[Zope3-checkins] CVS: Zope3/src/zope/app/browser/security/grants - __init__.py:1.2 configure.zcml:1.2 manage_access.pt:1.2 manage_permissionform.pt:1.2 manage_roleform.pt:1.2 principal_permission_edit.pt:1.2 principal_role_association.pt:1.2 principalpermissionview.py:1.2 principalroleview.py:1.2 rolepermissionview.py:1.2
Jim Fulton
jim@zope.com
Wed, 25 Dec 2002 09:14:06 -0500
Update of /cvs-repository/Zope3/src/zope/app/browser/security/grants
In directory cvs.zope.org:/tmp/cvs-serv15352/src/zope/app/browser/security/grants
Added Files:
__init__.py configure.zcml manage_access.pt
manage_permissionform.pt manage_roleform.pt
principal_permission_edit.pt principal_role_association.pt
principalpermissionview.py principalroleview.py
rolepermissionview.py
Log Message:
Grand renaming:
- Renamed most files (especially python modules) to lower case.
- Moved views and interfaces into separate hierarchies within each
project, where each top-level directory under the zope package
is a separate project.
- Moved everything to src from lib/python.
lib/python will eventually go away. I need access to the cvs
repository to make this happen, however.
There are probably some bits that are broken. All tests pass
and zope runs, but I haven't tried everything. There are a number
of cleanups I'll work on tomorrow.
=== Zope3/src/zope/app/browser/security/grants/__init__.py 1.1 => 1.2 ===
--- /dev/null Wed Dec 25 09:14:06 2002
+++ Zope3/src/zope/app/browser/security/grants/__init__.py Wed Dec 25 09:12:34 2002
@@ -0,0 +1,2 @@
+#
+# This file is necessary to make this directory a package.
=== Zope3/src/zope/app/browser/security/grants/configure.zcml 1.1 => 1.2 ===
--- /dev/null Wed Dec 25 09:14:06 2002
+++ Zope3/src/zope/app/browser/security/grants/configure.zcml Wed Dec 25 09:12:34 2002
@@ -0,0 +1,64 @@
+<zopeConfigure
+ xmlns='http://namespaces.zope.org/zope'
+ xmlns:browser='http://namespaces.zope.org/browser'
+>
+
+<!-- Role Permissions -->
+
+ <browser:view
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ permission="zope.Security"
+ factory=".rolepermissionview.RolePermissionView">
+
+ <browser:page name="AllRolePermissions.html"
+ attribute="index" />
+ <browser:page name="ChangeAllRolePermissions.html"
+ attribute="action" />
+ <browser:page name="RolePermissions.html"
+ attribute="manage_roleForm" />
+ <browser:page name="ChangeRolePermissions.html"
+ attribute="update_role" />
+ <browser:page name="RolesWithPermission.html"
+ attribute="manage_permissionForm" />
+ <browser:page name="ChangeRolesWithPermission.html"
+ attribute="update_permission" />
+ </browser:view>
+
+ <browser:menuItem
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ menu="zmi_views"
+ title="Role Permissions"
+ action="@@AllRolePermissions.html"
+ />
+
+<!-- Principal Roles -->
+
+ <browser:view for="zope.app.interfaces.annotation.IAnnotatable"
+ permission="zope.Security"
+ factory=".principalroleview.PrincipalRoleView">
+ <browser:page name="PrincipalRoles.html"
+ attribute="index" />
+ <browser:page name="ChangePrincipalRoles.html"
+ attribute="action" />
+ </browser:view>
+
+ <browser:menuItem
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ menu="zmi_views"
+ title="Principal Role"
+ action="PrincipalRoles.html"
+ />
+
+<!-- Principal Permission (not working) -->
+
+ <!-- browser:view
+ name="PrincipalPermissionsManagement"
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ factory=".principalpermissionview.PrincipalPermissionView"
+ permission="zope.Security"
+ allow_attributes="index get_principal unsetPermissions denyPermissions
+ grantPermissions getUnsetPermissionsForPrincipal
+ getPermissionsForPrincipal"
+ / -->
+
+</zopeConfigure>
=== Zope3/src/zope/app/browser/security/grants/manage_access.pt 1.1 => 1.2 ===
--- /dev/null Wed Dec 25 09:14:06 2002
+++ Zope3/src/zope/app/browser/security/grants/manage_access.pt Wed Dec 25 09:12:34 2002
@@ -0,0 +1,267 @@
+<html metal:use-macro="views/standard_macros/page">
+<head>
+<style metal:fill-slot="headers" type="text/css">
+<!--
+
+h1 {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 24pt;
+ font-weight: bold;
+}
+
+h2 {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 18pt;
+ font-weight: bold;
+}
+
+h3 {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 14pt;
+ font-weight: bold;
+}
+
+a:hover {
+ font-family: Verdana, Helvetica, sans-serif;
+ text-decoration: underline;
+ color: #333333;
+}
+
+a:link {
+ font-family: Verdana, Helvetica, sans-serif;
+ text-decoration: none;
+ color: #000099;
+}
+
+a {
+ font-family: Verdana, Helvetica, sans-serif;
+ text-decoration: none;
+ color: #000099;
+}
+
+a.strong-link {
+ font-family: Verdana, Helvetica, sans-serif;
+ text-decoration: underline;
+ color: #000099;
+}
+
+p {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 10pt;
+ color: #333333;
+}
+
+th {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-weight: bold;
+ font-size: 10pt;
+ color: #333333;
+}
+
+.form-help {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 10pt;
+ color: #333333;
+}
+
+.std-text {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 10pt;
+ color: #333333;
+}
+
+.tab-small {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 8pt;
+ color: #333333;
+}
+
+.location-bar {
+ background-color: #efefef;
+ border: none;
+}
+
+.strong-header {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 12pt;
+ font-weight: bold;
+ background-color: #000000;
+ color: #ffffff;
+}
+
+.list-header {
+ background-color: #c0c0c0;
+ border: none;
+}
+
+.list-item {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 10pt;
+}
+
+.list-nav {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 10pt;
+ font-weight: bold;
+}
+
+.row-normal {
+ background-color: #ffffff;
+ border: none;
+
+}
+
+.row-hilite {
+ background-color: #efefef;
+ border: none;
+}
+
+.section-bar {
+ background-color: #c0c0c0;
+ border: none;
+}
+
+.system-msg {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 10pt;
+ background-color: #ffffff;
+ border: 1px solid #000000;
+ margin-bottom: 6px;
+ margin-top: 6px;
+ padding: 4px;
+ width: 100%;
+ color: #660033;
+}
+
+.form-title {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-weight: bold;
+ font-size: 12pt;
+ color: #333333;
+}
+
+.form-label {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-weight: bold;
+ font-size: 10pt;
+ color: #333333;
+}
+
+.form-optional {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-weight: bold;
+ font-style: italic;
+ font-size: 10pt;
+ color: #333333;
+}
+
+.form-element {
+ font-family: Verdana, Helvetica, aans-serif;
+ font-size: 10pt;
+ color: #000000;
+}
+
+.form-text {
+ font-family: Verdana, Helvetica, sans-serif;
+ font-size: 10pt;
+ color: #333333;
+}
+
+.form-mono {
+ font-family: monospace;
+ font-size: 12px;
+ text-decoration: none;
+}
+
+-->
+</style>
+
+</head>
+<body bgcolor="#ffffff" link="#000099" alink="#000099" vlink="#000099">
+<div metal:fill-slot="body">
+<p class="form-help">
+a helpful message
+</p>
+
+<p class="form-help">
+another helpful message
+</p>
+
+<form action="ChangeAllRolePermissions.html" method="post">
+
+<table width="100%" cellspacing="0" cellpadding="2" border="0" nowrap>
+<tr class="list-header">
+ <td align="left" valign="top">
+ <div class="form-label">
+ <strong>Permission</strong>
+ </div>
+ </td>
+ <td align="left">
+ <div class="form-label">
+ <strong>Roles</strong>
+ </div>
+ </td>
+</tr>
+
+<tr class="row-normal">
+ <td></td>
+ <td align="center" tal:repeat="role view/roles">
+ <div class="list-item">
+ <a href="RolePermissions.html"
+ tal:attributes="
+ href string:RolePermissions.html?role_to_manage=${role/getId}"
+ tal:content="role/getTitle">Anonymous</a>
+ <input type="hidden" name="r0" value=""
+ tal:attributes="
+ name string:r${repeat/role/index};
+ value string:${role/getId}">
+
+ </div>
+ </td>
+</tr>
+
+<tbody tal:repeat="perm view/permissionRoles">
+<tr class="row-normal"
+ tal:attributes="class python:path('repeat/perm/even') and 'row-normal' or 'row-hilite'"
+ >
+ <td align="left" nowrap>
+ <div class="list-item">
+ <a href="RolesWithPermission.html"
+ tal:attributes="
+ href string:RolesWithPermission.html?permission_to_manage=${perm/getId}"
+ tal:content="perm/getTitle"
+ >Access Transient Objects</a>
+ <input type="hidden" name="r0" value=""
+ tal:attributes="
+ name string:p${repeat/perm/index};
+ value string:${perm/getId}">
+ </div>
+ </td>
+ <td align="center" tal:repeat="setting perm/roleSettings">
+ <select name="p0r0"
+ tal:attributes="name string:p${repeat/perm/index}r${repeat/setting/index}">
+ <option value="Unset"
+ tal:repeat="option view/availableSettings"
+ tal:attributes="value option/id;
+ selected python:setting == option['id']"
+ tal:content="option/shorttitle">+</option>
+ </select>
+ </td>
+</tr>
+</tbody>
+
+<tr>
+<td colspan="5" align="left">
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+<div tal:replace="options/message|nothing" />
+</div>
+</td>
+</tr>
+</table>
+</form>
+</div>
+</body>
+</html>
+
+
=== Zope3/src/zope/app/browser/security/grants/manage_permissionform.pt 1.1 => 1.2 ===
--- /dev/null Wed Dec 25 09:14:06 2002
+++ Zope3/src/zope/app/browser/security/grants/manage_permissionform.pt Wed Dec 25 09:12:34 2002
@@ -0,0 +1,80 @@
+<html metal:use-macro="views/standard_macros/page">
+<head>
+<style metal:fill-slot="headers" type="text/css">
+<!--
+.row-normal {
+ background-color: #ffffff;
+ border: none;
+}
+
+.row-hilite {
+ background-color: #efefef;
+ border: none;
+}
+-->
+</style>
+</head>
+<body bgcolor="#ffffff" link="#000099" alink="#000099" vlink="#000099">
+<div metal:fill-slot="body">
+<p class="form-help">
+Helpful message.
+</p>
+
+<div tal:define="perm python:view.permissionForID(request.get('permission_to_manage'))">
+<p class="form-text">
+Roles assigned to the permission
+<strong tal:content="perm/getTitle">Change DTML Methods</strong>
+(id: <strong tal:content="perm/getId">Zope.Some.Permission</strong>)
+</p>
+
+
+<form action="ChangeRolesWithPermission.html" method="post">
+<input type="hidden" name="permission_id" value="Permission Name"
+ tal:attributes="value perm/getId" />
+<div class="form-element">
+
+<table width="100%" cellspacing="0" cellpadding="2" border="0" nowrap>
+<tr class="list-header">
+ <td align="left" valign="top">
+ <div class="form-label">
+ <strong>Role</strong>
+ </div>
+ </td>
+ <td align="left">
+ <div class="form-label">
+ <strong>Setting</strong>
+ </div>
+ </td>
+</tr>
+
+<tr class="row-normal"
+ tal:repeat="setting perm/roleSettings"
+ tal:attributes="class python:path('repeat/setting/even') and 'row-normal' or 'row-hilite'">
+ <td align="left" valign="top"
+ tal:define="ir repeat/setting/index"
+ tal:content="python:path('view/roles')[ir].getId()">
+ Manager
+ </td>
+ <td>
+ <select name="settings:list">
+ <option value="Unset"
+ tal:repeat="option view/availableSettings"
+ tal:attributes="value option/id;
+ selected python:setting == option['id']"
+ tal:content="option/shorttitle">+</option>
+ </select>
+ </td>
+</tr>
+</table>
+
+</div>
+
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+</div>
+</form>
+
+</div>
+</div>
+</body>
+</html>
=== Zope3/src/zope/app/browser/security/grants/manage_roleform.pt 1.1 => 1.2 ===
--- /dev/null Wed Dec 25 09:14:06 2002
+++ Zope3/src/zope/app/browser/security/grants/manage_roleform.pt Wed Dec 25 09:12:34 2002
@@ -0,0 +1,60 @@
+<html metal:use-macro="views/standard_macros/page">
+<head>
+<style metal:fill-slot="headers" type="text/css" ></style>
+</head>
+<body bgcolor="#ffffff" link="#000099" alink="#000099" vlink="#000099">
+<div metal:fill-slot="body">
+<p class="form-help">
+Helpful message explaing about how to set specific roles
+</p>
+
+<div tal:define="role python:view.roleForID(request.get('role_to_manage'))" tal:omit-tag="">
+<p class="form-text">
+Permissions assigned to the role
+<strong tal:content="role/getTitle">Great Master Guru</strong>
+(id: <strong tal:content="role/getId">Zope.Some.Role</strong>)
+</p>
+
+
+<form action="ChangeRolePermissions.html" method="get">
+<input type="hidden" name="role_id" value="Role ID"
+ tal:attributes="value role/getId" />
+
+<table width="100%" cellspacing="0" cellpadding="2" border="0" nowrap
+ tal:define="availableSettings python:view.availableSettings(noacquire=1)">
+<tr class="list-header">
+ <td align="left" valign="top"
+ tal:repeat="setting availableSettings">
+ <div class="form-label">
+ <strong tal:content="setting/title">Allow</strong>
+ </div>
+ </td>
+</tr>
+
+<tr>
+ <td align="left" valign="top"
+ tal:repeat="settinginfo availableSettings">
+ <div class="form-element">
+ <select name="Unset:list" multiple size="20"
+ tal:define="setting settinginfo/id"
+ tal:attributes="name string:${setting}:list">
+ <option tal:repeat="permissioninfo role/permissionsInfo"
+ tal:content="permissioninfo/title"
+ tal:attributes="selected python:path('permissioninfo/setting') == setting;
+ value permissioninfo/id"
+ >Sample Permission</option>
+ </select>
+ </div>
+ </td>
+</tr>
+</table>
+
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+</div>
+</form>
+
+</div>
+</div>
+</body>
+</html>
=== Zope3/src/zope/app/browser/security/grants/principal_permission_edit.pt 1.1 => 1.2 ===
--- /dev/null Wed Dec 25 09:14:06 2002
+++ Zope3/src/zope/app/browser/security/grants/principal_permission_edit.pt Wed Dec 25 09:12:34 2002
@@ -0,0 +1,75 @@
+<html metal:use-macro="views/standard_macros/page">
+<div metal:fill-slot="body" tal:define="rprincipal_id python:request['principal_id']">
+<h1>Permission settings for <span tal:replace="python:view.get_principal(rprincipal_id).getTitle()">PrincipalName</span></h1>
+
+<form action="unsetPermissions.html" method="post">
+<h2>Permission Settings</h2>
+<table>
+ <tr>
+ <td valign="top">
+ <table border="0">
+ <tr>
+ <th colspan="2" align="center">Allowed Permissions</th>
+ </tr>
+ <tr tal:repeat="perm python:view.get_set_permissions_for_principal(rprincipal_id, 'Allow')">
+ <td><input type="checkbox" tal:attributes="name perm/getId"></td><td tal:content="perm/getTitle">Permission1</td>
+ </tr>
+ <tr tal:replace="nothing">
+ <td><input type="checkbox" name="permission_ids"></td><td>Permission2</td>
+ </tr>
+ <tr tal:replace="nothing">
+ <td><input type="checkbox" name="permission_ids"></td><td>Permission3</td>
+ </tr>
+ <tr tal:replace="nothing">
+ <td><input type="checkbox" name="permission_ids"></td><td>Permission5</td>
+ </tr>
+ </table>
+ </td>
+ <td valign="top">
+ <table border="0">
+ <tr >
+ <th colspan="2" align="center">Denied Permissions</th>
+ </tr>
+ <tr tal:repeat="perm python:view.get_set_permissions_for_principal(rprincipal_id, 'Deny')">
+ <td><input type="checkbox" tal:attributes="name perm/getId"></td><td tal:content="perm/getTitle">Permission1</td>
+ </tr>
+ <tr tal:replace="nothing">
+ <td><input type="checkbox" name="permission_ids"></td><td>Permission2</td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" align="center"><input type="submit" name="unset" value="Remove selected permission settings"></td></tr>
+</table>
+</form>
+<p> </p>
+<form action="./" method="post">
+<h2>Add permission settings</h2>
+ <table>
+ <tr>
+ <td>
+ <select name="permissions" multiple>
+ <option
+ tal:repeat="perm python:view.get_unset_permissions_for_principal(rprincipal_id)"
+ tal:attributes="value perm/getId"
+ tal:content="perm/getTitle">Perm1</option>
+ <option tal:replace="nothing">Perm2</option>
+ <option tal:replace="nothing">Perm3</option>
+ <option tal:replace="nothing">Perm4</option>
+ <option tal:replace="nothing">Perm5</option>
+ </select>
+ </td>
+ <td valign="center">
+ <p>
+ <input type="submit" name="grantPermissions.html:method" value="Grant">
+ </p>
+ <p>
+ <input type="submit" name="denyPermissions.html:method" value="Deny">
+ </p>
+ </td>
+ </tr>
+ </table>
+</form>
+</div>
+</html>
=== Zope3/src/zope/app/browser/security/grants/principal_role_association.pt 1.1 => 1.2 ===
--- /dev/null Wed Dec 25 09:14:06 2002
+++ Zope3/src/zope/app/browser/security/grants/principal_role_association.pt Wed Dec 25 09:12:34 2002
@@ -0,0 +1,98 @@
+<html metal:use-macro="views/standard_macros/page">
+ <head>
+ <style metal:fill-slot="headers" type="text/css"> </style>
+ </head>
+ <body metal:fill-slot="body"
+ tal:define="hasFilter python:request.get('Filter', None)">
+
+ <div tal:replace="options/message|nothing" />
+
+ <div tal:condition="not: hasFilter">
+ <span class="message"> Apply filter </span>
+ <form method="POST" action="@@PrincipalRoles.html">
+ Principal(s):
+ <select name="principals:list" multiple>
+ <option tal:repeat="principal view/getAllPrincipals"
+ tal:attributes="value principal/getId"
+ tal:content="principal/getTitle">my title</option>
+ </select>
+
+ Role(s):
+ <select name="roles:list" multiple>
+ <option tal:repeat="role view/getAllRoles"
+ tal:attributes="value role/getId"
+ tal:content="role/getTitle">my title</option>
+ </select>
+
+ <input type="submit" name="Filter" value="Filter" />
+ </form>
+
+ </div>
+
+ <!-- WARNING!! SELF POSTING FORM!! -->
+
+ <div tal:condition="hasFilter">
+ <div class="principalRolesGrid"
+ tal:define="principalRoleGrid view/createGrid">
+
+ <span tal:define="
+ global listPrincipals principalRoleGrid/principals;
+ global listRoles principalRoleGrid/roles;
+ global listValues principalRoleGrid/listAvailableValues" />
+
+ <form method="POST" action="ChangePrincipalRoles.html">
+ <table>
+ <tr class="roleHeading">
+ <td class="principal">
+
+ </td>
+ <td class="role" tal:repeat="role listRoles"
+ tal:content="role/getTitle">
+ Role Id
+ </td>
+ </tr>
+
+ <tr class="principalRoleRow" tal:repeat="principal listPrincipals">
+ <td class="principalLabel" tal:content="principal/getTitle">
+ Principal Id
+ </td>
+
+ <td class="principalRole" tal:repeat="role listRoles">
+ <select name="grid.role.principal:records"
+ tal:attributes="
+ name string:grid.${role/getId}.${principal/getId}"
+ tal:define="selectedValue
+ python:principalRoleGrid.getValue(
+ principal.getId(),
+ role.getId()
+ )" >
+ <option value="" tal:repeat="defaultValue listValues"
+ tal:attributes="
+ selected python:defaultValue==selectedValue;
+ value defaultValue;
+ debugsel selectedValue;
+ "
+ tal:content="defaultValue">
+
+ </option>
+ </select>
+ </td>
+ </tr>
+
+ </table>
+ <input type="hidden" name="principals:list"
+ tal:repeat="principal listPrincipals"
+ tal:attributes="value principal/getId" />
+ <input type="hidden" name="roles:list"
+ tal:repeat="role listRoles"
+ tal:attributes="value role/getId" />
+
+ <input type="submit" name="apply" value="apply" />
+
+ </form>
+
+ </div>
+ </div>
+
+ </body>
+</html>
=== Zope3/src/zope/app/browser/security/grants/principalpermissionview.py 1.1 => 1.2 ===
--- /dev/null Wed Dec 25 09:14:06 2002
+++ Zope3/src/zope/app/browser/security/grants/principalpermissionview.py Wed Dec 25 09:12:34 2002
@@ -0,0 +1,113 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+import time
+
+from zope.app.interfaces.security import IPrincipalPermissionManager
+from zope.app.interfaces.security import IPrincipalPermissionMap
+from zope.app.pagetemplate.viewpagetemplatefile import ViewPageTemplateFile
+from zope.app.security.settings import Allow, Deny, Unset
+from zope.component import getService, getAdapter
+from zope.publisher.browser import BrowserView
+
+
+class PrincipalPermissionView(BrowserView):
+
+ index = ViewPageTemplateFile('pt/principal_permission_edit.pt')
+
+ def get_permission_service(self):
+ return getService(self.context, 'Permissions')
+
+ def get_principal(self, principal_id):
+ return getService(self.context,
+ 'Authentication'
+ ).getPrincipal(principal_id)
+
+ def unsetPermissions(self, principal_id, permission_ids, REQUEST=None):
+ """Form action unsetting a principals permissions"""
+ permission_service = self.get_permission_service()
+ principal = self.get_principal(principal_id)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+ for perm_id in permission_ids:
+ permission = permission_service.getPermission(perm_id)
+ ppm.unsetPermissionForPrincipal(permission , principal)
+
+ if REQUEST is not None:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time()))
+
+ def grantPermissions(self, principal_id, permission_ids, REQUEST=None):
+ """Form action granting a list of permissions to a principal"""
+ permission_service = self.get_permission_service()
+ principal = self.get_principal(principal_id)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+ for perm_id in permission_ids:
+ permission = permission_service.getPermission(perm_id)
+ ppm.grantPermissionToPrincipal(permission , principal)
+ if REQUEST is not None:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time()))
+
+ def denyPermissions(self, principal_id, permission_ids, REQUEST=None):
+ """Form action denying a list of permissions for a principal"""
+ permission_service = self.get_permission_service()
+ principal = self.get_principal(principal_id)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+ for perm_id in permission_ids:
+ permission = permission_service.getPermission(perm_id)
+ ppm.denyPermissionToPrincipal(permission , principal)
+ if REQUEST is not None:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time()))
+
+ # Methods only called from the zpt view
+ def getUnsetPermissionsForPrincipal(self, principal_id):
+ """Returns all unset permissions for this principal"""
+
+ ppmap = getAdapter(self.context, IPrincipalPermissionMap)
+ principal = self.get_principal(principal_id)
+ perm_serv = getService(self.context, 'Permissions')
+ result = []
+ for perm in perm_serv.getPermissions():
+ if ppmap.getSetting(perm, principal) == Unset:
+ result.append(perm)
+
+ return result
+
+ def getPermissionsForPrincipal(self, principal_id, setting_name):
+ """Return a list of permissions with the given setting_name
+ string for the principal.
+
+ Return empty list if there are no permissions.
+ """
+
+ ppmap = getAdapter(self.context, IPrincipalPermissionMap)
+ principal = self.get_principal(principal_id)
+
+ permission_settings = ppmap.getPermissionsForPrincipal(principal)
+ setting_map = {'Deny': Deny, 'Allow':Allow}
+ asked_setting = setting_map[setting_name]
+
+ result = []
+ for permission, setting in permission_settings:
+ if asked_setting == setting:
+ result.append(permission)
+
+ return result
=== Zope3/src/zope/app/browser/security/grants/principalroleview.py 1.1 => 1.2 ===
--- /dev/null Wed Dec 25 09:14:06 2002
+++ Zope3/src/zope/app/browser/security/grants/principalroleview.py Wed Dec 25 09:12:34 2002
@@ -0,0 +1,128 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Management view component for principal-role management (Zope2's
+ "local roles").
+
+$Id$
+"""
+import time
+
+from zope.app.interfaces.security import IPermission
+from zope.app.interfaces.security import IPrincipalRoleManager
+from zope.app.interfaces.security import IPrincipalRoleMap
+from zope.app.interfaces.security import IRole
+from zope.app.pagetemplate.viewpagetemplatefile import ViewPageTemplateFile
+from zope.app.security.settings import Unset, Deny, Allow
+from zope.component import getService, getAdapter
+from zope.component.contextdependent import ContextDependent
+from zope.publisher.browser import BrowserView
+
+
+class PrincipalRoleView(BrowserView):
+
+ index = ViewPageTemplateFile('principal_role_association.pt')
+
+ def getAllPrincipals(self):
+ principals = getattr(self, '_principals', None)
+ if principals is None:
+ principals = self._principals = getService(
+ self.context, 'Authentication'
+ ).getPrincipals('')
+ return principals
+
+ def getAllRoles(self):
+ roles = getattr(self, '_roles', None)
+ if roles is None:
+ roles = self._roles = getService(self.context, 'Roles'
+ ).getRoles()
+ return roles
+
+ def createGrid(self, principals=None, roles=None):
+ if principals is None:
+ principals = self.request.get('principals')
+ if principals is None:
+ principals = self.getAllPrincipals()
+ else:
+ # Ugh, we have ids, but we want objects
+ auth_service = getService(self.context, 'Authentication')
+ principals = [auth_service.getPrincipal(principal)
+ for principal in principals]
+
+
+ if roles is None:
+ roles = self.request.get('roles')
+ if roles is None:
+ roles = self.getAllRoles()
+ else:
+ # Ugh, we have ids, but we want objects
+ role_service = getService(self.context, 'Roles')
+ roles = [role_service.getRole(role)
+ for role in roles]
+
+ return PrincipalRoleGrid(principals, roles, self.context)
+
+ def action(self, principals, roles, testing=None):
+ prm = getAdapter(self.context, IPrincipalRoleManager)
+ for role in roles:
+ for principal in principals:
+ name = 'grid.%s.%s' % (role, principal)
+ setting = self.request.get(name, 'Unset')
+ if setting == 'Unset':
+ prm.unsetRoleForPrincipal(role, principal)
+ elif setting == 'Allow':
+ prm.assignRoleToPrincipal(role, principal)
+ elif setting == 'Deny':
+ prm.removeRoleFromPrincipal(role, principal)
+ else:
+ raise ValueError("Incorrect setting %s" % setting)
+
+ if not testing:
+ return self.index(
+ message="Settings changed at %s" % time.ctime(time.time())
+ )
+
+
+class PrincipalRoleGrid:
+
+ def __init__(self, principals, roles, context):
+ self._principals = principals
+ self._roles = roles
+ self._grid = {}
+
+ map = getAdapter(context, IPrincipalRoleMap)
+
+ for role in roles:
+ rid = role.getId()
+ for principal in principals:
+ pid = principal.getId()
+ setting = map.getSetting(rid, pid)
+ self._grid[(pid, rid)] = setting.getName()
+
+ def principals(self):
+ return self._principals
+
+ def principalIds(self):
+ return [p.getId() for p in self._principals]
+
+ def roles(self):
+ return self._roles
+
+ def roleIds(self):
+ return [r.getId() for r in self._roles]
+
+ def getValue(self, principal_id, role_id):
+ return self._grid[(principal_id, role_id)]
+
+ def listAvailableValues(self):
+ return (Unset.getName(), Allow.getName(), Deny.getName())
=== Zope3/src/zope/app/browser/security/grants/rolepermissionview.py 1.1 => 1.2 ===
--- /dev/null Wed Dec 25 09:14:06 2002
+++ Zope3/src/zope/app/browser/security/grants/rolepermissionview.py Wed Dec 25 09:12:34 2002
@@ -0,0 +1,149 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+import time
+
+from zope.app.interfaces.security import IRolePermissionManager
+from zope.app.pagetemplate.viewpagetemplatefile import ViewPageTemplateFile
+from zope.app.security.grants.permissionroles import PermissionRoles
+from zope.app.security.grants.rolepermissions import RolePermissions
+from zope.app.security.settings import Unset, Allow, Deny
+from zope.component import getService, getAdapter
+from zope.publisher.browser import BrowserView
+
+
+class RolePermissionView(BrowserView):
+
+ index = ViewPageTemplateFile('manage_access.pt')
+ manage_permissionForm = ViewPageTemplateFile('manage_permissionform.pt')
+ manage_roleForm = ViewPageTemplateFile('manage_roleform.pt')
+
+ def roles(self):
+ roles = getattr(self, '_roles', None)
+ if roles is None:
+ roles = self._roles = getService(
+ self.context, 'Roles'
+ ).getRoles()
+ return roles
+
+ def permissions(self):
+ permissions = getattr(self, '_permissions', None)
+ if permissions is None:
+ permissions = self._permissions = getService(
+ self.context, 'Permissions'
+ ).getPermissions()
+ return permissions
+
+ def availableSettings(self, noacquire=0):
+ aq = {'id': Unset.getName(), 'shorttitle': ' ', 'title': 'Acquire'}
+ rest = [{'id': Allow.getName(), 'shorttitle': '+', 'title': 'Allow'},
+ {'id': Deny.getName(), 'shorttitle': '-', 'title': 'Deny'},
+ ]
+ if noacquire:
+ return rest
+ else:
+ return [aq]+rest
+
+ def permissionRoles(self):
+ context = self.context
+ roles = self.roles()
+ return [PermissionRoles(permission, context, roles)
+ for permission in self.permissions()]
+
+ def permissionForID(self, pid):
+ context = self.context
+ roles = self.roles()
+ perm = getService(context, 'Permissions'
+ ).getPermission(pid)
+ return PermissionRoles(perm, context, roles)
+
+ def roleForID(self, rid):
+ context = self.context
+ permissions = self.permissions()
+ role = getService(context, 'Roles'
+ ).getRole(rid)
+ return RolePermissions(role, context, permissions)
+
+ def action(self, testing=None):
+ request = self.request
+ roles = [r.getId() for r in self.roles()]
+ permissions = [p.getId() for p in self.permissions()]
+ prm = getAdapter(self.context, IRolePermissionManager)
+ for ip in range(len(permissions)):
+ rperm = request.get("p%s" % ip)
+ if rperm not in permissions: continue
+ for ir in range(len(roles)):
+ rrole = request.get("r%s" % ir)
+ if rrole not in roles: continue
+ setting = request.get("p%sr%s" % (ip, ir), None)
+ if setting is not None:
+ if setting == Unset.getName():
+ prm.unsetPermissionFromRole(rperm, rrole)
+ elif setting == Allow.getName():
+ prm.grantPermissionToRole(rperm, rrole)
+ elif setting == Deny.getName():
+ prm.denyPermissionToRole(rperm, rrole)
+ else:
+ raise ValueError("Incorrect setting: %s" % setting)
+
+ if not testing:
+ return self.index(
+ message="Settings changed at %s" % time.ctime(time.time())
+ )
+
+ def update_permission(self, permission_id,
+ settings=(), testing=None):
+ prm = getAdapter(self.context, IRolePermissionManager)
+ roles = self.roles()
+ rperm = permission_id
+ for ir in range(len(roles)):
+ rrole = roles[ir].getId()
+ setting = settings[ir]
+ if setting == Unset.getName():
+ prm.unsetPermissionFromRole(rperm, rrole)
+ elif setting == Allow.getName():
+ prm.grantPermissionToRole(rperm, rrole)
+ elif setting == Deny.getName():
+ prm.denyPermissionToRole(rperm, rrole)
+ else:
+ raise ValueError("Incorrect setting: %s" % setting)
+
+ if not testing:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time())
+ )
+
+ def update_role(self, role_id, testing=None):
+ request = self.request
+ prm = getAdapter(self.context, IRolePermissionManager)
+ allowed = request.get(Allow.getName(), ())
+ denied = request.get(Deny.getName(), ())
+ for permission in self.permissions():
+ rperm = permission.getId()
+ if rperm in allowed and rperm in denied:
+ raise ValueError("Incorrect setting for %s" % rperm)
+ if rperm in allowed:
+ prm.grantPermissionToRole(rperm, role_id)
+ elif rperm in denied:
+ prm.denyPermissionToRole(rperm, role_id)
+ else:
+ prm.unsetPermissionFromRole(rperm, role_id)
+
+ if not testing:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time())
+ )