14 |
14 |
15 |
15 |
16 # import standard library |
16 # import standard library |
17 |
17 |
18 # import interfaces |
18 # import interfaces |
19 from pyams_security.interfaces import IDefaultProtectionPolicy, IProtectedObject |
19 from pyams_form.interfaces.form import IInnerSubForm |
|
20 from pyams_security.interfaces import IDefaultProtectionPolicy, IProtectedObject, IRole |
20 from pyams_skin.layer import IPyAMSLayer |
21 from pyams_skin.layer import IPyAMSLayer |
21 from pyams_zmi.interfaces.menu import IPropertiesMenu |
22 from pyams_zmi.interfaces.menu import IPropertiesMenu |
22 from pyams_zmi.layer import IAdminLayer |
23 from pyams_zmi.layer import IAdminLayer |
|
24 from z3c.form.interfaces import DISPLAY_MODE, INPUT_MODE |
23 |
25 |
24 # import packages |
26 # import packages |
25 from pyams_form.form import AJAXEditForm |
27 from pyams_form.form import AJAXEditForm, InnerEditForm |
26 from pyams_pagelet.pagelet import pagelet_config |
28 from pyams_pagelet.pagelet import pagelet_config |
27 from pyams_skin.viewlet.menu import MenuItem |
29 from pyams_skin.viewlet.menu import MenuItem, MenuDivider |
|
30 from pyams_utils.adapter import adapter_config |
|
31 from pyams_utils.registry import get_utility |
28 from pyams_viewlet.viewlet import viewlet_config |
32 from pyams_viewlet.viewlet import viewlet_config |
29 from pyams_zmi.form import AdminDialogEditForm |
33 from pyams_zmi.form import AdminDialogEditForm |
30 from pyramid.view import view_config |
34 from pyramid.view import view_config |
31 from z3c.form import field |
35 from z3c.form import field |
|
36 from zope.interface import Interface |
32 |
37 |
33 from pyams_security import _ |
38 from pyams_security import _ |
34 |
39 |
35 |
40 |
|
41 @viewlet_config(name='protected-object-roles.divider', context=IDefaultProtectionPolicy, layer=IAdminLayer, |
|
42 manager=IPropertiesMenu, permission='system.view', weight=899) |
|
43 class ProtectedObjectRolesMenuDivider(MenuDivider): |
|
44 """Protected object roles menu divider""" |
|
45 |
|
46 |
36 @viewlet_config(name='protected-object-roles.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer, |
47 @viewlet_config(name='protected-object-roles.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer, |
37 manager=IPropertiesMenu, permission='system.view', weight=10) |
48 manager=IPropertiesMenu, permission='system.view', weight=900) |
38 class ProtectedObjectRolesMenuItem(MenuItem): |
49 class ProtectedObjectRolesMenuItem(MenuItem): |
39 """Protected object roles menu item""" |
50 """Protected object roles menu item""" |
40 |
51 |
41 label = _("Access rules...") |
52 label = _("Access rules...") |
42 icon_class = 'fa fa-fw fa-key' |
53 icon_class = 'fa fa-fw fa-key' |
47 @pagelet_config(name='protected-object-roles.html', context=IDefaultProtectionPolicy, layer=IPyAMSLayer, |
58 @pagelet_config(name='protected-object-roles.html', context=IDefaultProtectionPolicy, layer=IPyAMSLayer, |
48 permission='system.view') |
59 permission='system.view') |
49 class ProtectedObjectRolesEditForm(AdminDialogEditForm): |
60 class ProtectedObjectRolesEditForm(AdminDialogEditForm): |
50 """Protected object roles edit form""" |
61 """Protected object roles edit form""" |
51 |
62 |
52 @property |
63 legend = None |
53 def title(self): |
64 fieldset_class = 'no-padding' |
54 return self.context.title |
|
55 |
65 |
56 legend = _("Edit local roles") |
66 fields = field.Fields(Interface) |
|
67 ajax_handler = 'protected-object-roles.json' |
|
68 edit_permission = None |
|
69 |
|
70 |
|
71 @adapter_config(name='security.subform', |
|
72 context=(IDefaultProtectionPolicy, IPyAMSLayer, ProtectedObjectRolesEditForm), |
|
73 provides=IInnerSubForm) |
|
74 class ProtectedObjectSecuritySubform(InnerEditForm): |
|
75 """Protected object security sub-form""" |
|
76 |
|
77 legend = _("Security management") |
57 icon_css_class = 'fa fa-fw fa-key' |
78 icon_css_class = 'fa fa-fw fa-key' |
58 label_css_class = 'control-label col-md-4' |
79 label_css_class = 'control-label col-md-4' |
59 input_css_class = 'col-md-8' |
80 input_css_class = 'col-md-8' |
60 |
81 |
61 ajax_handler = 'protected-object-roles.json' |
82 fields = field.Fields(IProtectedObject) |
62 edit_permission = 'system.manage' |
83 edit_permission = 'security.manage' |
63 |
84 weight = 1 |
64 @property |
|
65 def fields(self): |
|
66 fields = field.Fields(IProtectedObject) + \ |
|
67 field.Fields(self.context.roles_interface) |
|
68 return fields |
|
69 |
85 |
70 def updateWidgets(self, prefix=None): |
86 def updateWidgets(self, prefix=None): |
71 super(ProtectedObjectRolesEditForm, self).updateWidgets() |
87 super(ProtectedObjectSecuritySubform, self).updateWidgets() |
72 translate = self.request.localizer.translate |
88 translate = self.request.localizer.translate |
73 self.widgets['everyone_permissions'].noValueMessage = translate(_("(inherit from parent)")) |
89 self.widgets['everyone_permissions'].noValueMessage = translate(_("(inherit from parent)")) |
74 self.widgets['authenticated_permissions'].noValueMessage = translate(_("(inherit from parent)")) |
90 self.widgets['authenticated_permissions'].noValueMessage = translate(_("(inherit from parent)")) |
75 |
91 |
76 |
92 |
|
93 @adapter_config(name='roles.subform', |
|
94 context=(IDefaultProtectionPolicy, IPyAMSLayer, ProtectedObjectRolesEditForm), |
|
95 provides=IInnerSubForm) |
|
96 class ProtectedObjectRolesSubform(InnerEditForm): |
|
97 """Protected object roles edit form""" |
|
98 |
|
99 legend = _("Granted roles") |
|
100 icon_css_class = 'fa fa-fw fa-users' |
|
101 |
|
102 @property |
|
103 def fields(self): |
|
104 return field.Fields(self.context.roles_interface) |
|
105 |
|
106 edit_permission = 'security.manage_roles' |
|
107 weight = 2 |
|
108 |
|
109 def updateWidgets(self, prefix=None): |
|
110 super(ProtectedObjectRolesSubform, self).updateWidgets(prefix) |
|
111 if self.mode == DISPLAY_MODE: |
|
112 return |
|
113 principals = self.request.effective_principals |
|
114 for widget in self.widgets.values(): |
|
115 widget.mode = DISPLAY_MODE |
|
116 role = get_utility(IRole, name=widget.field.role_id) |
|
117 if role.managers: |
|
118 for manager in role.managers: |
|
119 if manager in principals: |
|
120 widget.mode = INPUT_MODE |
|
121 |
|
122 |
77 @view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer, |
123 @view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer, |
78 permission='system.manage', renderer='json', xhr=True) |
124 permission='security.manage', renderer='json', xhr=True) |
79 class ProtectedObjectRolesAJAXEditForm(AJAXEditForm, ProtectedObjectRolesEditForm): |
125 class ProtectedObjectRolesAJAXEditForm(AJAXEditForm, ProtectedObjectRolesEditForm): |
80 """Protected object roles edit form, AJAX view""" |
126 """Protected object roles edit form, AJAX view""" |