--- a/src/pyams_content/shared/common/security.py Tue Oct 01 08:31:43 2019 +0200
+++ b/src/pyams_content/shared/common/security.py Tue Oct 01 12:04:20 2019 +0200
@@ -10,19 +10,12 @@
# FOR A PARTICULAR PURPOSE.
#
-__docformat__ = 'restructuredtext'
-
-
-# import standard library
+from pyams_content.interfaces import MANAGE_CONTENT_PERMISSION, MANAGER_ROLE, CONTRIBUTOR_ROLE
+from pyams_content.shared.common.interfaces import IWfSharedContent, IManagerRestrictions, \
+ MANAGER_RESTRICTIONS_KEY, IManagerRestrictionsFactory, IBaseSharedTool, IManagerRestrictionInfo, \
+ IRestrictionInfo, IContributorRestrictionInfo, IContributorRestrictions, \
+ IContributorRestrictionsFactory, CONTRIBUTOR_RESTRICTIONS_KEY, IRestrictions
-# import interfaces
-from pyams_content.interfaces import MANAGE_CONTENT_PERMISSION, MANAGER_ROLE, CONTRIBUTOR_ROLE
-from pyams_content.shared.common.interfaces import IWfSharedContent, IManagerRestrictions, MANAGER_RESTRICTIONS_KEY, \
- IManagerRestrictionsFactory, IBaseSharedTool, IManagerRestrictionInfo, IRestrictionInfo, \
- IContributorRestrictionInfo, IContributorRestrictions, IContributorRestrictionsFactory, \
- CONTRIBUTOR_RESTRICTIONS_KEY, IRestrictions
-
-# import packages
from persistent import Persistent
from pyams_security.interfaces import IPrincipalInfo, IRevokedRoleEvent, IGrantedRoleEvent
from pyams_utils.adapter import adapter_config, ContextAdapter, get_annotation_adapter
@@ -34,6 +27,9 @@
from zope.schema.fieldproperty import FieldProperty
+__docformat__ = 'restructuredtext'
+
+
@implementer(IRestrictionInfo)
class PrincipalRestrictionInfo(Persistent):
"""Principal restriction info"""
@@ -97,6 +93,16 @@
restriction_interface = IContributorRestrictionInfo
publication_checks = FieldProperty(IContributorRestrictionInfo['publication_checks'])
+ owners = FieldProperty(IContributorRestrictionInfo['owners'])
+
+ def check_access(self, context, permission=MANAGE_CONTENT_PERMISSION, request=None):
+ if request is None:
+ request = check_request()
+ if not request.has_permission(permission, context): # check permission
+ return False
+ if context.owner & (self.owners or set()): # check if owners are matching
+ return True
+ return False
@adapter_config(context=IBaseSharedTool, provides=IContributorRestrictions)