25 from persistent import Persistent |
25 from persistent import Persistent |
26 from persistent.dict import PersistentDict |
26 from persistent.dict import PersistentDict |
27 from pyams_utils.adapter import adapter_config |
27 from pyams_utils.adapter import adapter_config |
28 from pyams_utils.property import request_property |
28 from pyams_utils.property import request_property |
29 from pyams_utils.registry import query_utility |
29 from pyams_utils.registry import query_utility |
30 from pyams_utils.request import check_request |
|
31 from pyramid.location import lineage |
30 from pyramid.location import lineage |
32 from pyramid.security import DENY_ALL, Everyone, Allow, ALL_PERMISSIONS, Authenticated |
31 from pyramid.security import DENY_ALL, Everyone, Allow, ALL_PERMISSIONS, Authenticated |
33 from pyramid.threadlocal import get_current_registry |
32 from pyramid.threadlocal import get_current_registry |
34 from zope.container.contained import Contained |
33 from zope.container.contained import Contained |
35 from zope.interface import implementer |
34 from zope.interface import implementer |
86 @authenticated_permissions.setter |
85 @authenticated_permissions.setter |
87 def authenticated_permissions(self, value): |
86 def authenticated_permissions(self, value): |
88 self._authenticated_permissions = value |
87 self._authenticated_permissions = value |
89 |
88 |
90 def grant_role(self, role_id, principal_ids): |
89 def grant_role(self, role_id, principal_ids): |
91 registry = check_request().registry |
90 registry = get_current_registry() |
92 if IRole.providedBy(role_id): |
91 if IRole.providedBy(role_id): |
93 role_id = role_id.id |
92 role_id = role_id.id |
94 if isinstance(principal_ids, str): |
93 if isinstance(principal_ids, str): |
95 principal_ids = {principal_ids} |
94 principal_ids = {principal_ids} |
96 role_principals = self._principals_by_role.get(role_id) or set() |
95 role_principals = self._principals_by_role.get(role_id) or set() |
104 self._roles_by_principal[principal_id] = principal_roles |
103 self._roles_by_principal[principal_id] = principal_roles |
105 self._principals_by_role[role_id] = role_principals |
104 self._principals_by_role[role_id] = role_principals |
106 registry.notify(GrantedRoleEvent(self, role_id, principal_id)) |
105 registry.notify(GrantedRoleEvent(self, role_id, principal_id)) |
107 |
106 |
108 def revoke_role(self, role_id, principal_ids): |
107 def revoke_role(self, role_id, principal_ids): |
109 registry = check_request().registry |
108 registry = get_current_registry() |
110 if IRole.providedBy(role_id): |
109 if IRole.providedBy(role_id): |
111 role_id = role_id.id |
110 role_id = role_id.id |
112 if isinstance(principal_ids, str): |
111 if isinstance(principal_ids, str): |
113 principal_ids = {principal_ids} |
112 principal_ids = {principal_ids} |
114 role_principals = self._principals_by_role.get(role_id) or set() |
113 role_principals = self._principals_by_role.get(role_id) or set() |
115 for principal_id in principal_ids: |
114 for principal_id in principal_ids.copy(): |
116 if IPrincipalInfo.providedBy(principal_id): |
115 if IPrincipalInfo.providedBy(principal_id): |
117 principal_id = principal_id.id |
116 principal_id = principal_id.id |
118 if principal_id in role_principals: |
117 if principal_id in role_principals: |
119 principal_roles = self._roles_by_principal.get(principal_id) or set() |
118 principal_roles = self._roles_by_principal.get(principal_id) or set() |
120 role_principals.remove(principal_id) |
119 role_principals.remove(principal_id) |
138 if IPrincipalInfo.providedBy(principal_id): |
137 if IPrincipalInfo.providedBy(principal_id): |
139 principal_id = principal_id.id |
138 principal_id = principal_id.id |
140 return self._roles_by_principal.get(principal_id) or set() |
139 return self._roles_by_principal.get(principal_id) or set() |
141 |
140 |
142 def get_permissions(self, principal_id): |
141 def get_permissions(self, principal_id): |
143 registry = check_request().registry |
142 registry = get_current_registry() |
144 result = set() |
143 result = set() |
145 for role_id in self.get_roles(principal_id): |
144 for role_id in self.get_roles(principal_id): |
146 role = registry.queryUtility(IRole, role_id) |
145 role = registry.queryUtility(IRole, role_id) |
147 result |= role.permissions or set() |
146 result |= role.permissions or set() |
148 return result |
147 return result |