--- a/src/pyams_security/zmi/security.py Wed May 20 12:31:27 2015 +0200
+++ b/src/pyams_security/zmi/security.py Wed Jun 17 09:59:18 2015 +0200
@@ -16,25 +16,36 @@
# import standard library
# import interfaces
-from pyams_security.interfaces import IDefaultProtectionPolicy, IProtectedObject
+from pyams_form.interfaces.form import IInnerSubForm
+from pyams_security.interfaces import IDefaultProtectionPolicy, IProtectedObject, IRole
from pyams_skin.layer import IPyAMSLayer
from pyams_zmi.interfaces.menu import IPropertiesMenu
from pyams_zmi.layer import IAdminLayer
+from z3c.form.interfaces import DISPLAY_MODE, INPUT_MODE
# import packages
-from pyams_form.form import AJAXEditForm
+from pyams_form.form import AJAXEditForm, InnerEditForm
from pyams_pagelet.pagelet import pagelet_config
-from pyams_skin.viewlet.menu import MenuItem
+from pyams_skin.viewlet.menu import MenuItem, MenuDivider
+from pyams_utils.adapter import adapter_config
+from pyams_utils.registry import get_utility
from pyams_viewlet.viewlet import viewlet_config
from pyams_zmi.form import AdminDialogEditForm
from pyramid.view import view_config
from z3c.form import field
+from zope.interface import Interface
from pyams_security import _
+@viewlet_config(name='protected-object-roles.divider', context=IDefaultProtectionPolicy, layer=IAdminLayer,
+ manager=IPropertiesMenu, permission='system.view', weight=899)
+class ProtectedObjectRolesMenuDivider(MenuDivider):
+ """Protected object roles menu divider"""
+
+
@viewlet_config(name='protected-object-roles.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer,
- manager=IPropertiesMenu, permission='system.view', weight=10)
+ manager=IPropertiesMenu, permission='system.view', weight=900)
class ProtectedObjectRolesMenuItem(MenuItem):
"""Protected object roles menu item"""
@@ -49,32 +60,67 @@
class ProtectedObjectRolesEditForm(AdminDialogEditForm):
"""Protected object roles edit form"""
- @property
- def title(self):
- return self.context.title
+ legend = None
+ fieldset_class = 'no-padding'
+
+ fields = field.Fields(Interface)
+ ajax_handler = 'protected-object-roles.json'
+ edit_permission = None
+
- legend = _("Edit local roles")
+@adapter_config(name='security.subform',
+ context=(IDefaultProtectionPolicy, IPyAMSLayer, ProtectedObjectRolesEditForm),
+ provides=IInnerSubForm)
+class ProtectedObjectSecuritySubform(InnerEditForm):
+ """Protected object security sub-form"""
+
+ legend = _("Security management")
icon_css_class = 'fa fa-fw fa-key'
label_css_class = 'control-label col-md-4'
input_css_class = 'col-md-8'
- ajax_handler = 'protected-object-roles.json'
- edit_permission = 'system.manage'
-
- @property
- def fields(self):
- fields = field.Fields(IProtectedObject) + \
- field.Fields(self.context.roles_interface)
- return fields
+ fields = field.Fields(IProtectedObject)
+ edit_permission = 'security.manage'
+ weight = 1
def updateWidgets(self, prefix=None):
- super(ProtectedObjectRolesEditForm, self).updateWidgets()
+ super(ProtectedObjectSecuritySubform, self).updateWidgets()
translate = self.request.localizer.translate
self.widgets['everyone_permissions'].noValueMessage = translate(_("(inherit from parent)"))
self.widgets['authenticated_permissions'].noValueMessage = translate(_("(inherit from parent)"))
+@adapter_config(name='roles.subform',
+ context=(IDefaultProtectionPolicy, IPyAMSLayer, ProtectedObjectRolesEditForm),
+ provides=IInnerSubForm)
+class ProtectedObjectRolesSubform(InnerEditForm):
+ """Protected object roles edit form"""
+
+ legend = _("Granted roles")
+ icon_css_class = 'fa fa-fw fa-users'
+
+ @property
+ def fields(self):
+ return field.Fields(self.context.roles_interface)
+
+ edit_permission = 'security.manage_roles'
+ weight = 2
+
+ def updateWidgets(self, prefix=None):
+ super(ProtectedObjectRolesSubform, self).updateWidgets(prefix)
+ if self.mode == DISPLAY_MODE:
+ return
+ principals = self.request.effective_principals
+ for widget in self.widgets.values():
+ widget.mode = DISPLAY_MODE
+ role = get_utility(IRole, name=widget.field.role_id)
+ if role.managers:
+ for manager in role.managers:
+ if manager in principals:
+ widget.mode = INPUT_MODE
+
+
@view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer,
- permission='system.manage', renderer='json', xhr=True)
+ permission='security.manage', renderer='json', xhr=True)
class ProtectedObjectRolesAJAXEditForm(AJAXEditForm, ProtectedObjectRolesEditForm):
"""Protected object roles edit form, AJAX view"""