--- a/src/pyams_security/security.py Mon Apr 20 09:51:14 2015 +0200
+++ b/src/pyams_security/security.py Mon Apr 20 09:51:46 2015 +0200
@@ -41,8 +41,8 @@
"""Base class for object protected by roles"""
inherit_parent_security = FieldProperty(IRoleProtectedObject['inherit_parent_security'])
- _everyone_permission = FieldProperty(IRoleProtectedObject['everyone_permission'])
- _authenticated_permission = FieldProperty(IRoleProtectedObject['authenticated_permission'])
+ _everyone_permissions = FieldProperty(IRoleProtectedObject['everyone_permissions'])
+ _authenticated_permissions = FieldProperty(IRoleProtectedObject['authenticated_permissions'])
inherit_parent_roles = FieldProperty(IRoleProtectedObject['inherit_parent_roles'])
def __init__(self):
@@ -50,40 +50,40 @@
self._roles_by_principal = PersistentDict()
@property
- def everyone_permission(self):
- permission = self._everyone_permission
- if permission is None and self.inherit_parent_security:
+ def everyone_permissions(self):
+ permissions = self._everyone_permissions
+ if (not permissions) and self.inherit_parent_security:
for parent in lineage(self):
if parent in (self, self.__parent__):
continue
protection = IProtectedObject(parent, None)
if protection is not None:
- permission = protection.everyone_permission
- if permission is not None:
+ permissions = protection.everyone_permissions
+ if permissions:
break
- return permission
+ return permissions
- @everyone_permission.setter
- def everyone_permission(self, value):
- self._everyone_permission = value
+ @everyone_permissions.setter
+ def everyone_permissions(self, value):
+ self._everyone_permissions = value
@property
- def authenticated_permission(self):
- permission = self._authenticated_permission
- if permission is None and self.inherit_parent_security:
+ def authenticated_permissions(self):
+ permissions = self._authenticated_permissions
+ if (not permissions) and self.inherit_parent_security:
for parent in lineage(self):
if parent in (self, self.__parent__):
continue
protection = IProtectedObject(parent, None)
if protection is not None:
- permission = protection.authenticated_permission
- if permission is not None:
+ permissions = protection.authenticated_permissions
+ if permissions:
break
- return permission
+ return permissions
- @authenticated_permission.setter
- def authenticated_permission(self, value):
- self._authenticated_permission = value
+ @authenticated_permissions.setter
+ def authenticated_permissions(self, value):
+ self._authenticated_permissions = value
def grant_role(self, role_id, principal_ids):
registry = check_request().registry
@@ -150,10 +150,10 @@
# always grant all permissions to system manager
result = [(Allow, 'system:admin', ALL_PERMISSIONS)]
# grant permission to everyone and authenticated
- if self.everyone_permission:
- result.append((Allow, Everyone, self.everyone_permission))
- if self.authenticated_permission:
- result.append((Allow, Authenticated, self.authenticated_permission))
+ if self.everyone_permissions:
+ result.append((Allow, Everyone, self.everyone_permissions))
+ if self.authenticated_permissions:
+ result.append((Allow, Authenticated, self.authenticated_permissions))
# grant access to all roles permissions
for role_id in self._principals_by_role.keys():
role = query_utility(IRole, role_id)