# HG changeset patch # User Thierry Florac # Date 1429516306 -7200 # Node ID b84b491ea8bdbbe5fad0e57a2c42387c7c0aa861 # Parent c422e7f61f19bd653c65e07898c58b458be55da7 Changed everyone and authenticated permissions to sets diff -r c422e7f61f19 -r b84b491ea8bd src/pyams_security/interfaces/__init__.py --- a/src/pyams_security/interfaces/__init__.py Mon Apr 20 09:51:14 2015 +0200 +++ b/src/pyams_security/interfaces/__init__.py Mon Apr 20 09:51:46 2015 +0200 @@ -24,7 +24,7 @@ from zope.location.interfaces import IContained # import packages -from pyams_security.schema import PrincipalsSet +from pyams_security.schema import PrincipalsSet, PermissionsSetField from pyams_utils.schema import EncodedPassword from zope.container.constraints import contains, containers from zope.interface import implementer, Interface, Attribute, invariant, Invalid @@ -701,15 +701,14 @@ required=True, default=True) - everyone_permission = Choice(title=_("Public permission"), - description=_("This permission will be granted to all users"), - vocabulary='PyAMS permissions', - required=False) + everyone_permissions = PermissionsSetField(title=_("Public permissions"), + description=_("These permissions will be granted to all users"), + required=False) - authenticated_permission = Choice(title=_("Authenticated permission"), - description=_("This permission will be granted to authenticated users"), - vocabulary='PyAMS permissions', - required=False) + authenticated_permissions = PermissionsSetField(title=_("Authenticated permissions"), + description=_("These permissions will be granted to authenticated " + "users"), + required=False) inherit_parent_roles = Bool(title=_("Inherit parent roles?"), description=_("Get roles granted on parent levels"), diff -r c422e7f61f19 -r b84b491ea8bd src/pyams_security/security.py --- a/src/pyams_security/security.py Mon Apr 20 09:51:14 2015 +0200 +++ b/src/pyams_security/security.py Mon Apr 20 09:51:46 2015 +0200 @@ -41,8 +41,8 @@ """Base class for object protected by roles""" inherit_parent_security = FieldProperty(IRoleProtectedObject['inherit_parent_security']) - _everyone_permission = FieldProperty(IRoleProtectedObject['everyone_permission']) - _authenticated_permission = FieldProperty(IRoleProtectedObject['authenticated_permission']) + _everyone_permissions = FieldProperty(IRoleProtectedObject['everyone_permissions']) + _authenticated_permissions = FieldProperty(IRoleProtectedObject['authenticated_permissions']) inherit_parent_roles = FieldProperty(IRoleProtectedObject['inherit_parent_roles']) def __init__(self): @@ -50,40 +50,40 @@ self._roles_by_principal = PersistentDict() @property - def everyone_permission(self): - permission = self._everyone_permission - if permission is None and self.inherit_parent_security: + def everyone_permissions(self): + permissions = self._everyone_permissions + if (not permissions) and self.inherit_parent_security: for parent in lineage(self): if parent in (self, self.__parent__): continue protection = IProtectedObject(parent, None) if protection is not None: - permission = protection.everyone_permission - if permission is not None: + permissions = protection.everyone_permissions + if permissions: break - return permission + return permissions - @everyone_permission.setter - def everyone_permission(self, value): - self._everyone_permission = value + @everyone_permissions.setter + def everyone_permissions(self, value): + self._everyone_permissions = value @property - def authenticated_permission(self): - permission = self._authenticated_permission - if permission is None and self.inherit_parent_security: + def authenticated_permissions(self): + permissions = self._authenticated_permissions + if (not permissions) and self.inherit_parent_security: for parent in lineage(self): if parent in (self, self.__parent__): continue protection = IProtectedObject(parent, None) if protection is not None: - permission = protection.authenticated_permission - if permission is not None: + permissions = protection.authenticated_permissions + if permissions: break - return permission + return permissions - @authenticated_permission.setter - def authenticated_permission(self, value): - self._authenticated_permission = value + @authenticated_permissions.setter + def authenticated_permissions(self, value): + self._authenticated_permissions = value def grant_role(self, role_id, principal_ids): registry = check_request().registry @@ -150,10 +150,10 @@ # always grant all permissions to system manager result = [(Allow, 'system:admin', ALL_PERMISSIONS)] # grant permission to everyone and authenticated - if self.everyone_permission: - result.append((Allow, Everyone, self.everyone_permission)) - if self.authenticated_permission: - result.append((Allow, Authenticated, self.authenticated_permission)) + if self.everyone_permissions: + result.append((Allow, Everyone, self.everyone_permissions)) + if self.authenticated_permissions: + result.append((Allow, Authenticated, self.authenticated_permissions)) # grant access to all roles permissions for role_id in self._principals_by_role.keys(): role = query_utility(IRole, role_id) diff -r c422e7f61f19 -r b84b491ea8bd src/pyams_security/zmi/security.py --- a/src/pyams_security/zmi/security.py Mon Apr 20 09:51:14 2015 +0200 +++ b/src/pyams_security/zmi/security.py Mon Apr 20 09:51:46 2015 +0200 @@ -70,8 +70,8 @@ def updateWidgets(self, prefix=None): super(ProtectedObjectRolesEditForm, self).updateWidgets() translate = self.request.localizer.translate - self.widgets['everyone_permission'].noValueMessage = translate(_("(inherit from parent)")) - self.widgets['authenticated_permission'].noValueMessage = translate(_("(inherit from parent)")) + self.widgets['everyone_permissions'].noValueMessage = translate(_("(inherit from parent)")) + self.widgets['authenticated_permissions'].noValueMessage = translate(_("(inherit from parent)")) @view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer,