[Checkins] SVN: z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py Refactored population of principalPermissions

Daniel Blackburn blackburnd at gmail.com
Sat Feb 16 15:48:55 EST 2008


Log message for revision 83938:
  Refactored population of principalPermissions

Changed:
  U   z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py

-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py	2008-02-16 20:48:36 UTC (rev 83937)
+++ z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py	2008-02-16 20:48:55 UTC (rev 83938)
@@ -208,13 +208,13 @@
 
         request = TestRequest()
         applySkin(request, skin)
-        self.prinPermSettings = {'permissions': [],
-                            'roles': [],
-                            'roleTree': [],
-                            'groups': {}}
+        self.principalMatrix = {'permissions': [],
+                                'roles': {},
+                                'roleTree': [],
+                                'groups': {}}
 
-        principals = zapi.principals()
-        principal = principals.getPrincipal(principal_id)
+        self.principals = zapi.principals()
+        self.principal = self.principals.getPrincipal(principal_id)
         ifaces = tuple(providedBy(self.context))
 
         for iface in ifaces:
@@ -225,200 +225,112 @@
                 all_settings = [{name:val} for name,val in
                                  settingsForObject(view) ]
 
-                PrinSettings = self.policyPermissions(principal,
-                                                      all_settings)
-                self.populatePrinPermSettings(PrinSettings)
-        return self.prinPermSettings
+                self.populatePrincipalMatrix(all_settings)
 
+        return self.principalMatrix
 
-    def populatePrinPermSettings(self,PrinSettings):
-        """ Aggregates all the values returned from the policyPermissions
-            call in principalPermissions
-        """
-        
-        if PrinSettings['roleTree']:
-            self.populateRoleTree(PrinSettings)
+    def populatePrincipalMatrix(self, settings):
+        """ this method recursively populates the principal permissions
+            dict and is only used by principalPermissions """
 
-        if PrinSettings['permissions']:
-            self.populatePrincipalPermissions(PrinSettings)
+        for setting in settings:
+            for name, item in setting.items():
+                self.populatePrincipalMatrixPermissions(item)
+                self.populatePrincipalMatrixRoles(name,item)
 
-        if PrinSettings['roles']:
-            self.populatePrincipalRoles(PrinSettings)
+            for group_id in self.principal.groups:
+                group = self.principals.getPrincipal(group_id)
+                self.principalMatrix['groups'][group_id] = \
+                    self.policyPermissions(group, settings)
 
-        if PrinSettings['groups']:
-            self.prinPermSettings['groups'].update(PrinSettings['groups'])
 
-    def populateRoleTree(self,PrinSettings):
-        """ This method is responsible for creating the roleTree
-            the role tree is a list of dictionaries which contain the settings
-            for each context level and role from the current context to the
-            root folder
-        """
-        
-        for items  in PrinSettings['roleTree']:
-            #List of dictionaries
-            for key, val in items.items():
+    def populatePrincipalMatrixRoles(self, name, item):
+        for curRole in item.get('principalRoles', ()):
+            if curRole['principal'] != self.principal.id:
+                continue
+
+            role = curRole['role']
+
+            contextName = name and name or 'Root Folder'
+            # Now we will build the roleTree object to display
+            # the levels and settings for all roles assigned to this
+            # principal.
+
+            parentList = item.get('parentList',None)
+            if parentList:
+                key = item.get('uid')
                 keys =  [x.keys()[0] for x in\
-                         self.prinPermSettings['roleTree']]
+                         self.principalMatrix['roleTree']]
+
                 if key not in keys:
-                    # If we do not have this context, add it
-                    self.prinPermSettings\
-                               ['roleTree'].append({key:{}})
-                    self.prinPermSettings['roleTree']\
-                                           [-1] = {key:val}
-        
-                    parentList = val['parentList']
-                    parentList.reverse()
-                    self.prinPermSettings['roleTree'][-1]\
-                         [key]['parentList'] = \
-                         parentList
-                    continue
-        
-                place = keys.index(key)
+                    self.principalMatrix['roleTree'].append({
+                                                 key:{}})
+                    place = -1
+                else:
+                    place = keys.index(key)
+
                 # Each key is unique so we just get the list index to edit
                 # we keep it as a list so the order stays the same.
-                parentList = val['parentList']
+
                 parentList.reverse()
-                self.prinPermSettings['roleTree'][place]\
+                self.principalMatrix['roleTree'][place]\
                      [key]['parentList'] = \
                      parentList
-        
-                self.prinPermSettings['roleTree'][place]\
-                     [key]['name'] = val['name']
-        
-                roles = val['roles']
-                self.prinPermSettings['roleTree']\
-                                [place][key].setdefault('roles',[])
-                for role in roles:
-                    # we make sure we only add the roles we do not yet have.
-                    if role not in \
-                             self.prinPermSettings['roleTree'][place]\
-                                       [key]['roles']:
-                        self.prinPermSettings['roleTree'][place]\
-                                       [key]['roles'].append(role)
-                
-    def populatePrincipalPermissions(self,PrinSettings):
-        if PrinSettings['permissions'] not in \
-               self.prinPermSettings['permissions']:
-            self.prinPermSettings['permissions'].append(
-                             PrinSettings['permissions'])
 
-    def populatePrincipalRoles(self,PrinSettings):
-        #print PrinSettings['roles']
-        #self.prinPermSettings['roles'].update(PrinSettings['roles'])
-        for role in PrinSettings['roles']:
-            if role not in self.prinPermSettings['roles']:
-                self.prinPermSettings['roles'].append(role)
+                self.principalMatrix['roleTree'][place]\
+                     [key]['name'] = item.get('name')
 
+                self.principalMatrix['roleTree']\
+                                [place][key].setdefault('roles',[])
 
-# TODO: Rename
-    def policyPermissions(self, principal, settings):
-        """ this method recursively populates the principal permissions
-            dict and is only used by principalPermissions """
 
-        prinPermSettings = {'permissions': [],
-                            'roles': {},
-                            'roleTree': [],
-                            'groups': {}}
-        principals = zapi.principals()
+                # we make sure we only add the roles we do not yet have.
+                if curRole not in \
+                         self.principalMatrix['roleTree'][place]\
+                                   [key]['roles']:
+                    self.principalMatrix['roleTree'][place]\
+                                   [key]['roles'].append(curRole)
 
-        #For each item in our list we will update the settings dict
-        #for item in settings:
-        #    for key,val in item.items():
-        #        if not setting.has_key(key):
-        #            setting[key] = []
-        #        setting[key].extend(val)
 
-        for setting in settings:
-            for name, item in setting.items():
+            if curRole['setting'] == Deny:
+                try:
+                    # Here we see if we have added a security setting with
+                    # this role before, if it is now denied we remove it.
+                    del self.principalMatrix['roles'][role]
+                except KeyError:
+                    pass
+                continue
+            elif curRole['setting'] == Allow:
+                # We only want to append the role if it is Allowed
+                if not self.principalMatrix['roles'].has_key(role):
+                    self.principalMatrix['roles'][role] = curRole
 
-                # Here we get all the permssions for this principal
-                for prinPerms in item.get('principalPermissions', ()):
-                    if prinPerms['principal'] == principal.id:
-                        permission = prinPerms['permission']
-                        _setting = prinPerms['setting'].getName()
-                        mapping = {'permission': permission,
-                                   'setting': _setting}
-                        if not mapping in prinPermSettings['permissions']:
-                            prinPermSettings['permissions'].append(mapping)
-                # Here we get all the roles for this principal
-                for prinRoles in item.get('principalRoles', ()):
-                    if prinRoles['principal'] != principal.id:
-                        continue
+            for rolePerms in item['rolePermissions']:
+                # Here we get the permissions provided by each role
+                if rolePerms['role'] == role:
+                    permission = rolePerms['permission']
+                    _setting = rolePerms['setting'].getName()
+                    mapping = {'permission': permission,
+                               'setting': _setting}
 
-                    role = prinRoles['role']
 
-                    contextName = name and name or 'Root Folder'
-                    # Now we will build the roleTree object to display
-                    # the levels and settings for all roles assigned to this
-                    # principal.
+                    if not role in self.principalMatrix['roles']:
+                        self.principalMatrix['roles'].append({role:mapping})
 
-                    parentList = item.get('parentList',None)
-                    if parentList:
-                        key = item.get('uid')
-                        if not prinPermSettings['roleTree']:
-                            prinPermSettings['roleTree'].append({
-                                                         key:{}})
-                            prinPermSettings['roleTree'][-1]\
-                                 [key]['roles'] = []
 
-                        keys =  [x.keys()[0] for x in\
-                                 prinPermSettings['roleTree']]
 
-                        if key not in keys:
-                            prinPermSettings['roleTree'].append({
-                                                         key:{}})
-                            prinPermSettings['roleTree'][-1]\
-                                 [key]['roles'] = []
+    def populatePrincipalMatrixPermissions(self, item):
+        # Here we get all the permssions for this principal
+        for prinPerms in item.get('principalPermissions', ()):
+            if prinPerms['principal'] == self.principal.id:
+                permission = prinPerms['permission']
+                _setting = prinPerms['setting'].getName()
+                mapping = {'permission': permission,
+                           'setting': _setting}
+                if not mapping in self.principalMatrix['permissions']:
+                    self.principalMatrix['permissions'].append(mapping)
 
-                        prinPermSettings['roleTree'][-1]\
-                             [key]['parentList'] = parentList
 
-                        prinPermSettings['roleTree'][-1]\
-                             [key]['name'] = contextName
-
-                        newVal = {'setting':prinRoles['setting'].getName(),
-                                  'role':role}
-
-                        if newVal not in prinPermSettings['roleTree'][-1]\
-                               [key]['roles']:
-                            prinPermSettings['roleTree'][-1][key]\
-                                                  ['roles'].append(newVal)
-
-                    if prinRoles['setting'] == Deny:
-                        try:
-                            # Here we see if we have added a security setting with
-                            # this role before, if it is now denied we remove it.
-                            del prinPermSettings['roles'][role]
-                        except KeyError:
-                            pass
-                        continue
-                    elif prinRoles['setting'] == Allow:
-                        # We only want to append the role if it is Allowed
-                        if not prinPermSettings['roles'].has_key(role):
-                            prinPermSettings['roles'][role] = prinRoles
-
-                    for rolePerms in item['rolePermissions']:
-                        # Here we get the permissions provided by each role
-                        if rolePerms['role'] == role:
-                            permission = rolePerms['permission']
-                            _setting = rolePerms['setting'].getName()
-                            mapping = {'permission': permission,
-                                       'setting': _setting}
-
-
-                            if not role in prinPermSettings['roles']:
-                                prinPermSettings['roles'].append({role:mapping})
-                            
-            # Here we loop through the groups and recursively call this method
-                # for each one found.
-            for group_id in principal.groups:
-                group = principals.getPrincipal(group_id)
-                prinPermSettings['groups'][group_id] = \
-                    self.policyPermissions(group, settings)
-
-        return prinPermSettings
-
     def permissionDetails(self, principal_id, view_name, skin=IBrowserRequest):
         """Get permission details for a given principal and view.
         Includes the permissions set by the groups the principal belongs to.
@@ -629,6 +541,7 @@
     # in the roleTree and in the permissionTree
     result[-1][1]['parentList'] = ['Root Folder']
     result[-1][1]['uid'] = 'Root Folder'
+    result[-1][1]['name'] = 'Root Folder'    
 
     data = {}
     result.append(('global settings', data))



More information about the Checkins mailing list