--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/pyams_content/shared/common/zmi/security.py Thu Oct 08 13:37:29 2015 +0200
@@ -0,0 +1,197 @@
+#
+# Copyright (c) 2008-2015 Thierry Florac <tflorac AT ulthar.net>
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+
+__docformat__ = 'restructuredtext'
+
+
+# import standard library
+
+# import interfaces
+from pyams_content.interfaces import MANAGE_TOOL_PERMISSION
+from pyams_content.shared.common.interfaces import ISharedTool, IManagerRestrictions, IManagerRestrictionsFactory
+from pyams_security.interfaces import ISecurityManager, IPrincipalInfo
+from pyams_security.zmi.interfaces import IObjectSecurityMenu
+from pyams_skin.interfaces import IInnerPage, IPageHeader
+from pyams_skin.interfaces.container import ITableElementEditor
+from pyams_skin.layer import IPyAMSLayer
+from pyams_zmi.layer import IAdminLayer
+from z3c.table.interfaces import IValues, IColumn
+
+# import packages
+from pyams_form.form import AJAXEditForm
+from pyams_form.group import NamedWidgetsGroup
+from pyams_pagelet.pagelet import pagelet_config
+from pyams_skin.container import ContainerView
+from pyams_skin.page import DefaultPageHeaderAdapter
+from pyams_skin.table import BaseTable, I18nColumn
+from pyams_skin.viewlet.menu import MenuItem
+from pyams_utils.adapter import adapter_config, ContextRequestViewAdapter
+from pyams_utils.property import cached_property
+from pyams_utils.registry import get_utility
+from pyams_viewlet.viewlet import viewlet_config
+from pyams_zmi.form import AdminDialogEditForm
+from pyams_zmi.view import AdminView
+from pyramid.exceptions import NotFound
+from pyramid.url import resource_url
+from pyramid.view import view_config
+from z3c.form import field
+from z3c.form.browser.checkbox import SingleCheckBoxFieldWidget
+from z3c.form.interfaces import HIDDEN_MODE
+from z3c.table.column import GetAttrColumn
+from zope.interface import implementer
+from zope.schema import getFieldNamesInOrder
+
+from pyams_content import _
+
+
+@viewlet_config(name='managers-restrictions.menu', context=ISharedTool, layer=IAdminLayer,
+ manager=IObjectSecurityMenu, permission=MANAGE_TOOL_PERMISSION, weight=910)
+class SharedToolManagersRestrictionsMenu(MenuItem):
+ """Shared tool managers restrictions menu"""
+
+ label = _("Managers restrictions")
+ icon_class = 'fa-lock'
+ url = '#managers-restrictions.html'
+
+
+class SharedToolManagersRestrictionsTable(BaseTable):
+ """Shared tool manager restrictions table"""
+
+ id = 'security_manager_restrictions'
+ title = _("Content managers restrictions")
+
+
+@adapter_config(context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsTable), provides=IValues)
+class SharedToolManagerRestrictionsValuesAdapter(ContextRequestViewAdapter):
+ """Shared tool manager restrictions values adapter"""
+
+ @property
+ def values(self):
+ manager = get_utility(ISecurityManager)
+ return sorted([manager.get_principal(principal_id) for principal_id in self.context.managers],
+ key=lambda x: x.title)
+
+
+@adapter_config(context=(IPrincipalInfo, IAdminLayer, SharedToolManagersRestrictionsTable),
+ provides=ITableElementEditor)
+class PrincipalInfoElementEditor(ContextRequestViewAdapter):
+ """Principal info element editor"""
+
+ view_name = 'manager-restrictions.html'
+
+ @property
+ def url(self):
+ return resource_url(self.view.context, self.request, self.view_name, query={'principal_id': self.context.id})
+
+ modal_target = True
+
+
+@adapter_config(name='name', context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsTable), provides=IColumn)
+class SharedToolManagerRestrictionsNameColumn(I18nColumn, GetAttrColumn):
+ """Shared tool manager restrictions name column"""
+
+ _header = _("Manager name")
+ attrName = 'title'
+ weight = 10
+
+
+@pagelet_config(name='managers-restrictions.html', context=ISharedTool, layer=IPyAMSLayer,
+ permission=MANAGE_TOOL_PERMISSION)
+@implementer(IInnerPage)
+class SharedToolManagersRestrictionsView(AdminView, ContainerView):
+ """Shared tool managers restrictions view"""
+
+ table_class = SharedToolManagersRestrictionsTable
+
+
+@adapter_config(context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsView), provides=IPageHeader)
+class SharedToolManagersRestrictionsHeaderAdapter(DefaultPageHeaderAdapter):
+ """Shared tool managers restrictions header adapter"""
+
+ back_url = 'admin.html#protected-object-roles.html'
+ back_target = None
+
+ icon_class = 'fa fa-fw fa-lock'
+
+
+#
+# Manager restrictions edit form
+#
+
+@pagelet_config(name='manager-restrictions.html', context=ISharedTool, layer=IPyAMSLayer,
+ permission=MANAGE_TOOL_PERMISSION)
+class SharedToolManagerRestrictionsEditForm(AdminDialogEditForm):
+ """Shared tool manager restrictions edit form"""
+
+ icon_css_class = 'fa fa-fw fa-lock'
+
+ ajax_handler = 'manager-restrictions.json'
+ edit_permission = MANAGE_TOOL_PERMISSION
+
+ @property
+ def legend(self):
+ return self.request.localizer.translate(_("Edit manager restrictions for « {0} »")).format(self.principal.title)
+
+ @cached_property
+ def interface(self):
+ restrictions = self.getContent()
+ return restrictions.restriction_interface
+
+ @property
+ def fields(self):
+ fields = field.Fields(self.interface)
+ fields['restricted_contents'].widgetFactory = SingleCheckBoxFieldWidget
+ return fields
+
+ @cached_property
+ def principal_id(self):
+ principal_id = self.request.params.get('principal_id') or self.request.params.get('form.widgets.principal_id')
+ if not principal_id:
+ raise NotFound
+ return principal_id
+
+ @cached_property
+ def principal(self):
+ manager = get_utility(ISecurityManager)
+ return manager.get_principal(self.principal_id)
+
+ def getContent(self):
+ manager_restrictions = IManagerRestrictions(self.context)
+ restrictions = manager_restrictions.get_restrictions(self.principal_id)
+ if restrictions is None:
+ restrictions = IManagerRestrictionsFactory(self.context)(self.principal_id)
+ manager_restrictions.set_restrictions(self.principal_id, restrictions)
+ return restrictions
+
+ def update(self):
+ super(SharedToolManagerRestrictionsEditForm, self).update()
+ names = getFieldNamesInOrder(self.interface)
+ self.add_group(NamedWidgetsGroup(self, 'restricted_access', self.widgets, names,
+ legend=_("Apply contents restrictions"),
+ css_class='inner',
+ help=_("You can specify which contents this manager will be able to manage. "
+ "If you specify several criteria, the manager will be able to manage "
+ "contents for which at least one criteria is matching."),
+ switch=True,
+ checkbox_switch=True,
+ checkbox_field=self.interface['restricted_contents']))
+
+ def updateWidgets(self, prefix=None):
+ super(SharedToolManagerRestrictionsEditForm, self).updateWidgets(prefix)
+ self.widgets['principal_id'].value = self.principal
+ self.widgets['principal_id'].mode = HIDDEN_MODE
+
+
+@view_config(name='manager-restrictions.json', context=ISharedTool, request_type=IPyAMSLayer,
+ permission=MANAGE_TOOL_PERMISSION, renderer='json', xhr=True)
+class SharedToolManagerRestrictionsAJAXEditForm(AJAXEditForm, SharedToolManagerRestrictionsEditForm):
+ """Shared tool manager restrictions edit form, JSON renderer"""