[Checkins]
SVN: z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
Changed mergePermissionFromGroups to use a post-order
resolution for the permissions inherited from the groups.
Jacob you were right.
Daniel Blackburn
blackburnd at gmail.com
Thu May 29 13:53:25 EDT 2008
Log message for revision 87050:
Changed mergePermissionFromGroups to use a post-order resolution for the permissions inherited from the groups. Jacob you were right.
Changed:
U z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py 2008-05-29 17:51:32 UTC (rev 87049)
+++ z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py 2008-05-29 17:53:25 UTC (rev 87050)
@@ -192,23 +192,25 @@
viewPermMatrix and inspects the inherited permissions from groups
assigned to the principal.
"""
- #TODO make this a breadth first search and not depth first!!
+ # Actually this does need a post-order depth first...
+ # Thanks Jacob
sysPrincipals = zapi.principals()
matrix = self.viewMatrix
+
for principal in principals:
for group_id in principal.groups:
- # If we have further groups... recurse
group = sysPrincipals.getPrincipal(group_id)
- if group.groups:
- self.mergePermissionsFromGroups([sysPrincipals.getPrincipal(x) for x in group.groups])
+ self.mergePermissionsFromGroups([sysPrincipals.getPrincipal(x) for x in principal.groups])
if matrix.has_key(group_id):
res = matrix[group_id]
for item in res:
# We only want the setting if we do not alread have it.
- if item not in matrix[principal.id]:
- matrix[principal.id].setdefault(item,res[item])
-
+ # or if it is an Allow permission as the allow seems to
+ # override the deny with conflicting group permissions.
+ if item not in matrix[principal.id] or res[item] == 'Allow':
+ matrix[principal.id][item] = res[item]
+
class MatrixDetails(object):
"""
This class creates the complex permissionDetails object
More information about the Checkins
mailing list