[Zope-Checkins] SVN: Zope/trunk/src/ Split up RoleManager into a base class and a ZMI / request facing version in OFS.role

Hanno Schlichting hannosch at hannosch.eu
Sat Jun 19 07:59:53 EDT 2010


Log message for revision 113636:
  Split up RoleManager into a base class and a ZMI / request facing version in OFS.role
  

Changed:
  U   Zope/trunk/src/AccessControl/PermissionMapping.py
  U   Zope/trunk/src/AccessControl/Role.py
  D   Zope/trunk/src/AccessControl/dtml/access.dtml
  D   Zope/trunk/src/AccessControl/dtml/acquiredEdit.dtml
  D   Zope/trunk/src/AccessControl/dtml/editLocalRoles.dtml
  D   Zope/trunk/src/AccessControl/dtml/listLocalRoles.dtml
  D   Zope/trunk/src/AccessControl/dtml/permissionEdit.dtml
  D   Zope/trunk/src/AccessControl/dtml/reportUserPermissions.dtml
  D   Zope/trunk/src/AccessControl/dtml/roleEdit.dtml
  U   Zope/trunk/src/AccessControl/interfaces.py
  U   Zope/trunk/src/AccessControl/tests/testRole.py
  A   Zope/trunk/src/OFS/dtml/access.dtml
  A   Zope/trunk/src/OFS/dtml/acquiredEdit.dtml
  A   Zope/trunk/src/OFS/dtml/editLocalRoles.dtml
  A   Zope/trunk/src/OFS/dtml/listLocalRoles.dtml
  A   Zope/trunk/src/OFS/dtml/permissionEdit.dtml
  A   Zope/trunk/src/OFS/dtml/reportUserPermissions.dtml
  A   Zope/trunk/src/OFS/dtml/roleEdit.dtml
  A   Zope/trunk/src/OFS/role.py

-=-
Modified: Zope/trunk/src/AccessControl/PermissionMapping.py
===================================================================
--- Zope/trunk/src/AccessControl/PermissionMapping.py	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/PermissionMapping.py	2010-06-19 11:59:53 UTC (rev 113636)
@@ -13,7 +13,7 @@
 """Permission Mapping
 
 Sometimes, we need an object's permissions to be remapped to other permissions
-when the object is used in specual ways.  This is rather hard, since we
+when the object is used in special ways.  This is rather hard, since we
 need the object's ordinary permissions intact so we can manage it.
 """
 
@@ -32,7 +32,7 @@
 class RoleManager:
 
     implements(IPermissionMappingSupport)
-    
+
     # XXX: No security declarations?
 
     def manage_getPermissionMapping(self):

Modified: Zope/trunk/src/AccessControl/Role.py
===================================================================
--- Zope/trunk/src/AccessControl/Role.py	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/Role.py	2010-06-19 11:59:53 UTC (rev 113636)
@@ -18,20 +18,15 @@
 from Acquisition import aq_base
 from Acquisition import aq_get
 from ExtensionClass import Base
-from PermissionMapping import RoleManager
 from zope.interface import implements
 
-# TODO dependencies
-from App.Dialogs import MessageDialog
-from App.special_dtml import DTMLFile
-
 from AccessControl import ClassSecurityInfo
 from AccessControl.class_init import InitializeClass
 from AccessControl.interfaces import IRoleManager
 from AccessControl.Permission import getPermissions
 from AccessControl.Permission import Permission
+from AccessControl.PermissionMapping import RoleManager
 from AccessControl.Permissions import change_permissions
-from AccessControl.requestmethod import requestmethod
 from AccessControl.SecurityManagement import newSecurityManager
 
 DEFAULTMAXLISTUSERS = 250
@@ -45,24 +40,16 @@
     return not aq_get(self, '_isBeingUsedAsAMethod_', 0)
 
 
-class RoleManager(Base, RoleManager):
-
+class BaseRoleManager(Base, RoleManager):
     """An object that has configurable permissions"""
 
     implements(IRoleManager)
-
+    permissionMappingPossibleValues=Acquired
     security = ClassSecurityInfo()
 
-    manage_options=(
-        {'label': 'Security', 'action': 'manage_access'},
-        )
+    __ac_roles__ = ('Manager', 'Owner', 'Anonymous', 'Authenticated')
+    __ac_local_roles__ = None
 
-    __ac_roles__=('Manager', 'Owner', 'Anonymous', 'Authenticated')
-
-    permissionMappingPossibleValues=Acquired
-
-    #------------------------------------------------------------
-
     security.declareProtected(change_permissions, 'ac_inherited_permissions')
     def ac_inherited_permissions(self, all=0):
         # Get all permissions not defined in ourself that are inherited
@@ -122,13 +109,8 @@
             result.append(d)
         return result
 
-    security.declareProtected(change_permissions, 'manage_roleForm')
-    manage_roleForm=DTMLFile('dtml/roleEdit', globals(),
-                             management_view='Security')
-
     security.declareProtected(change_permissions, 'manage_role')
-    @requestmethod('POST')
-    def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
+    def manage_role(self, role_to_manage, permissions=[]):
         """Change the permissions given to the given role.
         """
         for p in self.ac_inherited_permissions(1):
@@ -136,16 +118,8 @@
             p=Permission(name, value, self)
             p.setRole(role_to_manage, name in permissions)
 
-        if REQUEST is not None:
-            return self.manage_access(REQUEST)
-
-    security.declareProtected(change_permissions, 'manage_acquiredForm')
-    manage_acquiredForm=DTMLFile('dtml/acquiredEdit', globals(),
-                                 management_view='Security')
-
     security.declareProtected(change_permissions, 'manage_acquiredPermissions')
-    @requestmethod('POST')
-    def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
+    def manage_acquiredPermissions(self, permissions=[]):
         """Change the permissions that acquire.
         """
         for p in self.ac_inherited_permissions(1):
@@ -159,9 +133,6 @@
             else:
                 p.setRoles(tuple(roles))
 
-        if REQUEST is not None:
-            return self.manage_access(REQUEST)
-
     def manage_getUserRolesAndPermissions(self, user_id):
         """ Used for permission/role reporting for a given user_id.
             Returns a dict mapping
@@ -172,10 +143,9 @@
             'allowed_permissions' -> permissions allowed for the user,
             'disallowed_permissions' -> all other permissions
         """
-
         d = {}
-
         current = self
+
         while 1:
             try:
                 uf = current.acl_users
@@ -188,7 +158,6 @@
             else:
                 current = current.__parent__
 
-
         newSecurityManager(None, userObj) # necessary?
         userObj = userObj.__of__(uf)
 
@@ -199,7 +168,6 @@
         roles.sort()
         d['roles'] = roles
 
-
         # roles in context
         roles = list(userObj.getRolesInContext(self))
         roles.sort()
@@ -221,15 +189,8 @@
 
         return d
 
-
-    security.declareProtected(change_permissions, 'manage_permissionForm')
-    manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(),
-                                   management_view='Security')
-
     security.declareProtected(change_permissions, 'manage_permission')
-    @requestmethod('POST')
-    def manage_permission(self, permission_to_manage,
-                          roles=[], acquire=0, REQUEST=None):
+    def manage_permission(self, permission_to_manage, roles=[], acquire=0):
         """Change the settings for the given permission.
 
         If optional arg acquire is true, then the roles for the permission
@@ -245,61 +206,15 @@
                 else:
                     roles=tuple(roles)
                 p.setRoles(roles)
-                if REQUEST is not None:
-                    return self.manage_access(REQUEST)
                 return
 
         raise ValueError(
             "The permission <em>%s</em> is invalid." %
                 escape(permission_to_manage))
 
-    _normal_manage_access=DTMLFile('dtml/access', globals())
-    manage_reportUserPermissions=DTMLFile(
-        'dtml/reportUserPermissions', globals())
-
-    security.declareProtected(change_permissions, 'manage_access')
-    def manage_access(self, REQUEST, **kw):
-        """Return an interface for making permissions settings.
-        """
-        return apply(self._normal_manage_access, (), kw)
-
-    security.declareProtected(change_permissions, 'manage_changePermissions')
-    @requestmethod('POST')
-    def manage_changePermissions(self, REQUEST):
-        """Change all permissions settings, called by management screen.
-        """
-        valid_roles=self.valid_roles()
-        indexes=range(len(valid_roles))
-        have=REQUEST.has_key
-        permissions=self.ac_inherited_permissions(1)
-        fails = []
-        for ip in range(len(permissions)):
-            roles = []
-            for ir in indexes:
-                if have("p%dr%d" % (ip, ir)):
-                    roles.append(valid_roles[ir])
-            name, value = permissions[ip][:2]
-            try:
-                p = Permission(name, value, self)
-                if not have('a%d' % ip):
-                    roles=tuple(roles)
-                p.setRoles(roles)
-            except:
-                fails.append(name)
-
-        if fails:
-            return MessageDialog(title="Warning!",
-                                 message="Some permissions had errors: "
-                                   + escape(', '.join(fails)),
-                                 action='manage_access')
-        return MessageDialog(
-            title = 'Success!',
-            message = 'Your changes have been saved',
-            action = 'manage_access')
-
     security.declareProtected(change_permissions, 'permissionsOfRole')
     def permissionsOfRole(self, role):
-        """Used by management screen.
+        """Returns a role to permission mapping.
         """
         r = []
         for p in self.ac_inherited_permissions(1):
@@ -313,7 +228,7 @@
 
     security.declareProtected(change_permissions, 'rolesOfPermission')
     def rolesOfPermission(self, permission):
-        """Used by management screen.
+        """Returns a permission to role mapping.
         """
         valid_roles = self.valid_roles()
         for p in self.ac_inherited_permissions(1):
@@ -333,8 +248,8 @@
 
     security.declareProtected(change_permissions, 'acquiredRolesAreUsedBy')
     def acquiredRolesAreUsedBy(self, permission):
-        """Used by management screen.
         """
+        """
         for p in self.ac_inherited_permissions(1):
             name, value = p[:2]
             if name==permission:
@@ -353,16 +268,6 @@
     # extra roles in a particular object, an entry for that user is made
     # in the __ac_local_roles__ dict containing the extra roles.
 
-    __ac_local_roles__=None
-
-    security.declareProtected(change_permissions, 'manage_listLocalRoles')
-    manage_listLocalRoles=DTMLFile('dtml/listLocalRoles', globals(),
-                                   management_view='Security')
-
-    security.declareProtected(change_permissions, 'manage_editLocalRoles')
-    manage_editLocalRoles=DTMLFile('dtml/editLocalRoles', globals(),
-                                   management_view='Security')
-
     def has_local_roles(self):
         dict=self.__ac_local_roles__ or {}
         return len(dict)
@@ -417,8 +322,7 @@
         return tuple(dict.get(userid, []))
 
     security.declareProtected(change_permissions, 'manage_addLocalRoles')
-    @requestmethod('POST')
-    def manage_addLocalRoles(self, userid, roles, REQUEST=None):
+    def manage_addLocalRoles(self, userid, roles):
         """Set local roles for a user."""
         if not roles:
             raise ValueError('One or more roles must be given!')
@@ -431,13 +335,9 @@
                 local_roles.append(r)
         dict[userid] = local_roles
         self._p_changed=True
-        if REQUEST is not None:
-            stat='Your changes have been saved.'
-            return self.manage_listLocalRoles(self, REQUEST, stat=stat)
 
     security.declareProtected(change_permissions, 'manage_setLocalRoles')
-    @requestmethod('POST')
-    def manage_setLocalRoles(self, userid, roles, REQUEST=None):
+    def manage_setLocalRoles(self, userid, roles):
         """Set local roles for a user."""
         if not roles:
             raise ValueError('One or more roles must be given!')
@@ -446,13 +346,9 @@
             self.__ac_local_roles__ = dict = {}
         dict[userid]=roles
         self._p_changed = True
-        if REQUEST is not None:
-            stat='Your changes have been saved.'
-            return self.manage_listLocalRoles(self, REQUEST, stat=stat)
 
     security.declareProtected(change_permissions, 'manage_delLocalRoles')
-    @requestmethod('POST')
-    def manage_delLocalRoles(self, userids, REQUEST=None):
+    def manage_delLocalRoles(self, userids):
         """Remove all local roles for a user."""
         dict = self.__ac_local_roles__
         if dict is None:
@@ -461,9 +357,6 @@
             if userid in dict:
                 del dict[userid]
         self._p_changed=True
-        if REQUEST is not None:
-            stat='Your changes have been saved.'
-            return self.manage_listLocalRoles(self, REQUEST, stat=stat)
 
     #------------------------------------------------------------
 
@@ -531,70 +424,6 @@
                 pass
         return tuple(roles)
 
-    security.declareProtected(change_permissions, 'manage_defined_roles')
-    def manage_defined_roles(self, submit=None, REQUEST=None):
-        """Called by management screen.
-        """
-
-        if submit=='Add Role':
-            role=reqattr(REQUEST, 'role').strip()
-            return self._addRole(role, REQUEST)
-
-        if submit=='Delete Role':
-            roles=reqattr(REQUEST, 'roles')
-            return self._delRoles(roles, REQUEST)
-
-        return self.manage_access(REQUEST)
-
-    @requestmethod('POST')
-    def _addRole(self, role, REQUEST=None):
-        if not role:
-            return MessageDialog(
-                   title='Incomplete',
-                   message='You must specify a role name',
-                   action='manage_access')
-        if role in self.__ac_roles__:
-            return MessageDialog(
-                   title='Role Exists',
-                   message='The given role is already defined',
-                   action='manage_access')
-        data = list(self.__ac_roles__)
-        data.append(role)
-        self.__ac_roles__=tuple(data)
-        if REQUEST is not None:
-            return self.manage_access(REQUEST)
-
-    @requestmethod('POST')
-    def _delRoles(self, roles, REQUEST=None):
-        if not roles:
-            return MessageDialog(
-                   title='Incomplete',
-                   message='You must specify a role name',
-                   action='manage_access')
-        data = list(self.__ac_roles__)
-        for role in roles:
-            try:
-                data.remove(role)
-            except:
-                pass
-        self.__ac_roles__ = tuple(data)
-        if REQUEST is not None:
-            return self.manage_access(REQUEST)
-
-    def _has_user_defined_role(self, role):
-        return role in self.__ac_roles__
-
-    # Compatibility names only!!
-
-    smallRolesWidget=selectedRoles=aclAChecked=aclPChecked=aclEChecked=''
-    validRoles=valid_roles
-
-    def manage_editRoles(self, REQUEST, acl_type='A', acl_roles=[]):
-        pass
-
-    def _setRoles(self, acl_type, acl_roles):
-        pass
-
     def possible_permissions(self):
         d = {}
         permissions = getPermissions()
@@ -607,7 +436,7 @@
         d.sort()
         return d
 
-InitializeClass(RoleManager)
+InitializeClass(BaseRoleManager)
 
 
 def reqattr(request, attr):
@@ -675,3 +504,17 @@
                 seen[name] = None
         gather_permissions(base, result, seen)
     return result
+
+
+# BBB - this is a bit odd, but the class variable RoleManager.manage_options
+# is used by a lot of code and this isn't available on the deferredimport
+# wrapper
+try:
+    from OFS.role import RoleManager
+    RoleManager # pyflakes
+except ImportError:
+    from zope.deferredimport import deprecated
+    deprecated("RoleManager is no longer part of AccessControl, please "
+               "depend on Zope2 and import from OFS.role",
+        RoleManager = 'OFS.role:RoleManager',
+    )

Deleted: Zope/trunk/src/AccessControl/dtml/access.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/access.dtml	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/access.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,166 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if  manage_tabs><dtml-var manage_tabs></dtml-if>
-</dtml-with>
-<p class="form-help">
-The listing below shows the current security settings for this item. 
-Permissions are rows and roles are columns.  Checkboxes are used to
-indicate where roles are assigned permissions. You can also assign 
-<strong><a href="manage_listLocalRoles">local roles</a></strong> to 
-users, which give users extra roles in the context of this object and 
-its subobjects.
-</p>
-
-<p class="form-help">  
-When a role is assigned to a permission, users with the given role
-will be able to perform tasks associated with the permission on this
-item. When the <em>Acquire permission settings</em> checkbox is selected
-then the containing objects's permission settings are used. Note: the
-acquired permission settings may be augmented by selecting Roles for
-a permission in addition to selecting to acquire permissions.
-</p>
-
-
-<div>
-    <form action="manage_reportUserPermissions" method="GET">
-        Username:
-        <input type="text" name="user" size="20" />
-        <input type="submit" value="Show me the user permissions and roles in the context of the current object" />
-    </form>
-</div>
-
-<dtml-with expr="_.namespace(valid_roles=valid_roles())">
-<form action="manage_changePermissions" method="post">
-
-<table width="100%" cellspacing="0" cellpadding="2" border="0" nowrap>
-<tr class="list-header">
-  <dtml-unless isTopLevelPrincipiaApplicationObject>
-  <td>&nbsp;</td>
-  </dtml-unless>
-  <td align="left" valign="top">
-  <div class="form-label">
-  <strong>Permission</strong>
-  </div>
-  </td>
-  <td align="left" colspan="<dtml-var expr="_.len(valid_roles)">">
-  <div class="form-label">
-  <strong>Roles</strong>
-  </div>
-  </td>
-</tr>
-
-<dtml-in permission_settings mapping>
-
-<dtml-if "not (_['sequence-index']%10)">
-<tr class="row-normal">
-  <dtml-unless isTopLevelPrincipiaApplicationObject>
-  <td align="left" valign="top">
-  <div class="form-label">
-  <strong>
-  <a href="manage_acquiredForm">Acquire<dtml-unless sequence-index><BR>permission<BR>settings</dtml-unless></a>?
-  </strong>
-  </div>
-  </td>
-  </dtml-unless>
-  <td></td>
-  <dtml-in valid_roles>
-  <td align="left">
-  <div class="list-item">
-  <a href="manage_roleForm?role_to_manage=&dtml.url_quote-sequence-item;">&dtml-sequence-item;</a>
-  </div>
-  </td>
-  </dtml-in valid_roles>
-</tr>
-</dtml-if>
-
-<dtml-if sequence-odd>
-<tr class="row-normal">
-<dtml-else>
-<tr class="row-hilite">
-</dtml-if>
-
-  <dtml-unless isTopLevelPrincipiaApplicationObject>
-  <td align="left" valign="top">
-  <input type="checkbox" name="a&dtml-sequence-index;" &dtml-acquire; />
-  </td>
-  </dtml-unless>
-  <td align="left" nowrap>
-  <div class="list-item">
-  <a href="manage_permissionForm?permission_to_manage=&dtml.url_quote-name;">&dtml-name;</a>
-  </div>
-  </td>
-  <dtml-in roles mapping>
-  <td align="center">
-  <input type="checkbox" name="&dtml-name;" &dtml-checked; />
-  </td>
-  </dtml-in>
-</tr>
-</dtml-in permission_settings>
-
-<tr>
-<dtml-if isTopLevelPrincipiaApplicationObject>
-<td colspan="<dtml-var expr="_.len(valid_roles)+1">" align="left">
-<dtml-else>
-<td colspan="<dtml-var expr="_.len(valid_roles)+2">" align="left">
-</dtml-if>
-<div class="form-element">
-<input class="form-element" type="submit" name="submit" value="Save Changes" />
-</div>
-</td>
-</tr>
-</table>
-</form>
-</dtml-with>
-
-<dtml-if "_['id'] != 'acl_users'">
-<p class="form-help" >
-You can define new roles by entering a role name and clicking the 
-&quot;Add Role&quot; button.
-</p>
-
-<form action="manage_defined_roles" method="post">
-<table cellpadding="2">
-<tr>
-  <td align="left" valign="top">
-  <div class="form-label">
-  User defined roles
-  </td>
-  <td align="left" valign="top">
-  &nbsp;
-  </td>
-</tr>
-<tr>
-  <td align="left" valign="top">
-  <input type="text" name="role" size="16" value="" />
-  </td>
-  <td align="left" valign="top">
-  <div class="form-element">
-  <input class="form-element" type="submit" name="submit" value="Add Role" />
-  </div>
-  </td>
-</tr>
-<dtml-if userdefined_roles>
-<tr>
-  <td align="left" valign="top">
-  <div class="form-element">
-  <select name="roles:list">
-  <dtml-in userdefined_roles>
-  <option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
-  </dtml-in userdefined_roles>
-  </select>
-  </div>
-  </td>
-  <td align="left" valign="top">
-  <div class="form-element">
-  <input class="form-element" type="submit" name="submit" 
-   value="Delete Role" />
-  </div>
-  </td>
-</tr>
-</dtml-if userdefined_roles>
-</table>
-</form>
-</dtml-if>
-
-<dtml-var manage_page_footer>
-

Deleted: Zope/trunk/src/AccessControl/dtml/acquiredEdit.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/acquiredEdit.dtml	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/acquiredEdit.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,22 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
-</dtml-with>
-<p class="form-help">
-Select permissions that acquire permission settings:
-</p>
-
-<form action="manage_acquiredPermissions" method="post">
-<select name="permissions:list" multiple size="10">
-<dtml-in permission_settings mapping>
-  <option<dtml-if acquire> selected</dtml-if>>&dtml-name;</option>
-</dtml-in>
-</select>
-<p>
-<div class="form-element">
-<input class="form-element" type="submit" name="submit" value="Save Changes" />
-</div>
-</p>
-</form>
-
-<dtml-var manage_page_footer>

Deleted: Zope/trunk/src/AccessControl/dtml/editLocalRoles.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/editLocalRoles.dtml	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/editLocalRoles.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,56 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
-</dtml-with>
-<p class="form-help">
-Local roles allow you to give particular users extra roles in the 
-context of this object, in addition to the roles they already have. 
-</p>
-
-<p class="form-help">
-To change the local roles for this user, select the extra roles this 
-user should have in the context of this object and click the <em>
-Save Changes</em> button.
-</p>
-
-<form action="manage_setLocalRoles" method="post">
-<table cellspacing="0" cellpadding="2" border="0">
-<tr>
-  <td align="left" valign="top">
-  <div class="form-label">User</div>
-  </td>
-  <td align="left" valign="top">
-  <div class="form-label">Roles</div>
-  </td>
-</tr>
-<tr>
-  <td align="left" valign="top">
-  <div class="form-text">&dtml-userid;</div>
-  </td>
-  <td align="left" valign="top">
-  <div class="form-element">
-  <input type="hidden" name="userid" value="&dtml-userid;">
-<dtml-with "_(user_roles=get_local_roles_for_userid(userid))">
-  <select name="roles:list" size="5" multiple>
-<dtml-in valid_roles><dtml-if 
-"_vars['sequence-item'] not in ('Anonymous', 'Shared', 'Authenticated')">
-<option value="&dtml-sequence-item;"<dtml-if 
-"_['sequence-item'] in user_roles"> selected</dtml-if>>&dtml-sequence-item;
-</dtml-if>
-</dtml-in>
-  </select>
-</dtml-with>
-  </div>
-  </td>
-</tr>
-<tr>
-  <td align="left" valign="top" colspan="2">
-  <div class="form-element">
-  <input class="form-element" type="submit" value="Save Changes" />
-  </div>
-  </td>
-</tr>
-</table>
-</form>
-
-<dtml-var manage_page_footer>

Deleted: Zope/trunk/src/AccessControl/dtml/listLocalRoles.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/listLocalRoles.dtml	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/listLocalRoles.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,111 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
-</dtml-with>
-<dtml-if stat>
-<hr>
-<font color="red">&dtml-stat;</font>
-<hr>
-</dtml-if>
-
-<p class="form-help">
-Local roles allow you to give particular users extra roles in the context 
-of this object, in addition to the roles they already have. 
-</p>
-
-<dtml-if has_local_roles>
-<p class="form-help">
-The following users have been given local roles. To modify the local roles 
-given to a particular user, click on the name of the user. To remove all 
-local roles from a user, select the checkbox next to the name of the user 
-and click the <em>Remove</em> button.
-</p>
-<form action="manage_delLocalRoles" method="POST">
-<table cellspacing="0" cellpadding="2" border="0">
-<dtml-in get_local_roles>
-<tr>
-  <td align="left" valign="top">
-  <input type="checkbox" name="userids:list" value="&dtml-sequence-key;" />
-  </td>
-  <td align="left" valign="top">
-  <div class="form-text">
-  <a href="manage_editLocalRoles?userid=&dtml.url_quote-sequence-key;">&dtml-sequence-key;</a> (<dtml-in 
-   sequence-item>&dtml-sequence-item;<dtml-unless 
-   sequence-end>, </dtml-unless></dtml-in>)
-  </div>
-  </td>
-</tr>
-</dtml-in>
-<tr>
-  <td align="left" valign="top">
-  </td>
-  <td align="left" valign="top">
-  <div class="form-element">
-  <input class="form-element" type="submit" name="submit" value="Remove" />
-  </div>
-  </td>
-</tr>
-</table>
-</form>
-</dtml-if>
-
-<p>
-To give a user extra roles when accessing this object (and its children), 
-select a user from the <em>User</em> list below, select the extra 
-roles that should be given to that user from the <em>Roles</em> list.
-</p>
-
-<form action="manage_setLocalRoles" method="POST">
-<table cellpadding="2" cellspacing="0" border="0">
-<tr>
-  <td align="left" valign="top">
-  <div class="form-label">
-  User
-  </div>
-  </td>
-  <td align="left" valign="top">
-  <div class="form-label">
-  Roles
-  </div>
-  </td>
-</tr>
-<tr>
-  <td align="left" valign="top">
-  <div class="form-element">
-  <dtml-try>
-  <select name="userid" size="5">
-  <dtml-in get_valid_userids>
-  <option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
-  </dtml-in>
-  </select>
-  <dtml-except OverflowError>
-
-  <input name="userid" size=10>
-  
-  </dtml-try>
-  </div>
-  </td>
-  <td align="left" valign="top">
-  <div class="form-element">
-  <select name="roles:list" size="5" multiple>
-<dtml-in valid_roles><dtml-if 
-"_vars['sequence-item'] not in ('Anonymous', 'Shared', 'Authenticated')">
-<option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
-</dtml-if>
-</dtml-in>
-  </select>
-  </div>
-  </td>
-</tr>
-<tr>
-  <td align="left" valign="top">
-  <div class="form-element">
-  <input class="form-element" type="submit" name="submit" value=" Add " />
-  </div>
-  </td>
-  <td></td>
-</tr>
-</table>
-</form>
-
-<dtml-var manage_page_footer>

Deleted: Zope/trunk/src/AccessControl/dtml/permissionEdit.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/permissionEdit.dtml	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/permissionEdit.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,36 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
-</dtml-with>
-<p class="form-text">
-Roles assigned to the permission <strong>&dtml-permission_to_manage;</strong>
-</p>
-
-<form action="manage_permission" method="post">
-<p>
-<input type="hidden" name="permission_to_manage" value="&dtml-permission_to_manage;" />
-<div class="form-element">
-<select name="roles:list" multiple size="10">
-<dtml-in expr="rolesOfPermission(permission_to_manage)" mapping=1>
-  <option &dtml-selected;>&dtml-name;</option>
-</dtml-in>
-</select>
-</div>
-</p>
-
-<dtml-unless isTopLevelPrincipiaApplicationObject>
-<p>
-<div class="form-text">
-<input type="checkbox" name="acquire" <dtml-var expr="acquiredRolesAreUsedBy(permission_to_manage)">> 
-Also use roles acquired from folders containing this object
-</p>
-</dtml-unless>
-
-<p>
-<div class="form-element">
-<input class="form-element" type="submit" name="submit" value="Save Changes" />
-</div>
-</p>
-</form>
-
-<dtml-var manage_page_footer>

Deleted: Zope/trunk/src/AccessControl/dtml/reportUserPermissions.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/reportUserPermissions.dtml	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/reportUserPermissions.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,79 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Security')">
-<dtml-if  manage_tabs><dtml-var manage_tabs></dtml-if>
-</dtml-with>
-
-<p class="form-help">
-This listing shows the permissions and roles for particular user
-in the context of the current object.
-</p>
-
-<dtml-let result="manage_getUserRolesAndPermissions(user)">
-
-<b>User account </b>: &dtml-user;
-<br/>
-<b>User account defined in</b>: <dtml-var "result['user_defined_in']">
-<br/>
-<br/>
-
-<table width="50%" cellspacing="0" cellpadding="4" border="1" nowrap>
-    <thead>
-        <tr>
-            <th>Roles</th>
-            <th>Roles in context</th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td valign="top">
-                <ul>
-                    <dtml-in "result['roles']">
-                        <li>&dtml-sequence-item;
-                    </dtml-in>
-                </ul>
-            </td>
-            <td valign="top">
-                <ul>
-                    <dtml-in "result['roles_in_context']">
-                        <li>&dtml-sequence-item;
-                    </dtml-in>
-                </ul>
-            </td>
-        </tr>
-    </tbody>
-</table>
-
-<br/>
-
-<table width="50%" cellspacing="0" cellpadding="4" border="1" nowrap>
-    <thead>
-        <tr>
-            <th>Allowed permissions</th>
-            <th>Disallowed permissions</th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td valign="top">
-                <ul>
-                    <dtml-in "result['allowed_permissions']">
-                        <li>&dtml-sequence-item;
-                    </dtml-in>
-                </ul>
-            </td>
-            <td valign="top">
-                <ul>
-                    <dtml-in "result['disallowed_permissions']">
-                        <li>&dtml-sequence-item;
-                    </dtml-in>
-                </ul>
-            </td>
-        </tr>
-    </tbody>
-</table>
-
-
-</dtml-let>
-
-<dtml-var manage_page_footer>
-

Deleted: Zope/trunk/src/AccessControl/dtml/roleEdit.dtml
===================================================================
--- Zope/trunk/src/AccessControl/dtml/roleEdit.dtml	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/dtml/roleEdit.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -1,32 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
-
-<p class="form-text">
-Permissions assigned to the role <strong>&dtml-role_to_manage;</strong>
-</p>
-
-<form action="manage_role" method="post">
-<p>
-<input type=hidden name=role_to_manage value="&dtml-role_to_manage;">
-<div class="form-element">
-<select name="permissions:list" multiple size="10">
-<dtml-in expr="permissionsOfRole(role_to_manage)" mapping=1>
-  <option &dtml-selected;>&dtml-name;</option>
-</dtml-in>
-</select>
-</div>
-</p>
-
-<p>
-<div class="form-element">
-<input class="form-element" type="submit" name="submit" value="Save Changes" />
-</div>
-</p>
-</form>
-
-<dtml-var manage_page_footer>
-
-
-
-
-

Modified: Zope/trunk/src/AccessControl/interfaces.py
===================================================================
--- Zope/trunk/src/AccessControl/interfaces.py	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/interfaces.py	2010-06-19 11:59:53 UTC (rev 113636)
@@ -85,9 +85,6 @@
         """
 
 
-# XXX: might contain non-API methods and outdated comments;
-#      not synced with ZopeBook API Reference;
-#      based on AccessControl.PermissionMapping.RoleManager
 class IPermissionMappingSupport(Interface):
 
     def manage_getPermissionMapping():
@@ -107,11 +104,7 @@
         """
 
 
-# XXX: might contain non-API methods and outdated comments;
-#      not synced with ZopeBook API Reference;
-#      based on AccessControl.Role.RoleManager
 class IRoleManager(IPermissionMappingSupport):
-
     """An object that has configurable permissions"""
 
     permissionMappingPossibleValues = Attribute("""Acquired attribute""")
@@ -130,22 +123,15 @@
         'permission' is returned.
         """
 
-    manage_roleForm = Attribute(""" """)
-
-    def manage_role(role_to_manage, permissions=[], REQUEST=None):
+    def manage_role(role_to_manage, permissions=[]):
         """Change the permissions given to the given role.
         """
 
-    manage_acquiredForm = Attribute(""" """)
-
-    def manage_acquiredPermissions(permissions=[], REQUEST=None):
+    def manage_acquiredPermissions(permissions=[]):
         """Change the permissions that acquire.
         """
 
-    manage_permissionForm = Attribute(""" """)
-
-    def manage_permission(permission_to_manage,
-                          roles=[], acquire=0, REQUEST=None):
+    def manage_permission(permission_to_manage, roles=[], acquire=0):
         """Change the settings for the given permission.
 
         If optional arg acquire is true, then the roles for the permission
@@ -153,41 +139,18 @@
         permissions are restricted to only the designated roles.
         """
 
-    def manage_access(REQUEST, **kw):
-        """Return an interface for making permissions settings.
-        """
-
-    def manage_changePermissions(REQUEST):
-        """Change all permissions settings, called by management screen.
-        """
-
     def permissionsOfRole(role):
-        """Used by management screen.
+        """Returns a role to permission mapping.
         """
 
     def rolesOfPermission(permission):
-        """Used by management screen.
+        """Returns a permission to role mapping.
         """
 
     def acquiredRolesAreUsedBy(permission):
-        """Used by management screen.
         """
+        """
 
-
-    # Local roles support
-    # -------------------
-    #
-    # Local roles allow a user to be given extra roles in the context
-    # of a particular object (and its children). When a user is given
-    # extra roles in a particular object, an entry for that user is made
-    # in the __ac_local_roles__ dict containing the extra roles.
-
-    __ac_local_roles__  = Attribute(""" """)
-
-    manage_listLocalRoles = Attribute(""" """)
-
-    manage_editLocalRoles = Attribute(""" """)
-
     def has_local_roles():
         """
         """
@@ -208,13 +171,13 @@
         """
         """
 
-    def manage_addLocalRoles(userid, roles, REQUEST=None):
+    def manage_addLocalRoles(userid, roles):
         """Set local roles for a user."""
 
-    def manage_setLocalRoles(userid, roles, REQUEST=None):
+    def manage_setLocalRoles(userid, roles):
         """Set local roles for a user."""
 
-    def manage_delLocalRoles(userids, REQUEST=None):
+    def manage_delLocalRoles(userids):
         """Remove all local roles for a user."""
 
     #------------------------------------------------------------
@@ -235,30 +198,6 @@
         """Return list of user-defined roles.
         """
 
-    def manage_defined_roles(submit=None, REQUEST=None):
-        """Called by management screen.
-        """
-
-    def _addRole(role, REQUEST=None):
-        """
-        """
-
-    def _delRoles(roles, REQUEST=None):
-        """
-        """
-
-    def _has_user_defined_role(role):
-        """
-        """
-
-    def manage_editRoles(REQUEST, acl_type='A', acl_roles=[]):
-        """
-        """
-
-    def _setRoles(acl_type, acl_roles):
-        """
-        """
-
     def possible_permissions():
         """
         """

Modified: Zope/trunk/src/AccessControl/tests/testRole.py
===================================================================
--- Zope/trunk/src/AccessControl/tests/testRole.py	2010-06-19 11:45:13 UTC (rev 113635)
+++ Zope/trunk/src/AccessControl/tests/testRole.py	2010-06-19 11:59:53 UTC (rev 113636)
@@ -5,10 +5,10 @@
 
     def test_interfaces(self):
         from AccessControl.interfaces import IRoleManager
-        from AccessControl.Role import RoleManager
+        from AccessControl.Role import BaseRoleManager
         from zope.interface.verify import verifyClass
 
-        verifyClass(IRoleManager, RoleManager)
+        verifyClass(IRoleManager, BaseRoleManager)
 
 
 def test_suite():

Copied: Zope/trunk/src/OFS/dtml/access.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/access.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/access.dtml	                        (rev 0)
+++ Zope/trunk/src/OFS/dtml/access.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,166 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if  manage_tabs><dtml-var manage_tabs></dtml-if>
+</dtml-with>
+<p class="form-help">
+The listing below shows the current security settings for this item. 
+Permissions are rows and roles are columns.  Checkboxes are used to
+indicate where roles are assigned permissions. You can also assign 
+<strong><a href="manage_listLocalRoles">local roles</a></strong> to 
+users, which give users extra roles in the context of this object and 
+its subobjects.
+</p>
+
+<p class="form-help">  
+When a role is assigned to a permission, users with the given role
+will be able to perform tasks associated with the permission on this
+item. When the <em>Acquire permission settings</em> checkbox is selected
+then the containing objects's permission settings are used. Note: the
+acquired permission settings may be augmented by selecting Roles for
+a permission in addition to selecting to acquire permissions.
+</p>
+
+
+<div>
+    <form action="manage_reportUserPermissions" method="GET">
+        Username:
+        <input type="text" name="user" size="20" />
+        <input type="submit" value="Show me the user permissions and roles in the context of the current object" />
+    </form>
+</div>
+
+<dtml-with expr="_.namespace(valid_roles=valid_roles())">
+<form action="manage_changePermissions" method="post">
+
+<table width="100%" cellspacing="0" cellpadding="2" border="0" nowrap>
+<tr class="list-header">
+  <dtml-unless isTopLevelPrincipiaApplicationObject>
+  <td>&nbsp;</td>
+  </dtml-unless>
+  <td align="left" valign="top">
+  <div class="form-label">
+  <strong>Permission</strong>
+  </div>
+  </td>
+  <td align="left" colspan="<dtml-var expr="_.len(valid_roles)">">
+  <div class="form-label">
+  <strong>Roles</strong>
+  </div>
+  </td>
+</tr>
+
+<dtml-in permission_settings mapping>
+
+<dtml-if "not (_['sequence-index']%10)">
+<tr class="row-normal">
+  <dtml-unless isTopLevelPrincipiaApplicationObject>
+  <td align="left" valign="top">
+  <div class="form-label">
+  <strong>
+  <a href="manage_acquiredForm">Acquire<dtml-unless sequence-index><BR>permission<BR>settings</dtml-unless></a>?
+  </strong>
+  </div>
+  </td>
+  </dtml-unless>
+  <td></td>
+  <dtml-in valid_roles>
+  <td align="left">
+  <div class="list-item">
+  <a href="manage_roleForm?role_to_manage=&dtml.url_quote-sequence-item;">&dtml-sequence-item;</a>
+  </div>
+  </td>
+  </dtml-in valid_roles>
+</tr>
+</dtml-if>
+
+<dtml-if sequence-odd>
+<tr class="row-normal">
+<dtml-else>
+<tr class="row-hilite">
+</dtml-if>
+
+  <dtml-unless isTopLevelPrincipiaApplicationObject>
+  <td align="left" valign="top">
+  <input type="checkbox" name="a&dtml-sequence-index;" &dtml-acquire; />
+  </td>
+  </dtml-unless>
+  <td align="left" nowrap>
+  <div class="list-item">
+  <a href="manage_permissionForm?permission_to_manage=&dtml.url_quote-name;">&dtml-name;</a>
+  </div>
+  </td>
+  <dtml-in roles mapping>
+  <td align="center">
+  <input type="checkbox" name="&dtml-name;" &dtml-checked; />
+  </td>
+  </dtml-in>
+</tr>
+</dtml-in permission_settings>
+
+<tr>
+<dtml-if isTopLevelPrincipiaApplicationObject>
+<td colspan="<dtml-var expr="_.len(valid_roles)+1">" align="left">
+<dtml-else>
+<td colspan="<dtml-var expr="_.len(valid_roles)+2">" align="left">
+</dtml-if>
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+</div>
+</td>
+</tr>
+</table>
+</form>
+</dtml-with>
+
+<dtml-if "_['id'] != 'acl_users'">
+<p class="form-help" >
+You can define new roles by entering a role name and clicking the 
+&quot;Add Role&quot; button.
+</p>
+
+<form action="manage_defined_roles" method="post">
+<table cellpadding="2">
+<tr>
+  <td align="left" valign="top">
+  <div class="form-label">
+  User defined roles
+  </td>
+  <td align="left" valign="top">
+  &nbsp;
+  </td>
+</tr>
+<tr>
+  <td align="left" valign="top">
+  <input type="text" name="role" size="16" value="" />
+  </td>
+  <td align="left" valign="top">
+  <div class="form-element">
+  <input class="form-element" type="submit" name="submit" value="Add Role" />
+  </div>
+  </td>
+</tr>
+<dtml-if userdefined_roles>
+<tr>
+  <td align="left" valign="top">
+  <div class="form-element">
+  <select name="roles:list">
+  <dtml-in userdefined_roles>
+  <option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
+  </dtml-in userdefined_roles>
+  </select>
+  </div>
+  </td>
+  <td align="left" valign="top">
+  <div class="form-element">
+  <input class="form-element" type="submit" name="submit" 
+   value="Delete Role" />
+  </div>
+  </td>
+</tr>
+</dtml-if userdefined_roles>
+</table>
+</form>
+</dtml-if>
+
+<dtml-var manage_page_footer>
+

Copied: Zope/trunk/src/OFS/dtml/acquiredEdit.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/acquiredEdit.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/acquiredEdit.dtml	                        (rev 0)
+++ Zope/trunk/src/OFS/dtml/acquiredEdit.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,22 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
+</dtml-with>
+<p class="form-help">
+Select permissions that acquire permission settings:
+</p>
+
+<form action="manage_acquiredPermissions" method="post">
+<select name="permissions:list" multiple size="10">
+<dtml-in permission_settings mapping>
+  <option<dtml-if acquire> selected</dtml-if>>&dtml-name;</option>
+</dtml-in>
+</select>
+<p>
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+</div>
+</p>
+</form>
+
+<dtml-var manage_page_footer>

Copied: Zope/trunk/src/OFS/dtml/editLocalRoles.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/editLocalRoles.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/editLocalRoles.dtml	                        (rev 0)
+++ Zope/trunk/src/OFS/dtml/editLocalRoles.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,56 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
+</dtml-with>
+<p class="form-help">
+Local roles allow you to give particular users extra roles in the 
+context of this object, in addition to the roles they already have. 
+</p>
+
+<p class="form-help">
+To change the local roles for this user, select the extra roles this 
+user should have in the context of this object and click the <em>
+Save Changes</em> button.
+</p>
+
+<form action="manage_setLocalRoles" method="post">
+<table cellspacing="0" cellpadding="2" border="0">
+<tr>
+  <td align="left" valign="top">
+  <div class="form-label">User</div>
+  </td>
+  <td align="left" valign="top">
+  <div class="form-label">Roles</div>
+  </td>
+</tr>
+<tr>
+  <td align="left" valign="top">
+  <div class="form-text">&dtml-userid;</div>
+  </td>
+  <td align="left" valign="top">
+  <div class="form-element">
+  <input type="hidden" name="userid" value="&dtml-userid;">
+<dtml-with "_(user_roles=get_local_roles_for_userid(userid))">
+  <select name="roles:list" size="5" multiple>
+<dtml-in valid_roles><dtml-if 
+"_vars['sequence-item'] not in ('Anonymous', 'Shared', 'Authenticated')">
+<option value="&dtml-sequence-item;"<dtml-if 
+"_['sequence-item'] in user_roles"> selected</dtml-if>>&dtml-sequence-item;
+</dtml-if>
+</dtml-in>
+  </select>
+</dtml-with>
+  </div>
+  </td>
+</tr>
+<tr>
+  <td align="left" valign="top" colspan="2">
+  <div class="form-element">
+  <input class="form-element" type="submit" value="Save Changes" />
+  </div>
+  </td>
+</tr>
+</table>
+</form>
+
+<dtml-var manage_page_footer>

Copied: Zope/trunk/src/OFS/dtml/listLocalRoles.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/listLocalRoles.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/listLocalRoles.dtml	                        (rev 0)
+++ Zope/trunk/src/OFS/dtml/listLocalRoles.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,111 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
+</dtml-with>
+<dtml-if stat>
+<hr>
+<font color="red">&dtml-stat;</font>
+<hr>
+</dtml-if>
+
+<p class="form-help">
+Local roles allow you to give particular users extra roles in the context 
+of this object, in addition to the roles they already have. 
+</p>
+
+<dtml-if has_local_roles>
+<p class="form-help">
+The following users have been given local roles. To modify the local roles 
+given to a particular user, click on the name of the user. To remove all 
+local roles from a user, select the checkbox next to the name of the user 
+and click the <em>Remove</em> button.
+</p>
+<form action="manage_delLocalRoles" method="POST">
+<table cellspacing="0" cellpadding="2" border="0">
+<dtml-in get_local_roles>
+<tr>
+  <td align="left" valign="top">
+  <input type="checkbox" name="userids:list" value="&dtml-sequence-key;" />
+  </td>
+  <td align="left" valign="top">
+  <div class="form-text">
+  <a href="manage_editLocalRoles?userid=&dtml.url_quote-sequence-key;">&dtml-sequence-key;</a> (<dtml-in 
+   sequence-item>&dtml-sequence-item;<dtml-unless 
+   sequence-end>, </dtml-unless></dtml-in>)
+  </div>
+  </td>
+</tr>
+</dtml-in>
+<tr>
+  <td align="left" valign="top">
+  </td>
+  <td align="left" valign="top">
+  <div class="form-element">
+  <input class="form-element" type="submit" name="submit" value="Remove" />
+  </div>
+  </td>
+</tr>
+</table>
+</form>
+</dtml-if>
+
+<p>
+To give a user extra roles when accessing this object (and its children), 
+select a user from the <em>User</em> list below, select the extra 
+roles that should be given to that user from the <em>Roles</em> list.
+</p>
+
+<form action="manage_setLocalRoles" method="POST">
+<table cellpadding="2" cellspacing="0" border="0">
+<tr>
+  <td align="left" valign="top">
+  <div class="form-label">
+  User
+  </div>
+  </td>
+  <td align="left" valign="top">
+  <div class="form-label">
+  Roles
+  </div>
+  </td>
+</tr>
+<tr>
+  <td align="left" valign="top">
+  <div class="form-element">
+  <dtml-try>
+  <select name="userid" size="5">
+  <dtml-in get_valid_userids>
+  <option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
+  </dtml-in>
+  </select>
+  <dtml-except OverflowError>
+
+  <input name="userid" size=10>
+  
+  </dtml-try>
+  </div>
+  </td>
+  <td align="left" valign="top">
+  <div class="form-element">
+  <select name="roles:list" size="5" multiple>
+<dtml-in valid_roles><dtml-if 
+"_vars['sequence-item'] not in ('Anonymous', 'Shared', 'Authenticated')">
+<option value="&dtml-sequence-item;">&dtml-sequence-item;</option>
+</dtml-if>
+</dtml-in>
+  </select>
+  </div>
+  </td>
+</tr>
+<tr>
+  <td align="left" valign="top">
+  <div class="form-element">
+  <input class="form-element" type="submit" name="submit" value=" Add " />
+  </div>
+  </td>
+  <td></td>
+</tr>
+</table>
+</form>
+
+<dtml-var manage_page_footer>

Copied: Zope/trunk/src/OFS/dtml/permissionEdit.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/permissionEdit.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/permissionEdit.dtml	                        (rev 0)
+++ Zope/trunk/src/OFS/dtml/permissionEdit.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,36 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
+</dtml-with>
+<p class="form-text">
+Roles assigned to the permission <strong>&dtml-permission_to_manage;</strong>
+</p>
+
+<form action="manage_permission" method="post">
+<p>
+<input type="hidden" name="permission_to_manage" value="&dtml-permission_to_manage;" />
+<div class="form-element">
+<select name="roles:list" multiple size="10">
+<dtml-in expr="rolesOfPermission(permission_to_manage)" mapping=1>
+  <option &dtml-selected;>&dtml-name;</option>
+</dtml-in>
+</select>
+</div>
+</p>
+
+<dtml-unless isTopLevelPrincipiaApplicationObject>
+<p>
+<div class="form-text">
+<input type="checkbox" name="acquire" <dtml-var expr="acquiredRolesAreUsedBy(permission_to_manage)">> 
+Also use roles acquired from folders containing this object
+</p>
+</dtml-unless>
+
+<p>
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+</div>
+</p>
+</form>
+
+<dtml-var manage_page_footer>

Copied: Zope/trunk/src/OFS/dtml/reportUserPermissions.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/reportUserPermissions.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/reportUserPermissions.dtml	                        (rev 0)
+++ Zope/trunk/src/OFS/dtml/reportUserPermissions.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,79 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if  manage_tabs><dtml-var manage_tabs></dtml-if>
+</dtml-with>
+
+<p class="form-help">
+This listing shows the permissions and roles for particular user
+in the context of the current object.
+</p>
+
+<dtml-let result="manage_getUserRolesAndPermissions(user)">
+
+<b>User account </b>: &dtml-user;
+<br/>
+<b>User account defined in</b>: <dtml-var "result['user_defined_in']">
+<br/>
+<br/>
+
+<table width="50%" cellspacing="0" cellpadding="4" border="1" nowrap>
+    <thead>
+        <tr>
+            <th>Roles</th>
+            <th>Roles in context</th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td valign="top">
+                <ul>
+                    <dtml-in "result['roles']">
+                        <li>&dtml-sequence-item;
+                    </dtml-in>
+                </ul>
+            </td>
+            <td valign="top">
+                <ul>
+                    <dtml-in "result['roles_in_context']">
+                        <li>&dtml-sequence-item;
+                    </dtml-in>
+                </ul>
+            </td>
+        </tr>
+    </tbody>
+</table>
+
+<br/>
+
+<table width="50%" cellspacing="0" cellpadding="4" border="1" nowrap>
+    <thead>
+        <tr>
+            <th>Allowed permissions</th>
+            <th>Disallowed permissions</th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td valign="top">
+                <ul>
+                    <dtml-in "result['allowed_permissions']">
+                        <li>&dtml-sequence-item;
+                    </dtml-in>
+                </ul>
+            </td>
+            <td valign="top">
+                <ul>
+                    <dtml-in "result['disallowed_permissions']">
+                        <li>&dtml-sequence-item;
+                    </dtml-in>
+                </ul>
+            </td>
+        </tr>
+    </tbody>
+</table>
+
+
+</dtml-let>
+
+<dtml-var manage_page_footer>
+

Copied: Zope/trunk/src/OFS/dtml/roleEdit.dtml (from rev 113633, Zope/trunk/src/AccessControl/dtml/roleEdit.dtml)
===================================================================
--- Zope/trunk/src/OFS/dtml/roleEdit.dtml	                        (rev 0)
+++ Zope/trunk/src/OFS/dtml/roleEdit.dtml	2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,32 @@
+<dtml-var manage_page_header>
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if manage_tabs>
+
+<p class="form-text">
+Permissions assigned to the role <strong>&dtml-role_to_manage;</strong>
+</p>
+
+<form action="manage_role" method="post">
+<p>
+<input type=hidden name=role_to_manage value="&dtml-role_to_manage;">
+<div class="form-element">
+<select name="permissions:list" multiple size="10">
+<dtml-in expr="permissionsOfRole(role_to_manage)" mapping=1>
+  <option &dtml-selected;>&dtml-name;</option>
+</dtml-in>
+</select>
+</div>
+</p>
+
+<p>
+<div class="form-element">
+<input class="form-element" type="submit" name="submit" value="Save Changes" />
+</div>
+</p>
+</form>
+
+<dtml-var manage_page_footer>
+
+
+
+
+

Copied: Zope/trunk/src/OFS/role.py (from rev 113633, Zope/trunk/src/AccessControl/Role.py)
===================================================================
--- Zope/trunk/src/OFS/role.py	                        (rev 0)
+++ Zope/trunk/src/OFS/role.py	2010-06-19 11:59:53 UTC (rev 113636)
@@ -0,0 +1,228 @@
+##############################################################################
+#
+# Copyright (c) 2002 Zope Foundation and Contributors.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+"""Access control support
+"""
+from cgi import escape
+
+from App.Dialogs import MessageDialog
+from App.special_dtml import DTMLFile
+
+from AccessControl import ClassSecurityInfo
+from AccessControl.class_init import InitializeClass
+from AccessControl.Role import BaseRoleManager
+from AccessControl.Role import reqattr
+from AccessControl.Permission import Permission
+from AccessControl.Permissions import change_permissions
+from AccessControl.requestmethod import requestmethod
+
+
+class RoleManager(BaseRoleManager):
+    """An object that has configurable permissions"""
+
+    security = ClassSecurityInfo()
+
+    manage_options=(
+        {'label': 'Security', 'action': 'manage_access'},
+        )
+
+    security.declareProtected(change_permissions, 'manage_roleForm')
+    manage_roleForm=DTMLFile('dtml/roleEdit', globals(),
+                             management_view='Security')
+
+    security.declareProtected(change_permissions, 'manage_role')
+    @requestmethod('POST')
+    def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
+        """Change the permissions given to the given role.
+        """
+        BaseRoleManager.manage_role(
+            self, role_to_manage, permissions=permissions)
+        if REQUEST is not None:
+            return self.manage_access(REQUEST)
+
+    security.declareProtected(change_permissions, 'manage_acquiredForm')
+    manage_acquiredForm=DTMLFile('dtml/acquiredEdit', globals(),
+                                 management_view='Security')
+
+    security.declareProtected(change_permissions, 'manage_acquiredPermissions')
+    @requestmethod('POST')
+    def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
+        """Change the permissions that acquire.
+        """
+        BaseRoleManager.manage_acquiredPermissions(
+            self, permissions=permissions)
+        if REQUEST is not None:
+            return self.manage_access(REQUEST)
+
+    security.declareProtected(change_permissions, 'manage_permissionForm')
+    manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(),
+                                   management_view='Security')
+
+    security.declareProtected(change_permissions, 'manage_permission')
+    @requestmethod('POST')
+    def manage_permission(self, permission_to_manage,
+                          roles=[], acquire=0, REQUEST=None):
+        """Change the settings for the given permission.
+
+        If optional arg acquire is true, then the roles for the permission
+        are acquired, in addition to the ones specified, otherwise the
+        permissions are restricted to only the designated roles.
+        """
+        BaseRoleManager.manage_permission(
+            self, permission_to_manage, roles=roles, acquire=acquire)
+        if REQUEST is not None:
+            return self.manage_access(REQUEST)
+
+    _normal_manage_access=DTMLFile('dtml/access', globals())
+    manage_reportUserPermissions=DTMLFile(
+        'dtml/reportUserPermissions', globals())
+
+    security.declareProtected(change_permissions, 'manage_access')
+    def manage_access(self, REQUEST, **kw):
+        """Return an interface for making permissions settings.
+        """
+        return apply(self._normal_manage_access, (), kw)
+
+    security.declareProtected(change_permissions, 'manage_changePermissions')
+    @requestmethod('POST')
+    def manage_changePermissions(self, REQUEST):
+        """Change all permissions settings, called by management screen.
+        """
+        valid_roles=self.valid_roles()
+        indexes=range(len(valid_roles))
+        have=REQUEST.has_key
+        permissions=self.ac_inherited_permissions(1)
+        fails = []
+        for ip in range(len(permissions)):
+            roles = []
+            for ir in indexes:
+                if have("p%dr%d" % (ip, ir)):
+                    roles.append(valid_roles[ir])
+            name, value = permissions[ip][:2]
+            try:
+                p = Permission(name, value, self)
+                if not have('a%d' % ip):
+                    roles=tuple(roles)
+                p.setRoles(roles)
+            except:
+                fails.append(name)
+
+        if fails:
+            return MessageDialog(title="Warning!",
+                                 message="Some permissions had errors: "
+                                   + escape(', '.join(fails)),
+                                 action='manage_access')
+        return MessageDialog(
+            title = 'Success!',
+            message = 'Your changes have been saved',
+            action = 'manage_access')
+
+    security.declareProtected(change_permissions, 'manage_listLocalRoles')
+    manage_listLocalRoles=DTMLFile('dtml/listLocalRoles', globals(),
+                                   management_view='Security')
+
+    security.declareProtected(change_permissions, 'manage_editLocalRoles')
+    manage_editLocalRoles=DTMLFile('dtml/editLocalRoles', globals(),
+                                   management_view='Security')
+
+    security.declareProtected(change_permissions, 'manage_addLocalRoles')
+    @requestmethod('POST')
+    def manage_addLocalRoles(self, userid, roles, REQUEST=None):
+        """Set local roles for a user."""
+        BaseRoleManager.manage_addLocalRoles(self, userid, roles)
+        if REQUEST is not None:
+            stat='Your changes have been saved.'
+            return self.manage_listLocalRoles(self, REQUEST, stat=stat)
+
+    security.declareProtected(change_permissions, 'manage_setLocalRoles')
+    @requestmethod('POST')
+    def manage_setLocalRoles(self, userid, roles, REQUEST=None):
+        """Set local roles for a user."""
+        BaseRoleManager.manage_setLocalRoles(self, userid, roles)
+        if REQUEST is not None:
+            stat='Your changes have been saved.'
+            return self.manage_listLocalRoles(self, REQUEST, stat=stat)
+
+    security.declareProtected(change_permissions, 'manage_delLocalRoles')
+    @requestmethod('POST')
+    def manage_delLocalRoles(self, userids, REQUEST=None):
+        """Remove all local roles for a user."""
+        BaseRoleManager.manage_delLocalRoles(self, userids)
+        if REQUEST is not None:
+            stat='Your changes have been saved.'
+            return self.manage_listLocalRoles(self, REQUEST, stat=stat)
+
+    security.declareProtected(change_permissions, 'manage_defined_roles')
+    def manage_defined_roles(self, submit=None, REQUEST=None):
+        """Called by management screen.
+        """
+
+        if submit=='Add Role':
+            role=reqattr(REQUEST, 'role').strip()
+            return self._addRole(role, REQUEST)
+
+        if submit=='Delete Role':
+            roles=reqattr(REQUEST, 'roles')
+            return self._delRoles(roles, REQUEST)
+
+        return self.manage_access(REQUEST)
+
+    @requestmethod('POST')
+    def _addRole(self, role, REQUEST=None):
+        if not role:
+            return MessageDialog(
+                   title='Incomplete',
+                   message='You must specify a role name',
+                   action='manage_access')
+        if role in self.__ac_roles__:
+            return MessageDialog(
+                   title='Role Exists',
+                   message='The given role is already defined',
+                   action='manage_access')
+        data = list(self.__ac_roles__)
+        data.append(role)
+        self.__ac_roles__=tuple(data)
+        if REQUEST is not None:
+            return self.manage_access(REQUEST)
+
+    @requestmethod('POST')
+    def _delRoles(self, roles, REQUEST=None):
+        if not roles:
+            return MessageDialog(
+                   title='Incomplete',
+                   message='You must specify a role name',
+                   action='manage_access')
+        data = list(self.__ac_roles__)
+        for role in roles:
+            try:
+                data.remove(role)
+            except:
+                pass
+        self.__ac_roles__ = tuple(data)
+        if REQUEST is not None:
+            return self.manage_access(REQUEST)
+
+    def _has_user_defined_role(self, role):
+        return role in self.__ac_roles__
+
+    # Compatibility names only!!
+
+    smallRolesWidget=selectedRoles=aclAChecked=aclPChecked=aclEChecked=''
+    validRoles=BaseRoleManager.valid_roles
+
+    def manage_editRoles(self, REQUEST, acl_type='A', acl_roles=[]):
+        pass
+
+    def _setRoles(self, acl_type, acl_roles):
+        pass
+
+InitializeClass(RoleManager)



More information about the Zope-Checkins mailing list