font-style: italic;
  font-size: 10pt; 
  color: #333333;
}

.form-element {
  font-family: Verdana, Helvetica, aans-serif;
  font-size: 10pt;
  color: #000000;
}

.form-text {
  font-family: Verdana, Helvetica, sans-serif;
  font-size: 10pt;
  color: #333333;
}

.form-mono {
  font-family: monospace;
  font-size: 12px;
  text-decoration: none;
}

-->
</style>

</head>
<body bgcolor="#ffffff" link="#000099" alink="#000099" vlink="#000099">
<div metal:fill-slot="body">
<p class="form-help">
a helpful message
</p>

<p class="form-help">  
another helpful message
</p>

<form action="ChangeAllRolePermissions.html" method="post">

<table width="100%" cellspacing="0" cellpadding="2" border="0" nowrap>
<tr class="list-header">
    <td align="left" valign="top">
      <div class="form-label">
        <strong>Permission</strong>
      </div>
  </td>
  <td align="left">
  <div class="form-label">
  <strong>Roles</strong>
  </div>
  </td>
</tr>

<tr class="row-normal">
  <td></td>
  <td align="center" tal:repeat="role view/roles">
    <div class="list-item">
      <a href="RolePermissions.html"
        tal:attributes="
        href string:RolePermissions.html?role_to_manage=${role/getId}" 
        tal:content="role/getTitle">Anonymous</a>
      <input type="hidden" name="r0" value=""
        tal:attributes="
        name string:r${repeat/role/index};
        value  string:${role/getId}">

    </div>
  </td>
</tr>

<tbody tal:repeat="perm view/permissionRoles">
<tr class="row-normal"
    tal:attributes="class python:path('repeat/perm/even') and 'row-normal' or 'row-hilite'"
    >
  <td align="left" nowrap>
    <div class="list-item">
       <a href="RolesWithPermission.html"
       tal:attributes="
         href string:RolesWithPermission.html?permission_to_manage=${perm/getId}"
       tal:content="perm/getTitle"
       >Access Transient Objects</a>
       <input type="hidden" name="r0" value=""
         tal:attributes="
         name string:p${repeat/perm/index};
         value  string:${perm/getId}">
    </div>
  </td>
  <td align="center" tal:repeat="setting perm/roleSettings">
    <select name="p0r0"
       tal:attributes="name string:p${repeat/perm/index}r${repeat/setting/index}">
        <option value="Unset"
           tal:repeat="option view/availableSettings"
           tal:attributes="value option/id;
                           selected python:setting == option['id']"
           tal:content="option/shorttitle">+</option>
    </select>
  </td>
</tr>
</tbody>

<tr>
<td colspan="5" align="left">
<div class="form-element">
<input class="form-element" type="submit" name="submit" value="Save Changes" />
<div tal:replace="options/message|nothing" />
</div>
</td>
</tr>
</table>
</form>
</div>
</body>
</html>




=== Added File Zope3/src/zope/app/browser/security/grants/manage_permissionform.pt ===
<html metal:use-macro="views/standard_macros/page">
<head>
<style metal:fill-slot="headers" type="text/css">
<!--
.row-normal {
  background-color: #ffffff;
  border: none;
}

.row-hilite {
  background-color: #efefef;
  border: none;
}
-->
</style>
</head>
<body bgcolor="#ffffff" link="#000099" alink="#000099" vlink="#000099">
<div metal:fill-slot="body">
<p class="form-help">
Helpful message.
</p>

<div tal:define="perm python:view.permissionForID(request.get('permission_to_manage'))">
<p class="form-text">
Roles assigned to the permission
<strong tal:content="perm/getTitle">Change DTML Methods</strong>
(id: <strong tal:content="perm/getId">Zope.Some.Permission</strong>)
</p>


<form action="ChangeRolesWithPermission.html" method="post">
<input type="hidden" name="permission_id" value="Permission Name"
    tal:attributes="value perm/getId" />
<div class="form-element">

<table width="100%" cellspacing="0" cellpadding="2" border="0" nowrap>
<tr class="list-header">
  <td align="left" valign="top">
    <div class="form-label">
      <strong>Role</strong>
    </div>
  </td>
  <td align="left">
    <div class="form-label">
      <strong>Setting</strong>
    </div>
  </td>
</tr>

<tr class="row-normal"
    tal:repeat="setting perm/roleSettings"
    tal:attributes="class python:path('repeat/setting/even') and 'row-normal' or 'row-hilite'">
  <td align="left" valign="top"
      tal:define="ir repeat/setting/index"
      tal:content="python:path('view/roles')[ir].getId()">
    Manager
  </td>
  <td>
    <select name="settings:list">
        <option value="Unset"
           tal:repeat="option view/availableSettings"
           tal:attributes="value option/id;
                           selected python:setting == option['id']"
           tal:content="option/shorttitle">+</option>
    </select>
  </td>
</tr>
</table>

</div>

<div class="form-element">
<input class="form-element" type="submit" name="submit" value="Save Changes" />
</div>
</form>

</div>
</div>
</body>
</html>


=== Added File Zope3/src/zope/app/browser/security/grants/manage_roleform.pt ===
<html metal:use-macro="views/standard_macros/page">
<head>
<style metal:fill-slot="headers" type="text/css" ></style>
</head>
<body bgcolor="#ffffff" link="#000099" alink="#000099" vlink="#000099">
<div metal:fill-slot="body">
<p class="form-help">
Helpful message explaing about how to set specific roles
</p>

<div tal:define="role python:view.roleForID(request.get('role_to_manage'))" tal:omit-tag="">
<p class="form-text">
Permissions assigned to the role
<strong tal:content="role/getTitle">Great Master Guru</strong>
(id: <strong tal:content="role/getId">Zope.Some.Role</strong>)
</p>


<form action="ChangeRolePermissions.html" method="get">
<input type="hidden" name="role_id" value="Role ID"
    tal:attributes="value role/getId" />

<table width="100%" cellspacing="0" cellpadding="2" border="0" nowrap
       tal:define="availableSettings python:view.availableSettings(noacquire=1)">
<tr class="list-header">
  <td align="left" valign="top"
      tal:repeat="setting availableSettings">
    <div class="form-label">
      <strong tal:content="setting/title">Allow</strong>
    </div>
  </td>
</tr>

<tr>
  <td align="left" valign="top"
      tal:repeat="settinginfo availableSettings">
    <div class="form-element">
      <select name="Unset:list" multiple size="20"
              tal:define="setting settinginfo/id"
              tal:attributes="name string:${setting}:list">
      <option tal:repeat="permissioninfo role/permissionsInfo"
              tal:content="permissioninfo/title"
              tal:attributes="selected python:path('permissioninfo/setting') == setting;
                              value permissioninfo/id"
              >Sample Permission</option>
      </select>
    </div>
  </td>
</tr>
</table>

<div class="form-element">
<input class="form-element" type="submit" name="submit" value="Save Changes" />
</div>
</form>

</div>
</div>
</body>
</html>


=== Added File Zope3/src/zope/app/browser/security/grants/principal_permission_edit.pt ===
<html metal:use-macro="views/standard_macros/page">
<div metal:fill-slot="body" tal:define="rprincipal_id python:request['principal_id']">
<h1>Permission settings for <span tal:replace="python:view.get_principal(rprincipal_id).getTitle()">PrincipalName</span></h1>

<form action="unsetPermissions.html" method="post">
<h2>Permission Settings</h2>
<table>
  <tr>
    <td valign="top">
      <table border="0">
	<tr>
	  <th colspan="2" align="center">Allowed Permissions</th>
	</tr>
	<tr tal:repeat="perm python:view.get_set_permissions_for_principal(rprincipal_id, 'Allow')">
	  <td><input type="checkbox" tal:attributes="name perm/getId"></td><td tal:content="perm/getTitle">Permission1</td>
	</tr>
	<tr tal:replace="nothing">
	  <td><input type="checkbox" name="permission_ids"></td><td>Permission2</td>
	</tr>
	<tr tal:replace="nothing">
	  <td><input type="checkbox" name="permission_ids"></td><td>Permission3</td>
	</tr>
	<tr tal:replace="nothing">
	  <td><input type="checkbox" name="permission_ids"></td><td>Permission5</td>
	</tr>
      </table>
    </td>
    <td valign="top"> 
      <table border="0">
	<tr >
	  <th colspan="2" align="center">Denied Permissions</th>
	</tr>
	<tr tal:repeat="perm python:view.get_set_permissions_for_principal(rprincipal_id, 'Deny')">
	  <td><input type="checkbox" tal:attributes="name perm/getId"></td><td tal:content="perm/getTitle">Permission1</td>
	</tr>
	<tr tal:replace="nothing">
	  <td><input type="checkbox" name="permission_ids"></td><td>Permission2</td>
	</tr>
      </table>
    </td>
  </tr>
  <tr>
    <td colspan="2" align="center"><input type="submit" name="unset" value="Remove selected permission settings"></td></tr>
</table>
</form>
<p>&nbsp;</p>
<form action="./" method="post">
<h2>Add permission settings</h2>
  <table>
    <tr>
      <td>
	<select name="permissions" multiple>
	  <option 
	    tal:repeat="perm python:view.get_unset_permissions_for_principal(rprincipal_id)" 
	    tal:attributes="value perm/getId"
	    tal:content="perm/getTitle">Perm1</option>
	  <option tal:replace="nothing">Perm2</option>
	  <option tal:replace="nothing">Perm3</option>
	  <option tal:replace="nothing">Perm4</option>
	  <option tal:replace="nothing">Perm5</option>
	</select>
      </td>	
      <td valign="center">
	<p>
	  <input type="submit" name="grantPermissions.html:method" value="Grant">
	  </p>
	<p>
	  <input type="submit" name="denyPermissions.html:method" value="Deny">
	  </p>
      </td>
    </tr>
  </table>
</form>
</div>
</html>


=== Added File Zope3/src/zope/app/browser/security/grants/principal_role_association.pt ===
<html metal:use-macro="views/standard_macros/page">
  <head>
    <style metal:fill-slot="headers" type="text/css"> </style>
  </head>
  <body metal:fill-slot="body"
        tal:define="hasFilter python:request.get('Filter', None)">

      <div tal:replace="options/message|nothing" />

      <div tal:condition="not: hasFilter">
        <span class="message"> Apply filter </span>
        <form method="POST" action="@@PrincipalRoles.html">
           Principal(s):
            <select name="principals:list" multiple>
             <option tal:repeat="principal view/getAllPrincipals"
                     tal:attributes="value principal/getId"
                     tal:content="principal/getTitle">my title</option>
            </select>

           Role(s):
            <select name="roles:list" multiple>
             <option tal:repeat="role view/getAllRoles"
                     tal:attributes="value role/getId"
                     tal:content="role/getTitle">my title</option>
            </select>

           <input type="submit" name="Filter" value="Filter" />
        </form>

      </div>

      <!-- WARNING!! SELF POSTING FORM!! -->

      <div tal:condition="hasFilter">
        <div class="principalRolesGrid"
             tal:define="principalRoleGrid view/createGrid">

          <span tal:define="
              global listPrincipals principalRoleGrid/principals;
              global listRoles principalRoleGrid/roles;
              global listValues principalRoleGrid/listAvailableValues" />

          <form method="POST" action="ChangePrincipalRoles.html">
          <table>
            <tr class="roleHeading">
              <td class="principal">
                &nbsp;
              </td>
              <td class="role" tal:repeat="role listRoles" 
                               tal:content="role/getTitle">
                Role Id
              </td>
            </tr>

            <tr class="principalRoleRow" tal:repeat="principal listPrincipals">
              <td class="principalLabel" tal:content="principal/getTitle">
                Principal Id
              </td>

              <td class="principalRole" tal:repeat="role listRoles">
                <select name="grid.role.principal:records"
                        tal:attributes="
                         name string:grid.${role/getId}.${principal/getId}"
                        tal:define="selectedValue 
                                    python:principalRoleGrid.getValue(
                                               principal.getId(), 
                                               role.getId()
                                               )" >
                  <option value="" tal:repeat="defaultValue listValues"
                   tal:attributes="
                       selected python:defaultValue==selectedValue;
                       value defaultValue;
                       debugsel selectedValue;
                       "
                   tal:content="defaultValue">
                  &nbsp;
                  </option>
                </select>
              </td>
            </tr>

          </table>
          <input type="hidden" name="principals:list"
            tal:repeat="principal listPrincipals"
            tal:attributes="value principal/getId" />
          <input type="hidden" name="roles:list"
            tal:repeat="role listRoles"
            tal:attributes="value role/getId" />

          <input type="submit" name="apply" value="apply" />

          </form>

        </div>
      </div>

  </body>
</html>


=== Added File Zope3/src/zope/app/browser/security/grants/principalpermissionview.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
# 
##############################################################################
"""

$Id: principalpermissionview.py,v 1.1.2.1 2002/12/23 19:31:10 jim Exp $
"""
import time

from Zope.App.PageTemplate import ViewPageTemplateFile
from zope.publisher.browser import BrowserView
from zope.component.contextdependent import ContextDependent
from zope.component import getService, getAdapter
from zope.app.interfaces.security import IPrincipalPermissionMap
from zope.app.interfaces.security \
     import IPrincipalPermissionManager
from zope.app.security.settings import Allow, Deny, Unset

class PrincipalPermissionView(BrowserView):

    index = ViewPageTemplateFile('pt/principal_permission_edit.pt')

    def get_permission_service(self):
        return getService(self.context, 'Permissions')

    def get_principal(self, principal_id):
        return getService(self.context,
                          'Authentication'
                          ).getPrincipal(principal_id)

    def unsetPermissions(self, principal_id, permission_ids, REQUEST=None):
        """Form action unsetting a principals permissions"""
        permission_service = self.get_permission_service()
        principal = self.get_principal(principal_id)
        ppm = getAdapter(self.context, IPrincipalPermissionManager)

        for perm_id in permission_ids:
            permission = permission_service.getPermission(perm_id)
            ppm.unsetPermissionForPrincipal(permission , principal)

        if REQUEST is not None:
            return self.index(message="Settings changed at %s"
                                        % time.ctime(time.time()))

    def grantPermissions(self, principal_id, permission_ids, REQUEST=None):
        """Form action granting a list of permissions to a principal"""
        permission_service = self.get_permission_service()
        principal = self.get_principal(principal_id)
        ppm = getAdapter(self.context, IPrincipalPermissionManager)

        for perm_id in permission_ids:
            permission = permission_service.getPermission(perm_id)
            ppm.grantPermissionToPrincipal(permission , principal)
        if REQUEST is not None:
            return self.index(message="Settings changed at %s"
                                        % time.ctime(time.time()))

    def denyPermissions(self, principal_id, permission_ids, REQUEST=None):
        """Form action denying a list of permissions for a principal"""
        permission_service = self.get_permission_service()
        principal = self.get_principal(principal_id)
        ppm = getAdapter(self.context, IPrincipalPermissionManager)

        for perm_id in permission_ids:
            permission = permission_service.getPermission(perm_id)
            ppm.denyPermissionToPrincipal(permission , principal)
        if REQUEST is not None:
            return self.index(message="Settings changed at %s"
                                        % time.ctime(time.time()))

    # Methods only called from the zpt view
    def getUnsetPermissionsForPrincipal(self, principal_id):
        """Returns all unset permissions for this principal"""

        ppmap = getAdapter(self.context, IPrincipalPermissionMap)
        principal = self.get_principal(principal_id)
        perm_serv = getService(self.context, 'Permissions')
        result = []
        for perm in perm_serv.getPermissions():
            if ppmap.getSetting(perm, principal) == Unset:
                result.append(perm)

        return result
        
    def getPermissionsForPrincipal(self, principal_id, setting_name):
        """Return a list of permissions with the given setting_name
           string for the principal.
           
           Return empty list if there are no permissions.
        """
    
        ppmap = getAdapter(self.context, IPrincipalPermissionMap)
        principal = self.get_principal(principal_id)
        
        permission_settings = ppmap.getPermissionsForPrincipal(principal)
        setting_map = {'Deny': Deny, 'Allow':Allow}
        asked_setting = setting_map[setting_name]

        result = []
        for permission, setting in permission_settings:
            if asked_setting == setting:
                result.append(permission)
            
        return result


=== Added File Zope3/src/zope/app/browser/security/grants/principalroleview.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
# 
##############################################################################
""" Management view component for principal-role management (Zope2's
    "local roles").

$Id: principalroleview.py,v 1.1.2.1 2002/12/23 19:31:10 jim Exp $
"""

import time
from Zope.App.PageTemplate import ViewPageTemplateFile
from zope.publisher.browser import BrowserView
from zope.component.contextdependent import ContextDependent
from zope.component import getService, getAdapter

from zope.app.interfaces.security import IPrincipalRoleManager
from zope.app.interfaces.security import IPrincipalRoleMap

from zope.app.interfaces.security import IPermission
from zope.app.interfaces.security import IRole

from zope.app.security.settings import Unset, Deny, Allow


class PrincipalRoleView(BrowserView):

    index = ViewPageTemplateFile('principal_role_association.pt')

    def getAllPrincipals(self):
        principals = getattr(self, '_principals', None)
        if principals is None:
            principals = self._principals = getService(
                self.context, 'Authentication'
                ).getPrincipals('')
        return principals

    def getAllRoles(self):
        roles = getattr(self, '_roles', None)
        if roles is None:
            roles = self._roles = getService(self.context, 'Roles'
                ).getRoles()
        return roles

    def createGrid(self, principals=None, roles=None):
        if principals is None:
            principals = self.request.get('principals')
            if principals is None:
                principals = self.getAllPrincipals()
            else:
                # Ugh, we have ids, but we want objects
                auth_service = getService(self.context, 'Authentication')
                principals = [auth_service.getPrincipal(principal)
                              for principal in principals]
            

        if roles is None:
            roles = self.request.get('roles')
            if roles is None:
                roles = self.getAllRoles()
            else:
                # Ugh, we have ids, but we want objects
                role_service = getService(self.context, 'Roles')
                roles = [role_service.getRole(role)
                         for role in roles]

        return PrincipalRoleGrid(principals, roles, self.context)

    def action(self, principals, roles, testing=None):
        prm = getAdapter(self.context, IPrincipalRoleManager)
        for role in roles:
            for principal in principals:
                name = 'grid.%s.%s' % (role, principal)
                setting = self.request.get(name, 'Unset')
                if setting == 'Unset':
                    prm.unsetRoleForPrincipal(role, principal)
                elif setting == 'Allow':
                    prm.assignRoleToPrincipal(role, principal)
                elif setting == 'Deny':
                    prm.removeRoleFromPrincipal(role, principal)
                else:
                    raise ValueError("Incorrect setting %s" % setting)

        if not testing:
            return self.index(
                message="Settings changed at %s" % time.ctime(time.time())
                )


class PrincipalRoleGrid:

    def __init__(self, principals, roles, context):
        self._principals = principals
        self._roles = roles
        self._grid = {}

        map = getAdapter(context, IPrincipalRoleMap)

        for role in roles:
            rid = role.getId()
            for principal in principals:
                pid = principal.getId()
                setting = map.getSetting(rid, pid)
                self._grid[(pid, rid)] = setting.getName()

    def principals(self):
        return self._principals

    def principalIds(self):
        return [p.getId() for p in self._principals]

    def roles(self):
        return self._roles

    def roleIds(self):
        return [r.getId() for r in self._roles]

    def getValue(self, principal_id, role_id):
        return self._grid[(principal_id, role_id)]

    def listAvailableValues(self):
        return (Unset.getName(), Allow.getName(), Deny.getName())



=== Added File Zope3/src/zope/app/browser/security/grants/rolepermissionview.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""

$Id: rolepermissionview.py,v 1.1.2.1 2002/12/23 19:31:10 jim Exp $
"""

import time
from Zope.App.PageTemplate import ViewPageTemplateFile
from zope.publisher.browser import BrowserView
from zope.component import getService, getAdapter
from zope.app.interfaces.security import IRolePermissionManager
from zope.app.security.grants.permissionroles import PermissionRoles
from zope.app.security.grants.rolepermissions import RolePermissions
from zope.app.security.settings import Unset, Allow, Deny

class RolePermissionView(BrowserView):

    index = ViewPageTemplateFile('manage_access.pt')
    manage_permissionForm = ViewPageTemplateFile('manage_permissionForm.pt')
    manage_roleForm = ViewPageTemplateFile('manage_roleForm.pt')

    def roles(self):
        roles = getattr(self, '_roles', None)
        if roles is None:
            roles = self._roles = getService(
                self.context, 'Roles'
                ).getRoles()
        return roles

    def permissions(self):
        permissions = getattr(self, '_permissions', None)
        if permissions is None:
            permissions = self._permissions = getService(
                self.context, 'Permissions'
                ).getPermissions()
        return permissions

    def availableSettings(self, noacquire=0):
        aq = {'id': Unset.getName(), 'shorttitle': ' ', 'title': 'Acquire'}
        rest = [{'id': Allow.getName(), 'shorttitle': '+', 'title': 'Allow'},
                {'id': Deny.getName(), 'shorttitle': '-', 'title': 'Deny'},
                ]
        if noacquire:
            return rest
        else:
            return [aq]+rest

    def permissionRoles(self):
        context = self.context
        roles = self.roles()
        return [PermissionRoles(permission, context, roles)
                for permission in self.permissions()]

    def permissionForID(self, pid):
        context = self.context
        roles = self.roles()
        perm = getService(context, 'Permissions'
                          ).getPermission(pid)
        return PermissionRoles(perm, context, roles)

    def roleForID(self, rid):
        context = self.context
        permissions = self.permissions()
        role = getService(context, 'Roles'
                          ).getRole(rid)
        return RolePermissions(role, context, permissions)

    def action(self, testing=None):
        request = self.request
        roles       = [r.getId() for r in self.roles()]
        permissions = [p.getId() for p in self.permissions()]
        prm         = getAdapter(self.context, IRolePermissionManager)
        for ip in range(len(permissions)):
            rperm = request.get("p%s" % ip)
            if rperm not in permissions: continue
            for ir in range(len(roles)):
                rrole = request.get("r%s" % ir)
                if rrole not in roles: continue
                setting = request.get("p%sr%s" % (ip, ir), None)
                if setting is not None:
                    if setting == Unset.getName():
                        prm.unsetPermissionFromRole(rperm, rrole)
                    elif setting == Allow.getName():
                        prm.grantPermissionToRole(rperm, rrole)
                    elif setting == Deny.getName():
                        prm.denyPermissionToRole(rperm, rrole)
                    else:
                        raise ValueError("Incorrect setting: %s" % setting)

        if not testing:
            return self.index(
                message="Settings changed at %s" % time.ctime(time.time())
                )

    def update_permission(self, permission_id,
                          settings=(), testing=None):
        prm = getAdapter(self.context, IRolePermissionManager)
        roles = self.roles()
        rperm = permission_id
        for ir in range(len(roles)):
            rrole = roles[ir].getId()
            setting = settings[ir]
            if setting == Unset.getName():
                prm.unsetPermissionFromRole(rperm, rrole)
            elif setting == Allow.getName():
                prm.grantPermissionToRole(rperm, rrole)
            elif setting == Deny.getName():
                prm.denyPermissionToRole(rperm, rrole)
            else:
                raise ValueError("Incorrect setting: %s" % setting)

        if not testing:
            return self.index(message="Settings changed at %s"
                                  % time.ctime(time.time())
                              )

    def update_role(self, role_id, testing=None):
        request = self.request
        prm = getAdapter(self.context, IRolePermissionManager)
        allowed = request.get(Allow.getName(), ())
        denied = request.get(Deny.getName(), ())
        for permission in self.permissions():
            rperm = permission.getId()
            if rperm in allowed and rperm in denied:
                raise ValueError("Incorrect setting for %s" % rperm)
            if rperm in allowed:
                prm.grantPermissionToRole(rperm, role_id)
            elif rperm in denied:
                prm.denyPermissionToRole(rperm, role_id)
            else:
                prm.unsetPermissionFromRole(rperm, role_id)

        if not testing:
            return self.index(message="Settings changed at %s"
                                  % time.ctime(time.time())
                              )