14 |
14 |
15 |
15 |
16 # import standard library |
16 # import standard library |
17 |
17 |
18 # import interfaces |
18 # import interfaces |
19 from pyams_content.interfaces import MANAGE_CONTENT_PERMISSION |
19 from pyams_content.interfaces import MANAGE_CONTENT_PERMISSION, MANAGER_ROLE |
20 from pyams_content.shared.common.interfaces import IWfSharedContent, IManagerRestrictions, MANAGER_RESTRICTIONS_KEY, \ |
20 from pyams_content.shared.common.interfaces import IWfSharedContent, IManagerRestrictions, MANAGER_RESTRICTIONS_KEY, \ |
21 IManagerRestrictionsFactory, IBaseSharedTool, IManagerRestrictionInfo |
21 IManagerRestrictionsFactory, IBaseSharedTool, IManagerRestrictionInfo |
22 |
22 |
23 # import packages |
23 # import packages |
24 from persistent import Persistent |
24 from persistent import Persistent |
25 from pyams_security.interfaces import IPrincipalInfo |
25 from pyams_security.interfaces import IPrincipalInfo, IRevokedRoleEvent |
26 from pyams_utils.adapter import adapter_config, ContextAdapter |
26 from pyams_utils.adapter import adapter_config, ContextAdapter |
27 from pyams_utils.request import check_request |
27 from pyams_utils.request import check_request |
28 from pyams_utils.traversing import get_parent |
28 from pyams_utils.traversing import get_parent |
|
29 from pyramid.events import subscriber |
29 from zope.annotation.interfaces import IAnnotations |
30 from zope.annotation.interfaces import IAnnotations |
30 from zope.container.folder import Folder |
31 from zope.container.folder import Folder |
31 from zope.interface import implementer |
32 from zope.interface import implementer |
32 from zope.location import locate |
33 from zope.location import locate |
33 from zope.schema.fieldproperty import FieldProperty |
34 from zope.schema.fieldproperty import FieldProperty |
80 locate(restrictions_folder, self.context) |
81 locate(restrictions_folder, self.context) |
81 if IPrincipalInfo.providedBy(principal): |
82 if IPrincipalInfo.providedBy(principal): |
82 principal = principal.id |
83 principal = principal.id |
83 restrictions_folder[principal] = restrictions |
84 restrictions_folder[principal] = restrictions |
84 |
85 |
|
86 def drop_restrictions(self, principal): |
|
87 annotations = IAnnotations(self.context) |
|
88 restrictions_folder = annotations.get(MANAGER_RESTRICTIONS_KEY) |
|
89 if restrictions_folder is None: |
|
90 return |
|
91 if IPrincipalInfo.providedBy(principal): |
|
92 principal = principal.id |
|
93 if principal in restrictions_folder: |
|
94 del restrictions_folder[principal] |
|
95 |
|
96 |
|
97 @subscriber(IRevokedRoleEvent) |
|
98 def handle_revoked_manager_role(event): |
|
99 """Handle revoked manager role""" |
|
100 if event.role_id == MANAGER_ROLE: |
|
101 restrictions = IManagerRestrictions(event.object.__parent__, None) |
|
102 if restrictions: |
|
103 restrictions.drop_restrictions(event.principal_id) |
|
104 |
85 |
105 |
86 @adapter_config(context=IWfSharedContent, provides=IManagerRestrictions) |
106 @adapter_config(context=IWfSharedContent, provides=IManagerRestrictions) |
87 def SharedContentManagerRestrictions(context): |
107 def SharedContentManagerRestrictions(context): |
88 """Shared tool manager restrictions""" |
108 """Shared tool manager restrictions""" |
89 tool = get_parent(context, IBaseSharedTool) |
109 tool = get_parent(context, IBaseSharedTool) |