--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/pyams_content/shared/common/security.py Thu Oct 08 13:37:29 2015 +0200
@@ -0,0 +1,97 @@
+#
+# Copyright (c) 2008-2015 Thierry Florac <tflorac AT ulthar.net>
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+
+__docformat__ = 'restructuredtext'
+
+
+# import standard library
+
+# import interfaces
+from pyams_content.interfaces import MANAGE_CONTENT_PERMISSION
+from pyams_content.shared.common.interfaces import IWfSharedContent, IManagerRestrictions, MANAGER_RESTRICTIONS_KEY, \
+ IManagerRestrictionsFactory, ISharedTool, IManagerRestrictionInfo
+
+# import packages
+from persistent import Persistent
+from pyams_security.interfaces import IPrincipalInfo
+from pyams_utils.adapter import adapter_config, ContextAdapter
+from pyams_utils.request import check_request
+from pyams_utils.traversing import get_parent
+from zope.annotation.interfaces import IAnnotations
+from zope.container.folder import Folder
+from zope.interface import implementer
+from zope.location import locate
+from zope.schema.fieldproperty import FieldProperty
+
+
+@implementer(IManagerRestrictionInfo)
+class SharedToolManagerRestrictionInfo(Persistent):
+ """Shared tool manager restriction info"""
+
+ restriction_interface = IManagerRestrictionInfo
+
+ principal_id = FieldProperty(IManagerRestrictionInfo['principal_id'])
+ restricted_contents = FieldProperty(IManagerRestrictionInfo['restricted_contents'])
+ owners = FieldProperty(IManagerRestrictionInfo['owners'])
+
+ def __init__(self, principal_id):
+ self.principal_id = principal_id
+
+ def check_access(self, context, permission=MANAGE_CONTENT_PERMISSION, request=None):
+ if request is None:
+ request = check_request()
+ if not request.has_permission(permission, context): # check permission
+ return False
+ if not self.restricted_contents: # get access if no restriction
+ return True
+ if context.owner & (self.owners or set()): # check if owners are matching
+ return True
+ return False
+
+
+@adapter_config(context=ISharedTool, provides=IManagerRestrictions)
+class SharedToolManagerRestrictions(ContextAdapter):
+ """Shared tool manager restrictions"""
+
+ def get_restrictions(self, principal):
+ annotations = IAnnotations(self.context)
+ restrictions_folder = annotations.get(MANAGER_RESTRICTIONS_KEY)
+ if restrictions_folder is None:
+ restrictions_folder = annotations[MANAGER_RESTRICTIONS_KEY] = Folder()
+ locate(restrictions_folder, self.context)
+ if IPrincipalInfo.providedBy(principal):
+ principal = principal.id
+ return restrictions_folder.get(principal)
+
+ def set_restrictions(self, principal, restrictions):
+ annotations = IAnnotations(self.context)
+ restrictions_folder = annotations.get(MANAGER_RESTRICTIONS_KEY)
+ if restrictions_folder is None:
+ restrictions_folder = annotations[MANAGER_RESTRICTIONS_KEY] = Folder()
+ locate(restrictions_folder, self.context)
+ if IPrincipalInfo.providedBy(principal):
+ principal = principal.id
+ restrictions_folder[principal] = restrictions
+
+
+@adapter_config(context=IWfSharedContent, provides=IManagerRestrictions)
+def SharedContentManagerRestrictions(context):
+ """Shared tool manager restrictions"""
+ tool = get_parent(context, ISharedTool)
+ if tool is not None:
+ return IManagerRestrictions(tool)
+
+
+@adapter_config(context=ISharedTool, provides=IManagerRestrictionsFactory)
+def SharedToolManagerRestrictionsFactory(context):
+ """Default shared tool manager restrictions factory"""
+ return SharedToolManagerRestrictionInfo