equal
deleted
inserted
replaced
16 import logging |
16 import logging |
17 logger = logging.getLogger('PyAMS (security)') |
17 logger = logging.getLogger('PyAMS (security)') |
18 |
18 |
19 # import interfaces |
19 # import interfaces |
20 from pyams_security.interfaces import IProtectedObject, IRole, IPrincipalInfo, GrantedRoleEvent, RevokedRoleEvent, \ |
20 from pyams_security.interfaces import IProtectedObject, IRole, IPrincipalInfo, GrantedRoleEvent, RevokedRoleEvent, \ |
21 IDefaultProtectionPolicy, IRoleProtectedObject |
21 IDefaultProtectionPolicy, IRoleProtectedObject, ADMIN_USER_ID |
22 from zope.annotation.interfaces import IAnnotations |
22 from zope.annotation.interfaces import IAnnotations |
23 |
23 |
24 # import packages |
24 # import packages |
25 from persistent import Persistent |
25 from persistent import Persistent |
26 from persistent.dict import PersistentDict |
26 from persistent.dict import PersistentDict |
168 return roles |
168 return roles |
169 |
169 |
170 @request_property(key=None) |
170 @request_property(key=None) |
171 def __acl__(self): |
171 def __acl__(self): |
172 # always grant all permissions to system manager |
172 # always grant all permissions to system manager |
173 result = [(Allow, 'system:admin', ALL_PERMISSIONS)] |
173 result = [(Allow, ADMIN_USER_ID, ALL_PERMISSIONS)] |
174 # grant access to all roles permissions |
174 # grant access to all roles permissions |
175 for role_id in self.get_granted_roles(): |
175 for role_id in self.get_granted_roles(): |
176 role = query_utility(IRole, role_id) |
176 role = query_utility(IRole, role_id) |
177 if role is not None: |
177 if role is not None: |
178 result.append((Allow, 'role:{0}'.format(role_id), role.permissions)) |
178 result.append((Allow, 'role:{0}'.format(role_id), role.permissions)) |