Mercurial Mercurial > pyams > pyams_security / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/pyams_security/security.py
changeset 42 07229ac2497b
parent 39 51a07039228f
child 44 b999bd4dd461
equal deleted inserted replaced
41:905e30f5467b 42:07229ac2497b 
    25 from persistent import Persistent
 
    25 from persistent import Persistent
 
    26 from persistent.dict import PersistentDict
 
    26 from persistent.dict import PersistentDict
 
    27 from pyams_utils.adapter import adapter_config
 
    27 from pyams_utils.adapter import adapter_config
 
    28 from pyams_utils.property import request_property
 
    28 from pyams_utils.property import request_property
 
    29 from pyams_utils.registry import query_utility
 
    29 from pyams_utils.registry import query_utility
 
    30 from pyams_utils.request import check_request
 
       
    31 from pyramid.location import lineage
 
    30 from pyramid.location import lineage
 
    32 from pyramid.security import DENY_ALL, Everyone, Allow, ALL_PERMISSIONS, Authenticated
 
    31 from pyramid.security import DENY_ALL, Everyone, Allow, ALL_PERMISSIONS, Authenticated
 
    33 from pyramid.threadlocal import get_current_registry
 
    32 from pyramid.threadlocal import get_current_registry
 
    34 from zope.container.contained import Contained
 
    33 from zope.container.contained import Contained
 
    35 from zope.interface import implementer
 
    34 from zope.interface import implementer
 
    86     @authenticated_permissions.setter
 
    85     @authenticated_permissions.setter
 
    87     def authenticated_permissions(self, value):
 
    86     def authenticated_permissions(self, value):
 
    88         self._authenticated_permissions = value
 
    87         self._authenticated_permissions = value
 
    89 
    88 
    90     def grant_role(self, role_id, principal_ids):
 
    89     def grant_role(self, role_id, principal_ids):
 
    91         registry = check_request().registry
 
    90         registry = get_current_registry()
 
    92         if IRole.providedBy(role_id):
 
    91         if IRole.providedBy(role_id):
 
    93             role_id = role_id.id
 
    92             role_id = role_id.id
 
    94         if isinstance(principal_ids, str):
 
    93         if isinstance(principal_ids, str):
 
    95             principal_ids = {principal_ids}
 
    94             principal_ids = {principal_ids}
 
    96         role_principals = self._principals_by_role.get(role_id) or set()
 
    95         role_principals = self._principals_by_role.get(role_id) or set()
 
   104                 self._roles_by_principal[principal_id] = principal_roles
 
   103                 self._roles_by_principal[principal_id] = principal_roles
 
   105                 self._principals_by_role[role_id] = role_principals
 
   104                 self._principals_by_role[role_id] = role_principals
 
   106                 registry.notify(GrantedRoleEvent(self, role_id, principal_id))
 
   105                 registry.notify(GrantedRoleEvent(self, role_id, principal_id))
 
   107 
   106 
   108     def revoke_role(self, role_id, principal_ids):
 
   107     def revoke_role(self, role_id, principal_ids):
 
   109         registry = check_request().registry
 
   108         registry = get_current_registry()
 
   110         if IRole.providedBy(role_id):
 
   109         if IRole.providedBy(role_id):
 
   111             role_id = role_id.id
 
   110             role_id = role_id.id
 
   112         if isinstance(principal_ids, str):
 
   111         if isinstance(principal_ids, str):
 
   113             principal_ids = {principal_ids}
 
   112             principal_ids = {principal_ids}
 
   114         role_principals = self._principals_by_role.get(role_id) or set()
 
   113         role_principals = self._principals_by_role.get(role_id) or set()
 
   115         for principal_id in principal_ids:
 
   114         for principal_id in principal_ids.copy():
 
   116             if IPrincipalInfo.providedBy(principal_id):
 
   115             if IPrincipalInfo.providedBy(principal_id):
 
   117                 principal_id = principal_id.id
 
   116                 principal_id = principal_id.id
 
   118             if principal_id in role_principals:
 
   117             if principal_id in role_principals:
 
   119                 principal_roles = self._roles_by_principal.get(principal_id) or set()
 
   118                 principal_roles = self._roles_by_principal.get(principal_id) or set()
 
   120                 role_principals.remove(principal_id)
 
   119                 role_principals.remove(principal_id)
 
   138         if IPrincipalInfo.providedBy(principal_id):
 
   137         if IPrincipalInfo.providedBy(principal_id):
 
   139             principal_id = principal_id.id
 
   138             principal_id = principal_id.id
 
   140         return self._roles_by_principal.get(principal_id) or set()
 
   139         return self._roles_by_principal.get(principal_id) or set()
 
   141 
   140 
   142     def get_permissions(self, principal_id):
 
   141     def get_permissions(self, principal_id):
 
   143         registry = check_request().registry
 
   142         registry = get_current_registry()
 
   144         result = set()
 
   143         result = set()
 
   145         for role_id in self.get_roles(principal_id):
 
   144         for role_id in self.get_roles(principal_id):
 
   146             role = registry.queryUtility(IRole, role_id)
 
   145             role = registry.queryUtility(IRole, role_id)
 
   147             result |= role.permissions or set()
 
   146             result |= role.permissions or set()
 
   148         return result
 
   147         return result
pyams/pyams_security