[Checkins] SVN: z3c.securitytool/trunk/src/z3c/securitytool/ Fixed
issue on secuirtyMatrix page where all roles were not taken
into account
Daniel Blackburn
blackburnd at gmail.com
Thu Feb 7 11:36:02 EST 2008
Log message for revision 83614:
Fixed issue on secuirtyMatrix page where all roles were not taken into account
Changed:
U z3c.securitytool/trunk/src/z3c/securitytool/browser/views.py
U z3c.securitytool/trunk/src/z3c/securitytool/demoSetup.py
U z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/browser/views.py
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/browser/views.py 2008-02-07 16:24:55 UTC (rev 83613)
+++ z3c.securitytool/trunk/src/z3c/securitytool/browser/views.py 2008-02-07 16:36:02 UTC (rev 83614)
@@ -31,7 +31,8 @@
selectedPermission = None
#Get the selected skin from the form or the first skin on the system.
- selectedSkin = self.request.form.get('selectedSkin',self.skinTypes.items()[0][0])
+ selectedSkin = self.request.form.get('selectedSkin',
+ self.skinTypes.items()[0][0])
ISession(self.request)[SESSION_KEY]['selectedSkin'] = selectedSkin
skin = zapi.getUtility(IBrowserSkinType,selectedSkin)
@@ -48,7 +49,6 @@
security_checker.getPermissionSettingsForAllViews(ifaces, skin,
selectedPermission)
-
# self.views is a dict in the form of {view:perm}
# Here It would make more sense to group by permission rather than view
sortedViews = sorted([(v,k) for k,v in self.views.items()])
@@ -126,6 +126,7 @@
u"</span>,<span class='Allow'> Green Normal = "
u"Allowed Permission </span>")
+
def render(self):
return ViewPageTemplateFile(self.pageTemplateFile)(self)
Modified: z3c.securitytool/trunk/src/z3c/securitytool/demoSetup.py
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/demoSetup.py 2008-02-07 16:24:55 UTC (rev 83613)
+++ z3c.securitytool/trunk/src/z3c/securitytool/demoSetup.py 2008-02-07 16:36:02 UTC (rev 83614)
@@ -17,17 +17,27 @@
# Lets get the root folder so we can assign some permissions to
# specific contexts
root=zapi.getRoot(root_folder)
- rootPermManager = IPrincipalPermissionManager(root)
- rootRoleManager = IPrincipalRoleManager(root)
- rootRoleManager.assignRoleToPrincipal('zope.Editor', 'zope.daniel')
- rootRoleManager.assignRoleToPrincipal('zope.Writer', 'zope.daniel')
+ roleManager = IPrincipalRoleManager(root)
+ roleManager.assignRoleToPrincipal('zope.Editor', 'zope.daniel')
+ roleManager.assignRoleToPrincipal('zope.Writer', 'zope.daniel')
- rootPermManager.denyPermissionToPrincipal('concord.ReadIssue','zope.daniel')
- rootPermManager.denyPermissionToPrincipal('concord.CreateIssue','zope.daniel')
- rootPermManager.denyPermissionToPrincipal('concord.CreateIssue','zope.stephan')
- rootPermManager.denyPermissionToPrincipal('concord.CreateIssue','zope.markus')
- rootPermManager.denyPermissionToPrincipal('concord.CreateIssue','zope.anybody')
+ permManager = IPrincipalPermissionManager(root)
+ permManager.denyPermissionToPrincipal('concord.ReadIssue',
+ 'zope.daniel')
+
+ permManager.denyPermissionToPrincipal('concord.CreateIssue',
+ 'zope.daniel')
+
+ permManager.denyPermissionToPrincipal('concord.CreateIssue',
+ 'zope.stephan')
+
+ permManager.denyPermissionToPrincipal('concord.CreateIssue',
+ 'zope.markus')
+
+ permManager.denyPermissionToPrincipal('concord.CreateIssue',
+ 'zope.anybody')
+
transaction.commit()
Modified: z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py 2008-02-07 16:24:55 UTC (rev 83613)
+++ z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py 2008-02-07 16:36:02 UTC (rev 83614)
@@ -16,9 +16,14 @@
from zope.securitypolicy.principalpermission import principalPermissionManager
from zope.securitypolicy.rolepermission import rolePermissionManager
from zope.securitypolicy.principalrole import principalRoleManager
+from zope.securitypolicy.interfaces import Allow, Unset, Deny
+
#from zope.app.securitypolicy.zopepolicy import settingsForObject
+from zope.securitypolicy.interfaces import IPrincipalPermissionManager, IPrincipalRoleManager
+
+
from zope.session.interfaces import ISession
from zope.app import zapi
@@ -63,6 +68,7 @@
viewInstance = self.getView(view_reg, self.skin)
if viewInstance:
self.populateMatrix(viewInstance,view_reg)
+
return [self.viewMatrix,self.views,self.permissions]
@@ -79,35 +85,42 @@
self.name = info['name']
self.views[self.name] = read_perm
- settings = [entry[1] for entry in settingsForObject(viewInstance)]
+ settings = {}
+ settingList = [val for val, val in settingsForObject(viewInstance)]
+
+ for setting in settingList:
+ for key,val in setting.items():
+ if not settings.has_key(key):
+ settings[key] = []
+ settings[key].extend(val)
+
- for setting in settings:
- rolePermMap = setting.get('rolePermissions', ())
- principalRoles = setting.get('principalRoles', [])
- for role in principalRoles:
- principal = role['principal']
- if read_perm == 'zope.Public':
- permSetting = (role,'Allow')
+ rolePermMap = settings.get('rolePermissions', ())
+ principalRoles = settings.get('principalRoles', [])
+ for role in principalRoles:
+ principal = role['principal']
+ if read_perm == 'zope.Public':
+ permSetting = (role,'Allow')
+ else:
+ permSetting= principalRoleProvidesPermission(
+ principalRoles, rolePermMap,
+ principal, read_perm
+ )
+ if permSetting[1]:
+ if self.viewMatrix.has_key(principal):
+ if self.viewMatrix[principal].has_key(self.name):
+ if self.viewMatrix[principal][self.name]!='Deny':
+ self.viewMatrix[principal].update(
+ {self.name: permSetting[1]}
+ )
+ else:
+ self.viewMatrix[principal][self.name] =\
+ permSetting[1]
else:
- permSetting= principalRoleProvidesPermission(
- principalRoles, rolePermMap,
- principal, read_perm
- )
- if permSetting[1]:
- if self.viewMatrix.has_key(principal):
- if self.viewMatrix[principal].has_key(self.name):
- if self.viewMatrix[principal][self.name]!='Deny':
- self.viewMatrix[principal].update(
- {self.name: permSetting[1]}
- )
- else:
- self.viewMatrix[principal][self.name] =\
- permSetting[1]
- else:
- self.viewMatrix[principal]={self.name: permSetting[1]}
+ self.viewMatrix[principal]={self.name: permSetting[1]}
- principalPermissions = setting.get('principalPermissions',[])
- self.populatePermissionMatrix(read_perm,principalPermissions)
+ principalPermissions = settings.get('principalPermissions',[])
+ self.populatePermissionMatrix(read_perm,principalPermissions)
def populatePermissionMatrix(self,read_perm,principalPermissions):
@@ -357,7 +370,6 @@
while ob is not None:
data = {}
- result.append((getattr(ob, '__name__', '(no name)'), data))
principalPermissions = IPrincipalPermissionMap(ob, None)
if principalPermissions is not None:
@@ -381,6 +393,7 @@
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
+ result.append((getattr(ob, '__name__', '(no name)'), data))
ob = getattr(ob, '__parent__', None)
data = {}
More information about the Checkins
mailing list