--- a/src/pyams_security/zmi/security.py Thu Oct 08 09:30:56 2015 +0200
+++ b/src/pyams_security/zmi/security.py Thu Oct 08 09:31:45 2015 +0200
@@ -16,92 +16,69 @@
# import standard library
# import interfaces
-from pyams_form.interfaces.form import IInnerSubForm
+from pyams_form.interfaces.form import IWidgetForm
from pyams_security.interfaces import IDefaultProtectionPolicy, IProtectedObject, IRole
+from pyams_security.zmi.interfaces import IObjectSecurityMenu
+from pyams_skin.interfaces import IInnerPage, IPageHeader
from pyams_skin.layer import IPyAMSLayer
-from pyams_zmi.interfaces.menu import IPropertiesMenu
+from pyams_utils.interfaces import VIEW_SYSTEM_PERMISSION, MANAGE_SECURITY_PERMISSION, MANAGE_ROLES_PERMISSION
+from pyams_zmi.interfaces.menu import ISiteManagementMenu
from pyams_zmi.layer import IAdminLayer
from z3c.form.interfaces import DISPLAY_MODE, INPUT_MODE
# import packages
-from pyams_form.form import AJAXEditForm, InnerEditForm
+from pyams_form.form import AJAXEditForm
from pyams_pagelet.pagelet import pagelet_config
-from pyams_skin.viewlet.menu import MenuItem, MenuDivider
+from pyams_skin.page import DefaultPageHeaderAdapter
+from pyams_skin.viewlet.menu import MenuItem
from pyams_utils.adapter import adapter_config
from pyams_utils.registry import get_utility
+from pyams_viewlet.manager import viewletmanager_config
from pyams_viewlet.viewlet import viewlet_config
-from pyams_zmi.form import AdminDialogEditForm
+from pyams_zmi.form import AdminEditForm, AdminDialogEditForm
from pyramid.view import view_config
from z3c.form import field
-from zope.interface import Interface
+from zope.interface import implementer, Interface
from pyams_security import _
-@viewlet_config(name='protected-object-roles.divider', context=IDefaultProtectionPolicy, layer=IAdminLayer,
- manager=IPropertiesMenu, permission='system.view', weight=899)
-class ProtectedObjectRolesMenuDivider(MenuDivider):
- """Protected object roles menu divider"""
-
+#
+# Object roles edit form
+#
@viewlet_config(name='protected-object-roles.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer,
- manager=IPropertiesMenu, permission='system.view', weight=900)
+ manager=ISiteManagementMenu, permission=VIEW_SYSTEM_PERMISSION, weight=900)
+@viewletmanager_config(name='protected-object-roles.menu', layer=IAdminLayer, context=IDefaultProtectionPolicy,
+ provides=IObjectSecurityMenu)
+@implementer(IObjectSecurityMenu)
class ProtectedObjectRolesMenuItem(MenuItem):
"""Protected object roles menu item"""
- label = _("Access rules...")
- icon_class = 'fa-key'
- url = 'protected-object-roles.html'
- modal_target = True
+ label = _("Access rules")
+ icon_class = 'fa-users'
+ url = '#protected-object-roles.html'
+ modal_target = False
@pagelet_config(name='protected-object-roles.html', context=IDefaultProtectionPolicy, layer=IPyAMSLayer,
- permission='system.view')
-class ProtectedObjectRolesEditForm(AdminDialogEditForm):
+ permission=VIEW_SYSTEM_PERMISSION)
+@implementer(IWidgetForm, IInnerPage)
+class ProtectedObjectRolesEditForm(AdminEditForm):
"""Protected object roles edit form"""
- legend = None
- fieldset_class = 'no-padding'
-
- fields = field.Fields(Interface)
- ajax_handler = 'protected-object-roles.json'
- edit_permission = None
-
-
-@adapter_config(name='security.subform',
- context=(IDefaultProtectionPolicy, IPyAMSLayer, ProtectedObjectRolesEditForm),
- provides=IInnerSubForm)
-class ProtectedObjectSecuritySubform(InnerEditForm):
- """Protected object security sub-form"""
-
- legend = _("Security management")
- icon_css_class = 'fa fa-fw fa-key'
- label_css_class = 'control-label col-md-4'
- input_css_class = 'col-md-8'
-
- fields = field.Fields(IProtectedObject)
- edit_permission = 'security.manage'
- weight = 1
-
-
-@adapter_config(name='roles.subform',
- context=(IDefaultProtectionPolicy, IPyAMSLayer, ProtectedObjectRolesEditForm),
- provides=IInnerSubForm)
-class ProtectedObjectRolesSubform(InnerEditForm):
- """Protected object roles edit form"""
-
- legend = _("Granted roles")
+ legend = _("Granted users roles")
icon_css_class = 'fa fa-fw fa-users'
@property
def fields(self):
return field.Fields(self.context.roles_interface)
- edit_permission = 'security.manage_roles'
- weight = 2
+ ajax_handler = 'protected-object-roles.json'
+ edit_permission = MANAGE_ROLES_PERMISSION
def updateWidgets(self, prefix=None):
- super(ProtectedObjectRolesSubform, self).updateWidgets(prefix)
+ super(ProtectedObjectRolesEditForm, self).updateWidgets(prefix)
if self.mode == DISPLAY_MODE:
return
principals = self.request.effective_principals
@@ -112,9 +89,53 @@
for manager in role.managers:
if manager in principals:
widget.mode = INPUT_MODE
+ continue
@view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer,
- permission='security.manage', renderer='json', xhr=True)
+ permission=MANAGE_ROLES_PERMISSION, renderer='json', xhr=True)
class ProtectedObjectRolesAJAXEditForm(AJAXEditForm, ProtectedObjectRolesEditForm):
"""Protected object roles edit form, AJAX view"""
+
+
+@adapter_config(context=(Interface, IPyAMSLayer, ProtectedObjectRolesEditForm), provides=IPageHeader)
+class ProtectedObjectRolesEditFormHeaderAdapter(DefaultPageHeaderAdapter):
+ """Protected object security edit form header adapter"""
+
+ icon_class = 'fa fa-fw fa-users'
+
+
+#
+# Security policy edit form
+#
+
+@viewlet_config(name='security-policy.menu', context=IDefaultProtectionPolicy, layer=IAdminLayer,
+ manager=IObjectSecurityMenu, permission=MANAGE_SECURITY_PERMISSION, weight=10)
+class ProtectedObjectSecurityPolicyMenuItem(MenuItem):
+ """Protected object security policy menu item"""
+
+ label = _("Security policy...")
+ icon_class = 'fa-key'
+ url = 'security-policy.html'
+ modal_target = True
+
+
+@pagelet_config(name='security-policy.html', context=IDefaultProtectionPolicy, layer=IPyAMSLayer,
+ permission=MANAGE_SECURITY_PERMISSION)
+class ProtectedObjectSecurityPolicyEditForm(AdminDialogEditForm):
+ """Protected object security policy edit form"""
+
+ legend = _("Update security policy")
+ icon_css_class = 'fa fa-fw fa-key'
+
+ fields = field.Fields(IProtectedObject)
+ ajax_handler = 'security-policy.json'
+ edit_permission = MANAGE_SECURITY_PERMISSION
+
+ dialog_class = 'modal-large'
+
+
+@view_config(name='security-policy.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer,
+ permission=MANAGE_SECURITY_PERMISSION, renderer='json', xhr=True)
+class ProtectedObjectSecurityPolicyAJAXEditForm(AJAXEditForm, ProtectedObjectSecurityPolicyEditForm):
+ """Protected object security policy edit form, JSON renderer"""