ERP5GroupManager.py 5.6 KB
Newer Older
Jean-Paul Smets's avatar
Jean-Paul Smets committed
1 2
##############################################################################
#
3 4
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights
# Reserved.
Jean-Paul Smets's avatar
Jean-Paul Smets committed
5
#
6 7 8 9 10 11 12
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL).  A copy of the ZPL should accompany this
# distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
Jean-Paul Smets's avatar
Jean-Paul Smets committed
13 14 15 16 17 18 19
#
##############################################################################
""" Classes: ERP5GroupManager
"""

from Globals import InitializeClass
from AccessControl import ClassSecurityInfo
20 21
from AccessControl.SecurityManagement import newSecurityManager,\
    getSecurityManager, setSecurityManager
Jean-Paul Smets's avatar
Jean-Paul Smets committed
22 23 24 25 26 27
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.interfaces.plugins import IGroupsPlugin
from Products.ERP5Type.Cache import CachingMethod

Alexandre Boeglin's avatar
Alexandre Boeglin committed
28 29
from pickle import dumps, loads

Jean-Paul Smets's avatar
Jean-Paul Smets committed
30 31 32 33 34 35
from zLOG import LOG

manage_addERP5GroupManagerForm = PageTemplateFile(
    'www/ERP5Security_addERP5GroupManager', globals(), __name__='manage_addERP5GroupManagerForm' )

def addERP5GroupManager( dispatcher, id, title=None, REQUEST=None ):
Alexandre Boeglin's avatar
Alexandre Boeglin committed
36
  """ Add a ERP5GroupManager to a Pluggable Auth Service. """
Jean-Paul Smets's avatar
Jean-Paul Smets committed
37

Alexandre Boeglin's avatar
Alexandre Boeglin committed
38 39
  egm = ERP5GroupManager(id, title)
  dispatcher._setObject(egm.getId(), egm)
Jean-Paul Smets's avatar
Jean-Paul Smets committed
40

Alexandre Boeglin's avatar
Alexandre Boeglin committed
41 42 43 44 45 46
  if REQUEST is not None:
    REQUEST['RESPONSE'].redirect(
                              '%s/manage_workspace'
                              '?manage_tabs_message='
                              'ERP5GroupManager+added.'
                          % dispatcher.absolute_url())
Jean-Paul Smets's avatar
Jean-Paul Smets committed
47 48 49

class ERP5GroupManager(BasePlugin):

Alexandre Boeglin's avatar
Alexandre Boeglin committed
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
  """ PAS plugin for dynamically adding Groups
  based on Assignments in ERP5
  """
  meta_type = 'ERP5 Group Manager'

  security = ClassSecurityInfo()

  def __init__(self, id, title=None):

    self._id = self.id = id
    self.title = title

  #
  #   IGroupsPlugin implementation
  #
  def getGroupsForPrincipal(self, principal, request=None):
    """ See IGroupsPlugin.
Jean-Paul Smets's avatar
Jean-Paul Smets committed
67
    """
Alexandre Boeglin's avatar
Alexandre Boeglin committed
68 69 70 71 72 73 74 75 76 77
    def _getGroupsForPrincipal(user_name, path):
      security_category_dict = {} # key is the base_category_list,
                                  # value is the list of fetched categories
      security_group_list = []
      security_definition_dict = {}

      # because we aren't logged in, we have to create our own
      # SecurityManager to be able to access the Catalog
      #FIXME here we assume that the portal owner will always have
      #      enough rights, which might as well be wrong
78
      sm = getSecurityManager()
Alexandre Boeglin's avatar
Alexandre Boeglin committed
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
      newSecurityManager(self, self.getPortalObject().getOwner())

      # To get the complete list of groups, we try to call the
      # ERP5Type_getSecurityCategoryMapping which should return a dict
      # like : {
      #     'script_1':['base_category_1', 'base_category_2', ...],
      #     'script_2':['base_category_1', 'base_category_3', ...]}
      #
      # else, if the script does not exist, falls back to :
      # { 'ERP5Type_getSecurityCategoryFromAssignment':
      #   self.getPortalAssignmentBaseCategoryList()}

      mapping_method = getattr(self,
          'ERP5Type_getSecurityCategoryMapping', None)
      if mapping_method is None:
        security_definition_dict = {
            'ERP5Type_getSecurityCategoryFromAssignment':
            self.getPortalAssignmentBaseCategoryList()
        }
      else:
        security_definition_dict = mapping_method()

      # get the person from its reference
      catalog_result = self.portal_catalog(
          portal_type="Person", reference=user_name)
      if len(catalog_result) != 1: # we won't proceed with groups
        if len(catalog_result) > 1: # configuration is screwed
          raise 'ConsistencyError', 'There is more than one Person whose \
              login is %s : %s' % (user_name,
              repr([r.getObject() for r in catalog_result]))
        else: # no person is linked to this user login
110
          setSecurityManager(sm)
Alexandre Boeglin's avatar
Alexandre Boeglin committed
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133
          return ()
      person_object = catalog_result[0].getObject()
      person_id = person_object.getId()

      # Fetch category values from defined scripts
      for method_name, base_category_list in \
          security_definition_dict.items():
        pickled_category_list = dumps(base_category_list)
        method = getattr(self, method_name)
        if not security_category_dict.has_key(pickled_category_list):
          security_category_dict[pickled_category_list] = []
        security_category_dict[pickled_category_list].extend(
            method(base_category_list, person_id, person_object, ''))

      # Get group names from category values
      group_id_generator = getattr(self, 'ERP5Type_asSecurityGroupId')
      for pickled_category_list, category_value_list in \
          security_category_dict.items():
        base_category_list = loads(pickled_category_list)
        for category_dict in category_value_list:
          security_group_list.append(group_id_generator(
              category_order=base_category_list, **category_dict))

134
      setSecurityManager(sm)
Alexandre Boeglin's avatar
Alexandre Boeglin committed
135 136 137 138 139 140 141
      return tuple(security_group_list)

    _getGroupsForPrincipal = CachingMethod(_getGroupsForPrincipal, id='ERP5GroupManager_getGroupsForPrincipal')
    return _getGroupsForPrincipal(user_name=principal.getId(), path=self.getPhysicalPath())



Jean-Paul Smets's avatar
Jean-Paul Smets committed
142 143 144 145 146
classImplements( ERP5GroupManager
               , IGroupsPlugin
               )

InitializeClass(ERP5GroupManager)