16 # import standard library |
16 # import standard library |
17 |
17 |
18 # import interfaces |
18 # import interfaces |
19 from pyams_security.interfaces import IRole, IProtectedObject, IPrincipalInfo, IRoleProtectedObject |
19 from pyams_security.interfaces import IRole, IProtectedObject, IPrincipalInfo, IRoleProtectedObject |
20 from pyams_security.schema import IRoleField |
20 from pyams_security.schema import IRoleField |
21 from zope.schema.interfaces import IField |
21 from zope.schema.interfaces import IField, ISet |
22 |
22 |
23 # import packages |
23 # import packages |
24 |
24 |
25 |
25 |
26 class RolePrincipalsFieldProperty(object): |
26 class RolePrincipalsFieldProperty(object): |
51 if protection is None: |
51 if protection is None: |
52 return set() |
52 return set() |
53 return protection.get_principals(self.__role_id) |
53 return protection.get_principals(self.__role_id) |
54 |
54 |
55 def __set__(self, instance, value): |
55 def __set__(self, instance, value): |
56 if value is None: |
|
57 value = set() |
|
58 elif isinstance(value, str): |
|
59 value = set(value.split(',')) |
|
60 value = set(map(lambda x: x.id if IPrincipalInfo.providedBy(x) else x, value)) |
|
61 field = self.__field.bind(instance) |
56 field = self.__field.bind(instance) |
|
57 if ISet.providedBy(field): |
|
58 if value is None: |
|
59 value = set() |
|
60 elif isinstance(value, str): |
|
61 value = set(value.split(',')) |
|
62 value = set(map(lambda x: x.id if IPrincipalInfo.providedBy(x) else x, value)) |
|
63 else: |
|
64 value = value.id if IPrincipalInfo.providedBy(value) else value |
62 field.validate(value) |
65 field.validate(value) |
63 if field.readonly: |
66 if field.readonly: |
64 raise ValueError("Field {0} is readonly!".format(self.__name)) |
67 raise ValueError("Field {0} is readonly!".format(self.__name)) |
65 protection = IProtectedObject(instance, None) |
68 protection = IProtectedObject(instance, None) |
66 if not IRoleProtectedObject.providedBy(protection): |
69 if not IRoleProtectedObject.providedBy(protection): |
67 raise ValueError("Can't use role properties on object not providing " |
70 raise ValueError("Can't use role properties on object not providing " |
68 "IRoleProtectedObject interface!") |
71 "IRoleProtectedObject interface!") |
69 old_principals = protection.get_principals(self.__role_id) |
72 old_principals = protection.get_principals(self.__role_id) |
|
73 if not isinstance(value, set): |
|
74 value = {value} |
70 added = value - old_principals |
75 added = value - old_principals |
71 removed = old_principals - value |
76 removed = old_principals - value |
72 for principal_id in added: |
77 for principal_id in added: |
73 protection.grant_role(self.__role_id, principal_id) |
78 protection.grant_role(self.__role_id, principal_id) |
74 for principal_id in removed: |
79 for principal_id in removed: |