[Checkins] SVN: z3ext.permissionsmap/trunk/ - Calculate roles settings dynamicly for <denyAll> and <grantAll>
Nikolay Kim
fafhrd at datacom.kz
Fri Feb 13 05:51:03 EST 2009
Log message for revision 96489:
- Calculate roles settings dynamicly for <denyAll> and <grantAll>
(Check for local roles)
Changed:
_U z3ext.permissionsmap/trunk/
U z3ext.permissionsmap/trunk/CHANGES.txt
U z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py
U z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py
-=-
Property changes on: z3ext.permissionsmap/trunk
___________________________________________________________________
Added: svn:ignore
+ develop-eggs
eggs
bin
parts
coverage
externals
.installed.cfg
Modified: z3ext.permissionsmap/trunk/CHANGES.txt
===================================================================
--- z3ext.permissionsmap/trunk/CHANGES.txt 2009-02-13 10:10:07 UTC (rev 96488)
+++ z3ext.permissionsmap/trunk/CHANGES.txt 2009-02-13 10:51:03 UTC (rev 96489)
@@ -2,6 +2,13 @@
CHANGES
=======
+1.2.1 (Unreleased)
+------------------
+
+- Calculate roles settings dynamicly for <denyAll> and <grantAll>
+ (Check for local roles)
+
+
1.2.0 (2008-03-21)
------------------
Modified: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py 2009-02-13 10:10:07 UTC (rev 96488)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py 2009-02-13 10:51:03 UTC (rev 96489)
@@ -16,6 +16,9 @@
$Id$
"""
from zope import interface
+from zope.component import getUtilitiesFor
+from zope.securitypolicy.interfaces import IRole
+from zope.securitypolicy.interfaces import Allow, Deny, Unset
from zope.securitypolicy.securitymap import PersistentSecurityMap
from zope.securitypolicy.rolepermission import RolePermissionManager
@@ -31,5 +34,49 @@
self.title = title
self.description = description
+ self.denyall = []
+ self.grantall = []
+
def __repr__(self):
return 'PermissionsMap(%r)' % self.name
+
+ def getPermissionsForRole(self, role_id):
+ settings = {}
+
+ if self.grantall:
+ settings.update(
+ [(pid, Allow) for pid in self.grantall])
+
+ if self.denyall:
+ settings.update(
+ [(pid, Deny) for pid in self.denyall])
+
+ if settings:
+ settings.update(
+ [(pid, setting) for pid, setting in \
+ super(PermissionsMap, self).getPermissionsForRole(role_id)])
+
+ return settings.items()
+
+ else:
+ return super(PermissionsMap, self).getPermissionsForRole(role_id)
+
+ def getRolesForPermission(self, permission_id):
+ all = None
+
+ if permission_id in self.denyall:
+ all = Deny
+ elif permission_id in self.grantall:
+ all = Allow
+
+ if all is not None:
+ settings = dict(
+ [(id, all) for id, role in getUtilitiesFor(IRole)])
+
+ settings.update(
+ [(rid, setting) for rid, setting in \
+ super(PermissionsMap, self).getRolesForPermission(permission_id)])
+
+ return settings.items()
+ else:
+ return super(PermissionsMap, self).getRolesForPermission(permission_id)
Modified: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py 2009-02-13 10:10:07 UTC (rev 96488)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py 2009-02-13 10:51:03 UTC (rev 96489)
@@ -170,14 +170,20 @@
getattr(permissionmap, method)(permission, role)
-def directiveHandlerAll(name, method, permissions):
+def directiveHandlerAll(name, method, permissions, attr):
sm = globalregistry.globalSiteManager
permissionmap = sm.getUtility(IPermissionsMap, name)
- for role_id, role in getUtilitiesFor(IRole):
+ if attr == 'unsetall':
+ for role_id, role in getUtilitiesFor(IRole):
+ for permission in permissions:
+ getattr(permissionmap, method)(permission, role_id)
+ else:
+ lst = getattr(permissionmap, attr)
for permission in permissions:
- getattr(permissionmap, method)(permission, role_id)
+ if permission not in lst:
+ lst.append(permission)
class permissionsMapDirective(object):
@@ -228,7 +234,7 @@
('z3ext.permissions.grantAll',
self.name, tuple(permission))),
callable = directiveHandlerAll,
- args = (self.name, 'grantPermissionToRole', permission))
+ args = (self.name, 'grantPermissionToRole', permission, 'grantall'))
def denyAll(self, _context, permission):
_context.action(
@@ -236,7 +242,7 @@
('z3ext.permissions.denyAll',
self.name, tuple(permission))),
callable = directiveHandlerAll,
- args = (self.name, 'denyPermissionToRole', permission))
+ args = (self.name, 'denyPermissionToRole', permission, 'denyall'))
def unsetAll(self, _context, permission):
_context.action(
@@ -244,4 +250,4 @@
('z3ext.permissions.unsetAll',
self.name, tuple(permission))),
callable = directiveHandlerAll,
- args = (self.name, 'unsetPermissionFromRole', permission))
+ args = (self.name, 'unsetPermissionFromRole', permission, 'unsetall'))
More information about the Checkins
mailing list