pyams/pyams_content: comparison src/pyams_content/shared/common/security.py

equal deleted inserted replaced

--1:000000000000
+:7c0001cacf8e
+#
+# Copyright (c) 2008-2015 Thierry Florac <tflorac AT ulthar.net>
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+__docformat__ = 'restructuredtext'
+# import standard library
+# import interfaces
+from pyams_content.interfaces import MANAGE_CONTENT_PERMISSION
+from pyams_content.shared.common.interfaces import IWfSharedContent, IManagerRestrictions, MANAGER_RESTRICTIONS_KEY, \
+IManagerRestrictionsFactory, ISharedTool, IManagerRestrictionInfo
+# import packages
+from persistent import Persistent
+from pyams_security.interfaces import IPrincipalInfo
+from pyams_utils.adapter import adapter_config, ContextAdapter
+from pyams_utils.request import check_request
+from pyams_utils.traversing import get_parent
+from zope.annotation.interfaces import IAnnotations
+from zope.container.folder import Folder
+from zope.interface import implementer
+from zope.location import locate
+from zope.schema.fieldproperty import FieldProperty
+@implementer(IManagerRestrictionInfo)
+class SharedToolManagerRestrictionInfo(Persistent):
+"""Shared tool manager restriction info"""
+restriction_interface = IManagerRestrictionInfo
+principal_id = FieldProperty(IManagerRestrictionInfo['principal_id'])
+restricted_contents = FieldProperty(IManagerRestrictionInfo['restricted_contents'])
+owners = FieldProperty(IManagerRestrictionInfo['owners'])
+def __init__(self, principal_id):
+self.principal_id = principal_id
+def check_access(self, context, permission=MANAGE_CONTENT_PERMISSION, request=None):
+if request is None:
+request = check_request()
+if not request.has_permission(permission, context):  # check permission
+return False
+if not self.restricted_contents:  # get access if no restriction
+return True
+if context.owner & (self.owners or set()):  # check if owners are matching
+return True
+return False
+@adapter_config(context=ISharedTool, provides=IManagerRestrictions)
+class SharedToolManagerRestrictions(ContextAdapter):
+"""Shared tool manager restrictions"""
+def get_restrictions(self, principal):
+annotations = IAnnotations(self.context)
+restrictions_folder = annotations.get(MANAGER_RESTRICTIONS_KEY)
+if restrictions_folder is None:
+restrictions_folder = annotations[MANAGER_RESTRICTIONS_KEY] = Folder()
+locate(restrictions_folder, self.context)
+if IPrincipalInfo.providedBy(principal):
+principal = principal.id
+return restrictions_folder.get(principal)
+def set_restrictions(self, principal, restrictions):
+annotations = IAnnotations(self.context)
+restrictions_folder = annotations.get(MANAGER_RESTRICTIONS_KEY)
+if restrictions_folder is None:
+restrictions_folder = annotations[MANAGER_RESTRICTIONS_KEY] = Folder()
+locate(restrictions_folder, self.context)
+if IPrincipalInfo.providedBy(principal):
+principal = principal.id
+restrictions_folder[principal] = restrictions
+@adapter_config(context=IWfSharedContent, provides=IManagerRestrictions)
+def SharedContentManagerRestrictions(context):
+"""Shared tool manager restrictions"""
+tool = get_parent(context, ISharedTool)
+if tool is not None:
+return IManagerRestrictions(tool)
+@adapter_config(context=ISharedTool, provides=IManagerRestrictionsFactory)
+def SharedToolManagerRestrictionsFactory(context):
+"""Default shared tool manager restrictions factory"""
+return SharedToolManagerRestrictionInfo

changeset 0	7c0001cacf8e
child 277	9649f8ce3b1c