Commit 86f086de authored by Julien Muchembled's avatar Julien Muchembled

Prepare interfaces for roles.

git-svn-id: https://svn.erp5.org/repos/public/erp5/sandbox/portal_types@29253 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 35147f30
...@@ -52,12 +52,11 @@ class RoleDefinition(XMLObject): ...@@ -52,12 +52,11 @@ class RoleDefinition(XMLObject):
, PropertySheet.RoleDefinition , PropertySheet.RoleDefinition
) )
security.declareProtected(Permissions.AccessContentsInformation, security.declarePrivate("getLocalRolesFor")
'getGroupIdRoleList') def getLocalRolesFor(self, ob, user_name=None):
def getGroupIdRoleList(self, ob, user_name=None):
group_id_generator = getattr(ob, group_id_generator = getattr(ob,
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT) ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT)
role_list = self.getRoleName(), role_list = self.getRoleName(),
return ((group_id, role_list) return dict((group_id, role_list)
for group_id in group_id_generator(category_order=('agent',), for group_id in group_id_generator(category_order=('agent',),
agent=self.getAgentList())) agent=self.getAgentList()))
...@@ -34,6 +34,8 @@ class RoleInformation(XMLObject): ...@@ -34,6 +34,8 @@ class RoleInformation(XMLObject):
Roles definitions defines local roles on ERP5Type documents. They are Roles definitions defines local roles on ERP5Type documents. They are
applied by the updateLocalRolesOnDocument method. applied by the updateLocalRolesOnDocument method.
""" """
# ILocalRoleGenerator
meta_type = 'ERP5 Role Information' meta_type = 'ERP5 Role Information'
portal_type = 'Role Information' portal_type = 'Role Information'
add_permission = Permissions.AddPortalContent add_permission = Permissions.AddPortalContent
...@@ -83,11 +85,11 @@ class RoleInformation(XMLObject): ...@@ -83,11 +85,11 @@ class RoleInformation(XMLObject):
self.getRoleBaseCategoryScriptId()] self.getRoleBaseCategoryScriptId()]
return ' '.join(filter(None, search_source_list)) return ' '.join(filter(None, search_source_list))
security.declarePrivate('getGroupIdRoleList') security.declarePrivate("getLocalRolesFor")
def getGroupIdRoleList(self, ob, user_name=None): def getLocalRolesFor(self, ob, user_name=None):
"""Generate security groups (with roles) to be set on a document """Compute the security that should be applied on an object
Each returned value is a 2-tuple (group_id, role_name_list). Returned value is a dict: {groud_id: role_name_set, ...}
""" """
# get the list of base_categories that are statically defined # get the list of base_categories that are statically defined
static_base_category_list = [x.split('/', 1)[0] static_base_category_list = [x.split('/', 1)[0]
...@@ -120,7 +122,7 @@ class RoleInformation(XMLObject): ...@@ -120,7 +122,7 @@ class RoleInformation(XMLObject):
# security for this object, we can just have it return None # security for this object, we can just have it return None
# instead of a dict or list of dicts # instead of a dict or list of dicts
if category_result is None: if category_result is None:
return return {}
else: else:
# no base_category needs to be retrieved using the script, we use # no base_category needs to be retrieved using the script, we use
# a list containing an empty dict to trick the system into # a list containing an empty dict to trick the system into
...@@ -128,6 +130,7 @@ class RoleInformation(XMLObject): ...@@ -128,6 +130,7 @@ class RoleInformation(XMLObject):
# defined categories) # defined categories)
category_result = [{}] category_result = [{}]
group_id_role_dict = {}
role_list = self.getRoleNameList() role_list = self.getRoleNameList()
if isinstance(category_result, dict): if isinstance(category_result, dict):
...@@ -137,7 +140,7 @@ class RoleInformation(XMLObject): ...@@ -137,7 +140,7 @@ class RoleInformation(XMLObject):
for role, group_id_list in category_result.iteritems(): for role, group_id_list in category_result.iteritems():
if role in role_list: if role in role_list:
for group_id in group_id_list: for group_id in group_id_list:
yield group_id, (role,) group_id_role_dict.setdefault(group_id, set()).add(role)
else: else:
group_id_generator = getattr(ob, group_id_generator = getattr(ob,
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT) ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT)
...@@ -165,7 +168,9 @@ class RoleInformation(XMLObject): ...@@ -165,7 +168,9 @@ class RoleInformation(XMLObject):
# Multiple groups are defined (list of users # Multiple groups are defined (list of users
# or list of group IDs resulting from a cartesian product) # or list of group IDs resulting from a cartesian product)
for group_id in group_id_list: for group_id in group_id_list:
yield group_id, role_list group_id_role_dict[group_id] = role_list
return group_id_role_dict
InitializeClass(RoleInformation) InitializeClass(RoleInformation)
...@@ -83,6 +83,8 @@ class ERP5TypeInformation(XMLObject, ...@@ -83,6 +83,8 @@ class ERP5TypeInformation(XMLObject,
isPortalContent = 1 isPortalContent = 1
isRADContent = 1 isRADContent = 1
# ILocalRoleAssignor
security = ClassSecurityInfo() security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation) security.declareObjectProtected(Permissions.AccessContentsInformation)
...@@ -343,7 +345,7 @@ class ERP5TypeInformation(XMLObject, ...@@ -343,7 +345,7 @@ class ERP5TypeInformation(XMLObject,
'your setup. '\ 'your setup. '\
'Please install it to benefit from group-based security' 'Please install it to benefit from group-based security'
group_id_role_dict = self.getGroupIdRoleDict(ob, user_name) group_id_role_dict = self.getLocalRolesFor(ob, user_name)
# Update role assignments to groups # Update role assignments to groups
if ERP5UserManager is not None: # Default implementation if ERP5UserManager is not None: # Default implementation
...@@ -377,17 +379,17 @@ class ERP5TypeInformation(XMLObject, ...@@ -377,17 +379,17 @@ class ERP5TypeInformation(XMLObject,
if reindex: if reindex:
ob.reindexObjectSecurity() ob.reindexObjectSecurity()
security.declarePrivate("getGroupIdRoleDict") security.declarePrivate("getLocalRolesFor")
def getGroupIdRoleDict(self, ob, user_name=None): def getLocalRolesFor(self, ob, user_name=None):
"""Compute the security that should be applied on an object """Compute the security that should be applied on an object
Returned value is a dict: {groud_id: role_name_set, ...} Returned value is a dict: {groud_id: role_name_set, ...}
""" """
group_id_role_dict = {} group_id_role_dict = {}
for roledef in ob.objectValues(portal_type='Role Definition'): # Merge results from applicable roles
# Retrieve and parse applicable roles
for role in self.getFilteredRoleListFor(ob): for role in self.getFilteredRoleListFor(ob):
for group_id, role_list in role.getGroupIdRoleList(ob, user_name): for group_id, role_list \
in role.getLocalRolesFor(ob, user_name).iteritems():
group_id_role_dict.setdefault(group_id, set()).update(role_list) group_id_role_dict.setdefault(group_id, set()).update(role_list)
return group_id_role_dict return group_id_role_dict
...@@ -413,7 +415,8 @@ class ERP5TypeInformation(XMLObject, ...@@ -413,7 +415,8 @@ class ERP5TypeInformation(XMLObject,
yield role yield role
# Return also explicit local roles defined as subobjects of the document # Return also explicit local roles defined as subobjects of the document
if getattr(aq_base(ob), 'isPrincipiaFolderish', 0): if getattr(aq_base(ob), 'isPrincipiaFolderish', 0) and \
self.allowType('Role Definition'):
for role in ob.objectValues(portal_type='Role Definition'): for role in ob.objectValues(portal_type='Role Definition'):
if role.getRoleName(): if role.getRoleName():
yield role yield role
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment