8 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
8 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
9 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS |
9 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS |
10 # FOR A PARTICULAR PURPOSE. |
10 # FOR A PARTICULAR PURPOSE. |
11 # |
11 # |
12 |
12 |
13 __docformat__ = 'restructuredtext' |
|
14 |
|
15 from datetime import datetime, timedelta |
13 from datetime import datetime, timedelta |
16 |
14 |
17 from zope.copy import copy |
15 from zope.copy import copy |
18 from zope.interface import implementer |
16 from zope.interface import implementer |
19 from zope.intid import IIntIds |
17 from zope.intid import IIntIds |
20 from zope.location import locate |
18 from zope.location import locate |
21 from zope.schema.vocabulary import SimpleTerm, SimpleVocabulary |
19 from zope.schema.vocabulary import SimpleTerm, SimpleVocabulary |
22 |
20 |
23 from pyams_content import _ |
|
24 from pyams_content.interfaces import CREATE_VERSION_PERMISSION, MANAGER_ROLE, \ |
21 from pyams_content.interfaces import CREATE_VERSION_PERMISSION, MANAGER_ROLE, \ |
25 MANAGE_CONTENT_PERMISSION, MANAGE_SITE_ROOT_PERMISSION, OWNER_ROLE, PILOT_ROLE, PUBLISH_CONTENT_PERMISSION, \ |
22 MANAGE_CONTENT_PERMISSION, MANAGE_SITE_ROOT_PERMISSION, OWNER_ROLE, PILOT_ROLE, \ |
26 READER_ROLE, WEBMASTER_ROLE |
23 PUBLISH_CONTENT_PERMISSION, READER_ROLE, WEBMASTER_ROLE |
27 from pyams_content.shared.common.interfaces import IManagerRestrictions |
24 from pyams_content.shared.common.interfaces import IContributorRestrictions, IManagerRestrictions |
28 from pyams_content.shared.common.interfaces import IWfSharedContentRoles |
25 from pyams_content.shared.common.interfaces import IWfSharedContentRoles |
29 from pyams_content.workflow import ContentArchivingTask, ContentPublishingTask |
26 from pyams_content.workflow import ContentArchivingTask, ContentPublishingTask |
30 from pyams_content.workflow.interfaces import IBasicWorkflow |
27 from pyams_content.workflow.interfaces import IBasicWorkflow |
31 from pyams_scheduler.interfaces import IDateTaskScheduling, IScheduler |
28 from pyams_scheduler.interfaces import IDateTaskScheduling, IScheduler |
32 from pyams_security.interfaces import IRoleProtectedObject |
29 from pyams_security.interfaces import IRoleProtectedObject |
34 from pyams_utils.adapter import ContextAdapter, adapter_config |
31 from pyams_utils.adapter import ContextAdapter, adapter_config |
35 from pyams_utils.date import format_datetime |
32 from pyams_utils.date import format_datetime |
36 from pyams_utils.registry import get_current_registry, get_utility, query_utility, utility_config |
33 from pyams_utils.registry import get_current_registry, get_utility, query_utility, utility_config |
37 from pyams_utils.request import check_request |
34 from pyams_utils.request import check_request |
38 from pyams_utils.timezone import gmtime |
35 from pyams_utils.timezone import gmtime |
39 from pyams_workflow.interfaces import IWorkflow, IWorkflowInfo, IWorkflowPublicationInfo, IWorkflowState, \ |
36 from pyams_workflow.interfaces import IWorkflow, IWorkflowInfo, IWorkflowPublicationInfo, \ |
40 IWorkflowStateLabel, IWorkflowVersions, ObjectClonedEvent, SYSTEM |
37 IWorkflowState, IWorkflowStateLabel, IWorkflowVersions, ObjectClonedEvent, SYSTEM |
41 from pyams_workflow.workflow import Transition, Workflow |
38 from pyams_workflow.workflow import Transition, Workflow |
|
39 |
|
40 |
|
41 __docformat__ = 'restructuredtext' |
|
42 |
|
43 from pyams_content import _ |
42 |
44 |
43 |
45 |
44 DRAFT = 'draft' |
46 DRAFT = 'draft' |
45 PRE_PUBLISHED = 'pre-published' |
47 PRE_PUBLISHED = 'pre-published' |
46 PUBLISHED = 'published' |
48 PUBLISHED = 'published' |
125 return True |
127 return True |
126 # grant access to owner, creator and local contributors |
128 # grant access to owner, creator and local contributors |
127 principal_id = request.principal.id |
129 principal_id = request.principal.id |
128 if principal_id in context.owner | {context.creator} | context.contributors: |
130 if principal_id in context.owner | {context.creator} | context.contributors: |
129 return True |
131 return True |
|
132 # grant access to allowed contributors |
|
133 restrictions = IContributorRestrictions(context).get_restrictions(principal_id) |
|
134 if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, |
|
135 request=request): |
|
136 return True |
130 # grant access to local content managers |
137 # grant access to local content managers |
131 if principal_id in context.managers: |
138 if principal_id in context.managers: |
132 return True |
139 return True |
133 # grant access to shared tool managers if restrictions apply |
140 # grant access to shared tool managers if restrictions apply |
134 restrictions = IManagerRestrictions(context).get_restrictions(principal_id) |
141 restrictions = IManagerRestrictions(context).get_restrictions(principal_id) |
142 if request.has_permission(MANAGE_SITE_ROOT_PERMISSION, context): |
149 if request.has_permission(MANAGE_SITE_ROOT_PERMISSION, context): |
143 return True |
150 return True |
144 # grant access to owner, creator and local contributors |
151 # grant access to owner, creator and local contributors |
145 principal_id = request.principal.id |
152 principal_id = request.principal.id |
146 if principal_id in context.owner | {context.creator} | context.contributors: |
153 if principal_id in context.owner | {context.creator} | context.contributors: |
|
154 return True |
|
155 # grant access to allowed contributors |
|
156 restrictions = IContributorRestrictions(context).get_restrictions(principal_id) |
|
157 if restrictions and restrictions.check_access(context, permission=MANAGE_CONTENT_PERMISSION, |
|
158 request=request): |
147 return True |
159 return True |
148 # grant access to local content managers |
160 # grant access to local content managers |
149 if principal_id in context.managers: |
161 if principal_id in context.managers: |
150 return True |
162 return True |
151 # grant access to shared tool managers if restrictions apply |
163 # grant access to shared tool managers if restrictions apply |