1 #

     2 # Copyright (c) 2008-2015 Thierry Florac <tflorac AT ulthar.net>

     3 # All Rights Reserved.

     4 #

     5 # This software is subject to the provisions of the Zope Public License,

     6 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.

     7 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED

     8 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

     9 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS

    10 # FOR A PARTICULAR PURPOSE.

    11 #

    12 

    13 __docformat__ = 'restructuredtext'

    14 

    15 

    16 # import standard library

    17 

    18 # import interfaces

    19 from pyams_content.interfaces import MANAGE_TOOL_PERMISSION

    20 from pyams_content.shared.common.interfaces import ISharedTool, IManagerRestrictions, IManagerRestrictionsFactory

    21 from pyams_security.interfaces import ISecurityManager, IPrincipalInfo

    22 from pyams_security.zmi.interfaces import IObjectSecurityMenu

    23 from pyams_skin.interfaces import IInnerPage, IPageHeader

    24 from pyams_skin.interfaces.container import ITableElementEditor

    25 from pyams_skin.layer import IPyAMSLayer

    26 from pyams_zmi.layer import IAdminLayer

    27 from z3c.table.interfaces import IValues, IColumn

    28 

    29 # import packages

    30 from pyams_form.form import AJAXEditForm

    31 from pyams_form.group import NamedWidgetsGroup

    32 from pyams_pagelet.pagelet import pagelet_config

    33 from pyams_skin.container import ContainerView

    34 from pyams_skin.page import DefaultPageHeaderAdapter

    35 from pyams_skin.table import BaseTable, I18nColumn

    36 from pyams_skin.viewlet.menu import MenuItem

    37 from pyams_utils.adapter import adapter_config, ContextRequestViewAdapter

    38 from pyams_utils.property import cached_property

    39 from pyams_utils.registry import get_utility

    40 from pyams_viewlet.viewlet import viewlet_config

    41 from pyams_zmi.form import AdminDialogEditForm

    42 from pyams_zmi.view import AdminView

    43 from pyramid.exceptions import NotFound

    44 from pyramid.url import resource_url

    45 from pyramid.view import view_config

    46 from z3c.form import field

    47 from z3c.form.browser.checkbox import SingleCheckBoxFieldWidget

    48 from z3c.form.interfaces import HIDDEN_MODE

    49 from z3c.table.column import GetAttrColumn

    50 from zope.interface import implementer

    51 from zope.schema import getFieldNamesInOrder

    52 

    53 from pyams_content import _

    54 

    55 

    56 @viewlet_config(name='managers-restrictions.menu', context=ISharedTool, layer=IAdminLayer,

    57                 manager=IObjectSecurityMenu, permission=MANAGE_TOOL_PERMISSION, weight=910)

    58 class SharedToolManagersRestrictionsMenu(MenuItem):

    59     """Shared tool managers restrictions menu"""

    60 

    61     label = _("Managers restrictions")

    62     icon_class = 'fa-lock'

    63     url = '#managers-restrictions.html'

    64 

    65 

    66 class SharedToolManagersRestrictionsTable(BaseTable):

    67     """Shared tool manager restrictions table"""

    68 

    69     id = 'security_manager_restrictions'

    70     title = _("Content managers restrictions")

    71 

    72 

    73 @adapter_config(context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsTable), provides=IValues)

    74 class SharedToolManagerRestrictionsValuesAdapter(ContextRequestViewAdapter):

    75     """Shared tool manager restrictions values adapter"""

    76 

    77     @property

    78     def values(self):

    79         manager = get_utility(ISecurityManager)

    80         return sorted([manager.get_principal(principal_id) for principal_id in self.context.managers],

    81                       key=lambda x: x.title)

    82 

    83 

    84 @adapter_config(context=(IPrincipalInfo, IAdminLayer, SharedToolManagersRestrictionsTable),

    85                 provides=ITableElementEditor)

    86 class PrincipalInfoElementEditor(ContextRequestViewAdapter):

    87     """Principal info element editor"""

    88 

    89     view_name = 'manager-restrictions.html'

    90 

    91     @property

    92     def url(self):

    93         return resource_url(self.view.context, self.request, self.view_name, query={'principal_id': self.context.id})

    94 

    95     modal_target = True

    96 

    97 

    98 @adapter_config(name='name', context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsTable), provides=IColumn)

    99 class SharedToolManagerRestrictionsNameColumn(I18nColumn, GetAttrColumn):

   100     """Shared tool manager restrictions name column"""

   101 

   102     _header = _("Manager name")

   103     attrName = 'title'

   104     weight = 10

   105 

   106 

   107 @pagelet_config(name='managers-restrictions.html', context=ISharedTool, layer=IPyAMSLayer,

   108                 permission=MANAGE_TOOL_PERMISSION)

   109 @implementer(IInnerPage)

   110 class SharedToolManagersRestrictionsView(AdminView, ContainerView):

   111     """Shared tool managers restrictions view"""

   112 

   113     table_class = SharedToolManagersRestrictionsTable

   114 

   115 

   116 @adapter_config(context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsView), provides=IPageHeader)

   117 class SharedToolManagersRestrictionsHeaderAdapter(DefaultPageHeaderAdapter):

   118     """Shared tool managers restrictions header adapter"""

   119 

   120     back_url = 'admin.html#protected-object-roles.html'

   121     back_target = None

   122 

   123     icon_class = 'fa fa-fw fa-lock'

   124 

   125 

   126 #

   127 # Manager restrictions edit form

   128 #

   129 

   130 @pagelet_config(name='manager-restrictions.html', context=ISharedTool, layer=IPyAMSLayer,

   131                 permission=MANAGE_TOOL_PERMISSION)

   132 class SharedToolManagerRestrictionsEditForm(AdminDialogEditForm):

   133     """Shared tool manager restrictions edit form"""

   134 

   135     icon_css_class = 'fa fa-fw fa-lock'

   136 

   137     ajax_handler = 'manager-restrictions.json'

   138     edit_permission = MANAGE_TOOL_PERMISSION

   139 

   140     @property

   141     def legend(self):

   142         return self.request.localizer.translate(_("Edit manager restrictions for « {0} »")).format(self.principal.title)

   143 

   144     @cached_property

   145     def interface(self):

   146         restrictions = self.getContent()

   147         return restrictions.restriction_interface

   148 

   149     @property

   150     def fields(self):

   151         fields = field.Fields(self.interface)

   152         fields['restricted_contents'].widgetFactory = SingleCheckBoxFieldWidget

   153         return fields

   154 

   155     @cached_property

   156     def principal_id(self):

   157         principal_id = self.request.params.get('principal_id') or self.request.params.get('form.widgets.principal_id')

   158         if not principal_id:

   159             raise NotFound

   160         return principal_id

   161 

   162     @cached_property

   163     def principal(self):

   164         manager = get_utility(ISecurityManager)

   165         return manager.get_principal(self.principal_id)

   166 

   167     def getContent(self):

   168         manager_restrictions = IManagerRestrictions(self.context)

   169         restrictions = manager_restrictions.get_restrictions(self.principal_id)

   170         if restrictions is None:

   171             restrictions = IManagerRestrictionsFactory(self.context)(self.principal_id)

   172             manager_restrictions.set_restrictions(self.principal_id, restrictions)

   173         return restrictions

   174 

   175     def update(self):

   176         super(SharedToolManagerRestrictionsEditForm, self).update()

   177         names = getFieldNamesInOrder(self.interface)

   178         self.add_group(NamedWidgetsGroup(self, 'restricted_access', self.widgets, names,

   179                                          legend=_("Apply contents restrictions"),

   180                                          css_class='inner',

   181                                          help=_("You can specify which contents this manager will be able to manage. "

   182                                                 "If you specify several criteria, the manager will be able to manage "

   183                                                 "contents for which at least one criteria is matching."),

   184                                          switch=True,

   185                                          checkbox_switch=True,

   186                                          checkbox_field=self.interface['restricted_contents']))

   187 

   188     def updateWidgets(self, prefix=None):

   189         super(SharedToolManagerRestrictionsEditForm, self).updateWidgets(prefix)

   190         self.widgets['principal_id'].value = self.principal

   191         self.widgets['principal_id'].mode = HIDDEN_MODE

   192 

   193 

   194 @view_config(name='manager-restrictions.json', context=ISharedTool, request_type=IPyAMSLayer,

   195              permission=MANAGE_TOOL_PERMISSION, renderer='json', xhr=True)

   196 class SharedToolManagerRestrictionsAJAXEditForm(AJAXEditForm, SharedToolManagerRestrictionsEditForm):

   197     """Shared tool manager restrictions edit form, JSON renderer"""