[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/Management - GlobalPrincipalPermissions.py:1.1.2.1 GlobalPrincipalRoles.py:1.1.2.1 GlobalRolePermissions.py:1.1.2.1 IPrincipalPermissions.py:1.1.2.1 IPrincipalRoles.py:1.1.2.1 IRolePermissions.py:1.1.2.1 MementoPrincipalPermissions.py:1.1.2.1 MementoPrincipalRoles.py:1.1.2.1 MementoRolePermissions.py:1.1.2.1 PrincipalPermissionsView.py:1.1.2.1 PrincipalRolesView.py:1.1.2.1 RolePermissionsView.py:1.1.2.1 Settings.py:1.1.2.1 __init__.py:1.1.2.1 management.zcml:1.1.2.1
Casey Duncan
casey@zope.com
Tue, 9 Apr 2002 12:36:45 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/Management
In directory cvs.zope.org:/tmp/cvs-serv11768/Zope/App/Security/Management
Added Files:
Tag: casey-security-reorg-branch
GlobalPrincipalPermissions.py GlobalPrincipalRoles.py
GlobalRolePermissions.py IPrincipalPermissions.py
IPrincipalRoles.py IRolePermissions.py
MementoPrincipalPermissions.py MementoPrincipalRoles.py
MementoRolePermissions.py PrincipalPermissionsView.py
PrincipalRolesView.py RolePermissionsView.py Settings.py
__init__.py management.zcml
Log Message:
Mass checkin for security reorganization branch. I will retest this and merge
upon BDFL approval...
=== Added File Zope3/lib/python/Zope/App/Security/Management/GlobalPrincipalPermissions.py ===
# GlobalPrincipalPermissions.py
#
# Copyright (c) 2001 Zope Coporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
"""
$Id: GlobalPrincipalPermissions.py,v 1.1.2.1 2002/04/09 16:36:43 caseman Exp $
"""
from Zope.App.Security.Management.IPrincipalPermissions \
import IPrincipalPermissionsManager
from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
from Zope.App.Security.Management.Settings import Allow, Deny, Unset
class PrincipalPermissionsManager(LocalSecurityMap):
"""Mappings between principals and permissions."""
__implements__ = IPrincipalPermissionsManager
def grantPermissionToPrincipal( self, permission_id, principal_id ):
''' See the interface IPrincipalPermissionManager '''
self.addCell( permission_id, principal_id, Allow )
def denyPermissionToPrincipal( self, permission_id, principal_id ):
''' See the interface IPrincipalPermissionManager '''
self.addCell( permission_id, principal_id, Deny )
def unsetPermissionForPrincipal( self, permission_id, principal_id ):
''' See the interface IPrincipalPermissionManager '''
self.delCell( permission_id, principal_id )
def getPrincipalsForPermission( self, permission_id ):
''' See the interface IPrincipalPermissionManager '''
return self.getRow( permission_id )
def getPermissionsForPrincipal( self, principal_id ):
''' See the interface IPrincipalPermissionManager '''
return self.getCol( principal_id )
def getSetting( self, permission_id, principal_id ):
''' See the interface IPrincipalPermissionManager '''
return self.getCell( permission_id, principal_id, default=Unset )
def getPrincipalsAndPermissions( self ):
''' See the interface IPrincipalPermissionManager '''
return self.getAllCells()
# Permissions are our rows, and principals are our columns
principalPermissionsManager = PrincipalPermissionsManager()
# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
from Zope.Testing.CleanUp import addCleanUp
addCleanUp(principalPermissionsManager._clear)
del addCleanUp
=== Added File Zope3/lib/python/Zope/App/Security/Management/GlobalPrincipalRoles.py ===
# GlobalPrincipalRoles.py
#
# Copyright (c) 2001 Zope Coporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
"""
$Id: GlobalPrincipalRoles.py,v 1.1.2.1 2002/04/09 16:36:43 caseman Exp $
"""
from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
from Zope.App.Security.Management.Settings import Assign, Remove, Unset
from Zope.App.Security.Management.IPrincipalRoles \
import IPrincipalRolesManager
class PrincipalRolesManager(LocalSecurityMap):
"""Mappings between principals and roles."""
__implements__ = IPrincipalRolesManager
def assignRoleToPrincipal( self, role_id, principal_id ):
''' See the interface IPrincipalRoleManager '''
self.addCell( role_id, principal_id, Assign )
def removeRoleFromPrincipal( self, role_id, principal_id ):
''' See the interface IPrincipalRoleManager '''
self.addCell( role_id, principal_id, Remove )
def unsetRoleForPrincipal( self, role_id, principal_id ):
''' See the interface IPrincipalRoleManager '''
self.delCell( role_id, principal_id )
def getPrincipalsForRole( self, role_id ):
''' See the interface IPrincipalRoleMap '''
return self.getRow( role_id )
def getRolesForPrincipal( self, principal_id ):
''' See the interface IPrincipalRoleMap '''
return self.getCol( principal_id )
def getSetting( self, role_id, principal_id ):
''' See the interface IPrincipalRoleMap '''
return self.getCell( role_id, principal_id, default=Unset )
def getPrincipalsAndRoles( self ):
''' See the interface IPrincipalRoleMap '''
return self.getAllCells()
# Roles are our rows, and principals are our columns
principalRolesManager = PrincipalRolesManager()
# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
from Zope.Testing.CleanUp import addCleanUp
addCleanUp(principalRolesManager._clear)
del addCleanUp
=== Added File Zope3/lib/python/Zope/App/Security/Management/GlobalRolePermissions.py ===
# GlobalRolePermissions.py
#
# Copyright (c) 2001 Zope Coporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
"""
$Id: GlobalRolePermissions.py,v 1.1.2.1 2002/04/09 16:36:43 caseman Exp $
"""
from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
from Zope.App.Security.Management.Settings import Allow, Deny
from Zope.App.Security.Management.IRolePermissions \
import IRolePermissionsManager
class RolePermissionsManager(LocalSecurityMap):
"""Mappings between roles and permissions."""
__implements__ = IRolePermissionsManager
def grantPermissionToRole( self, permission_id, role_id ):
'''See interface IRolePermissionMap'''
self.addCell( permission_id, role_id, Allow )
def denyPermissionToRole( self, permission_id, role_id ):
'''See interface IRolePermissionMap'''
self.addCell( permission_id, role_id, Deny )
def unsetPermissionFromRole( self, permission_id, role_id ):
'''See interface IRolePermissionMap'''
self.delCell( permission_id, role_id )
def getRolesForPermission( self, permission_id ):
'''See interface IRolePermissionMap'''
return self.getRow( permission_id )
def getPermissionsForRole( self, role_id ):
'''See interface IRolePermissionMap'''
return self.getCol( role_id )
def getSetting( self, permission_id, role_id ):
'''See interface IRolePermissionMap'''
return self.getCell( permission_id, role_id )
def getRolesAndPermissions( self ):
'''See interface IRolePermissionMap'''
return self.getAllCells()
# Permissions are our rows, and roles are our columns
rolePermissionsManager = RolePermissionsManager()
# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
from Zope.Testing.CleanUp import addCleanUp
addCleanUp(rolePermissionsManager._clear)
del addCleanUp
=== Added File Zope3/lib/python/Zope/App/Security/Management/IPrincipalPermissions.py ===
# IPrincipalPermissions.py
#
# Copyright (c) 2001 Zope Coporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
"""Mappings between principals and permissions."""
from Interface import Interface
class IPrincipalPermissions(Interface):
"""Mappings between principals and permissions."""
def getPrincipalsForPermission(permission_id):
"""Return the list of (principal_id, setting) tuples that describe
security assertions for this permission.
If no principals have been set for this permission, then the empty
list is returned.
"""
def getPermissionsForPrincipal(principal_id):
"""Return the list of (permission, setting) tuples that describe
security assertions for this principal.
If no permissions have been set for this principal, then the empty
list is returned.
"""
def getSetting(permission_id, principal_id):
"""Get the setting (Allow/Deny/Unset) for a given permission and
principal.
"""
def getPrincipalsAndPermissions():
"""Get the principal security assertions here in the form
of a list of three tuple containing
(permission id, principal id, setting)
"""
class IPrincipalPermissionsManager(IPrincipalPermissions):
"""Management interface for mappings between principals and permissions."""
def grantPermissionToPrincipal(permission_id, principal_id):
"""Assert that the permission is allowed for the principal.
"""
def denyPermissionToPrincipal(permission_id, principal_id):
"""Assert that the permission is denied to the principal.
"""
def unsetPermissionForPrincipal(permission_id, principal_id):
"""Remove the permission (either denied or allowed) from the
principal.
"""
=== Added File Zope3/lib/python/Zope/App/Security/Management/IPrincipalRoles.py ===
# IPrincipalRoleManager.py
#
# Copyright (c) 2001 Zope Coporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
"""Mappings between principals and roles."""
from Interface import Interface
class IPrincipalRoles(Interface):
"""Mappings between principals and roles."""
def getPrincipalsForRole(role_id):
"""Return the list of (principal, setting) who have been assigned or
removed from a role.
If no principals have been assigned this role,
then the empty list is returned.
"""
def getRolesForPrincipal(principal_id):
"""Return the list of (role, setting) assigned or removed from
this principal.
If no roles have been assigned to
this principal, then the empty list is returned.
"""
def getSetting(role_id, principal_id):
"""Return the setting for this principal, role combination
"""
def getPrincipalsAndRoles():
"""Return all the principal/role combinations along with the
setting for each combination.
"""
class IPrincipalRolesManager(IPrincipalRoles):
"""Management interface for mappings between principals and roles."""
def assignRoleToPrincipal(role_id, principal_id):
"""Assign the role to the principal.
"""
def removeRoleFromPrincipal(role_id, principal_id):
"""Remove a role from the principal """
def unsetRoleForPrincipal(role_id, principal_id):
"""Unset the role for the principal
"""
=== Added File Zope3/lib/python/Zope/App/Security/Management/IRolePermissions.py ===
# IRolePermissionManager.py
#
# Copyright (c) 2001 Zope Coporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
"""Mappings between roles and permissions."""
from Interface import Interface
class IRolePermissions(Interface):
"""Mappings between roles and permissions."""
def getPermissionsForRole(role_id):
"""Return a sequence of (permission id, setting) tuples for the given
role.
If no permissions have been granted to this
role, then the empty list is returned.
"""
def getRolesForPermission(permission_id):
"""Return a sequence of (role id, setting) tuples for the given
permission.
If no roles have been granted this permission, then the empty list is
returned.
"""
def getSetting(permission_id, role_id):
"""Return the setting for the given permission id and role id
If there is no setting, Unset is returned
"""
def getPrincipalsAndRoles():
"""Return a sequence of (principal_id, role_id, setting) here.
If no principal/role assertions have been made here, then the empty
list is returned.
"""
class IRolePermissionsManager(IRolePermissions):
"""Management interface for mappings between roles and permissions."""
def grantPermissionToRole(permission_id, role_id):
"""allow the permission to the role.
"""
def denyPermissionToRole(permission_id, role_id):
"""Deny the permission to the role
"""
def unsetPermissionFromRole(permission_id, role_id):
"""Clear the setting of the permission to the role.
"""
=== Added File Zope3/lib/python/Zope/App/Security/Management/MementoPrincipalPermissions.py ===
# AttributePrincipalPermissionManager.py
#
# Copyright (c) 2001 Zope Coporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
"""
$Id: MementoPrincipalPermissions.py,v 1.1.2.1 2002/04/09 16:36:43 caseman Exp $
"""
from Zope.ComponentArchitecture import getAdapter
from Zope.App.OFS.Memento.IMementoBag import IMementoBag
from Zope.App.Security.Management.IPrincipalPermissions \
import IPrincipalPermissionsManager
from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
from Zope.App.Security.Management.Settings import Allow, Deny, Unset
memo_key = 'Zope.App.Security.Management.MementoPrincipalPermissionsManager'
class MementoPrincipalPermissionsManager:
"""
Provide adapter to manage principal permission data in a memento
"""
__implements__ = IPrincipalPermissionsManager
def __init__(self, context):
self._context = context
def grantPermissionToPrincipal( self, permission_id, principal_id ):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions(create=1)
pp.addCell( permission_id, principal_id, Allow )
self._context._p_changed = 1
def denyPermissionToPrincipal( self, permission_id, principal_id ):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions(create=1)
pp.addCell( permission_id, principal_id, Deny )
self._context._p_changed = 1
def unsetPermissionForPrincipal( self, permission_id, principal_id ):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
# Only unset if there is a security map, otherwise, we're done
if pp:
pp.delCell( permission_id, principal_id )
self._context._p_changed = 1
def getPrincipalsForPermission( self, permission_id ):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getRow( permission_id )
return []
def getPermissionsForPrincipal( self, principal_id ):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getCol( principal_id )
return []
def getSetting( self, permission_id, principal_id ):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getCell( permission_id, principal_id, default=Unset )
return []
def getPrincipalsAndPermissions( self ):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getAllCells()
return []
# Implementation helpers
def _getPrincipalPermissions(self, create=0):
""" Get the principal permission map stored in the context, optionally
creating one if necessary """
memo = getAdapter(self._context, IMementoBag)
try:
return memo[memo_key]
except KeyError:
if create:
rp = memo[memo_key] = LocalSecurityMap()
return rp
return None
=== Added File Zope3/lib/python/Zope/App/Security/Management/MementoPrincipalRoles.py ===
# AttributePrincipalRoleManager.py
#
# Copyright (c) 2001 Zope Coporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
"""
$Id: MementoPrincipalRoles.py,v 1.1.2.1 2002/04/09 16:36:43 caseman Exp $
"""
from Zope.ComponentArchitecture import getAdapter
from Zope.App.OFS.Memento.IMementoBag import IMementoBag
from Zope.App.Security.Management.IPrincipalRoles \
import IPrincipalRolesManager
from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
from Zope.App.Security.Management.Settings import Assign, Remove, Unset
memo_key = 'Zope.App.Security.Management.MementoPrincipalRoles'
class MementoPrincipalRolesManager:
"""
Provide adapter to manage principal role data in a memento
"""
__implements__ = IPrincipalRolesManager
def __init__(self, context):
self._context = context
def assignRoleToPrincipal( self, role_id, principal_id ):
''' See the interface IPrincipalRoleManager '''
pr = self._getPrincipalRoles(create=1)
pr.addCell( role_id, principal_id, Assign )
self._context._p_changed = 1
def removeRoleFromPrincipal( self, role_id, principal_id ):
''' See the interface IPrincipalRoleManager '''
pr = self._getPrincipalRoles(create=1)
pr.addCell( role_id, principal_id, Remove )
self._context._p_changed = 1
def unsetRoleForPrincipal( self, role_id, principal_id ):
''' See the interface IPrincipalRoleManager '''
pr = self._getPrincipalRoles()
# Only unset if there is a security map, otherwise, we're done
if pr:
pr.delCell( role_id, principal_id )
self._context._p_changed = 1
def getPrincipalsForRole( self, role_id ):
''' See the interface IPrincipalRoleManager '''
pr = self._getPrincipalRoles()
if pr:
return pr.getRow( role_id )
return []
def getRolesForPrincipal( self, principal_id ):
''' See the interface IPrincipalRoleManager '''
pr = self._getPrincipalRoles()
if pr:
return pr.getCol( principal_id )
return []
def getSetting( self, role_id, principal_id ):
''' See the interface IPrincipalRoleManager '''
pr = self._getPrincipalRoles()
if pr:
return pr.getCell( role_id, principal_id, default=Unset )
return Unset
def getPrincipalsAndRoles( self ):
''' See the interface IPrincipalRoleManager '''
pr = self._getPrincipalRoles()
if pr:
return pr.getAllCells()
return []
# Implementation helpers
def _getPrincipalRoles(self, create=0):
""" Get the principal role map stored in the context, optionally
creating one if necessary """
memo = getAdapter(self._context, IMementoBag)
try:
return memo[memo_key]
except KeyError:
if create:
rp = memo[memo_key] = LocalSecurityMap()
return rp
return None
=== Added File Zope3/lib/python/Zope/App/Security/Management/MementoRolePermissions.py ===
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""
$Id: MementoRolePermissions.py,v 1.1.2.1 2002/04/09 16:36:43 caseman Exp $
"""
from Zope.ComponentArchitecture import getAdapter
from Zope.App.OFS.Memento.IMementoBag import IMementoBag
from Zope.App.Security.Management.IRolePermissions \
import IRolePermissionsManager
from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
from Zope.App.Security.Management.Settings import Allow, Deny, Unset
memo_key = 'Zope.App.Security.Management.MementoRolePermissions'
class MementoRolePermissionsManager:
"""
provide adaptor that manages role permission data in a memento
"""
__implements__ = IRolePermissionsManager
def __init__(self, context):
self._context = context
def grantPermissionToRole( self, permission_id, role_id ):
''' See the interface IRolePermissionManager '''
rp = self._getRolePermissions(create=1)
rp.addCell( permission_id, role_id, Allow )
self._context._p_changed = 1
def denyPermissionToRole( self, permission_id, role_id ):
''' See the interface IRolePermissionManager '''
rp = self._getRolePermissions(create=1)
rp.addCell( permission_id, role_id, Deny )
self._context._p_changed = 1
def unsetPermissionFromRole( self, permission_id, role_id ):
''' See the interface IRolePermissionManager '''
rp = self._getRolePermissions()
# Only unset if there is a security map, otherwise, we're done
if rp:
rp.delCell( permission_id, role_id )
self._context._p_changed = 1
def getRolesForPermission( self, permission_id ):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getRow( permission_id )
else:
return []
def getPermissionsForRole( self, role_id ):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getCol( role_id )
else:
return []
def getRolesAndPermissions( self ):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getAllCells( role_id )
else:
return []
def getSetting( self, permission_id, role_id ):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getCell( permission_id, role_id )
else:
return Unset
def _getRolePermissions(self, create=0):
""" Get the role permission map stored in the context, optionally
creating one if necessary """
memo = getAdapter(self._context, IMementoBag)
try:
return memo[memo_key]
except KeyError:
if create:
rp = memo[memo_key] = LocalSecurityMap()
return rp
return None
=== Added File Zope3/lib/python/Zope/App/Security/Management/PrincipalPermissionsView.py ===
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
##############################################################################
"""
$Id: PrincipalPermissionsView.py,v 1.1.2.1 2002/04/09 16:36:43 caseman Exp $
"""
import time
from Zope.PageTemplate.PageTemplateFile import PageTemplateFile
from Zope.Publisher.Browser.AttributePublisher import AttributePublisher
from Zope.ComponentArchitecture.ContextDependent import ContextDependent
from Zope.ComponentArchitecture import getService, getAdapter
from IPrincipalPermissions \
import IPrincipalPermissions, IPrincipalPermissionsManager
from Settings import Allow, Deny, Unset
class PrincipalPermissionsView(AttributePublisher, ContextDependent):
index = PageTemplateFile('pt/principal_permission_edit.pt')
def get_permission_service(self):
return getService(self.getContext(), 'PermissionService')
def get_principal(self, principal_id):
return getService(self.getContext(),
'AuthenticationService'
).getPrincipal(principal_id)
def unsetPermissions(self, principal_id, permission_ids, REQUEST=None):
"""Form action unsetting a principals permissions"""
permission_service = self.get_permission_service()
principal = self.get_principal(principal_id)
ppm = getAdapter(self.getContext(), IPrincipalPermissionsManager)
for perm_id in permission_ids:
permission = permission_service.getPermission(perm_id)
ppm.unsetPermissionForPrincipal(permission , principal)
if REQUEST is not None:
return self.index(message="Settings changed at %s"
% time.ctime(time.time()))
def grantPermissions(self, principal_id, permission_ids, REQUEST=None):
"""Form action granting a list of permissions to a principal"""
permission_service = self.get_permission_service()
principal = self.get_principal(principal_id)
ppm = getAdapter(self.getContext(), IPrincipalPermissionsManager)
for perm_id in permission_ids:
permission = permission_service.getPermission(perm_id)
ppm.grantPermissionToPrincipal(permission , principal)
if REQUEST is not None:
return self.index(message="Settings changed at %s"
% time.ctime(time.time()))
def denyPermissions(self, principal_id, permission_ids, REQUEST=None):
"""Form action denying a list of permissions for a principal"""
permission_service = self.get_permission_service()
principal = self.get_principal(principal_id)
ppm = getAdapter(self.getContext(), IPrincipalPermissionsManager)
for perm_id in permission_ids:
permission = permission_service.getPermission(perm_id)
ppm.denyPermissionToPrincipal(permission , principal)
if REQUEST is not None:
return self.index(message="Settings changed at %s"
% time.ctime(time.time()))
# Methods only called from the zpt view
def getUnsetPermissionsForPrincipal(self, principal_id):
"""Returns all unset permissions for this principal"""
ppmap = getAdapter(self.getContext(), IPrincipalPermissions)
principal = self.get_principal(principal_id)
perm_serv = getService(self.getContext(), 'PermissionService')
result = []
for perm in perm_serv.getPermissions():
if ppmap.getSetting(perm, principal) == Unset:
result.append(perm)
return result
def getPermissionsForPrincipal(self, principal_id, setting_name):
"""Return a list of permissions with the given setting_name
string for the principal.
Return empty list if there are no permissions.
"""
ppmap = getAdapter(self.getContext(), IPrincipalPermissions)
principal = self.get_principal(principal_id)
permission_settings = ppmap.getPermissionsForPrincipal(principal)
setting_map = {'Deny': Deny, 'Allow':Allow}
asked_setting = setting_map[setting_name]
result = []
for permission, setting in permission_settings:
if asked_setting == setting:
result.append(permission)
return result
=== Added File Zope3/lib/python/Zope/App/Security/Management/PrincipalRolesView.py ===
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
""" Management view component for principal-role management (Zope2's
"local roles").
$Id: PrincipalRolesView.py,v 1.1.2.1 2002/04/09 16:36:43 caseman Exp $
"""
import time
from Zope.PageTemplate.PageTemplateFile import PageTemplateFile
from Zope.Publisher.Browser.AttributePublisher import AttributePublisher
from Zope.ComponentArchitecture.ContextDependent import ContextDependent
from Zope.ComponentArchitecture import getService, getAdapter
from Zope.App.Security.Management.IPrincipalRoles \
import IPrincipalRolesManager, IPrincipalRoles
from Zope.App.Security.IPermission import IPermission
from Zope.App.Security.IRole import IRole
class PrincipalRolesView(AttributePublisher, ContextDependent):
index = PageTemplateFile('pt/principal_role_association.pt')
def getAllPrincipals(self):
principals = getattr(self, '_principals', None)
if principals is None:
principals = self._principals = getService(
self.getContext(), 'AuthenticationService'
).getPrincipals()
return principals
def getAllRoles(self):
roles = getattr(self, '_roles', None)
if roles is None:
roles = self._roles = getService(
self.getContext(), 'RoleService'
).getRoles()
return roles
def createGrid( self, principals=None, roles=None ):
if not principals:
principals = self.getAllPrincipals()
if not roles:
roles = self.getAllRoles()
return PrincipalRoleGrid( principals, roles, self.getContext() )
def action(self, principals, roles, mapping, testing=None):
for row in mapping:
pid = row.permission_id
roles = row.role_ids
if not testing:
return self.index(
message="Settings changed at %s" % time.ctime(time.time())
)
class PrincipalRoleGrid:
def __init__( self, principals, roles, context ):
self._principals = principals
self._roles = roles
self._grid = {}
map = getAdapter( context, IPrincipalRoles )
for role in roles:
for principal in principals:
setting = map.getSetting( role, principal )
self._grid[ ( role, principal ) ] = setting
def principals( self ):
return self._principals
def roles( self ):
return self._roles
def getValue( self, role, principal ):
return self._grid[ ( role, principal ) ]
def listAvailableValues( self ):
return ( 'Unset', 'Assigned', 'Removed' )
=== Added File Zope3/lib/python/Zope/App/Security/Management/RolePermissionsView.py ===
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""
$Id: RolePermissionsView.py,v 1.1.2.1 2002/04/09 16:36:43 caseman Exp $
"""
import os, time
from Zope.PageTemplate.PageTemplateFile import PageTemplateFile
from Zope.Publisher.Browser.AttributePublisher import AttributePublisher
from Zope.ComponentArchitecture.ContextDependent import ContextDependent
from Zope.ComponentArchitecture import getService, getAdapter
from Zope.App.Security.Management.IRolePermissions \
import IRolePermissionsManager
from Zope.App.Security.IPermission import IPermission
from Zope.App.Security.IRole import IRole
from Zope.App.Security.Management.Settings import Allow, Assign
class RolePermissionsView(AttributePublisher, ContextDependent):
index = PageTemplateFile('pt/manage_access.pt')
manage_permissionForm = PageTemplateFile('pt/manage_permissionForm.pt')
manage_roleForm = PageTemplateFile('pt/manage_roleForm.pt')
def roles(self):
roles = getattr(self, '_roles', None)
if roles is None:
roles = self._roles = getService(
self.getContext(), 'RoleService'
).getRoles()
return roles
def permissions(self):
permissions = getattr(self, '_permissions', None)
if permissions is None:
permissions = self._permissions = getService(
self.getContext(), 'PermissionService'
).getPermissions()
return permissions
def permissionRoles(self):
context = self.getContext()
roles = self.roles()
return [PermissionRoles(permission, context, roles)
for permission in self.permissions()]
def permissionForID(self, pid):
context = self.getContext()
roles = self.roles()
perm = getService(context, 'PermissionService'
).getPermission(pid)
return PermissionRoles(perm, context, roles)
def roleForID(self, rid):
context = self.getContext()
permissions = self.permissions()
role = getService(context, 'RoleService'
).getRole(rid)
return RolePermissions(role, context, permissions)
def action(self, REQUEST, testing=None):
roles = [r.getId() for r in self.roles()]
permissions = [p.getId() for p in self.permissions()]
prm = getAdapter(self.getContext(), IRolePermissionsManager)
for ip in range(len(permissions)):
rperm = REQUEST.get("p%s" % ip)
if rperm not in permissions: continue
for ir in range(len(roles)):
rrole = REQUEST.get("r%s" % ir)
if rrole not in roles: continue
if REQUEST.has_key("p%sr%s" % (ip, ir)):
prm.grantPermissionToRole(rperm, rrole)
else:
prm.unsetPermissionFromRole(rperm, rrole)
if not testing:
return self.index( REQUEST,
message="Settings changed at %s" % time.ctime(time.time())
)
def update_permission(self, REQUEST, permission_id,
roles=(), testing=None):
prm = getAdapter(self.getContext(), IRolePermissionsManager)
for ir in [r.getId() for r in self.roles()]:
if ir in roles:
prm.grantPermissionToRole(permission_id, ir)
else:
prm.unsetPermissionFromRole(permission_id, ir)
if not testing:
return self.index(REQUEST,
message="Settings changed at %s"
% time.ctime(time.time())
)
def update_role(self, REQUEST, role_id,
permissions=(), testing=None):
prm = getAdapter(self.getContext(), IRolePermissionsManager)
for ip in [p.getId() for p in self.permissions()]:
if ip in permissions:
prm.grantPermissionToRole(ip, role_id)
else:
prm.unsetPermissionFromRole(ip, role_id)
if not testing:
return self.index(REQUEST,
message="Settings changed at %s"
% time.ctime(time.time())
)
class PermissionRoles:
__implements__ = IPermission
def __init__(self, permission, context, roles):
self._permission = permission
self._context = context
self._roles = roles
def getId(self):
return self._permission.getId()
def getTitle(self):
return self._permission.getTitle()
def getDescription(self):
return self._permission.getDescription()
def roles(self):
prm = getAdapter(self._context, IRolePermissionsManager)
proles = prm.getRolesForPermission(self._permission.getId())
proles = [role for role,setting in proles if setting==Allow]
return [((role.getId() in proles) and '1' or None)
for role in self._roles]
def rolesInfo(self):
prm = getAdapter(self._context, IRolePermissionsManager)
proles = prm.getRolesForPermission(self._permission.getId())
proles = [role for role,setting in proles if setting==Allow]
return [{'id': role.getId(),
'title': role.getTitle(),
'checked': ((role.getId() in proles) and '1' or None)}
for role in self._roles]
class RolePermissions:
__implements__ = IRole
def __init__(self, role, context, permissions):
self._role = role
self._context = context
self._permissions = permissions
def getId(self):
return self._role.getId()
def getTitle(self):
return self._role.getTitle()
def getDescription(self):
return self._role.getDescription()
def permissionsInfo(self):
prm = getAdapter(self._context, IRolePermissionsManager)
rperms = prm.getPermissionsForRole(self._role.getId())
rperms = [permission
for permission,setting in rperms
if setting==Allow]
return [{'id': permission.getId(),
'title': permission.getTitle(),
'checked': ((permission.getId() in rperms) and '1' or None)}
for permission in self._permissions]
=== Added File Zope3/lib/python/Zope/App/Security/Management/Settings.py ===
# Settings.py
#
# Copyright (c) 2001 Zope Coporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
""" Security setting constants """
class PermissionSetting(object):
"""PermissionSettings should be considered as immutable.
They can be compared by identity. They are identified by
their name.
"""
def __new__(cls, name, description=None):
"""Keep a dict of PermissionSetting instances, indexed by
name. If the name already exists in the dict, return that
instance rather than creating a new one.
"""
instances = cls.__dict__.get('__instances__')
if instances is None:
cls.__instances__ = instances = {}
it = instances.get(name)
if it is None:
instances[name] = it = object.__new__(cls)
it._init(name, description)
return it
def _init(self, name, description):
self.__name = name
self.__description = description
def getDescription(self):
return self.__description
def getName(self):
return self.__name
def __str__(self):
return "PermissionSetting: %s" % self.__name
# register PermissionSettings to be symbolic constants by identity,
# even when pickled and unpickled.
import copy_reg
copy_reg.constructor(PermissionSetting)
copy_reg.pickle(PermissionSetting,
PermissionSetting.getName,
PermissionSetting)
Allow = PermissionSetting('Allow',
'Explicit allow setting for permissions')
Deny = PermissionSetting('Deny',
'Explicit deny setting for permissions')
Unset = PermissionSetting('Unset',
'Unset constant that denotes no setting for permission and role')
Assign = PermissionSetting('Assign',
'Explicit assign setting for roles')
Remove = PermissionSetting('Remove',
'Explicit remove setting for roles')
=== Added File Zope3/lib/python/Zope/App/Security/Management/__init__.py ===
=== Added File Zope3/lib/python/Zope/App/Security/Management/management.zcml ===
<zopeConfigure
xmlns='http://namespaces.zope.org/zope'
xmlns:security='http://namespaces.zope.org/security'
xmlns:zmi='http://namespaces.zope.org/zmi'
xmlns:browser='http://namespaces.zope.org/browser'
>
<adapter factory=".MementoRolePermissions.MementoRolePermissionsManager"
provides=".IRolePermissions.IRolePermissionsManager"
for="Zope.App.OFS.Memento.IMementoStorable." />
<adapter factory=".MementoPrincipalPermissions.MementoPrincipalPermissionsManager"
provides=".IPrincipalPermissions.IPrincipalPermissionsManager"
for="Zope.App.OFS.Memento.IMementoStorable." />
<adapter factory=".MementoPrincipalRoles.MementoPrincipalRolesManager"
provides=".IPrincipalRoles.IPrincipalRolesManager"
for="Zope.App.OFS.Memento.IMementoStorable." />
<!-- Role-Permissions management view -->
<security:protectClass name=".RolePermissionsView."
permission_id="Zope.Security"
methods="index, roles, permissions, permissionRoles, action,
manage_permissionForm, update_permission,
manage_roleForm, update_role, permissionForID" />
<security:protectClass
name=".RolePermissionsView.PermissionRoles."
permission_id="Zope.Security"
methods="roles, rolesInfo"
interface="Zope.App.Security.IRegisteredObject." />
<browser:view name="RolePermissionsManagement"
factory=".RolePermissionsView."
for=".IRolePermissions.IRolePermissionsManager." />
<browser:view name="RolePermissionsManagement"
factory=".RolePermissionsView."
for="Zope.App.OFS.Memento.IMementoStorable." />
<!-- Principal-Permissions management view -->
<security:protectClass name=".PrincipalPermissionsView."
permission_id="Zope.Security"
methods="index, get_principal, unsetPermissions, denyPermissions,
grantPermissions, getUnsetPermissionsForPrincipal,
getPermissionsForPrincipal" />
<browser:view name="PrincipalPermissionsManagement"
factory=".PrincipalPermissionsView."
for=".IPrincipalPermissions.IPrincipalPermissionsManager."/>
<browser:view name="PrincipalPermissionsManagement"
factory=".PrincipalPermissionsView."
for="Zope.App.OFS.Memento.IMementoStorable." />
</zopeConfigure>