--- a/src/pyams_security/interfaces/__init__.py Mon Apr 20 09:51:14 2015 +0200
+++ b/src/pyams_security/interfaces/__init__.py Mon Apr 20 09:51:46 2015 +0200
@@ -24,7 +24,7 @@
from zope.location.interfaces import IContained
# import packages
-from pyams_security.schema import PrincipalsSet
+from pyams_security.schema import PrincipalsSet, PermissionsSetField
from pyams_utils.schema import EncodedPassword
from zope.container.constraints import contains, containers
from zope.interface import implementer, Interface, Attribute, invariant, Invalid
@@ -701,15 +701,14 @@
required=True,
default=True)
- everyone_permission = Choice(title=_("Public permission"),
- description=_("This permission will be granted to all users"),
- vocabulary='PyAMS permissions',
- required=False)
+ everyone_permissions = PermissionsSetField(title=_("Public permissions"),
+ description=_("These permissions will be granted to all users"),
+ required=False)
- authenticated_permission = Choice(title=_("Authenticated permission"),
- description=_("This permission will be granted to authenticated users"),
- vocabulary='PyAMS permissions',
- required=False)
+ authenticated_permissions = PermissionsSetField(title=_("Authenticated permissions"),
+ description=_("These permissions will be granted to authenticated "
+ "users"),
+ required=False)
inherit_parent_roles = Bool(title=_("Inherit parent roles?"),
description=_("Get roles granted on parent levels"),
--- a/src/pyams_security/security.py Mon Apr 20 09:51:14 2015 +0200
+++ b/src/pyams_security/security.py Mon Apr 20 09:51:46 2015 +0200
@@ -41,8 +41,8 @@
"""Base class for object protected by roles"""
inherit_parent_security = FieldProperty(IRoleProtectedObject['inherit_parent_security'])
- _everyone_permission = FieldProperty(IRoleProtectedObject['everyone_permission'])
- _authenticated_permission = FieldProperty(IRoleProtectedObject['authenticated_permission'])
+ _everyone_permissions = FieldProperty(IRoleProtectedObject['everyone_permissions'])
+ _authenticated_permissions = FieldProperty(IRoleProtectedObject['authenticated_permissions'])
inherit_parent_roles = FieldProperty(IRoleProtectedObject['inherit_parent_roles'])
def __init__(self):
@@ -50,40 +50,40 @@
self._roles_by_principal = PersistentDict()
@property
- def everyone_permission(self):
- permission = self._everyone_permission
- if permission is None and self.inherit_parent_security:
+ def everyone_permissions(self):
+ permissions = self._everyone_permissions
+ if (not permissions) and self.inherit_parent_security:
for parent in lineage(self):
if parent in (self, self.__parent__):
continue
protection = IProtectedObject(parent, None)
if protection is not None:
- permission = protection.everyone_permission
- if permission is not None:
+ permissions = protection.everyone_permissions
+ if permissions:
break
- return permission
+ return permissions
- @everyone_permission.setter
- def everyone_permission(self, value):
- self._everyone_permission = value
+ @everyone_permissions.setter
+ def everyone_permissions(self, value):
+ self._everyone_permissions = value
@property
- def authenticated_permission(self):
- permission = self._authenticated_permission
- if permission is None and self.inherit_parent_security:
+ def authenticated_permissions(self):
+ permissions = self._authenticated_permissions
+ if (not permissions) and self.inherit_parent_security:
for parent in lineage(self):
if parent in (self, self.__parent__):
continue
protection = IProtectedObject(parent, None)
if protection is not None:
- permission = protection.authenticated_permission
- if permission is not None:
+ permissions = protection.authenticated_permissions
+ if permissions:
break
- return permission
+ return permissions
- @authenticated_permission.setter
- def authenticated_permission(self, value):
- self._authenticated_permission = value
+ @authenticated_permissions.setter
+ def authenticated_permissions(self, value):
+ self._authenticated_permissions = value
def grant_role(self, role_id, principal_ids):
registry = check_request().registry
@@ -150,10 +150,10 @@
# always grant all permissions to system manager
result = [(Allow, 'system:admin', ALL_PERMISSIONS)]
# grant permission to everyone and authenticated
- if self.everyone_permission:
- result.append((Allow, Everyone, self.everyone_permission))
- if self.authenticated_permission:
- result.append((Allow, Authenticated, self.authenticated_permission))
+ if self.everyone_permissions:
+ result.append((Allow, Everyone, self.everyone_permissions))
+ if self.authenticated_permissions:
+ result.append((Allow, Authenticated, self.authenticated_permissions))
# grant access to all roles permissions
for role_id in self._principals_by_role.keys():
role = query_utility(IRole, role_id)
--- a/src/pyams_security/zmi/security.py Mon Apr 20 09:51:14 2015 +0200
+++ b/src/pyams_security/zmi/security.py Mon Apr 20 09:51:46 2015 +0200
@@ -70,8 +70,8 @@
def updateWidgets(self, prefix=None):
super(ProtectedObjectRolesEditForm, self).updateWidgets()
translate = self.request.localizer.translate
- self.widgets['everyone_permission'].noValueMessage = translate(_("(inherit from parent)"))
- self.widgets['authenticated_permission'].noValueMessage = translate(_("(inherit from parent)"))
+ self.widgets['everyone_permissions'].noValueMessage = translate(_("(inherit from parent)"))
+ self.widgets['authenticated_permissions'].noValueMessage = translate(_("(inherit from parent)"))
@view_config(name='protected-object-roles.json', context=IDefaultProtectionPolicy, request_type=IPyAMSLayer,