[Checkins] SVN: z3ext.permissionsmap/trunk/ - Calculate roles settings dynamicly for <denyAll> and <grantAll>

Nikolay Kim fafhrd at datacom.kz
Fri Feb 13 05:51:03 EST 2009 

Log message for revision 96489:
  - Calculate roles settings dynamicly for <denyAll> and <grantAll>
    (Check for local roles)
  
  

Changed:
  _U  z3ext.permissionsmap/trunk/
  U   z3ext.permissionsmap/trunk/CHANGES.txt
  U   z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py
  U   z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py

-=-

Property changes on: z3ext.permissionsmap/trunk
___________________________________________________________________
Added: svn:ignore
   + develop-eggs
eggs
bin
parts
coverage
externals
.installed.cfg


Modified: z3ext.permissionsmap/trunk/CHANGES.txt
===================================================================
--- z3ext.permissionsmap/trunk/CHANGES.txt	2009-02-13 10:10:07 UTC (rev 96488)
+++ z3ext.permissionsmap/trunk/CHANGES.txt	2009-02-13 10:51:03 UTC (rev 96489)
@@ -2,6 +2,13 @@
 CHANGES
 =======
 
+1.2.1 (Unreleased)
+------------------
+
+- Calculate roles settings dynamicly for <denyAll> and <grantAll>
+  (Check for local roles)
+
+
 1.2.0 (2008-03-21)
 ------------------
 

Modified: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py	2009-02-13 10:10:07 UTC (rev 96488)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py	2009-02-13 10:51:03 UTC (rev 96489)
@@ -16,6 +16,9 @@
 $Id$
 """
 from zope import interface
+from zope.component import getUtilitiesFor
+from zope.securitypolicy.interfaces import IRole
+from zope.securitypolicy.interfaces import Allow, Deny, Unset
 from zope.securitypolicy.securitymap import PersistentSecurityMap
 from zope.securitypolicy.rolepermission import RolePermissionManager
 
@@ -31,5 +34,49 @@
         self.title = title
         self.description = description
 
+        self.denyall = []
+        self.grantall = []
+
     def __repr__(self):
         return 'PermissionsMap(%r)' % self.name
+
+    def getPermissionsForRole(self, role_id):
+        settings = {}
+
+        if self.grantall:
+            settings.update(
+                [(pid, Allow) for pid in self.grantall])
+
+        if self.denyall:
+            settings.update(
+                [(pid, Deny) for pid in self.denyall])
+
+        if settings:
+            settings.update(
+                [(pid, setting) for pid, setting in \
+                     super(PermissionsMap, self).getPermissionsForRole(role_id)])
+            
+            return settings.items()
+
+        else:
+            return super(PermissionsMap, self).getPermissionsForRole(role_id)
+
+    def getRolesForPermission(self, permission_id):
+        all = None
+
+        if permission_id in self.denyall:
+            all = Deny
+        elif permission_id in self.grantall:
+            all = Allow
+
+        if all is not None:
+            settings = dict(
+                [(id, all) for id, role in getUtilitiesFor(IRole)])
+
+            settings.update(
+                [(rid, setting) for rid, setting in \
+                     super(PermissionsMap, self).getRolesForPermission(permission_id)])
+
+            return settings.items()
+        else:
+            return super(PermissionsMap, self).getRolesForPermission(permission_id)

Modified: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py	2009-02-13 10:10:07 UTC (rev 96488)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py	2009-02-13 10:51:03 UTC (rev 96489)
@@ -170,14 +170,20 @@
                 getattr(permissionmap, method)(permission, role)
 
 
-def directiveHandlerAll(name, method, permissions):
+def directiveHandlerAll(name, method, permissions, attr):
     sm = globalregistry.globalSiteManager
 
     permissionmap = sm.getUtility(IPermissionsMap, name)
 
-    for role_id, role in getUtilitiesFor(IRole):
+    if attr == 'unsetall':
+        for role_id, role in getUtilitiesFor(IRole):
+            for permission in permissions:
+                getattr(permissionmap, method)(permission, role_id)
+    else:
+        lst = getattr(permissionmap, attr)
         for permission in permissions:
-            getattr(permissionmap, method)(permission, role_id)
+            if permission not in lst:
+                lst.append(permission)
 
 
 class permissionsMapDirective(object):
@@ -228,7 +234,7 @@
                 ('z3ext.permissions.grantAll', 
                  self.name, tuple(permission))),
             callable = directiveHandlerAll,
-            args = (self.name, 'grantPermissionToRole', permission))
+            args = (self.name, 'grantPermissionToRole', permission, 'grantall'))
 
     def denyAll(self, _context, permission):
         _context.action(
@@ -236,7 +242,7 @@
                 ('z3ext.permissions.denyAll', 
                  self.name, tuple(permission))),
             callable = directiveHandlerAll,
-            args = (self.name, 'denyPermissionToRole', permission))
+            args = (self.name, 'denyPermissionToRole', permission, 'denyall'))
 
     def unsetAll(self, _context, permission):
         _context.action(
@@ -244,4 +250,4 @@
                 ('z3ext.permissions.unsetAll', 
                  self.name, tuple(permission))),
             callable = directiveHandlerAll,
-            args = (self.name, 'unsetPermissionFromRole', permission))
+            args = (self.name, 'unsetPermissionFromRole', permission, 'unsetall'))

More information about the Checkins mailing list