[Checkins]
SVN: z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
Added permissionTree to principalDetails
Daniel Blackburn
blackburnd at gmail.com
Sat Feb 16 16:43:44 EST 2008
Log message for revision 83941:
Added permissionTree to principalDetails
- PrincipalTree is used to view the permission settings for current
context and each context until the root folder.
Changed:
U z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py 2008-02-16 21:16:12 UTC (rev 83940)
+++ z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py 2008-02-16 21:43:44 UTC (rev 83941)
@@ -162,8 +162,6 @@
We need them all for our lookups to work properly in
principalRoleProvidesPermission.
"""
- # TODO: CLEANUP
-
allSettings = {}
permSetting = ()
settingList = [val for name ,val in settingsForObject(viewInstance)]
@@ -209,6 +207,7 @@
request = TestRequest()
applySkin(request, skin)
self.principalMatrix = {'permissions': [],
+ 'permissionTree': [],
'roles': {},
'roleTree': [],
'groups': {}}
@@ -226,6 +225,7 @@
settingsForObject(view) ]
self.populatePrincipalMatrix(all_settings)
+
self.orderRoleTree()
return self.principalMatrix
@@ -233,7 +233,7 @@
# This is silly I know but I want global settings at the end
globalSettings = self.principalMatrix['roleTree'].pop(0)
self.principalMatrix['roleTree'].append(globalSettings)
-
+
def populatePrincipalMatrix(self, settings):
""" this method recursively populates the principal permissions
dict and is only used by principalPermissions """
@@ -248,71 +248,70 @@
self.principalMatrix['groups'][group_id] = \
self.policyPermissions(group, settings)
+ def populatePrincipalMatrixRoles(self, name, item):
+ for curRole in item.get('principalRoles', ()):
+ if curRole['principal'] != self.principal.id:
+ continue
+ role = curRole['role']
+ parentList = item.get('parentList',None)
+
+ if parentList:
+ # If we have a parent list we want to populate the tree
+ self.populatePrincipalRoleTree(item,parentList,curRole)
+
+ if curRole['setting'] == Deny:
+ try:
+ # Here we see if we have added a security setting with
+ # this role before, if it is now denied we remove it.
+ del self.principalMatrix['roles'][role]
+ except KeyError:
+ pass
+ continue
+
+ else:
+ self.populatePrincipalRoles(item,role,curRole)
+
def populatePrincipalRoleTree(self,item,parentList,curRole):
key = item.get('uid')
keys = [x.keys()[0] for x in\
self.principalMatrix['roleTree']]
-
+
if key not in keys:
self.principalMatrix['roleTree'].append({
key:{}})
place = -1
else:
place = keys.index(key)
-
+
# Each key is unique so we just get the list index to edit
# we keep it as a list so the order stays the same.
-
+
parentList.reverse()
self.principalMatrix['roleTree'][place]\
[key]['parentList'] = \
parentList
-
+
self.principalMatrix['roleTree'][place]\
[key]['name'] = item.get('name')
-
+
self.principalMatrix['roleTree']\
[place][key].setdefault('roles',[])
-
-
+
+
# we make sure we only add the roles we do not yet have.
if curRole not in \
self.principalMatrix['roleTree'][place]\
[key]['roles']:
self.principalMatrix['roleTree'][place]\
[key]['roles'].append(curRole)
-
- def populatePrincipalMatrixRoles(self, name, item):
- for curRole in item.get('principalRoles', ()):
- if curRole['principal'] != self.principal.id:
- continue
- role = curRole['role']
- parentList = item.get('parentList',None)
-
- if parentList:
- # If we have a parent list we want to populate the tree
- self.populatePrincipalRoleTree(item,parentList,curRole)
-
- if curRole['setting'] == Deny:
- try:
- # Here we see if we have added a security setting with
- # this role before, if it is now denied we remove it.
- del self.principalMatrix['roles'][role]
- except KeyError:
- pass
- continue
-
- else:
- self.populatePrincipalRoles(item,role,curRole)
-
def populatePrincipalRoles(self,item,role,curRole):
if curRole['setting'] == Allow:
# We only want to append the role if it is Allowed
if not self.principalMatrix['roles'].has_key(role):
self.principalMatrix['roles'][role] = curRole
-
+
for rolePerms in item['rolePermissions']:
# Here we get the permissions provided by each role
if rolePerms['role'] == role:
@@ -320,22 +319,71 @@
_setting = rolePerms['setting'].getName()
mapping = {'permission': permission,
'setting': _setting}
-
+
if not role in self.principalMatrix['roles']:
self.principalMatrix['roles'].append({role:mapping})
def populatePrincipalMatrixPermissions(self, item):
# Here we get all the permssions for this principal
for prinPerms in item.get('principalPermissions', ()):
- if prinPerms['principal'] == self.principal.id:
- permission = prinPerms['permission']
- _setting = prinPerms['setting'].getName()
- mapping = {'permission': permission,
- 'setting': _setting}
- if not mapping in self.principalMatrix['permissions']:
- self.principalMatrix['permissions'].append(mapping)
+ if self.principal.id != prinPerms['principal']:
+ continue
+ parentList = item.get('parentList',None)
+ if parentList:
+ self.populatePrincipalPermTree(item,parentList,prinPerms)
+
+ permission = prinPerms['permission']
+ _setting = prinPerms['setting'].getName()
+ mapping = {'permission': permission,
+ 'setting': _setting}
+ if not mapping in self.principalMatrix['permissions']:
+ self.principalMatrix['permissions'].append(mapping)
+
+
+ def populatePrincipalPermTree(self,item,parentList,prinPerms):
+ """ method responsible for creating permission tree """
+ key = item.get('uid')
+ keys = [x.keys()[0] for x in\
+ self.principalMatrix['permissionTree']]
+
+ if key not in keys:
+ self.principalMatrix['permissionTree'].append({
+ key:{}})
+ place = -1
+ else:
+ place = keys.index(key)
+
+ # Each key is unique so we just get the list index to edit
+ # we keep it as a list so the order stays the same.
+
+ parentList.reverse()
+ self.principalMatrix['permissionTree'][place]\
+ [key]['parentList'] = \
+ parentList
+
+ self.principalMatrix['permissionTree'][place]\
+ [key]['name'] = item.get('name')
+
+ self.principalMatrix['permissionTree']\
+ [place][key].setdefault('permissions',[])
+
+
+ if prinPerms not in self.principalMatrix['permissionTree']\
+ [place][key]['permissions']:
+ self.principalMatrix['permissionTree']\
+ [place][key]['permissions'].append(prinPerms)
+
+
+ # we make sure we only add the roles we do not yet have.
+ #if curRole not in \
+ # self.principalMatrix['permissionTree'][place]\
+ # [key]['roles']:
+ # self.principalMatrix['permissionTree'][place]\
+ # [key]['roles'].append(curRole)
+
+
def permissionDetails(self, principal_id, view_name, skin=IBrowserRequest):
"""Get permission details for a given principal and view.
Includes the permissions set by the groups the principal belongs to.
@@ -546,7 +594,7 @@
# in the roleTree and in the permissionTree
result[-1][1]['parentList'] = ['Root Folder']
result[-1][1]['uid'] = 'Root Folder'
- result[-1][1]['name'] = 'Root Folder'
+ result[-1][1]['name'] = 'Root Folder'
data = {}
result.append(('global settings', data))
@@ -570,6 +618,6 @@
data['parentList'] = ['global settings']
data['uid'] = 'global settings'
-
+
return result
More information about the Checkins
mailing list