diff -r 000000000000 -r 7c0001cacf8e src/pyams_content/shared/common/zmi/security.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/pyams_content/shared/common/zmi/security.py Thu Oct 08 13:37:29 2015 +0200 @@ -0,0 +1,197 @@ +# +# Copyright (c) 2008-2015 Thierry Florac +# All Rights Reserved. +# +# This software is subject to the provisions of the Zope Public License, +# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED +# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS +# FOR A PARTICULAR PURPOSE. +# + +__docformat__ = 'restructuredtext' + + +# import standard library + +# import interfaces +from pyams_content.interfaces import MANAGE_TOOL_PERMISSION +from pyams_content.shared.common.interfaces import ISharedTool, IManagerRestrictions, IManagerRestrictionsFactory +from pyams_security.interfaces import ISecurityManager, IPrincipalInfo +from pyams_security.zmi.interfaces import IObjectSecurityMenu +from pyams_skin.interfaces import IInnerPage, IPageHeader +from pyams_skin.interfaces.container import ITableElementEditor +from pyams_skin.layer import IPyAMSLayer +from pyams_zmi.layer import IAdminLayer +from z3c.table.interfaces import IValues, IColumn + +# import packages +from pyams_form.form import AJAXEditForm +from pyams_form.group import NamedWidgetsGroup +from pyams_pagelet.pagelet import pagelet_config +from pyams_skin.container import ContainerView +from pyams_skin.page import DefaultPageHeaderAdapter +from pyams_skin.table import BaseTable, I18nColumn +from pyams_skin.viewlet.menu import MenuItem +from pyams_utils.adapter import adapter_config, ContextRequestViewAdapter +from pyams_utils.property import cached_property +from pyams_utils.registry import get_utility +from pyams_viewlet.viewlet import viewlet_config +from pyams_zmi.form import AdminDialogEditForm +from pyams_zmi.view import AdminView +from pyramid.exceptions import NotFound +from pyramid.url import resource_url +from pyramid.view import view_config +from z3c.form import field +from z3c.form.browser.checkbox import SingleCheckBoxFieldWidget +from z3c.form.interfaces import HIDDEN_MODE +from z3c.table.column import GetAttrColumn +from zope.interface import implementer +from zope.schema import getFieldNamesInOrder + +from pyams_content import _ + + +@viewlet_config(name='managers-restrictions.menu', context=ISharedTool, layer=IAdminLayer, + manager=IObjectSecurityMenu, permission=MANAGE_TOOL_PERMISSION, weight=910) +class SharedToolManagersRestrictionsMenu(MenuItem): + """Shared tool managers restrictions menu""" + + label = _("Managers restrictions") + icon_class = 'fa-lock' + url = '#managers-restrictions.html' + + +class SharedToolManagersRestrictionsTable(BaseTable): + """Shared tool manager restrictions table""" + + id = 'security_manager_restrictions' + title = _("Content managers restrictions") + + +@adapter_config(context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsTable), provides=IValues) +class SharedToolManagerRestrictionsValuesAdapter(ContextRequestViewAdapter): + """Shared tool manager restrictions values adapter""" + + @property + def values(self): + manager = get_utility(ISecurityManager) + return sorted([manager.get_principal(principal_id) for principal_id in self.context.managers], + key=lambda x: x.title) + + +@adapter_config(context=(IPrincipalInfo, IAdminLayer, SharedToolManagersRestrictionsTable), + provides=ITableElementEditor) +class PrincipalInfoElementEditor(ContextRequestViewAdapter): + """Principal info element editor""" + + view_name = 'manager-restrictions.html' + + @property + def url(self): + return resource_url(self.view.context, self.request, self.view_name, query={'principal_id': self.context.id}) + + modal_target = True + + +@adapter_config(name='name', context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsTable), provides=IColumn) +class SharedToolManagerRestrictionsNameColumn(I18nColumn, GetAttrColumn): + """Shared tool manager restrictions name column""" + + _header = _("Manager name") + attrName = 'title' + weight = 10 + + +@pagelet_config(name='managers-restrictions.html', context=ISharedTool, layer=IPyAMSLayer, + permission=MANAGE_TOOL_PERMISSION) +@implementer(IInnerPage) +class SharedToolManagersRestrictionsView(AdminView, ContainerView): + """Shared tool managers restrictions view""" + + table_class = SharedToolManagersRestrictionsTable + + +@adapter_config(context=(ISharedTool, IAdminLayer, SharedToolManagersRestrictionsView), provides=IPageHeader) +class SharedToolManagersRestrictionsHeaderAdapter(DefaultPageHeaderAdapter): + """Shared tool managers restrictions header adapter""" + + back_url = 'admin.html#protected-object-roles.html' + back_target = None + + icon_class = 'fa fa-fw fa-lock' + + +# +# Manager restrictions edit form +# + +@pagelet_config(name='manager-restrictions.html', context=ISharedTool, layer=IPyAMSLayer, + permission=MANAGE_TOOL_PERMISSION) +class SharedToolManagerRestrictionsEditForm(AdminDialogEditForm): + """Shared tool manager restrictions edit form""" + + icon_css_class = 'fa fa-fw fa-lock' + + ajax_handler = 'manager-restrictions.json' + edit_permission = MANAGE_TOOL_PERMISSION + + @property + def legend(self): + return self.request.localizer.translate(_("Edit manager restrictions for « {0} »")).format(self.principal.title) + + @cached_property + def interface(self): + restrictions = self.getContent() + return restrictions.restriction_interface + + @property + def fields(self): + fields = field.Fields(self.interface) + fields['restricted_contents'].widgetFactory = SingleCheckBoxFieldWidget + return fields + + @cached_property + def principal_id(self): + principal_id = self.request.params.get('principal_id') or self.request.params.get('form.widgets.principal_id') + if not principal_id: + raise NotFound + return principal_id + + @cached_property + def principal(self): + manager = get_utility(ISecurityManager) + return manager.get_principal(self.principal_id) + + def getContent(self): + manager_restrictions = IManagerRestrictions(self.context) + restrictions = manager_restrictions.get_restrictions(self.principal_id) + if restrictions is None: + restrictions = IManagerRestrictionsFactory(self.context)(self.principal_id) + manager_restrictions.set_restrictions(self.principal_id, restrictions) + return restrictions + + def update(self): + super(SharedToolManagerRestrictionsEditForm, self).update() + names = getFieldNamesInOrder(self.interface) + self.add_group(NamedWidgetsGroup(self, 'restricted_access', self.widgets, names, + legend=_("Apply contents restrictions"), + css_class='inner', + help=_("You can specify which contents this manager will be able to manage. " + "If you specify several criteria, the manager will be able to manage " + "contents for which at least one criteria is matching."), + switch=True, + checkbox_switch=True, + checkbox_field=self.interface['restricted_contents'])) + + def updateWidgets(self, prefix=None): + super(SharedToolManagerRestrictionsEditForm, self).updateWidgets(prefix) + self.widgets['principal_id'].value = self.principal + self.widgets['principal_id'].mode = HIDDEN_MODE + + +@view_config(name='manager-restrictions.json', context=ISharedTool, request_type=IPyAMSLayer, + permission=MANAGE_TOOL_PERMISSION, renderer='json', xhr=True) +class SharedToolManagerRestrictionsAJAXEditForm(AJAXEditForm, SharedToolManagerRestrictionsEditForm): + """Shared tool manager restrictions edit form, JSON renderer"""