Commit 85c34358 authored by Sebastien Robin's avatar Sebastien Robin

added permission management


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@1139 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent aeff0fb8
...@@ -149,5 +149,6 @@ CPSBaseDocument.getProperty = Base.getProperty ...@@ -149,5 +149,6 @@ CPSBaseDocument.getProperty = Base.getProperty
CPSBaseDocument._setProperty = Base._setProperty CPSBaseDocument._setProperty = Base._setProperty
CPSBaseDocument._edit = Base._edit CPSBaseDocument._edit = Base._edit
CPSBaseDocument.asXML = Base.asXML CPSBaseDocument.asXML = Base.asXML
CPSBaseDocument.get_local_permissions = Base.get_local_permissions
CPSBaseDocument._propertyMap = PatchedCPSBaseDocument._propertyMap CPSBaseDocument._propertyMap = PatchedCPSBaseDocument._propertyMap
...@@ -249,5 +249,6 @@ CPSDocument.setLayoutAndSchema = PatchedCPSDocument.setLayoutAndSchema ...@@ -249,5 +249,6 @@ CPSDocument.setLayoutAndSchema = PatchedCPSDocument.setLayoutAndSchema
CPSDocument._propertyMap = PatchedCPSDocument._propertyMap CPSDocument._propertyMap = PatchedCPSDocument._propertyMap
CPSDocument.setProperty = Base.setProperty CPSDocument.setProperty = Base.setProperty
CPSDocument._setProperty = PatchedCPSDocument._setProperty CPSDocument._setProperty = PatchedCPSDocument._setProperty
CPSDocument.get_local_permissions = Base.get_local_permissions
CPSDocument.asXML = Base.asXML CPSDocument.asXML = Base.asXML
CPSDocument._edit = PatchedCPSDocument._edit CPSDocument._edit = PatchedCPSDocument._edit
...@@ -39,6 +39,7 @@ from DateTime.DateTime import DateTime ...@@ -39,6 +39,7 @@ from DateTime.DateTime import DateTime
from email.MIMEBase import MIMEBase from email.MIMEBase import MIMEBase
from email import Encoders from email import Encoders
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.PermissionMapping import setPermissionMapping
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
import pickle import pickle
import string import string
...@@ -184,6 +185,8 @@ class ERP5Conduit(XMLSyncUtilsMixin): ...@@ -184,6 +185,8 @@ class ERP5Conduit(XMLSyncUtilsMixin):
#elif xml.nodeName in self.local_role_list or self.isLocalRole(xml)>0 and not simulate: #elif xml.nodeName in self.local_role_list or self.isLocalRole(xml)>0 and not simulate:
elif xml.nodeName in self.local_role_list: elif xml.nodeName in self.local_role_list:
conflict_list += self.addLocalRoleNode(object, xml) conflict_list += self.addLocalRoleNode(object, xml)
elif xml.nodeName in self.local_permission_list:
conflict_list += self.addLocalPermissionNode(object, xml)
else: else:
conflict_list += self.updateNode(xml=xml,object=object, force=force, conflict_list += self.updateNode(xml=xml,object=object, force=force,
simulate=simulate, **kw) simulate=simulate, **kw)
...@@ -238,6 +241,9 @@ class ERP5Conduit(XMLSyncUtilsMixin): ...@@ -238,6 +241,9 @@ class ERP5Conduit(XMLSyncUtilsMixin):
object.manage_delLocalRoles([user]) object.manage_delLocalRoles([user])
elif xml.nodeName.find(self.local_group_tag)>=0: elif xml.nodeName.find(self.local_group_tag)>=0:
object.manage_delLocalGroupRoles([user]) object.manage_delLocalGroupRoles([user])
if xml.nodeName in self.local_permission_list and not simulate:
permission = self.getAttribute(xml,'id')
setPermissionMapping(permission,object)
return conflict_list return conflict_list
security.declareProtected(Permissions.ModifyPortalContent, 'updateNode') security.declareProtected(Permissions.ModifyPortalContent, 'updateNode')
...@@ -355,8 +361,8 @@ class ERP5Conduit(XMLSyncUtilsMixin): ...@@ -355,8 +361,8 @@ class ERP5Conduit(XMLSyncUtilsMixin):
LOG('updateNode',0,'we will add history') LOG('updateNode',0,'we will add history')
conflict_list += self.addNode(xml=subnode,object=object,force=force, conflict_list += self.addNode(xml=subnode,object=object,force=force,
simulate=simulate,**kw) simulate=simulate,**kw)
elif keyword == self.local_role_tag and not simulate: elif keyword in (self.local_role_tag,self.permission_role_tag) and not simulate:
# This is the case where we have to update Roles # This is the case where we have to update Roles or update permission
LOG('updateNode',0,'we will add a local role') LOG('updateNode',0,'we will add a local role')
#user = self.getSubObjectId(xml) #user = self.getSubObjectId(xml)
#roles = self.convertXmlValue(data,data_type='tokens') #roles = self.convertXmlValue(data,data_type='tokens')
...@@ -1026,6 +1032,24 @@ class ERP5Conduit(XMLSyncUtilsMixin): ...@@ -1026,6 +1032,24 @@ class ERP5Conduit(XMLSyncUtilsMixin):
object.manage_setLocalGroupRoles(user,roles) object.manage_setLocalGroupRoles(user,roles)
return conflict_list return conflict_list
security.declareProtected(Permissions.ModifyPortalContent, 'addLocalPermissionNode')
def addLocalPermissionNode(self, object, xml):
"""
This allows to specify how to handle the local permision informations.
This is really usefull if you want to write your own Conduit.
"""
conflict_list = []
# We want to add a local role
roles = self.convertXmlValue(xml.childNodes[0].data,data_type='tokens')
permission = self.getAttribute(xml,'id')
roles = list(roles) # Needed for CPS, or we have a CPS error
LOG('local_role: ',0,'permission: %s roles: %s' % (repr(permission),repr(roles)))
#user = roles[0]
#roles = roles[1:]
if xml.nodeName.find(self.local_permission_tag)>=0:
setPermissionMapping(permission,object,roles)
return conflict_list
security.declareProtected(Permissions.ModifyPortalContent, 'editDocument') security.declareProtected(Permissions.ModifyPortalContent, 'editDocument')
def editDocument(self, object=None, **kw): def editDocument(self, object=None, **kw):
""" """
......
...@@ -28,6 +28,7 @@ ...@@ -28,6 +28,7 @@
from Globals import InitializeClass, DTMLFile from Globals import InitializeClass, DTMLFile
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.Permission import pname
from Acquisition import aq_base, aq_inner, aq_acquire, aq_chain from Acquisition import aq_base, aq_inner, aq_acquire, aq_chain
from Products.CMFCore.WorkflowCore import WorkflowMethod from Products.CMFCore.WorkflowCore import WorkflowMethod
...@@ -1273,6 +1274,20 @@ class Base( CopyContainer, PortalContent, Base18, ActiveObject, ERP5PropertyMana ...@@ -1273,6 +1274,20 @@ class Base( CopyContainer, PortalContent, Base18, ActiveObject, ERP5PropertyMana
""" """
return getattr(self,'guid',None) return getattr(self,'guid',None)
security.declareProtected(Permissions.View, 'get_local_permissions')
def get_local_permissions(self):
"""
This works like get_local_roles. It allows to get all
permissions defined locally
"""
local_permission_list = ()
for permission in self.possible_permissions():
permission_role = getattr(self,pname(permission),None)
if permission_role is not None:
local_permission_list += ((permission,permission_role),)
return local_permission_list
class TempBase(Base): class TempBase(Base):
""" """
If we need Base services (categories, edit, etc) in temporary objects If we need Base services (categories, edit, etc) in temporary objects
......
...@@ -157,6 +157,11 @@ def Base_asXML(object, ident=0): ...@@ -157,6 +157,11 @@ def Base_asXML(object, ident=0):
xml += ident_string + ' <local_role id="%s" type="tokens">' % user_role[0] xml += ident_string + ' <local_role id="%s" type="tokens">' % user_role[0]
xml += '@@@'.join(user_role[1]) xml += '@@@'.join(user_role[1])
xml += '</local_role>\n' xml += '</local_role>\n'
if hasattr(self,'get_local_permissions'):
for user_permission in self.get_local_permissions():
xml += ident_string + ' <local_permission id="%s" type="tokens">' % user_permission[0]
xml += '@@@'.join(user_permission[1])
xml += '</local_permission>\n'
# Sometimes theres is roles specified for groups, like with CPS # Sometimes theres is roles specified for groups, like with CPS
if hasattr(self,'get_local_group_roles'): if hasattr(self,'get_local_group_roles'):
for group_role in self.get_local_group_roles(): for group_role in self.get_local_group_roles():
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment