[Zope3-checkins]
CVS: Zope3/src/zope/products/securitypolicy/browser
- __init__.py:1.2 addrole.pt:1.2 configure.zcml:1.2
grant.pt:1.2 manage_access.pt:1.2
manage_permissionform.pt:1.2 manage_roleform.pt:1.2
principal_permission_edit.pt:1.2 principal_role_association.pt:1.2
principalpermissionview.py:1.2 principalroleview.py:1.2
role_service.gif:1.2 rolepermissionview.py:1.2
Chris McDonough
chrism at plope.com
Wed Jan 14 17:56:05 EST 2004
Update of /cvs-repository/Zope3/src/zope/products/securitypolicy/browser
In directory cvs.zope.org:/tmp/cvs-serv5558/src/zope/products/securitypolicy/browser
Added Files:
__init__.py addrole.pt configure.zcml grant.pt
manage_access.pt manage_permissionform.pt manage_roleform.pt
principal_permission_edit.pt principal_role_association.pt
principalpermissionview.py principalroleview.py
role_service.gif rolepermissionview.py
Log Message:
Merge security policy refactoring:
- Moved all role- and grant-related functionality into
zope.products.securitypolicy (and out of zope.app.security.grant).
The zope.products.securitypolicy implementation is exactly
the same as the old implementation; no changes were made
to the actual mechanics of role-permission or principal-permission
grants. The only real difference is that all functionality
that is the purview of what we want a security policy to have
control of is now in that one place.
- Created new modulealias directive which can be used to provide
aliases to older modules (to not break existing ZODBs when
module locations change).
- Added minor feature: "make debug" launches a debug session in the
spirit of Zope 2's "zopectl debug".
=== Zope3/src/zope/products/securitypolicy/browser/__init__.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/__init__.py Wed Jan 14 17:55:33 2004
@@ -0,0 +1,34 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Define view component for service manager contents.
+
+$Id$
+"""
+from zope.app.browser.container.contents import Contents
+from zope.products.securitypolicy.role import Role, ILocalRoleService
+
+class Add:
+ "Provide a user interface for adding a role"
+ __used_for__ = ILocalRoleService
+
+ def action(self, id, title, description):
+ "Add a contact"
+ role = Role(id, title, description)
+ self.context[id] = role
+ self.request.response.redirect('.')
+
+
+class Contents(Contents):
+ # XXX: What the heck is that? I guess another dead chicken.
+ pass
=== Zope3/src/zope/products/securitypolicy/browser/addrole.pt 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/addrole.pt Wed Jan 14 17:55:33 2004
@@ -0,0 +1,46 @@
+<html metal:use-macro="views/standard_macros/page">
+<head>
+ <title metal:fill-slot="title" i18n:translate="add-role-form-title">
+ Add Role
+ </title>
+</head>
+<body>
+<div metal:fill-slot="body">
+
+ <div i18n:translate="">Enter the information about the role.</div>
+
+ <form action="action.html" method="post">
+
+ <div class="row">
+ <div class="label" i18n:translate="">Id</div>
+ <div class="field">
+ <input type="text" name="id" size="40" value="" />
+ </div>
+ </div>
+
+ <div class="row">
+ <div class="label" i18n:translate="">Title</div>
+ <div class="field">
+ <input type="text" name="title" size="40" value="" />
+ </div>
+ </div>
+
+ <div class="row">
+ <div class="label" i18n:translate="">Description</div>
+ <div class="field">
+ <textarea name="description" rows="10" cols="60"></textarea>
+ </div>
+ </div>
+
+ <div class="row">
+ <div class="controls">
+ <input type="submit" name="submit" value="Create Role"
+ i18n:attributes="value create-role-button" />
+ </div>
+ </div>
+
+ </form>
+
+</div>
+</body>
+</html>
=== Zope3/src/zope/products/securitypolicy/browser/configure.zcml 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/configure.zcml Wed Jan 14 17:55:33 2004
@@ -0,0 +1,84 @@
+<zope:configure
+ xmlns:zope="http://namespaces.zope.org/zope"
+ xmlns="http://namespaces.zope.org/browser">
+
+<!-- Role Service -->
+
+ <menuItem
+ menu="add_service"
+ for="zope.app.interfaces.container.IAdding"
+ action="RoleService"
+ title="Role Service" />
+
+ <icon
+ name="zmi_icon"
+ for="zope.products.securitypolicy.role.ILocalRoleService"
+ file="role_service.gif" />
+
+ <pages
+ permission="zope.ManageServices"
+ for="zope.products.securitypolicy.role.IRoleService"
+ class=".Contents">
+
+ <page name="index.html" attribute="contents"
+ menu="zmi_views" title="Contents" />
+ <page name="removeObjects.html" attribute="removeObjects" />
+
+ </pages>
+
+ <pages
+ permission="zope.ManageServices"
+ for="zope.products.securitypolicy.role.IRoleService"
+ class=".Add">
+
+ <page name="+" template="addrole.pt"
+ menu="zmi_actions" title="Add" />
+ <page name="action.html" attribute="action" />
+
+ </pages>
+
+
+<!-- Role Permissions -->
+
+ <pages
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ permission="zope.Security"
+ class=".rolepermissionview.RolePermissionView">
+
+ <page name="AllRolePermissions.html" template="manage_access.pt" />
+ <!-- menu="zmi_actions" title="Role Permissions" / -->
+ <page name="RolePermissions.html" template="manage_roleform.pt" />
+ <page name="RolesWithPermission.html" template="manage_permissionform.pt"/>
+
+ </pages>
+
+ <page
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ name="grant.html"
+ permission="zope.Security"
+ template="grant.pt"
+ menu="zmi_actions" title="Grant" />
+
+<!-- Principal Roles -->
+
+ <page
+ name="PrincipalRoles.html"
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ permission="zope.Security"
+ class=".principalroleview.PrincipalRoleView"
+ template="principal_role_association.pt" />
+ <!-- menu="zmi_actions" title="Principal Roles" / -->
+
+<!-- Principal Permission (not working) -->
+
+ <!-- browser:page
+ name="PrincipalPermissionsManagement"
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ class=".principalpermissionview.PrincipalPermissionView"
+ permission="zope.Security"
+ allow_attributes="index get_principal unsetPermissions denyPermissions
+ grantPermissions getUnsetPermissionsForPrincipal
+ getPermissionsForPrincipal"
+ / -->
+
+</zope:configure>
=== Zope3/src/zope/products/securitypolicy/browser/grant.pt 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/grant.pt Wed Jan 14 17:55:33 2004
@@ -0,0 +1,25 @@
+<html metal:use-macro="views/standard_macros/page">
+<body>
+
+<!-- XXX : This is just a temporary way of overriding the elements not needed,
+ only done for visual purposes. Do not clone this ;)
+ - Alexander
+ -->
+<div metal:fill-slot="tabs" />
+<div metal:fill-slot="actions" />
+
+<div metal:fill-slot="body">
+
+ <p>
+ <a href="@@AllRolePermissions.html"
+ i18n:translate="">Grant permissions to roles</a>
+ </p>
+ <p>
+ <a href="@@PrincipalRoles.html"
+ i18n:translate="">Grant roles to principals</a>
+ </p>
+
+</div>
+</body>
+</html>
+
=== Zope3/src/zope/products/securitypolicy/browser/manage_access.pt 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/manage_access.pt Wed Jan 14 17:55:33 2004
@@ -0,0 +1,101 @@
+<html metal:use-macro="views/standard_macros/dialog">
+<head>
+ <tal:block
+ metal:fill-slot="headers"
+ tal:define="global pagetip string:
+ For each permission you want to grant (or deny) to a role,
+ set the entry for that permission and role to a '+' (or '-').
+ Permissions are shown on the left side, going down.
+ Roles are shown accross the top.
+ "
+ />
+</head>
+<body>
+<div metal:fill-slot="body">
+
+ <p tal:define="status view/update"
+ tal:condition="status"
+ tal:content="status" />
+
+ <form action="AllRolePermissions.html" method="post">
+
+ <table width="100%" cellspacing="0" cellpadding="2" border="0"
+ nowrap="nowrap">
+
+ <tr class="list-header">
+ <td align="left" valign="top">
+ <div class="form-label">
+ <strong i18n:translate="">Permission</strong>
+ </div>
+ </td>
+ <td align="left">
+ <div class="form-label">
+ <strong i18n:translate="">Roles</strong>
+ </div>
+ </td>
+ </tr>
+
+ <tr class="row-normal">
+ <td></td>
+ <td align="center" tal:repeat="role view/roles">
+ <div class="list-item">
+ <a href="RolePermissions.html"
+ tal:attributes="
+ href string:RolePermissions.html?role_to_manage=${role/getId}"
+ tal:content="role/getTitle">Anonymous</a>
+ <input type="hidden" name="r0" value=""
+ tal:attributes="
+ name string:r${repeat/role/index};
+ value string:${role/getId}" />
+
+ </div>
+ </td>
+ </tr>
+
+ <tbody tal:repeat="perm view/permissionRoles">
+ <tr class="row-normal"
+ tal:attributes="class
+ python:path('repeat/perm/even') and 'row-normal' or 'row-hilite'">
+ <td align="left" nowrap="nowrap">
+ <div class="list-item">
+ <a href="RolesWithPermission.html"
+ tal:attributes="href
+ string:RolesWithPermission.html?permission_to_manage=${perm/getId}"
+ tal:content="perm/getTitle"
+ >Access Transient Objects</a>
+ <input type="hidden" name="r0" value=""
+ tal:attributes="
+ name string:p${repeat/perm/index};
+ value string:${perm/getId}" />
+ </div>
+ </td>
+ <td align="center" tal:repeat="setting perm/roleSettings">
+ <select name="p0r0"
+ tal:attributes="name
+ string:p${repeat/perm/index}r${repeat/setting/index}">
+ <option value="Unset"
+ tal:repeat="option view/availableSettings"
+ tal:attributes="value option/id;
+ selected python:setting == option['id']"
+ tal:content="option/shorttitle">+</option>
+ </select>
+ </td>
+ </tr>
+ </tbody>
+
+ <tr>
+ <td colspan="5" align="left">
+ <div class="form-element">
+ <input class="form-element" type="submit" name="SUBMIT"
+ value="Save Changes" />
+ </div>
+ </td>
+ </tr>
+ </table>
+ </form>
+
+</div>
+</body>
+</html>
+
+
=== Zope3/src/zope/products/securitypolicy/browser/manage_permissionform.pt 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/manage_permissionform.pt Wed Jan 14 17:55:33 2004
@@ -0,0 +1,94 @@
+<html metal:use-macro="views/standard_macros/page">
+<head>
+ <style metal:fill-slot="headers" type="text/css">
+ <!--
+ .row-normal {
+ background-color: #ffffff;
+ border: none;
+ }
+
+ .row-hilite {
+ background-color: #efefef;
+ border: none;
+ }
+ -->
+ </style>
+</head>
+<body>
+<div metal:fill-slot="body">
+
+ <p tal:define="status view/update"
+ tal:condition="status"
+ tal:content="status" />
+
+ <p class="form-help" i18n:translate="">
+ Helpful message.
+ </p>
+
+ <div tal:define="perm
+ python:view.permissionForID(request.get('permission_to_manage'))">
+
+ <p class="form-text" i18n:translate="">
+ Roles assigned to the permission
+ <strong tal:content="perm/getTitle"
+ i18n:name="perm_title">Change DTML Methods</strong>
+ (id: <strong tal:content="perm/getId"
+ i18n:name="perm_id">Zope.Some.Permission</strong>)
+ </p>
+
+ <form action="AllRolePermissions.html" method="post">
+
+ <input type="hidden" name="permission_id" value="Permission Name"
+ tal:attributes="value perm/getId" />
+
+ <div class="form-element">
+
+ <table width="100%" cellspacing="0" cellpadding="2" border="0"
+ nowrap="nowrap">
+
+ <tr class="list-header">
+ <td align="left" valign="top">
+ <div class="form-label">
+ <strong i18n:translate="">Role</strong>
+ </div>
+ </td>
+ <td align="left">
+ <div class="form-label">
+ <strong i18n:translate="">Setting</strong>
+ </div>
+ </td>
+ </tr>
+
+ <tr class="row-normal"
+ tal:repeat="setting perm/roleSettings"
+ tal:attributes="class
+ python:path('repeat/setting/even') and 'row-normal' or 'row-hilite'">
+ <td align="left" valign="top"
+ tal:define="ir repeat/setting/index"
+ tal:content="python:path('view/roles')[ir].getId()">
+ Manager
+ </td>
+ <td>
+ <select name="settings:list">
+ <option value="Unset"
+ tal:repeat="option view/availableSettings"
+ tal:attributes="value option/id;
+ selected python:setting == option['id']"
+ tal:content="option/shorttitle">+</option>
+ </select>
+ </td>
+ </tr>
+ </table>
+
+ </div>
+
+ <div class="form-element">
+ <input class="form-element" type="submit" name="SUBMIT_PERMS"
+ value="Save Changes" i18n:attributes="value save-changes-button"/>
+ </div>
+ </form>
+
+ </div>
+</div>
+</body>
+</html>
=== Zope3/src/zope/products/securitypolicy/browser/manage_roleform.pt 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/manage_roleform.pt Wed Jan 14 17:55:33 2004
@@ -0,0 +1,72 @@
+<html metal:use-macro="views/standard_macros/page">
+<body>
+<div metal:fill-slot="body">
+
+ <p tal:define="status view/update"
+ tal:condition="status"
+ tal:content="status" />
+
+ <p class="form-help" i18n:translate="">
+ Helpful message explaining about how to set specific roles
+ </p>
+
+ <div tal:define="role
+ python:view.roleForID(request.get('role_to_manage'))" tal:omit-tag="">
+
+ <p class="form-text" i18n:translate="">
+ Permissions assigned to the role
+ <strong tal:content="role/getTitle"
+ i18n:name="role_title">Great Master Guru</strong>
+ (id: <strong tal:content="role/getId"
+ i18n:name="role_id">Zope.Some.Role</strong>)
+ </p>
+
+
+ <form action="AllRolePermissions.html" method="get">
+ <input type="hidden" name="role_id" value="Role ID"
+ tal:attributes="value role/getId" />
+
+ <table width="100%" cellspacing="0" cellpadding="2" border="0"
+ nowrap="nowrap"
+ tal:define="availableSettings
+ python:view.availableSettings(noacquire=True)">
+
+ <tr class="list-header">
+ <td align="left" valign="top"
+ tal:repeat="setting availableSettings">
+ <div class="form-label">
+ <strong tal:content="setting/title">Allow</strong>
+ </div>
+ </td>
+ </tr>
+
+ <tr>
+ <td align="left" valign="top"
+ tal:repeat="settinginfo availableSettings">
+ <div class="form-element">
+ <select name="Unset:list" multiple="multiple" size="20"
+ tal:define="setting settinginfo/id"
+ tal:attributes="name string:${setting}:list">
+ <option tal:repeat="permissioninfo role/permissionsInfo"
+ tal:content="permissioninfo/title"
+ tal:attributes="selected
+ python:path('permissioninfo/setting') == setting;
+ value permissioninfo/id"
+ >Sample Permission</option>
+ </select>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <div class="form-element">
+ <input class="form-element" type="submit" name="SUBMIT_ROLE"
+ value="Save Changes" i18n:attributes="value save-changes-button"/>
+ </div>
+ </form>
+
+ </div>
+
+</div>
+</body>
+</html>
=== Zope3/src/zope/products/securitypolicy/browser/principal_permission_edit.pt 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/principal_permission_edit.pt Wed Jan 14 17:55:33 2004
@@ -0,0 +1,105 @@
+<html metal:use-macro="views/standard_macros/page">
+<body>
+<div metal:fill-slot="body"
+ tal:define="rprincipal_id python:request['principal_id']">
+
+ <h1 i18n:translate="">Permission settings for
+ <span tal:replace="python:view.get_principal(rprincipal_id).getTitle()"
+ i18n:name="principal_title"/>
+ </h1>
+
+ <form action="unsetPermissions.html" method="post">
+ <h2 i18n:translate="">Permission Settings</h2>
+
+ <table>
+ <tr>
+ <td valign="top">
+ <table border="0">
+ <tr>
+ <th colspan="2" align="center"
+ i18n:translate="">Allowed Permissions</th>
+ </tr>
+ <tr tal:repeat="perm
+ python:view.get_set_permissions_for_principal(rprincipal_id, 'Allow')">
+ <td><input type="checkbox" tal:attributes="name perm/getId"/></td>
+ <td tal:content="perm/getTitle">Permission1</td>
+ </tr>
+ <tr tal:replace="nothing">
+ <td><input type="checkbox" name="permission_ids" /></td>
+ <td>Permission2</td>
+ </tr>
+ <tr tal:replace="nothing">
+ <td><input type="checkbox" name="permission_ids" /></td>
+ <td>Permission3</td>
+ </tr>
+ <tr tal:replace="nothing">
+ <td><input type="checkbox" name="permission_ids" /></td>
+ <td>Permission5</td>
+ </tr>
+ </table>
+ </td>
+ <td valign="top">
+ <table border="0">
+ <tr >
+ <th colspan="2" align="center"
+ i18n:translate="">Denied Permissions</th>
+ </tr>
+ <tr tal:repeat="perm
+ python:view.get_set_permissions_for_principal(rprincipal_id, 'Deny')">
+ <td>
+ <input type="checkbox" tal:attributes="name perm/getId" />
+ </td>
+ <td tal:content="perm/getTitle">Permission1</td>
+ </tr>
+ <tr tal:replace="nothing">
+ <td><input type="checkbox" name="permission_ids" /></td>
+ <td>Permission2</td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" align="center">
+ <input type="submit" name="unset"
+ value="Remove selected permission settings"
+ i18n:attributes="value"/>
+ </td>
+ </tr>
+ </table>
+ </form>
+
+ <p> </p>
+
+ <form action="./" method="post">
+ <h2 i18n:translate="">Add permission settings</h2>
+
+ <table>
+ <tr>
+ <td>
+ <select name="permissions" multiple="multiple">
+ <option
+ tal:repeat="perm
+ python:view.get_unset_permissions_for_principal(rprincipal_id)"
+ tal:attributes="value perm/getId"
+ tal:content="perm/getTitle">Perm1</option>
+ <option tal:replace="nothing">Perm2</option>
+ <option tal:replace="nothing">Perm3</option>
+ </select>
+ </td>
+ <td valign="center">
+ <p>
+ <input type="submit" name="grantPermissions.html:method"
+ value="Grant" i18n:attributes="value grant-button"/>
+ </p>
+ <p>
+ <input type="submit" name="denyPermissions.html:method"
+ value="Deny" i18n:attributes="value grant-button"/>
+ </p>
+ </td>
+ </tr>
+ </table>
+ </form>
+
+</div>
+</body>
+</html>
=== Zope3/src/zope/products/securitypolicy/browser/principal_role_association.pt 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/principal_role_association.pt Wed Jan 14 17:55:33 2004
@@ -0,0 +1,112 @@
+<html metal:use-macro="views/standard_macros/dialog">
+<body>
+<div metal:fill-slot="body">
+
+ <p tal:define="status view/update"
+ tal:condition="status"
+ tal:content="status" />
+
+ <metal:block define-macro="formbody"
+ tal:define="hasFilter python:request.get('Filter', None)">
+
+ <div tal:condition="not: hasFilter">
+ <span class="message" i18n:translate="">Apply filter</span>
+ <form action="@@PrincipalRoles.html"
+ method="POST"
+ tal:attributes="action request/URL">
+ <span i18n:translate="">Principal(s)</span>:
+ <select name="principals:list" multiple="multiple">
+ <option tal:repeat="principal view/getAllPrincipals"
+ tal:attributes="value principal/getId"
+ tal:content="principal/getTitle">my title</option>
+ </select>
+
+ <span i18n:translate="">Role(s)</span>:
+ <select name="roles:list" multiple="multiple">
+ <option tal:repeat="role view/getAllRoles"
+ tal:attributes="value role/getId"
+ tal:content="role/getTitle">my title</option>
+ </select>
+
+ <input type="submit" name="Filter" value="Filter"
+ i18n:attributes="value filter-button"/>
+ </form>
+
+ </div>
+
+ <div tal:condition="hasFilter">
+ <div class="principalRolesGrid"
+ tal:define="principalRoleGrid view/createGrid">
+
+ <span tal:define="
+ global listPrincipals principalRoleGrid/principals;
+ global listRoles principalRoleGrid/roles;
+ global listValues principalRoleGrid/listAvailableValues" />
+
+ <form action="@@PrincipalRoles.html"
+ method="POST"
+ tal:attributes="action request/URL">
+ <table>
+ <tr class="roleHeading">
+ <td class="principal">
+
+ </td>
+ <td class="role" tal:repeat="role listRoles"
+ tal:content="role/getTitle">
+ Role Id
+ </td>
+ </tr>
+
+ <tr class="principalRoleRow" tal:repeat="principal listPrincipals">
+ <td class="principalLabel" tal:content="principal/getTitle">
+ Principal Id
+ </td>
+
+ <td class="principalRole" tal:repeat="role listRoles">
+ <select name="grid.role.principal:records"
+ tal:attributes="
+ name string:grid.${role/getId}.${principal/getId}"
+ tal:define="selectedValue
+ python:principalRoleGrid.getValue(
+ principal.getId(),
+ role.getId()
+ )" >
+ <option value="" tal:repeat="defaultValue listValues"
+ tal:attributes="
+ selected python:defaultValue==selectedValue;
+ value defaultValue;
+ debugsel selectedValue"
+ tal:content="defaultValue">
+
+ </option>
+ </select>
+ </td>
+ </tr>
+
+ </table>
+
+ <input type="hidden" name="principals:list"
+ tal:repeat="principal listPrincipals"
+ tal:attributes="value principal/getId" />
+
+ <input type="hidden" name="roles:list"
+ tal:repeat="role listRoles"
+ tal:attributes="value role/getId" />
+
+ <metal:block define-slot="buttons">
+
+ <input type="submit" name="APPLY" value="Apply"
+ i18n:attributes="value apply-button"/>
+
+ </metal:block>
+
+ </form>
+
+ </div>
+ </div>
+
+ </metal:block>
+
+</div>
+</body>
+</html>
=== Zope3/src/zope/products/securitypolicy/browser/principalpermissionview.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/principalpermissionview.py Wed Jan 14 17:55:33 2004
@@ -0,0 +1,114 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Principal Permission View Classes
+
+$Id$
+"""
+import time
+
+from zope.products.securitypolicy.interfaces import IPrincipalPermissionManager
+from zope.products.securitypolicy.interfaces import IPrincipalPermissionMap
+from zope.app.pagetemplate.viewpagetemplatefile import ViewPageTemplateFile
+from zope.app.security.settings import Allow, Deny, Unset
+from zope.component import getService, getAdapter
+from zope.app.services.servicenames import Permissions, Authentication
+from zope.publisher.browser import BrowserView
+
+
+class PrincipalPermissionView(BrowserView):
+
+ index = ViewPageTemplateFile('principal_permission_edit.pt')
+
+ def get_permission_service(self):
+ return getService(self.context, Permissions)
+
+ def get_principal(self, principal_id):
+ return getService(self.context,
+ Authentication
+ ).getPrincipal(principal_id)
+
+ def unsetPermissions(self, principal_id, permission_ids, REQUEST=None):
+ """Form action unsetting a principals permissions"""
+ permission_service = self.get_permission_service()
+ principal = self.get_principal(principal_id)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+ for perm_id in permission_ids:
+ permission = permission_service.getPermission(perm_id)
+ ppm.unsetPermissionForPrincipal(permission , principal)
+
+ if REQUEST is not None:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time()))
+
+ def grantPermissions(self, principal_id, permission_ids, REQUEST=None):
+ """Form action granting a list of permissions to a principal"""
+ permission_service = self.get_permission_service()
+ principal = self.get_principal(principal_id)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+ for perm_id in permission_ids:
+ permission = permission_service.getPermission(perm_id)
+ ppm.grantPermissionToPrincipal(permission , principal)
+ if REQUEST is not None:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time()))
+
+ def denyPermissions(self, principal_id, permission_ids, REQUEST=None):
+ """Form action denying a list of permissions for a principal"""
+ permission_service = self.get_permission_service()
+ principal = self.get_principal(principal_id)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+ for perm_id in permission_ids:
+ permission = permission_service.getPermission(perm_id)
+ ppm.denyPermissionToPrincipal(permission , principal)
+ if REQUEST is not None:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time()))
+
+ # Methods only called from the zpt view
+ def getUnsetPermissionsForPrincipal(self, principal_id):
+ """Returns all unset permissions for this principal"""
+
+ ppmap = getAdapter(self.context, IPrincipalPermissionMap)
+ principal = self.get_principal(principal_id)
+ perm_serv = getService(self.context, Permissions)
+ result = []
+ for perm in perm_serv.getPermissions():
+ if ppmap.getSetting(perm, principal) == Unset:
+ result.append(perm)
+
+ return result
+
+ def getPermissionsForPrincipal(self, principal_id, setting_name):
+ """Return a list of permissions with the given setting_name
+ string for the principal.
+
+ Return empty list if there are no permissions.
+ """
+
+ ppmap = getAdapter(self.context, IPrincipalPermissionMap)
+ principal = self.get_principal(principal_id)
+
+ permission_settings = ppmap.getPermissionsForPrincipal(principal)
+ setting_map = {'Deny': Deny, 'Allow':Allow}
+ asked_setting = setting_map[setting_name]
+
+ result = []
+ for permission, setting in permission_settings:
+ if asked_setting == setting:
+ result.append(permission)
+
+ return result
=== Zope3/src/zope/products/securitypolicy/browser/principalroleview.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/principalroleview.py Wed Jan 14 17:55:33 2004
@@ -0,0 +1,127 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Management view component for principal-role management (Zope2's
+"local roles").
+
+$Id$
+"""
+from datetime import datetime
+
+from zope.app.i18n import ZopeMessageIDFactory as _
+from zope.products.securitypolicy.interfaces import IPrincipalRoleManager
+from zope.products.securitypolicy.interfaces import IPrincipalRoleMap
+from zope.app.security.settings import Unset, Deny, Allow
+from zope.app.services.servicenames import Authentication
+from zope.component import getService, getAdapter
+
+class PrincipalRoleView:
+
+ def getAllPrincipals(self):
+ principals = getattr(self, '_principals', None)
+ if principals is None:
+ principals = self._principals = getService(
+ self.context, Authentication
+ ).getPrincipals('')
+ return principals
+
+ def getAllRoles(self):
+ roles = getattr(self, '_roles', None)
+ if roles is None:
+ roles = self._roles = getService(self.context, "Roles"
+ ).getRoles()
+ return roles
+
+ def createGrid(self, principals=None, roles=None):
+ if principals is None:
+ principals = self.request.get('principals')
+ if principals is None:
+ principals = self.getAllPrincipals()
+ else:
+ # Ugh, we have ids, but we want objects
+ auth_service = getService(self.context, Authentication)
+ principals = [auth_service.getPrincipal(principal)
+ for principal in principals]
+
+
+ if roles is None:
+ roles = self.request.get('roles')
+ if roles is None:
+ roles = self.getAllRoles()
+ else:
+ # Ugh, we have ids, but we want objects
+ role_service = getService(self.context, Roles)
+ roles = [role_service.getRole(role)
+ for role in roles]
+
+ return PrincipalRoleGrid(principals, roles, self.context)
+
+ def update(self, testing=None):
+ status = ''
+
+ if 'APPLY' in self.request:
+ principals = self.request.get('principals')
+ roles = self.request.get('roles')
+ prm = getAdapter(self.context, IPrincipalRoleManager)
+ for role in roles:
+ for principal in principals:
+ name = 'grid.%s.%s' % (role, principal)
+ setting = self.request.get(name, 'Unset')
+ if setting == 'Unset':
+ prm.unsetRoleForPrincipal(role, principal)
+ elif setting == 'Allow':
+ prm.assignRoleToPrincipal(role, principal)
+ elif setting == 'Deny':
+ prm.removeRoleFromPrincipal(role, principal)
+ else:
+ raise ValueError("Incorrect setting %s" % setting)
+
+ formatter = self.request.locale.getDateTimeFormatter('medium')
+ status = _("Settings changed at ${date_time}")
+ status.mapping = {'date_time': formatter.format(datetime.utcnow())}
+
+ return status
+
+class PrincipalRoleGrid:
+
+ def __init__(self, principals, roles, context):
+ self._principals = principals
+ self._roles = roles
+ self._grid = {}
+
+ map = getAdapter(context, IPrincipalRoleMap)
+
+ for role in roles:
+ rid = role.getId()
+ for principal in principals:
+ pid = principal.getId()
+ setting = map.getSetting(rid, pid)
+ self._grid[(pid, rid)] = setting.getName()
+
+ def principals(self):
+ return self._principals
+
+ def principalIds(self):
+ return [p.getId() for p in self._principals]
+
+ def roles(self):
+ return self._roles
+
+ def roleIds(self):
+ return [r.getId() for r in self._roles]
+
+ def getValue(self, principal_id, role_id):
+ return self._grid[(principal_id, role_id)]
+
+ def listAvailableValues(self):
+ return (Unset.getName(), Allow.getName(), Deny.getName())
=== Zope3/src/zope/products/securitypolicy/browser/role_service.gif 1.1 => 1.2 ===
<Binary-ish file>
=== Zope3/src/zope/products/securitypolicy/browser/rolepermissionview.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:04 2004
+++ Zope3/src/zope/products/securitypolicy/browser/rolepermissionview.py Wed Jan 14 17:55:33 2004
@@ -0,0 +1,147 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Role Permission View Classes
+
+$Id$
+"""
+from datetime import datetime
+
+from zope.app.i18n import ZopeMessageIDFactory as _
+from zope.products.securitypolicy.interfaces import IRolePermissionManager
+from zope.products.securitypolicy.permissionroles import PermissionRoles
+from zope.products.securitypolicy.rolepermission import RolePermissions
+from zope.app.security.settings import Unset, Allow, Deny
+from zope.app.services.servicenames import Permissions
+from zope.component import getService, getAdapter
+
+class RolePermissionView:
+
+ def roles(self):
+ roles = getattr(self, '_roles', None)
+ if roles is None:
+ roles = self._roles = getService(
+ self.context, "Roles"
+ ).getRoles()
+ return roles
+
+ def permissions(self):
+ permissions = getattr(self, '_permissions', None)
+ if permissions is None:
+ permissions = self._permissions = getService(
+ self.context, Permissions
+ ).getPermissions()
+ return permissions
+
+ def availableSettings(self, noacquire=False):
+ aq = {'id': Unset.getName(), 'shorttitle': ' ',
+ 'title': _('permission-acquire', 'Acquire')}
+ rest = [{'id': Allow.getName(), 'shorttitle': '+',
+ 'title': _('permission-allow', 'Allow')},
+ {'id': Deny.getName(), 'shorttitle': '-',
+ 'title': _('permission-deny', 'Deny')},
+ ]
+ if noacquire:
+ return rest
+ else:
+ return [aq]+rest
+
+ def permissionRoles(self):
+ context = self.context
+ roles = self.roles()
+ return [PermissionRoles(permission, context, roles)
+ for permission in self.permissions()]
+
+ def permissionForID(self, pid):
+ context = self.context
+ roles = self.roles()
+ perm = getService(context, Permissions
+ ).getPermission(pid)
+ return PermissionRoles(perm, context, roles)
+
+ def roleForID(self, rid):
+ context = self.context
+ permissions = self.permissions()
+ role = getService(context, "Roles"
+ ).getRole(rid)
+ return RolePermissions(role, context, permissions)
+
+
+ def update(self, testing=None):
+ status = ''
+ changed = False
+
+ if 'SUBMIT' in self.request:
+ roles = [r.getId() for r in self.roles()]
+ permissions = [p.getId() for p in self.permissions()]
+ prm = getAdapter(self.context, IRolePermissionManager)
+ for ip in range(len(permissions)):
+ rperm = self.request.get("p%s" % ip)
+ if rperm not in permissions: continue
+ for ir in range(len(roles)):
+ rrole = self.request.get("r%s" % ir)
+ if rrole not in roles: continue
+ setting = self.request.get("p%sr%s" % (ip, ir), None)
+ if setting is not None:
+ if setting == Unset.getName():
+ prm.unsetPermissionFromRole(rperm, rrole)
+ elif setting == Allow.getName():
+ prm.grantPermissionToRole(rperm, rrole)
+ elif setting == Deny.getName():
+ prm.denyPermissionToRole(rperm, rrole)
+ else:
+ raise ValueError("Incorrect setting: %s" % setting)
+ changed = True
+
+ if 'SUBMIT_PERMS' in self.request:
+ prm = getAdapter(self.context, IRolePermissionManager)
+ roles = self.roles()
+ rperm = self.request.get('permission_id')
+ settings = self.request.get('settings', ())
+ for ir in range(len(roles)):
+ rrole = roles[ir].getId()
+ setting = settings[ir]
+ if setting == Unset.getName():
+ prm.unsetPermissionFromRole(rperm, rrole)
+ elif setting == Allow.getName():
+ prm.grantPermissionToRole(rperm, rrole)
+ elif setting == Deny.getName():
+ prm.denyPermissionToRole(rperm, rrole)
+ else:
+ raise ValueError("Incorrect setting: %s" % setting)
+ changed = True
+
+ if 'SUBMIT_ROLE' in self.request:
+ role_id = self.request.get('role_id')
+ prm = getAdapter(self.context, IRolePermissionManager)
+ allowed = self.request.get(Allow.getName(), ())
+ denied = self.request.get(Deny.getName(), ())
+ for permission in self.permissions():
+ rperm = permission.getId()
+ if rperm in allowed and rperm in denied:
+ raise ValueError("Incorrect setting for %s" % rperm)
+ if rperm in allowed:
+ prm.grantPermissionToRole(rperm, role_id)
+ elif rperm in denied:
+ prm.denyPermissionToRole(rperm, role_id)
+ else:
+ prm.unsetPermissionFromRole(rperm, role_id)
+ changed = True
+
+ if changed:
+ formatter = self.request.locale.getDateTimeFormatter('medium')
+ status = _("Settings changed at ${date_time}")
+ status.mapping = {'date_time': formatter.format(datetime.utcnow())}
+
+ return status
+
More information about the Zope3-Checkins
mailing list