[Checkins] SVN: z3ext.security/trunk/ Added 'getPrincipalsForPermission' to IExtendedGrantInfo interface

Nikolay Kim fafhrd at datacom.kz
Mon Jan 12 00:04:16 EST 2009 

Log message for revision 94691:
  Added 'getPrincipalsForPermission' to IExtendedGrantInfo interface

Changed:
  U   z3ext.security/trunk/CHANGES.txt
  U   z3ext.security/trunk/src/z3ext/security/grantinfo.py
  U   z3ext.security/trunk/src/z3ext/security/grantinfo.txt
  U   z3ext.security/trunk/src/z3ext/security/interfaces.py

-=-
Modified: z3ext.security/trunk/CHANGES.txt
===================================================================
--- z3ext.security/trunk/CHANGES.txt	2009-01-11 17:24:09 UTC (rev 94690)
+++ z3ext.security/trunk/CHANGES.txt	2009-01-12 05:04:15 UTC (rev 94691)
@@ -2,6 +2,12 @@
 CHANGES
 =======
 
+1.2.3 (2009-01-??)
+------------------
+
+- Added 'getPrincipalsForPermission' to IExtendedGrantInfo interface
+
+
 1.2.2 (2009-01-09)
 ------------------
 

Modified: z3ext.security/trunk/src/z3ext/security/grantinfo.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/grantinfo.py	2009-01-11 17:24:09 UTC (rev 94690)
+++ z3ext.security/trunk/src/z3ext/security/grantinfo.py	2009-01-12 05:04:15 UTC (rev 94691)
@@ -19,13 +19,18 @@
 from zope import interface, component
 from zope.component import getAdapters
 from zope.security.proxy import removeSecurityProxy
+from zope.securitypolicy.interfaces import Unset
 
 from zope.securitypolicy.interfaces import IPrincipalRoleMap
 from zope.securitypolicy.interfaces import IRolePermissionMap
+from zope.securitypolicy.interfaces import IPrincipalPermissionMap
 
 from zope.securitypolicy.principalrole import principalRoleManager
 globalPrincipalsForRole = principalRoleManager.getPrincipalsForRole
 
+from zope.securitypolicy.principalpermission import principalPermissionManager
+globalPrincipalPermission = principalPermissionManager.getPrincipalsForPermission
+
 from interfaces import IExtendedGrantInfo
 from securitypolicy import globalRolesForPrincipal, globalRolesForPermission
 
@@ -102,3 +107,25 @@
                     principals[principal] = setting
 
         return principals.items()
+
+    def getPrincipalsForPermission(self, permission):
+        context = removeSecurityProxy(self.context)
+
+        principals = {}
+        for name, prinper in getAdapters((context,), IPrincipalPermissionMap):
+            for principal, setting in prinper.getPrincipalsForPermission(permission):
+                if principal not in principals:
+                    principals[principal] = setting
+
+        parent = getattr(context, '__parent__', None)
+        if parent is None:
+            for principal, setting in globalPrincipalPermission(permission):
+                if principal not in principals:
+                    principals[principal] = setting
+        else:
+            info = IExtendedGrantInfo(parent)
+            for principal, setting in info.getPrincipalsForPermission(permission):
+                if principal not in principals:
+                    principals[principal] = setting
+
+        return principals.items()

Modified: z3ext.security/trunk/src/z3ext/security/grantinfo.txt
===================================================================
--- z3ext.security/trunk/src/z3ext/security/grantinfo.txt	2009-01-11 17:24:09 UTC (rev 94690)
+++ z3ext.security/trunk/src/z3ext/security/grantinfo.txt	2009-01-12 05:04:15 UTC (rev 94691)
@@ -51,6 +51,10 @@
    >>> grantinfo.getRolesForPermission('P1')
    []
 
+
+getRolesForPermission
+---------------------
+
 This is standard behaviour:
 
    >>> roleper  = interfaces.IRolePermissionManager(ob3)
@@ -92,7 +96,15 @@
    >>> grantinfo.getRolesForPermission('P1')
    [('role3', PermissionSetting: Deny)]
 
+global RolesForPermission
 
+   >>> from zope.securitypolicy.rolepermission import rolePermissionManager
+   >>> rolePermissionManager.grantPermissionToRole('P1', 'role4', False)
+
+   >>> grantinfo.getRolesForPermission('P1')
+   [('role4', PermissionSetting: Allow), ('role3', PermissionSetting: Deny)]
+
+
 getRolesForPrincipal
 --------------------
 
@@ -150,3 +162,20 @@
 
    >>> grantinfo.getPrincipalsForRole('role1')
    [('bob', PermissionSetting: Allow), ('bob2', PermissionSetting: Allow), ('bob1', PermissionSetting: Allow)]
+
+
+getPrincipalsForPermission
+--------------------------
+
+   >>> from zope.securitypolicy.interfaces import IPrincipalPermissionManager
+   >>> from zope.securitypolicy.principalpermission import principalPermissionManager
+
+   >>> principalPermissionManager.grantPermissionToPrincipal('perm1', 'user1', False)
+
+   >>> grantinfo = IExtendedGrantInfo(ob3)
+   >>> grantinfo.getPrincipalsForPermission('perm1')
+   [('user1', PermissionSetting: Allow)]
+
+   >>> IPrincipalPermissionManager(ob2).denyPermissionToPrincipal('perm1', 'user1')
+   >>> grantinfo.getPrincipalsForPermission('perm1')
+   [('user1', PermissionSetting: Deny)]

Modified: z3ext.security/trunk/src/z3ext/security/interfaces.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/interfaces.py	2009-01-11 17:24:09 UTC (rev 94690)
+++ z3ext.security/trunk/src/z3ext/security/interfaces.py	2009-01-12 05:04:15 UTC (rev 94691)
@@ -38,3 +38,6 @@
 
     def getPrincipalsForRole(role_id):
         """ Get the principals that have been granted a role. """
+
+    def getPrincipalsForPermission(permission):
+        """ Get principals for permission """

More information about the Checkins mailing list