14 |
14 |
15 |
15 |
16 # import standard library |
16 # import standard library |
17 |
17 |
18 # import interfaces |
18 # import interfaces |
19 from pyams_form.interfaces.form import IInnerSubForm |
19 from pyams_form.interfaces.form import IWidgetForm |
20 from pyams_security.interfaces import IDefaultProtectionPolicy, IProtectedObject, IRole |
20 from pyams_security.interfaces import IDefaultProtectionPolicy, IProtectedObject, IRole |
|
21 from pyams_security.zmi.interfaces import IObjectSecurityMenu |
|
22 from pyams_skin.interfaces import IInnerPage, IPageHeader |
21 from pyams_skin.layer import IPyAMSLayer |
23 from pyams_skin.layer import IPyAMSLayer |
22 from pyams_zmi.interfaces.menu import IPropertiesMenu |
24 from pyams_utils.interfaces import VIEW_SYSTEM_PERMISSION, MANAGE_SECURITY_PERMISSION, MANAGE_ROLES_PERMISSION |
|
25 from pyams_zmi.interfaces.menu import ISiteManagementMenu |
23 from pyams_zmi.layer import IAdminLayer |
26 from pyams_zmi.layer import IAdminLayer |
24 from z3c.form.interfaces import DISPLAY_MODE, INPUT_MODE |
27 from z3c.form.interfaces import DISPLAY_MODE, INPUT_MODE |
25 |
28 |
26 # import packages |
29 # import packages |
27 from pyams_form.form import AJAXEditForm, InnerEditForm |
30 from pyams_form.form import AJAXEditForm |
28 from pyams_pagelet.pagelet import pagelet_config |
31 from pyams_pagelet.pagelet import pagelet_config |
29 from pyams_skin.viewlet.menu import MenuItem, MenuDivider |
32 from pyams_skin.page import DefaultPageHeaderAdapter |
|
33 from pyams_skin.viewlet.menu import MenuItem |
30 from pyams_utils.adapter import adapter_config |
34 from pyams_utils.adapter import adapter_config |
31 from pyams_utils.registry import get_utility |
35 from pyams_utils.registry import get_utility |
|
36 from pyams_viewlet.manager import viewletmanager_config |
32 from pyams_viewlet.viewlet import viewlet_config |
37 from pyams_viewlet.viewlet import viewlet_config |
33 from pyams_zmi.form import AdminDialogEditForm |
38 from pyams_zmi.form import AdminEditForm, AdminDialogEditForm |
34 from pyramid.view import view_config |
39 from pyramid.view import view_config |
35 from z3c.form import field |
40 from z3c.form import field |
36 from zope.interface import Interface |
41 from zope.interface import implementer, Interface |
37 |
42 |
38 from pyams_security import _ |
43 from pyams_security import _ |
39 |
44 |
40 |
45 |
41 @viewlet_config(name='protected-object-roles.divider', context=IDefaultProtectionPolicy, layer=IAdminLayer, |
46 # |
42 manager=IPropertiesMenu, permission='system.view', weight=899) |
47 # Object roles edit form |
43 class ProtectedObjectRolesMenuDivider(MenuDivider): |
48 # |
44 """Protected object roles menu divider""" |
|
45 |
|
46 |
49 |
47 @viewlet_config(name='protected-object-roles.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer, |
50 @viewlet_config(name='protected-object-roles.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer, |
48 manager=IPropertiesMenu, permission='system.view', weight=900) |
51 manager=ISiteManagementMenu, permission=VIEW_SYSTEM_PERMISSION, weight=900) |
|
52 @viewletmanager_config(name='protected-object-roles.menu', layer=IAdminLayer, context=IDefaultProtectionPolicy, |
|
53 provides=IObjectSecurityMenu) |
|
54 @implementer(IObjectSecurityMenu) |
49 class ProtectedObjectRolesMenuItem(MenuItem): |
55 class ProtectedObjectRolesMenuItem(MenuItem): |
50 """Protected object roles menu item""" |
56 """Protected object roles menu item""" |
51 |
57 |
52 label = _("Access rules...") |
58 label = _("Access rules") |
53 icon_class = 'fa-key' |
59 icon_class = 'fa-users' |
54 url = 'protected-object-roles.html' |
60 url = '#protected-object-roles.html' |
55 modal_target = True |
61 modal_target = False |
56 |
62 |
57 |
63 |
58 @pagelet_config(name='protected-object-roles.html', context=IDefaultProtectionPolicy, layer=IPyAMSLayer, |
64 @pagelet_config(name='protected-object-roles.html', context=IDefaultProtectionPolicy, layer=IPyAMSLayer, |
59 permission='system.view') |
65 permission=VIEW_SYSTEM_PERMISSION) |
60 class ProtectedObjectRolesEditForm(AdminDialogEditForm): |
66 @implementer(IWidgetForm, IInnerPage) |
|
67 class ProtectedObjectRolesEditForm(AdminEditForm): |
61 """Protected object roles edit form""" |
68 """Protected object roles edit form""" |
62 |
69 |
63 legend = None |
70 legend = _("Granted users roles") |
64 fieldset_class = 'no-padding' |
|
65 |
|
66 fields = field.Fields(Interface) |
|
67 ajax_handler = 'protected-object-roles.json' |
|
68 edit_permission = None |
|
69 |
|
70 |
|
71 @adapter_config(name='security.subform', |
|
72 context=(IDefaultProtectionPolicy, IPyAMSLayer, ProtectedObjectRolesEditForm), |
|
73 provides=IInnerSubForm) |
|
74 class ProtectedObjectSecuritySubform(InnerEditForm): |
|
75 """Protected object security sub-form""" |
|
76 |
|
77 legend = _("Security management") |
|
78 icon_css_class = 'fa fa-fw fa-key' |
|
79 label_css_class = 'control-label col-md-4' |
|
80 input_css_class = 'col-md-8' |
|
81 |
|
82 fields = field.Fields(IProtectedObject) |
|
83 edit_permission = 'security.manage' |
|
84 weight = 1 |
|
85 |
|
86 |
|
87 @adapter_config(name='roles.subform', |
|
88 context=(IDefaultProtectionPolicy, IPyAMSLayer, ProtectedObjectRolesEditForm), |
|
89 provides=IInnerSubForm) |
|
90 class ProtectedObjectRolesSubform(InnerEditForm): |
|
91 """Protected object roles edit form""" |
|
92 |
|
93 legend = _("Granted roles") |
|
94 icon_css_class = 'fa fa-fw fa-users' |
71 icon_css_class = 'fa fa-fw fa-users' |
95 |
72 |
96 @property |
73 @property |
97 def fields(self): |
74 def fields(self): |
98 return field.Fields(self.context.roles_interface) |
75 return field.Fields(self.context.roles_interface) |
99 |
76 |
100 edit_permission = 'security.manage_roles' |
77 ajax_handler = 'protected-object-roles.json' |
101 weight = 2 |
78 edit_permission = MANAGE_ROLES_PERMISSION |
102 |
79 |
103 def updateWidgets(self, prefix=None): |
80 def updateWidgets(self, prefix=None): |
104 super(ProtectedObjectRolesSubform, self).updateWidgets(prefix) |
81 super(ProtectedObjectRolesEditForm, self).updateWidgets(prefix) |
105 if self.mode == DISPLAY_MODE: |
82 if self.mode == DISPLAY_MODE: |
106 return |
83 return |
107 principals = self.request.effective_principals |
84 principals = self.request.effective_principals |
108 for widget in self.widgets.values(): |
85 for widget in self.widgets.values(): |
109 widget.mode = DISPLAY_MODE |
86 widget.mode = DISPLAY_MODE |
110 role = get_utility(IRole, name=widget.field.role_id) |
87 role = get_utility(IRole, name=widget.field.role_id) |
111 if role.managers: |
88 if role.managers: |
112 for manager in role.managers: |
89 for manager in role.managers: |
113 if manager in principals: |
90 if manager in principals: |
114 widget.mode = INPUT_MODE |
91 widget.mode = INPUT_MODE |
|
92 continue |
115 |
93 |
116 |
94 |
117 @view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer, |
95 @view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer, |
118 permission='security.manage', renderer='json', xhr=True) |
96 permission=MANAGE_ROLES_PERMISSION, renderer='json', xhr=True) |
119 class ProtectedObjectRolesAJAXEditForm(AJAXEditForm, ProtectedObjectRolesEditForm): |
97 class ProtectedObjectRolesAJAXEditForm(AJAXEditForm, ProtectedObjectRolesEditForm): |
120 """Protected object roles edit form, AJAX view""" |
98 """Protected object roles edit form, AJAX view""" |
|
99 |
|
100 |
|
101 @adapter_config(context=(Interface, IPyAMSLayer, ProtectedObjectRolesEditForm), provides=IPageHeader) |
|
102 class ProtectedObjectRolesEditFormHeaderAdapter(DefaultPageHeaderAdapter): |
|
103 """Protected object security edit form header adapter""" |
|
104 |
|
105 icon_class = 'fa fa-fw fa-users' |
|
106 |
|
107 |
|
108 # |
|
109 # Security policy edit form |
|
110 # |
|
111 |
|
112 @viewlet_config(name='security-policy.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer, |
|
113 manager=IObjectSecurityMenu, permission=MANAGE_SECURITY_PERMISSION, weight=10) |
|
114 class ProtectedObjectSecurityPolicyMenuItem(MenuItem): |
|
115 """Protected object security policy menu item""" |
|
116 |
|
117 label = _("Security policy...") |
|
118 icon_class = 'fa-key' |
|
119 url = 'security-policy.html' |
|
120 modal_target = True |
|
121 |
|
122 |
|
123 @pagelet_config(name='security-policy.html', context=IDefaultProtectionPolicy, layer=IPyAMSLayer, |
|
124 permission=MANAGE_SECURITY_PERMISSION) |
|
125 class ProtectedObjectSecurityPolicyEditForm(AdminDialogEditForm): |
|
126 """Protected object security policy edit form""" |
|
127 |
|
128 legend = _("Update security policy") |
|
129 icon_css_class = 'fa fa-fw fa-key' |
|
130 |
|
131 fields = field.Fields(IProtectedObject) |
|
132 ajax_handler = 'security-policy.json' |
|
133 edit_permission = MANAGE_SECURITY_PERMISSION |
|
134 |
|
135 dialog_class = 'modal-large' |
|
136 |
|
137 |
|
138 @view_config(name='security-policy.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer, |
|
139 permission=MANAGE_SECURITY_PERMISSION, renderer='json', xhr=True) |
|
140 class ProtectedObjectSecurityPolicyAJAXEditForm(AJAXEditForm, ProtectedObjectSecurityPolicyEditForm): |
|
141 """Protected object security policy edit form, JSON renderer""" |