[Checkins]
SVN: z3c.securitytool/trunk/src/z3c/securitytool/demoSetup.py
Updated demoSetup.py to test the inheritance of group permissions
Daniel Blackburn
blackburnd at gmail.com
Thu May 29 13:51:32 EDT 2008
Log message for revision 87049:
Updated demoSetup.py to test the inheritance of group permissions
Changed:
U z3c.securitytool/trunk/src/z3c/securitytool/demoSetup.py
-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/demoSetup.py
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/demoSetup.py 2008-05-29 17:49:13 UTC (rev 87048)
+++ z3c.securitytool/trunk/src/z3c/securitytool/demoSetup.py 2008-05-29 17:51:32 UTC (rev 87049)
@@ -34,7 +34,7 @@
# Lets get the list of all principals on the system.
sysPrincipals = zapi.principals()
principals = [x.id for x in sysPrincipals.getPrincipals('')
- if x.id not in ['group1','group2','randy']]
+ if x.id not in ['zope.group1','zope.group2','zope.randy']]
# Here is where we begin to set the permissions for the root context level
roleManager = IPrincipalRoleManager(root)
@@ -45,16 +45,21 @@
group1 = sysPrincipals.getPrincipal('zope.group1')
group2 = sysPrincipals.getPrincipal('zope.group2')
+
daniel = sysPrincipals.getPrincipal('zope.daniel')
randy = sysPrincipals.getPrincipal('zope.randy')
-
- daniel.groups.append('zope.group1')
- group1.groups.append('zope.group2')
-
+ # We add group1 and group2 to Randy to make sure that the
+ # allow permission overrides the Deny permission at the
+ # same level.
randy.groups.append('zope.group1')
randy.groups.append('zope.group2')
+
+ # We add randy as a group to daniel with a subgroup
+ # of group1 and and group2
+ daniel.groups.append('zope.randy')
+
roleManager.assignRoleToPrincipal('zope.Writer', 'zope.daniel')
roleManager.assignRoleToPrincipal('zope.Writer', 'zope.stephan')
@@ -68,6 +73,17 @@
principal)
+# Now at the root level we will deny all the permissions to group2 and
+# Allow all the permissions to group 1
+ for perm in ['concord.DeleteIssue', 'concord.CreateIssue',
+ 'concord.ReadIssue', 'concord.CreateArticle',
+ 'concord.DeleteArticle', 'concord.PublishIssue']:
+
+ permManager.denyPermissionToPrincipal(perm, group1.id)
+ permManager.grantPermissionToPrincipal(perm,group2.id)
+
+
+
# Here is where we begin to set the permissions for the context level of
# Folder1.
roleManager = IPrincipalRoleManager(root['Folder1'])
@@ -84,16 +100,7 @@
permManager.grantPermissionToPrincipal('concord.CreateArticle',
principal)
- permManager.denyPermissionToPrincipal('concord.DeleteIssue',
- group1.id)
- permManager.denyPermissionToPrincipal('concord.CreateIssue',
- group1.id)
- permManager.grantPermissionToPrincipal('concord.DeleteIssue',
- group2.id)
- permManager.grantPermissionToPrincipal('concord.CreateIssue',
- group2.id)
-
# Here is where we begin to set the permissions for the context level of
# /root/Folder1/Folder2.
roleManager = IPrincipalRoleManager(root['Folder1']['Folder2'])
More information about the Checkins
mailing list