Changed everyone and authenticated permissions to sets
authorThierry Florac <thierry.florac@onf.fr>
Mon, 20 Apr 2015 09:51:46 +0200
changeset 34 b84b491ea8bd
parent 33 c422e7f61f19
child 35 c28d80cf6d75
Changed everyone and authenticated permissions to sets
src/pyams_security/interfaces/__init__.py
src/pyams_security/security.py
src/pyams_security/zmi/security.py
--- a/src/pyams_security/interfaces/__init__.py	Mon Apr 20 09:51:14 2015 +0200
+++ b/src/pyams_security/interfaces/__init__.py	Mon Apr 20 09:51:46 2015 +0200
@@ -24,7 +24,7 @@
 from zope.location.interfaces import IContained
 
 # import packages
-from pyams_security.schema import PrincipalsSet
+from pyams_security.schema import PrincipalsSet, PermissionsSetField
 from pyams_utils.schema import EncodedPassword
 from zope.container.constraints import contains, containers
 from zope.interface import implementer, Interface, Attribute, invariant, Invalid
@@ -701,15 +701,14 @@
                                    required=True,
                                    default=True)
 
-    everyone_permission = Choice(title=_("Public permission"),
-                                 description=_("This permission will be granted to all users"),
-                                 vocabulary='PyAMS permissions',
-                                 required=False)
+    everyone_permissions = PermissionsSetField(title=_("Public permissions"),
+                                               description=_("These permissions will be granted to all users"),
+                                               required=False)
 
-    authenticated_permission = Choice(title=_("Authenticated permission"),
-                                      description=_("This permission will be granted to authenticated users"),
-                                      vocabulary='PyAMS permissions',
-                                      required=False)
+    authenticated_permissions = PermissionsSetField(title=_("Authenticated permissions"),
+                                                    description=_("These permissions will be granted to authenticated "
+                                                                  "users"),
+                                                    required=False)
 
     inherit_parent_roles = Bool(title=_("Inherit parent roles?"),
                                 description=_("Get roles granted on parent levels"),
--- a/src/pyams_security/security.py	Mon Apr 20 09:51:14 2015 +0200
+++ b/src/pyams_security/security.py	Mon Apr 20 09:51:46 2015 +0200
@@ -41,8 +41,8 @@
     """Base class for object protected by roles"""
 
     inherit_parent_security = FieldProperty(IRoleProtectedObject['inherit_parent_security'])
-    _everyone_permission = FieldProperty(IRoleProtectedObject['everyone_permission'])
-    _authenticated_permission = FieldProperty(IRoleProtectedObject['authenticated_permission'])
+    _everyone_permissions = FieldProperty(IRoleProtectedObject['everyone_permissions'])
+    _authenticated_permissions = FieldProperty(IRoleProtectedObject['authenticated_permissions'])
     inherit_parent_roles = FieldProperty(IRoleProtectedObject['inherit_parent_roles'])
 
     def __init__(self):
@@ -50,40 +50,40 @@
         self._roles_by_principal = PersistentDict()
 
     @property
-    def everyone_permission(self):
-        permission = self._everyone_permission
-        if permission is None and self.inherit_parent_security:
+    def everyone_permissions(self):
+        permissions = self._everyone_permissions
+        if (not permissions) and self.inherit_parent_security:
             for parent in lineage(self):
                 if parent in (self, self.__parent__):
                     continue
                 protection = IProtectedObject(parent, None)
                 if protection is not None:
-                    permission = protection.everyone_permission
-                if permission is not None:
+                    permissions = protection.everyone_permissions
+                if permissions:
                     break
-        return permission
+        return permissions
 
-    @everyone_permission.setter
-    def everyone_permission(self, value):
-        self._everyone_permission = value
+    @everyone_permissions.setter
+    def everyone_permissions(self, value):
+        self._everyone_permissions = value
 
     @property
-    def authenticated_permission(self):
-        permission = self._authenticated_permission
-        if permission is None and self.inherit_parent_security:
+    def authenticated_permissions(self):
+        permissions = self._authenticated_permissions
+        if (not permissions) and self.inherit_parent_security:
             for parent in lineage(self):
                 if parent in (self, self.__parent__):
                     continue
                 protection = IProtectedObject(parent, None)
                 if protection is not None:
-                    permission = protection.authenticated_permission
-                if permission is not None:
+                    permissions = protection.authenticated_permissions
+                if permissions:
                     break
-        return permission
+        return permissions
 
-    @authenticated_permission.setter
-    def authenticated_permission(self, value):
-        self._authenticated_permission = value
+    @authenticated_permissions.setter
+    def authenticated_permissions(self, value):
+        self._authenticated_permissions = value
 
     def grant_role(self, role_id, principal_ids):
         registry = check_request().registry
@@ -150,10 +150,10 @@
         # always grant all permissions to system manager
         result = [(Allow, 'system:admin', ALL_PERMISSIONS)]
         # grant permission to everyone and authenticated
-        if self.everyone_permission:
-            result.append((Allow, Everyone, self.everyone_permission))
-        if self.authenticated_permission:
-            result.append((Allow, Authenticated, self.authenticated_permission))
+        if self.everyone_permissions:
+            result.append((Allow, Everyone, self.everyone_permissions))
+        if self.authenticated_permissions:
+            result.append((Allow, Authenticated, self.authenticated_permissions))
         # grant access to all roles permissions
         for role_id in self._principals_by_role.keys():
             role = query_utility(IRole, role_id)
--- a/src/pyams_security/zmi/security.py	Mon Apr 20 09:51:14 2015 +0200
+++ b/src/pyams_security/zmi/security.py	Mon Apr 20 09:51:46 2015 +0200
@@ -70,8 +70,8 @@
     def updateWidgets(self, prefix=None):
         super(ProtectedObjectRolesEditForm, self).updateWidgets()
         translate = self.request.localizer.translate
-        self.widgets['everyone_permission'].noValueMessage = translate(_("(inherit from parent)"))
-        self.widgets['authenticated_permission'].noValueMessage = translate(_("(inherit from parent)"))
+        self.widgets['everyone_permissions'].noValueMessage = translate(_("(inherit from parent)"))
+        self.widgets['authenticated_permissions'].noValueMessage = translate(_("(inherit from parent)"))
 
 
 @view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer,