Skip to content

erp5-Boxiang
erp5-Boxiang
Switch branch/tag
Find file Normal viewHistoryPermalink
StandardSecurity.py 8.01 KB
Newer Older
Fabien Morin's avatar
2008-05-26 fabien  
Fabien Morin committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 
##############################################################################
#
# Copyright (c) 2002-2007 Nexedi SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
##############################################################################

from Products.ERP5Security.ERP5GroupManager import ConsistencyError

def getSecurityCategoryFromAssignment(self, base_category_list, user_name, 
    object, portal_type, child_category_list=[]):
  """
  This script returns a list of dictionaries which represent
  the security groups which a person is member of. It extracts
  the categories from the current user assignment.
  It is useful in the following cases:
  
  - associate a document (ex. an accounting transaction)
    to the division which the user was assigned to
    at the time it was created
  
  - calculate security membership of a user
  
  The parameters are
  
    base_category_list -- list of category values we need to retrieve
    user_name          -- string obtained from 
                                        getSecurityManager().getUser().getId()
    object             -- object which we want to assign roles to
    portal_type        -- portal type of object
  """
  category_list = []
  person_object_list = self.portal_catalog.unrestrictedSearchResults(\
                                portal_type='Person', reference=user_name)
  
  if len(person_object_list) != 1:
    if len(person_object_list) > 1:
      raise ConsistencyError, "Error: There is more than one Person with reference '%s'" % user_name
    else:
      # if a person_object was not found in the module, we do nothing more
      # this happens for example when a manager with no associated person 
      # object creates a person_object for a new user
      return []
  person_object = person_object_list[0].getObject()
  
  # We look for every valid assignments of this user
Fabien Morin's avatar
- remove "From" email adress to avoid to receive an Undelivered mail on each test  
Fabien Morin committed
67 
  assignment_list = person_object.contentValues(filter={'portal_type':'Assignment'})
Fabien Morin's avatar
2008-05-26 fabien  
Fabien Morin committed
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 
  for assignment in assignment_list:
    if assignment.getValidationState() == 'open':
      category_dict = {}
      for base_category in base_category_list:
        category_value_list = assignment.getAcquiredValueList(base_category)
        if category_value_list:
          for category_value in category_value_list:
            if base_category in child_category_list:
              if category_value.getPortalType() not in \
                  ('Base Category', 'ERP5 Site'):
                while category_value.getPortalType() not in \
                    ('Base Category', 'ERP5 Site'):
                  category_dict.setdefault(base_category, []).append('%s*' % \
                      category_value.getRelativeUrl())
                  category_value = category_value.getParentValue()
              else:
                category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())
            else:
              category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())
      category_list.append(category_dict)
  
  return category_list


def getSecurityCategoryFromEntity(self, base_category_list, entity_name, 
    object, portal_type, child_category_list=None, portal_type_list=None):
  """
  This script returns a list of dictionaries which represent
  the security groups which a person is member of. It extracts
  the categories from the current user assignment.
  It is useful in the following cases:
  
  - associate a document (ex. an accounting transaction)
    to the division which the user was assigned to
    at the time it was created
  
  - calculate security membership of a user
  
  The parameters are
  
    base_category_list -- list of category values we need to retrieve
    entity_name          -- string obtained from 
                                        getSecurityManager().getUser().getId()
    object             -- object which we want to assign roles to
    portal_type_list   -- list of portal type to search the entity
  """
  if portal_type_list is None:
Fabien Morin's avatar
ake anonymous subscription safer using a login and password to check the application progress :  
Fabien Morin committed
115 
    portal_type_list = self.portal_type_list
Fabien Morin's avatar
2008-05-26 fabien  
Fabien Morin committed
116 117 118 119 120 121 122 123 124 125 126 127 128 
  if child_category_list is None:
    child_category_list = []

  category_list = []
  object_list = self.portal_catalog.unrestrictedSearchResults(portal_type=portal_type_list, reference=entity_name)
  
  if len(object_list) != 1:
    if len(object_list) > 1:
      raise ConsistencyError, "Error: There is more than one Entity with reference '%s'" % entity_name
    else:
      # if a person_object was not found in the module, we do nothing more
      # this happens for example when a manager with no associated person 
      # object creates a person_object for a new user
Fabien Morin's avatar
ake anonymous subscription safer using a login and password to check the application progress :  
Fabien Morin committed
129 130 131 

      portal = self.getPortalObject()
Fabien Morin's avatar
change comment, now it's not a hack  
Fabien Morin committed
132 133 
      # this permit to get the module of the application. The goal is to
      # work with anonymous applications, even if they are not reindexed
Fabien Morin's avatar
use a custom variable 'anonymous_module' to know wich module the annonymous application belongs to  
Fabien Morin committed
134 135 
      module_id = self.REQUEST.get('anonymous_module', None)
      if module_id:
Fabien Morin's avatar
ake anonymous subscription safer using a login and password to check the application progress :  
Fabien Morin committed
136 137 138 139 140 141 142 143 144 145 146 
        module =  getattr(portal, module_id, None)
        if module is not None:
          result = module._getOb(entity_name, None)
          if result is not None:
            object = result
          else:
            return []
      else:
        return []
  else:
    object = object_list[0].getObject()
Fabien Morin's avatar
2008-05-26 fabien  
Fabien Morin committed
147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 
  
  category_dict = {}
  for base_category in base_category_list:
    category_value_list = object.getAcquiredValueList(base_category)
    if category_value_list:
      for category_value in category_value_list:
        if base_category in child_category_list:
          if category_value.getPortalType() not in \
              ('Base Category', 'ERP5 Site'):
            while category_value.getPortalType() not in \
                ('Base Category', 'ERP5 Site'):
              category_dict.setdefault(base_category, []).append('%s*' % \
                  category_value.getRelativeUrl())
              category_value = category_value.getParentValue()
          else:
            category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())
        else:
          category_dict.setdefault(base_category, []).append(category_value.getRelativeUrl())
  category_list.append(category_dict)
  
  return category_list



def getSecurityCategoryFromAssignmentParent(self, base_category_list,
                                       user_name, object, portal_type):
  return getSecurityCategoryFromAssignment(self, base_category_list,
                                       user_name, object, portal_type, child_category_list=base_category_list)

def getSecurityCategoryFromAssignmentParentGroup(self, base_category_list,
                                       user_name, object, portal_type):
  return getSecurityCategoryFromAssignment(self, base_category_list,
                                       user_name, object, portal_type, child_category_list=('group',))
 
def getSecurityCategoryFromAssignmentParentFunction(self, base_category_list,
                                       user_name, object, portal_type):
  return getSecurityCategoryFromAssignment(self, base_category_list,
                                       user_name, object, portal_type, child_category_list=('function',))
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7