Mercurial Mercurial > pyams > pyams_security / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/pyams_security/zmi/security.py
changeset 54 59683c264d94
parent 49 e4fc19ce77fa
child 85 b43215d4c9b9
equal deleted inserted replaced
53:68678e37a77a 54:59683c264d94 
    14 
    14 
    15 
    15 
    16 # import standard library
 
    16 # import standard library
 
    17 
    17 
    18 # import interfaces
 
    18 # import interfaces
 
    19 from pyams_form.interfaces.form import IInnerSubForm
 
    19 from pyams_form.interfaces.form import IWidgetForm
 
    20 from pyams_security.interfaces import IDefaultProtectionPolicy, IProtectedObject, IRole
 
    20 from pyams_security.interfaces import IDefaultProtectionPolicy, IProtectedObject, IRole
 
       
    21 from pyams_security.zmi.interfaces import IObjectSecurityMenu
 
       
    22 from pyams_skin.interfaces import IInnerPage, IPageHeader
 
    21 from pyams_skin.layer import IPyAMSLayer
 
    23 from pyams_skin.layer import IPyAMSLayer
 
    22 from pyams_zmi.interfaces.menu import IPropertiesMenu
 
    24 from pyams_utils.interfaces import VIEW_SYSTEM_PERMISSION, MANAGE_SECURITY_PERMISSION, MANAGE_ROLES_PERMISSION
 
       
    25 from pyams_zmi.interfaces.menu import ISiteManagementMenu
 
    23 from pyams_zmi.layer import IAdminLayer
 
    26 from pyams_zmi.layer import IAdminLayer
 
    24 from z3c.form.interfaces import DISPLAY_MODE, INPUT_MODE
 
    27 from z3c.form.interfaces import DISPLAY_MODE, INPUT_MODE
 
    25 
    28 
    26 # import packages
 
    29 # import packages
 
    27 from pyams_form.form import AJAXEditForm, InnerEditForm
 
    30 from pyams_form.form import AJAXEditForm
 
    28 from pyams_pagelet.pagelet import pagelet_config
 
    31 from pyams_pagelet.pagelet import pagelet_config
 
    29 from pyams_skin.viewlet.menu import MenuItem, MenuDivider
 
    32 from pyams_skin.page import DefaultPageHeaderAdapter
 
       
    33 from pyams_skin.viewlet.menu import MenuItem
 
    30 from pyams_utils.adapter import adapter_config
 
    34 from pyams_utils.adapter import adapter_config
 
    31 from pyams_utils.registry import get_utility
 
    35 from pyams_utils.registry import get_utility
 
       
    36 from pyams_viewlet.manager import viewletmanager_config
 
    32 from pyams_viewlet.viewlet import viewlet_config
 
    37 from pyams_viewlet.viewlet import viewlet_config
 
    33 from pyams_zmi.form import AdminDialogEditForm
 
    38 from pyams_zmi.form import AdminEditForm, AdminDialogEditForm
 
    34 from pyramid.view import view_config
 
    39 from pyramid.view import view_config
 
    35 from z3c.form import field
 
    40 from z3c.form import field
 
    36 from zope.interface import Interface
 
    41 from zope.interface import implementer, Interface
 
    37 
    42 
    38 from pyams_security import _
 
    43 from pyams_security import _
 
    39 
    44 
    40 
    45 
    41 @viewlet_config(name='protected-object-roles.divider', context=IDefaultProtectionPolicy, layer=IAdminLayer,
 
    46 #
 
    42                 manager=IPropertiesMenu, permission='system.view', weight=899)
 
    47 # Object roles edit form
 
    43 class ProtectedObjectRolesMenuDivider(MenuDivider):
 
    48 #
 
    44     """Protected object roles menu divider"""
 
       
    45 
       
    46 
    49 
    47 @viewlet_config(name='protected-object-roles.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer,
 
    50 @viewlet_config(name='protected-object-roles.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer,
 
    48                 manager=IPropertiesMenu, permission='system.view', weight=900)
 
    51                 manager=ISiteManagementMenu, permission=VIEW_SYSTEM_PERMISSION, weight=900)
 
       
    52 @viewletmanager_config(name='protected-object-roles.menu', layer=IAdminLayer, context=IDefaultProtectionPolicy,
 
       
    53                        provides=IObjectSecurityMenu)
 
       
    54 @implementer(IObjectSecurityMenu)
 
    49 class ProtectedObjectRolesMenuItem(MenuItem):
 
    55 class ProtectedObjectRolesMenuItem(MenuItem):
 
    50     """Protected object roles menu item"""
 
    56     """Protected object roles menu item"""
 
    51 
    57 
    52     label = _("Access rules...")
 
    58     label = _("Access rules")
 
    53     icon_class = 'fa-key'
 
    59     icon_class = 'fa-users'
 
    54     url = 'protected-object-roles.html'
 
    60     url = '#protected-object-roles.html'
 
    55     modal_target = True
 
    61     modal_target = False
 
    56 
    62 
    57 
    63 
    58 @pagelet_config(name='protected-object-roles.html', context=IDefaultProtectionPolicy, layer=IPyAMSLayer,
 
    64 @pagelet_config(name='protected-object-roles.html', context=IDefaultProtectionPolicy, layer=IPyAMSLayer,
 
    59                 permission='system.view')
 
    65                 permission=VIEW_SYSTEM_PERMISSION)
 
    60 class ProtectedObjectRolesEditForm(AdminDialogEditForm):
 
    66 @implementer(IWidgetForm, IInnerPage)
 
       
    67 class ProtectedObjectRolesEditForm(AdminEditForm):
 
    61     """Protected object roles edit form"""
 
    68     """Protected object roles edit form"""
 
    62 
    69 
    63     legend = None
 
    70     legend = _("Granted users roles")
 
    64     fieldset_class = 'no-padding'
 
       
    65 
       
    66     fields = field.Fields(Interface)
 
       
    67     ajax_handler = 'protected-object-roles.json'
 
       
    68     edit_permission = None
 
       
    69 
       
    70 
       
    71 @adapter_config(name='security.subform',
 
       
    72                 context=(IDefaultProtectionPolicy, IPyAMSLayer, ProtectedObjectRolesEditForm),
 
       
    73                 provides=IInnerSubForm)
 
       
    74 class ProtectedObjectSecuritySubform(InnerEditForm):
 
       
    75     """Protected object security sub-form"""
 
       
    76 
       
    77     legend = _("Security management")
 
       
    78     icon_css_class = 'fa fa-fw fa-key'
 
       
    79     label_css_class = 'control-label col-md-4'
 
       
    80     input_css_class = 'col-md-8'
 
       
    81 
       
    82     fields = field.Fields(IProtectedObject)
 
       
    83     edit_permission = 'security.manage'
 
       
    84     weight = 1
 
       
    85 
       
    86 
       
    87 @adapter_config(name='roles.subform',
 
       
    88                 context=(IDefaultProtectionPolicy, IPyAMSLayer, ProtectedObjectRolesEditForm),
 
       
    89                 provides=IInnerSubForm)
 
       
    90 class ProtectedObjectRolesSubform(InnerEditForm):
 
       
    91     """Protected object roles edit form"""
 
       
    92 
       
    93     legend = _("Granted roles")
 
       
    94     icon_css_class = 'fa fa-fw fa-users'
 
    71     icon_css_class = 'fa fa-fw fa-users'
 
    95 
    72 
    96     @property
 
    73     @property
 
    97     def fields(self):
 
    74     def fields(self):
 
    98         return field.Fields(self.context.roles_interface)
 
    75         return field.Fields(self.context.roles_interface)
 
    99 
    76 
   100     edit_permission = 'security.manage_roles'
 
    77     ajax_handler = 'protected-object-roles.json'
 
   101     weight = 2
 
    78     edit_permission = MANAGE_ROLES_PERMISSION
 
   102 
    79 
   103     def updateWidgets(self, prefix=None):
 
    80     def updateWidgets(self, prefix=None):
 
   104         super(ProtectedObjectRolesSubform, self).updateWidgets(prefix)
 
    81         super(ProtectedObjectRolesEditForm, self).updateWidgets(prefix)
 
   105         if self.mode == DISPLAY_MODE:
 
    82         if self.mode == DISPLAY_MODE:
 
   106             return
 
    83             return
 
   107         principals = self.request.effective_principals
 
    84         principals = self.request.effective_principals
 
   108         for widget in self.widgets.values():
 
    85         for widget in self.widgets.values():
 
   109             widget.mode = DISPLAY_MODE
 
    86             widget.mode = DISPLAY_MODE
 
   110             role = get_utility(IRole, name=widget.field.role_id)
 
    87             role = get_utility(IRole, name=widget.field.role_id)
 
   111             if role.managers:
 
    88             if role.managers:
 
   112                 for manager in role.managers:
 
    89                 for manager in role.managers:
 
   113                     if manager in principals:
 
    90                     if manager in principals:
 
   114                         widget.mode = INPUT_MODE
 
    91                         widget.mode = INPUT_MODE
 
       
    92                         continue
 
   115 
    93 
   116 
    94 
   117 @view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer,
 
    95 @view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer,
 
   118              permission='security.manage', renderer='json', xhr=True)
 
    96              permission=MANAGE_ROLES_PERMISSION, renderer='json', xhr=True)
 
   119 class ProtectedObjectRolesAJAXEditForm(AJAXEditForm, ProtectedObjectRolesEditForm):
 
    97 class ProtectedObjectRolesAJAXEditForm(AJAXEditForm, ProtectedObjectRolesEditForm):
 
   120     """Protected object roles edit form, AJAX view"""
 
    98     """Protected object roles edit form, AJAX view"""
 
       
    99 
       
   100 
       
   101 @adapter_config(context=(Interface, IPyAMSLayer, ProtectedObjectRolesEditForm), provides=IPageHeader)
 
       
   102 class ProtectedObjectRolesEditFormHeaderAdapter(DefaultPageHeaderAdapter):
 
       
   103     """Protected object security edit form header adapter"""
 
       
   104 
       
   105     icon_class = 'fa fa-fw fa-users'
 
       
   106 
       
   107 
       
   108 #
 
       
   109 # Security policy edit form
 
       
   110 #
 
       
   111 
       
   112 @viewlet_config(name='security-policy.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer,
 
       
   113                 manager=IObjectSecurityMenu, permission=MANAGE_SECURITY_PERMISSION, weight=10)
 
       
   114 class ProtectedObjectSecurityPolicyMenuItem(MenuItem):
 
       
   115     """Protected object security policy menu item"""
 
       
   116 
       
   117     label = _("Security policy...")
 
       
   118     icon_class = 'fa-key'
 
       
   119     url = 'security-policy.html'
 
       
   120     modal_target = True
 
       
   121 
       
   122 
       
   123 @pagelet_config(name='security-policy.html', context=IDefaultProtectionPolicy, layer=IPyAMSLayer,
 
       
   124                 permission=MANAGE_SECURITY_PERMISSION)
 
       
   125 class ProtectedObjectSecurityPolicyEditForm(AdminDialogEditForm):
 
       
   126     """Protected object security policy edit form"""
 
       
   127 
       
   128     legend = _("Update security policy")
 
       
   129     icon_css_class = 'fa fa-fw fa-key'
 
       
   130 
       
   131     fields = field.Fields(IProtectedObject)
 
       
   132     ajax_handler = 'security-policy.json'
 
       
   133     edit_permission = MANAGE_SECURITY_PERMISSION
 
       
   134 
       
   135     dialog_class = 'modal-large'
 
       
   136 
       
   137 
       
   138 @view_config(name='security-policy.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer,
 
       
   139              permission=MANAGE_SECURITY_PERMISSION, renderer='json', xhr=True)
 
       
   140 class ProtectedObjectSecurityPolicyAJAXEditForm(AJAXEditForm, ProtectedObjectSecurityPolicyEditForm):
 
       
   141     """Protected object security policy edit form, JSON renderer"""
pyams/pyams_security