|
1 # |
|
2 # Copyright (c) 2008-2015 Thierry Florac <tflorac AT ulthar.net> |
|
3 # All Rights Reserved. |
|
4 # |
|
5 # This software is subject to the provisions of the Zope Public License, |
|
6 # Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. |
|
7 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED |
|
8 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
9 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS |
|
10 # FOR A PARTICULAR PURPOSE. |
|
11 # |
|
12 |
|
13 __docformat__ = 'restructuredtext' |
|
14 |
|
15 |
|
16 # import standard library |
|
17 |
|
18 # import interfaces |
|
19 from pyams_content.interfaces import MANAGE_TOOL_PERMISSION |
|
20 from pyams_content.shared.common.interfaces import ISharedTool, IManagerRestrictions, IManagerRestrictionsFactory |
|
21 from pyams_security.interfaces import ISecurityManager, IPrincipalInfo |
|
22 from pyams_security.zmi.interfaces import IObjectSecurityMenu |
|
23 from pyams_skin.interfaces import IInnerPage, IPageHeader |
|
24 from pyams_skin.interfaces.container import ITableElementEditor |
|
25 from pyams_skin.layer import IPyAMSLayer |
|
26 from pyams_zmi.layer import IAdminLayer |
|
27 from z3c.table.interfaces import IValues, IColumn |
|
28 |
|
29 # import packages |
|
30 from pyams_form.form import AJAXEditForm |
|
31 from pyams_form.group import NamedWidgetsGroup |
|
32 from pyams_pagelet.pagelet import pagelet_config |
|
33 from pyams_skin.container import ContainerView |
|
34 from pyams_skin.page import DefaultPageHeaderAdapter |
|
35 from pyams_skin.table import BaseTable, I18nColumn |
|
36 from pyams_skin.viewlet.menu import MenuItem |
|
37 from pyams_utils.adapter import adapter_config, ContextRequestViewAdapter |
|
38 from pyams_utils.property import cached_property |
|
39 from pyams_utils.registry import get_utility |
|
40 from pyams_viewlet.viewlet import viewlet_config |
|
41 from pyams_zmi.form import AdminDialogEditForm |
|
42 from pyams_zmi.view import AdminView |
|
43 from pyramid.exceptions import NotFound |
|
44 from pyramid.url import resource_url |
|
45 from pyramid.view import view_config |
|
46 from z3c.form import field |
|
47 from z3c.form.browser.checkbox import SingleCheckBoxFieldWidget |
|
48 from z3c.form.interfaces import HIDDEN_MODE |
|
49 from z3c.table.column import GetAttrColumn |
|
50 from zope.interface import implementer |
|
51 from zope.schema import getFieldNamesInOrder |
|
52 |
|
53 from pyams_content import _ |
|
54 |
|
55 |
|
56 @viewlet_config(name='managers-restrictions.menu', context=ISharedTool, layer=IAdminLayer, |
|
57 manager=IObjectSecurityMenu, permission=MANAGE_TOOL_PERMISSION, weight=910) |
|
58 class SharedToolManagersRestrictionsMenu(MenuItem): |
|
59 """Shared tool managers restrictions menu""" |
|
60 |
|
61 label = _("Managers restrictions") |
|
62 icon_class = 'fa-lock' |
|
63 url = '#managers-restrictions.html' |
|
64 |
|
65 |
|
66 class SharedToolManagersRestrictionsTable(BaseTable): |
|
67 """Shared tool manager restrictions table""" |
|
68 |
|
69 id = 'security_manager_restrictions' |
|
70 title = _("Content managers restrictions") |
|
71 |
|
72 |
|
73 @adapter_config(context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsTable), provides=IValues) |
|
74 class SharedToolManagerRestrictionsValuesAdapter(ContextRequestViewAdapter): |
|
75 """Shared tool manager restrictions values adapter""" |
|
76 |
|
77 @property |
|
78 def values(self): |
|
79 manager = get_utility(ISecurityManager) |
|
80 return sorted([manager.get_principal(principal_id) for principal_id in self.context.managers], |
|
81 key=lambda x: x.title) |
|
82 |
|
83 |
|
84 @adapter_config(context=(IPrincipalInfo, IAdminLayer, SharedToolManagersRestrictionsTable), |
|
85 provides=ITableElementEditor) |
|
86 class PrincipalInfoElementEditor(ContextRequestViewAdapter): |
|
87 """Principal info element editor""" |
|
88 |
|
89 view_name = 'manager-restrictions.html' |
|
90 |
|
91 @property |
|
92 def url(self): |
|
93 return resource_url(self.view.context, self.request, self.view_name, query={'principal_id': self.context.id}) |
|
94 |
|
95 modal_target = True |
|
96 |
|
97 |
|
98 @adapter_config(name='name', context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsTable), provides=IColumn) |
|
99 class SharedToolManagerRestrictionsNameColumn(I18nColumn, GetAttrColumn): |
|
100 """Shared tool manager restrictions name column""" |
|
101 |
|
102 _header = _("Manager name") |
|
103 attrName = 'title' |
|
104 weight = 10 |
|
105 |
|
106 |
|
107 @pagelet_config(name='managers-restrictions.html', context=ISharedTool, layer=IPyAMSLayer, |
|
108 permission=MANAGE_TOOL_PERMISSION) |
|
109 @implementer(IInnerPage) |
|
110 class SharedToolManagersRestrictionsView(AdminView, ContainerView): |
|
111 """Shared tool managers restrictions view""" |
|
112 |
|
113 table_class = SharedToolManagersRestrictionsTable |
|
114 |
|
115 |
|
116 @adapter_config(context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsView), provides=IPageHeader) |
|
117 class SharedToolManagersRestrictionsHeaderAdapter(DefaultPageHeaderAdapter): |
|
118 """Shared tool managers restrictions header adapter""" |
|
119 |
|
120 back_url = 'admin.html#protected-object-roles.html' |
|
121 back_target = None |
|
122 |
|
123 icon_class = 'fa fa-fw fa-lock' |
|
124 |
|
125 |
|
126 # |
|
127 # Manager restrictions edit form |
|
128 # |
|
129 |
|
130 @pagelet_config(name='manager-restrictions.html', context=ISharedTool, layer=IPyAMSLayer, |
|
131 permission=MANAGE_TOOL_PERMISSION) |
|
132 class SharedToolManagerRestrictionsEditForm(AdminDialogEditForm): |
|
133 """Shared tool manager restrictions edit form""" |
|
134 |
|
135 icon_css_class = 'fa fa-fw fa-lock' |
|
136 |
|
137 ajax_handler = 'manager-restrictions.json' |
|
138 edit_permission = MANAGE_TOOL_PERMISSION |
|
139 |
|
140 @property |
|
141 def legend(self): |
|
142 return self.request.localizer.translate(_("Edit manager restrictions for « {0} »")).format(self.principal.title) |
|
143 |
|
144 @cached_property |
|
145 def interface(self): |
|
146 restrictions = self.getContent() |
|
147 return restrictions.restriction_interface |
|
148 |
|
149 @property |
|
150 def fields(self): |
|
151 fields = field.Fields(self.interface) |
|
152 fields['restricted_contents'].widgetFactory = SingleCheckBoxFieldWidget |
|
153 return fields |
|
154 |
|
155 @cached_property |
|
156 def principal_id(self): |
|
157 principal_id = self.request.params.get('principal_id') or self.request.params.get('form.widgets.principal_id') |
|
158 if not principal_id: |
|
159 raise NotFound |
|
160 return principal_id |
|
161 |
|
162 @cached_property |
|
163 def principal(self): |
|
164 manager = get_utility(ISecurityManager) |
|
165 return manager.get_principal(self.principal_id) |
|
166 |
|
167 def getContent(self): |
|
168 manager_restrictions = IManagerRestrictions(self.context) |
|
169 restrictions = manager_restrictions.get_restrictions(self.principal_id) |
|
170 if restrictions is None: |
|
171 restrictions = IManagerRestrictionsFactory(self.context)(self.principal_id) |
|
172 manager_restrictions.set_restrictions(self.principal_id, restrictions) |
|
173 return restrictions |
|
174 |
|
175 def update(self): |
|
176 super(SharedToolManagerRestrictionsEditForm, self).update() |
|
177 names = getFieldNamesInOrder(self.interface) |
|
178 self.add_group(NamedWidgetsGroup(self, 'restricted_access', self.widgets, names, |
|
179 legend=_("Apply contents restrictions"), |
|
180 css_class='inner', |
|
181 help=_("You can specify which contents this manager will be able to manage. " |
|
182 "If you specify several criteria, the manager will be able to manage " |
|
183 "contents for which at least one criteria is matching."), |
|
184 switch=True, |
|
185 checkbox_switch=True, |
|
186 checkbox_field=self.interface['restricted_contents'])) |
|
187 |
|
188 def updateWidgets(self, prefix=None): |
|
189 super(SharedToolManagerRestrictionsEditForm, self).updateWidgets(prefix) |
|
190 self.widgets['principal_id'].value = self.principal |
|
191 self.widgets['principal_id'].mode = HIDDEN_MODE |
|
192 |
|
193 |
|
194 @view_config(name='manager-restrictions.json', context=ISharedTool, request_type=IPyAMSLayer, |
|
195 permission=MANAGE_TOOL_PERMISSION, renderer='json', xhr=True) |
|
196 class SharedToolManagerRestrictionsAJAXEditForm(AJAXEditForm, SharedToolManagerRestrictionsEditForm): |
|
197 """Shared tool manager restrictions edit form, JSON renderer""" |