Commit 98c66db0 authored by Jean-Paul Smets's avatar Jean-Paul Smets

Added support for user based security


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@5224 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 48a82614
......@@ -74,12 +74,16 @@
# site=\'france/lille\', group=\'nexedi\', function=\'accounting/accountant\')\n
# This will generate a string like \'LIL_NXD_ACT\' where "LIL", "NXD" and "ACT" are the codification\n
# of respecively "france/lille", "nexedi" and "accounting/accountant" categories\n
#\n
# ERP5Type_asSecurityGroupId can also return a list of users whenever a category points\n
# to a Person instance. This is useful to implement user based local role assignments\n
\n
code_list = []\n
user_list = []\n
\n
# sort the category list lexicographically\n
# this prevents us to choose the exact order we want,\n
# but also prevents some human mistake to f*ck everything up by creating site_function instead of function_site\n
# but also prevents some human mistake to break everything up by creating site_function instead of function_site\n
if category_order not in (None, \'\'):\n
category_order = [ x for x in category_order]\n
category_order.sort()\n
......@@ -87,14 +91,23 @@ else:\n
category_order = []\n
\n
for base_category in category_order:\n
category = kw[base_category]\n
category_list = kw[base_category]\n
for category in category_list:\n
category_path = \'%s/%s\' % (base_category, category)\n
category_object = context.portal_categories.getCategoryValue(category_path)\n
if category_object in (None, \'\'):\n
raise "SecurityRoleDefinitionError", "Category \'%s\' doesn\'t exist" % (category_path)\n
if category_object.getPortalType() == \'Person\':\n
# We define a person here\n
user_name = category_object.getReference()\n
if user_name is not None: user_list.append(user_name)\n
else:\n
# We define a group item here\n
category_code = category_object.getCodification() or category_object.getId()\n
code_list.append(category_code)\n
\n
# Return a list of users or a single group\n
if user_list: return user_list\n
return \'_\'.join(code_list)\n
</string> </value>
</item>
......@@ -139,6 +152,7 @@ return \'_\'.join(code_list)\n
<string>category_order</string>
<string>kw</string>
<string>code_list</string>
<string>user_list</string>
<string>None</string>
<string>append</string>
<string>$append0</string>
......@@ -147,10 +161,12 @@ return \'_\'.join(code_list)\n
<string>_getattr_</string>
<string>base_category</string>
<string>_getitem_</string>
<string>category_list</string>
<string>category</string>
<string>category_path</string>
<string>context</string>
<string>category_object</string>
<string>user_name</string>
<string>category_code</string>
</tuple>
</value>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.PythonScripts.PythonScript</string>
<string>PythonScript</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Python_magic</string> </key>
<value> <string encoding="base64">O/INCg==</string> </value>
</item>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>__ac_local_roles__</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string># XXX For now, this script requires proxy manager\n
\n
# base_category_list : list of category values we need to retrieve\n
# user_name : string obtained from getSecurityManager().getUser().getUserName() [NuxUserGroup]\n
# When using PluggableAuthService with ERP5GroupMAnager, user_name is the id\n
# of the person linked to getUser().getId() through getReference() (which is its login).\n
# object : object which we want to assign roles to.\n
# portal_type : portal type of object\n
\n
# must always return a list of dicts\n
\n
category_list = []\n
\n
if object is None:\n
return []\n
\n
for base_category in base_category_list:\n
category_list.append({base_category: object.getCategoryMembershipList(base_category)})\n
\n
return category_list\n
</string> </value>
</item>
<item>
<key> <string>_code</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_filepath</string> </key>
<value> <string>Script (Python):/nexedi/portal_skins/erp5_core/ERP5Type_getSecurityCategoryFromArrow</string> </value>
</item>
<item>
<key> <string>_owner</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>4</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>base_category_list</string>
<string>user_name</string>
<string>object</string>
<string>portal_type</string>
<string>category_list</string>
<string>None</string>
<string>_getiter_</string>
<string>base_category</string>
<string>_getattr_</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryFromArrow</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
2006-01-21 JP
* Added support for user based role assignment (ERP5Type_getSecurityCategoryFromArrow)
2006-01-20 JP & Jerome
* Added document template initial support to Base_doAction and erp5_html_style
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment