[Checkins] SVN: z3c.securitytool/trunk/ commit before refactor of principalPermissions

Daniel Blackburn blackburnd at gmail.com
Sat Feb 16 14:39:00 EST 2008


Log message for revision 83933:
  commit before refactor of principalPermissions

Changed:
  U   z3c.securitytool/trunk/TODO.txt
  U   z3c.securitytool/trunk/src/z3c/securitytool/browser/principalinfo.pt
  U   z3c.securitytool/trunk/src/z3c/securitytool/browser/views.py
  U   z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py

-=-
Modified: z3c.securitytool/trunk/TODO.txt
===================================================================
--- z3c.securitytool/trunk/TODO.txt	2008-02-16 17:31:00 UTC (rev 83932)
+++ z3c.securitytool/trunk/TODO.txt	2008-02-16 19:38:59 UTC (rev 83933)
@@ -7,25 +7,44 @@
     * Add details pages for groups and roles.
 
     * Securitymatrix should be a link instead of an onclick
+
+
       
+         SHOW STOPPERS
+        ===============
 
- SHOW STOPPERS
-===============
+            * Permissions for securitytool views cannot be zope.Public
 
-    * Permissions for securitytool views cannot be zope.Public
+            * Fix permissionDetails
 
-    * Be able to show permissions for context levels even if names are
-      the same 
+            * Specify which context the permission,group and role are attained
+              from
 
-    * Fix permissionDetails
+            
 
-    * Specify which context the permission,group and role are attained
-      from
+            PrincipalDetails
+            =================
 
+                * PermissionTree
+                * PermissionTree with `global settings`
+                * Directly provided permissions in effect at context level
 
- DONE
-===============
+                * RoleTree (Done)
+                * RoleTree with `global settings`
+                * Directly provided roles in effect at context level
 
+            PermissionDetails
+            =================
+
+                * Show permisisons that have a direct impact view and user
+                * Show roles that have a direct impact on view and user
+                * Link to PrincipalDetails
+
+
+
+                                            DONE
+==============================================================================
+
     * Onclick for the fiter:
 
     * Relative links for the root
@@ -33,3 +52,9 @@
     * Specifically denied roles should be displayed with allowed roles
 
 
+    * Be able to show permissions for context levels even if names are
+      the same  ( works for roles )
+
+
+
+

Modified: z3c.securitytool/trunk/src/z3c/securitytool/browser/principalinfo.pt
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/browser/principalinfo.pt	2008-02-16 17:31:00 UTC (rev 83932)
+++ z3c.securitytool/trunk/src/z3c/securitytool/browser/principalinfo.pt	2008-02-16 19:38:59 UTC (rev 83933)
@@ -23,7 +23,7 @@
             <metal:block define-macro="user-details"
                          tal:define="permissions view/principalPermissions/permissions;
                                      roles view/principalPermissions/roles;
-                                     roleContext view/principalPermissions/roleContext;
+                                     roleTree view/principalPermissions/roleTree;
                                      groups view/principalPermissions/groups">
 
                   <h3 tal:condition="permissions"> Directly provided
@@ -42,9 +42,9 @@
                   <br tal:condition="permissions">
                   
 
-                  <h3 tal:condition="roleContext">Roles Defined in
+                  <h3 tal:condition="roleTree">Roles Defined in
                   Context(s) for this user</h3>
-                  <tal:block tal:repeat="context roleContext">
+                  <tal:block tal:repeat="context roleTree">
                         <span tal:define="curr python:context.values()[0]">
                             <div class="contextList"
                   tal:content="python: ' / '.join(curr['parentList'])"/>
@@ -55,13 +55,14 @@
                         </span>
                   </tal:block>
                   
-                  <br tal:condition="roleContext">
+                  <br tal:condition="roleTree">
 
                   <h3 tal:condition="roles">Permissions provided by roles</h3>
                   <div class="contentList"  tal:condition="roles">
                     <div tal:repeat="role roles">
                       <b tal:content="role">zope.ManageSite:</b>
-                      <div class="contentList"
+
+                      <!--div class="contentList"
                            tal:repeat="permission python:roles[role]">
                         <ul>
                           <li>
@@ -70,7 +71,8 @@
                                 tal:content="permission/setting"/>
                           </li>
                         </ul>
-                      </div>
+                      </div-->
+                      
                       <br>
 
                     </div>

Modified: z3c.securitytool/trunk/src/z3c/securitytool/browser/views.py
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/browser/views.py	2008-02-16 17:31:00 UTC (rev 83932)
+++ z3c.securitytool/trunk/src/z3c/securitytool/browser/views.py	2008-02-16 19:38:59 UTC (rev 83933)
@@ -155,6 +155,7 @@
         skin = getSkin(self.request) or IBrowserRequest
 
         principal_security = ISecurityChecker(self.context)
+
         self.principalPermissions = principal_security.principalPermissions(
             self.principal, skin=skin)
 

Modified: z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py	2008-02-16 17:31:00 UTC (rev 83932)
+++ z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py	2008-02-16 19:38:59 UTC (rev 83933)
@@ -206,22 +206,18 @@
            for all interfaces provided by this context for a
            `principal_id`, and of course we are only after browser views"""
 
-        # make prinpermsetttings a self value
+        request = TestRequest()
+        applySkin(request, skin)
         self.prinPermSettings = {'permissions': [],
-                            'roles': {},
-                            'roleContext': [],
+                            'roles': [],
+                            'roleTree': [],
                             'groups': {}}
 
-        request = TestRequest()
-        applySkin(request, skin)
-
         principals = zapi.principals()
         principal = principals.getPrincipal(principal_id)
-
         ifaces = tuple(providedBy(self.context))
 
         for iface in ifaces:
-
             for view_reg in getViews(iface, IBrowserRequest):
                 view = self.getView(view_reg, skin)
                 if not view:
@@ -231,92 +227,101 @@
 
                 PrinSettings = self.policyPermissions(principal,
                                                       all_settings)
-                
                 self.populatePrinPermSettings(PrinSettings)
-
         return self.prinPermSettings
 
+
     def populatePrinPermSettings(self,PrinSettings):
-        if PrinSettings['roleContext']:
+        """ Aggregates all the values returned from the policyPermissions
+            call in principalPermissions
+        """
+        
+        if PrinSettings['roleTree']:
+            self.populateRoleTree(PrinSettings)
 
-            for items  in PrinSettings['roleContext']:
-                #List of dictionaries
-                for key, val in items.items():
-                    #Loop through the keys and values
+        if PrinSettings['permissions']:
+            self.populatePrincipalPermissions(PrinSettings)
 
-                    keys =  [x.keys()[0] for x in\
-                             self.prinPermSettings['roleContext']]
-                    if key not in keys:
-                        self.prinPermSettings\
-                                   ['roleContext'].append({key:{}}) 
-                        self.prinPermSettings['roleContext']\
-                                               [-1] = {key:val}
+        if PrinSettings['roles']:
+            self.populatePrincipalRoles(PrinSettings)
 
-                        parentList = val['parentList']
-                        parentList.reverse()
-                        self.prinPermSettings['roleContext'][-1]\
-                             [key]['parentList'] = \
-                             parentList
+        if PrinSettings['groups']:
+            self.prinPermSettings['groups'].update(PrinSettings['groups'])
 
-                        continue
-
-                    place = keys.index(key)
+    def populateRoleTree(self,PrinSettings):
+        """ This method is responsible for creating the roleTree
+            the role tree is a list of dictionaries which contain the settings
+            for each context level and role from the current context to the
+            root folder
+        """
+        
+        for items  in PrinSettings['roleTree']:
+            #List of dictionaries
+            for key, val in items.items():
+                keys =  [x.keys()[0] for x in\
+                         self.prinPermSettings['roleTree']]
+                if key not in keys:
+                    # If we do not have this context, add it
+                    self.prinPermSettings\
+                               ['roleTree'].append({key:{}})
+                    self.prinPermSettings['roleTree']\
+                                           [-1] = {key:val}
+        
                     parentList = val['parentList']
                     parentList.reverse()
-                    self.prinPermSettings['roleContext'][place]\
+                    self.prinPermSettings['roleTree'][-1]\
                          [key]['parentList'] = \
                          parentList
+                    continue
+        
+                place = keys.index(key)
+                # Each key is unique so we just get the list index to edit
+                # we keep it as a list so the order stays the same.
+                parentList = val['parentList']
+                parentList.reverse()
+                self.prinPermSettings['roleTree'][place]\
+                     [key]['parentList'] = \
+                     parentList
+        
+                self.prinPermSettings['roleTree'][place]\
+                     [key]['name'] = val['name']
+        
+                roles = val['roles']
+                self.prinPermSettings['roleTree']\
+                                [place][key].setdefault('roles',[])
+                for role in roles:
+                    # we make sure we only add the roles we do not yet have.
+                    if role not in \
+                             self.prinPermSettings['roleTree'][place]\
+                                       [key]['roles']:
+                        self.prinPermSettings['roleTree'][place]\
+                                       [key]['roles'].append(role)
+                
+    def populatePrincipalPermissions(self,PrinSettings):
+        if PrinSettings['permissions'] not in \
+               self.prinPermSettings['permissions']:
+            self.prinPermSettings['permissions'].append(
+                             PrinSettings['permissions'])
 
-                    self.prinPermSettings['roleContext'][place]\
-                         [key]['name'] = val['name']
+    def populatePrincipalRoles(self,PrinSettings):
+        #print PrinSettings['roles']
+        #self.prinPermSettings['roles'].update(PrinSettings['roles'])
+        for role in PrinSettings['roles']:
+            if role not in self.prinPermSettings['roles']:
+                self.prinPermSettings['roles'].append(role)
 
-                    roles = val['roles']
-                    self.prinPermSettings['roleContext']\
-                                    [place][key].setdefault('roles',[])
-                    for role in roles:
-                        if role not in \
-                                 self.prinPermSettings['roleContext'][place]\
-                                           [key]['roles']:
-                            self.prinPermSettings['roleContext'][place]\
-                                           [key]['roles'].append(role)
 
-
-        if PrinSettings['permissions']:
-            if PrinSettings['permissions'] not in \
-                   self.prinPermSettings['permissions']:
-                self.prinPermSettings['permissions'].append(
-                                 PrinSettings['permissions'])
-
-        if PrinSettings['roles']:
-            #print PrinSettings['roles']
-            #self.prinPermSettings['roles'].update(PrinSettings['roles'])
-            for role in PrinSettings['roles']:
-                if not self.prinPermSettings['roles'].has_key(role):
-                    self.prinPermSettings['roles'][role] = \
-                                  PrinSettings['roles'][role]
-
-        if PrinSettings['groups']:
-            self.prinPermSettings['groups'].update(PrinSettings['groups'])
-
-
-
 # TODO: Rename
     def policyPermissions(self, principal, settings):
         """ this method recursively populates the principal permissions
             dict and is only used by principalPermissions """
 
-        #[x for x[1] in settings]
         prinPermSettings = {'permissions': [],
                             'roles': {},
-                            'roleContext': [],
+                            'roleTree': [],
                             'groups': {}}
         principals = zapi.principals()
 
-        setting = {}
-        role_context = {}
-        perm_context = {}
-        roleList = []
-
         #For each item in our list we will update the settings dict
         #for item in settings:
         #    for key,val in item.items():
@@ -324,87 +329,94 @@
         #            setting[key] = []
         #        setting[key].extend(val)
 
-        try:
-            for setting in settings:
-                for name, item in setting.items():
-            
-                    # Here we get all the permssions for this principal
-                    for prinPerms in item.get('principalPermissions', ()):
-                        if prinPerms['principal'] == principal.id:
-                            permission = prinPerms['permission']
-                            _setting = prinPerms['setting'].getName()
+        for setting in settings:
+            for name, item in setting.items():
+
+                # Here we get all the permssions for this principal
+                for prinPerms in item.get('principalPermissions', ()):
+                    if prinPerms['principal'] == principal.id:
+                        permission = prinPerms['permission']
+                        _setting = prinPerms['setting'].getName()
+                        mapping = {'permission': permission,
+                                   'setting': _setting}
+                        if not mapping in prinPermSettings['permissions']:
+                            prinPermSettings['permissions'].append(mapping)
+                # Here we get all the roles for this principal
+                for prinRoles in item.get('principalRoles', ()):
+                    if prinRoles['principal'] != principal.id:
+                        continue
+
+                    role = prinRoles['role']
+
+                    contextName = name and name or 'Root Folder'
+                    # Now we will build the roleTree object to display
+                    # the levels and settings for all roles assigned to this
+                    # principal.
+
+                    parentList = item.get('parentList',None)
+                    if parentList:
+                        key = item.get('uid')
+                        if not prinPermSettings['roleTree']:
+                            prinPermSettings['roleTree'].append({
+                                                         key:{}})
+                            prinPermSettings['roleTree'][-1]\
+                                 [key]['roles'] = []
+
+                        keys =  [x.keys()[0] for x in\
+                                 prinPermSettings['roleTree']]
+
+                        if key not in keys:
+                            prinPermSettings['roleTree'].append({
+                                                         key:{}})
+                            prinPermSettings['roleTree'][-1]\
+                                 [key]['roles'] = []
+
+                        prinPermSettings['roleTree'][-1]\
+                             [key]['parentList'] = parentList
+
+                        prinPermSettings['roleTree'][-1]\
+                             [key]['name'] = contextName
+
+                        newVal = {'setting':prinRoles['setting'].getName(),
+                                  'role':role}
+
+                        if newVal not in prinPermSettings['roleTree'][-1]\
+                               [key]['roles']:
+                            prinPermSettings['roleTree'][-1][key]\
+                                                  ['roles'].append(newVal)
+
+                    if prinRoles['setting'] == Deny:
+                        try:
+                            # Here we see if we have added a security setting with
+                            # this role before, if it is now denied we remove it.
+                            del prinPermSettings['roles'][role]
+                        except KeyError:
+                            pass
+                        continue
+                    elif prinRoles['setting'] == Allow:
+                        # We only want to append the role if it is Allowed
+                        if not prinPermSettings['roles'].has_key(role):
+                            prinPermSettings['roles'][role] = prinRoles
+
+                    for rolePerms in item['rolePermissions']:
+                        # Here we get the permissions provided by each role
+                        if rolePerms['role'] == role:
+                            permission = rolePerms['permission']
+                            _setting = rolePerms['setting'].getName()
                             mapping = {'permission': permission,
                                        'setting': _setting}
-                            if not mapping in prinPermSettings['permissions']:
-                                prinPermSettings['permissions'].append(mapping)
-                    # Here we get all the roles for this principal
-                    for prinRoles in item.get('principalRoles', ()):
-                        if prinRoles['principal'] != principal.id:
-                            continue
-            
-                        role = prinRoles['role']
-            
-                        contextName = name and name or 'Root Folder'
-            
-                        parentList = item.get('parentList',None)
-                        if parentList:
-                            key = item.get('uid')
-                            if not prinPermSettings['roleContext']:
-                                prinPermSettings['roleContext'].append({
-                                                             key:{}})
-                                prinPermSettings['roleContext'][-1]\
-                                     [key]['roles'] = []
-            
-                            keys =  [x.keys()[0] for x in\
-                                     prinPermSettings['roleContext']]
-            
-                            if key not in keys:
-                                prinPermSettings['roleContext'].append({
-                                                             key:{}})
-                                prinPermSettings['roleContext'][-1]\
-                                     [key]['roles'] = []
-            
-                            prinPermSettings['roleContext'][-1]\
-                                 [key]['parentList'] = parentList
-            
-                            prinPermSettings['roleContext'][-1]\
-                                 [key]['name'] = contextName
-            
-                            newVal = {'setting':prinRoles['setting'].getName(),
-                                      'role':role}
-            
-                            if newVal not in prinPermSettings['roleContext'][-1]\
-                                   [key]['roles']:
-                                prinPermSettings['roleContext'][-1][key]\
-                                                      ['roles'].append(newVal)
-            
-                        if prinRoles.get('setting','') != Allow:
-                            # We only want to see the role if we are granted
-                            # the allow permission for it
-                            # TODO have an else clause and show denied roles as
-                            # well
-                            continue
-            
-                        for rolePerms in item['rolePermissions']:
-            
-                            if rolePerms['role'] == role:
-                                permission = rolePerms['permission']
-                                _setting = rolePerms['setting'].getName()
-                                mapping = {'permission': permission,
-                                           'setting': _setting}
-                                perms = prinPermSettings['roles'].setdefault(role,[])
-            
-                                if not mapping in perms:
-                                    perms.append(mapping)
-            
-                    # Here we loop through the groups and recursively call this method
-                    # for each one found.
-                for group_id in principal.groups:
-                    group = principals.getPrincipal(group_id)
-                    prinPermSettings['groups'][group_id] = \
-                        self.policyPermissions(group, settings)
-        except:
-            import pdb; pdb.set_trace()
+
+
+                            if not role in prinPermSettings['roles']:
+                                prinPermSettings['roles'].append({role:mapping})
+                            
+            # Here we loop through the groups and recursively call this method
+                # for each one found.
+            for group_id in principal.groups:
+                group = principals.getPrincipal(group_id)
+                prinPermSettings['groups'][group_id] = \
+                    self.policyPermissions(group, settings)
+
         return prinPermSettings
 
     def permissionDetails(self, principal_id, view_name, skin=IBrowserRequest):
@@ -428,10 +440,10 @@
         # Here we want to aggregate all the rolePermissions in one place
         rolePermissions = []
         if not settings:
-            return  {'read_perm':'zope.Public','permissions': [],'roles': {},'groups': {}}
+            return  {'read_perm':'zope.Public','permissions': [],'roles': [],'groups': {}}
 
         if read_perm is None:
-            prinPermSettings = {'permissions': [],'roles': {},'groups': {}}
+            prinPermSettings = {'permissions': [],'roles': [],'groups': {}}
             read_perm ='zope.Public'
         else:
             for name,setting in settings:
@@ -613,10 +625,11 @@
             data['uid'] = data['parentList'][0]+"_" + \
                                 str(len(data['parentList']))
 
+    # Here we need to add the parentlist and uid to display it properly
+    # in the roleTree and in the permissionTree
     result[-1][1]['parentList'] = ['Root Folder']
-    result[-1][1]['uid'] = 'Root Folder'        
+    result[-1][1]['uid'] = 'Root Folder'
 
-
     data = {}
     result.append(('global settings', data))
 
@@ -636,5 +649,9 @@
         {'permission': p, 'role': r, 'setting': s}
         for (p, r, s) in settings]
 
+    data['parentList'] = ['global settings']
+    data['uid'] = 'global settings'
+
+    
     return result
 



More information about the Checkins mailing list