|
1 # |
|
2 # Copyright (c) 2008-2015 Thierry Florac <tflorac AT ulthar.net> |
|
3 # All Rights Reserved. |
|
4 # |
|
5 # This software is subject to the provisions of the Zope Public License, |
|
6 # Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. |
|
7 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED |
|
8 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
9 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS |
|
10 # FOR A PARTICULAR PURPOSE. |
|
11 # |
|
12 |
|
13 __docformat__ = 'restructuredtext' |
|
14 |
|
15 |
|
16 # import standard library |
|
17 |
|
18 # import interfaces |
|
19 from pyams_content.interfaces import MANAGE_CONTENT_PERMISSION |
|
20 from pyams_content.shared.common.interfaces import IWfSharedContent, IManagerRestrictions, MANAGER_RESTRICTIONS_KEY, \ |
|
21 IManagerRestrictionsFactory, ISharedTool, IManagerRestrictionInfo |
|
22 |
|
23 # import packages |
|
24 from persistent import Persistent |
|
25 from pyams_security.interfaces import IPrincipalInfo |
|
26 from pyams_utils.adapter import adapter_config, ContextAdapter |
|
27 from pyams_utils.request import check_request |
|
28 from pyams_utils.traversing import get_parent |
|
29 from zope.annotation.interfaces import IAnnotations |
|
30 from zope.container.folder import Folder |
|
31 from zope.interface import implementer |
|
32 from zope.location import locate |
|
33 from zope.schema.fieldproperty import FieldProperty |
|
34 |
|
35 |
|
36 @implementer(IManagerRestrictionInfo) |
|
37 class SharedToolManagerRestrictionInfo(Persistent): |
|
38 """Shared tool manager restriction info""" |
|
39 |
|
40 restriction_interface = IManagerRestrictionInfo |
|
41 |
|
42 principal_id = FieldProperty(IManagerRestrictionInfo['principal_id']) |
|
43 restricted_contents = FieldProperty(IManagerRestrictionInfo['restricted_contents']) |
|
44 owners = FieldProperty(IManagerRestrictionInfo['owners']) |
|
45 |
|
46 def __init__(self, principal_id): |
|
47 self.principal_id = principal_id |
|
48 |
|
49 def check_access(self, context, permission=MANAGE_CONTENT_PERMISSION, request=None): |
|
50 if request is None: |
|
51 request = check_request() |
|
52 if not request.has_permission(permission, context): # check permission |
|
53 return False |
|
54 if not self.restricted_contents: # get access if no restriction |
|
55 return True |
|
56 if context.owner & (self.owners or set()): # check if owners are matching |
|
57 return True |
|
58 return False |
|
59 |
|
60 |
|
61 @adapter_config(context=ISharedTool, provides=IManagerRestrictions) |
|
62 class SharedToolManagerRestrictions(ContextAdapter): |
|
63 """Shared tool manager restrictions""" |
|
64 |
|
65 def get_restrictions(self, principal): |
|
66 annotations = IAnnotations(self.context) |
|
67 restrictions_folder = annotations.get(MANAGER_RESTRICTIONS_KEY) |
|
68 if restrictions_folder is None: |
|
69 restrictions_folder = annotations[MANAGER_RESTRICTIONS_KEY] = Folder() |
|
70 locate(restrictions_folder, self.context) |
|
71 if IPrincipalInfo.providedBy(principal): |
|
72 principal = principal.id |
|
73 return restrictions_folder.get(principal) |
|
74 |
|
75 def set_restrictions(self, principal, restrictions): |
|
76 annotations = IAnnotations(self.context) |
|
77 restrictions_folder = annotations.get(MANAGER_RESTRICTIONS_KEY) |
|
78 if restrictions_folder is None: |
|
79 restrictions_folder = annotations[MANAGER_RESTRICTIONS_KEY] = Folder() |
|
80 locate(restrictions_folder, self.context) |
|
81 if IPrincipalInfo.providedBy(principal): |
|
82 principal = principal.id |
|
83 restrictions_folder[principal] = restrictions |
|
84 |
|
85 |
|
86 @adapter_config(context=IWfSharedContent, provides=IManagerRestrictions) |
|
87 def SharedContentManagerRestrictions(context): |
|
88 """Shared tool manager restrictions""" |
|
89 tool = get_parent(context, ISharedTool) |
|
90 if tool is not None: |
|
91 return IManagerRestrictions(tool) |
|
92 |
|
93 |
|
94 @adapter_config(context=ISharedTool, provides=IManagerRestrictionsFactory) |
|
95 def SharedToolManagerRestrictionsFactory(context): |
|
96 """Default shared tool manager restrictions factory""" |
|
97 return SharedToolManagerRestrictionInfo |