Back to index

plone3  3.1.7
Guard.py
Go to the documentation of this file.
00001 ##############################################################################
00002 #
00003 # Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
00004 #
00005 # This software is subject to the provisions of the Zope Public License,
00006 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
00007 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
00008 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00009 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
00010 # FOR A PARTICULAR PURPOSE.
00011 #
00012 ##############################################################################
00013 """ Guard conditions in a web-configurable workflow.
00014 
00015 $Id: Guard.py 36985 2005-04-26 14:59:28Z anguenot $
00016 """
00017 
00018 from cgi import escape
00019 
00020 from Globals import DTMLFile
00021 from Globals import InitializeClass
00022 from Globals import Persistent
00023 from AccessControl import ClassSecurityInfo
00024 from Acquisition import Explicit
00025 from Acquisition import aq_base
00026 
00027 from Products.CMFCore.utils import _checkPermission
00028 
00029 from Expression import Expression
00030 from Expression import StateChangeInfo
00031 from Expression import createExprContext
00032 from permissions import ManagePortal
00033 from utils import _dtmldir
00034 
00035 
00036 class Guard (Persistent, Explicit):
00037     permissions = ()
00038     roles = ()
00039     groups = ()
00040     expr = None
00041 
00042     security = ClassSecurityInfo()
00043     security.declareObjectProtected(ManagePortal)
00044 
00045     guardForm = DTMLFile('guard', _dtmldir)
00046 
00047     def check(self, sm, wf_def, ob, **kw):
00048         """Checks conditions in this guard.
00049         """
00050         u_roles = None
00051         if wf_def.manager_bypass:
00052             # Possibly bypass.
00053             u_roles = sm.getUser().getRolesInContext(ob)
00054             if 'Manager' in u_roles:
00055                 return 1
00056         if self.permissions:
00057             for p in self.permissions:
00058                 if _checkPermission(p, ob):
00059                     break
00060             else:
00061                 return 0
00062         if self.roles:
00063             # Require at least one of the given roles.
00064             if u_roles is None:
00065                 u_roles = sm.getUser().getRolesInContext(ob)
00066             for role in self.roles:
00067                 if role in u_roles:
00068                     break
00069             else:
00070                 return 0
00071         if self.groups:
00072             # Require at least one of the specified groups.
00073             u = sm.getUser()
00074             b = aq_base( u )
00075             if hasattr( b, 'getGroupsInContext' ):
00076                 u_groups = u.getGroupsInContext( ob )
00077             elif hasattr( b, 'getGroups' ):
00078                 u_groups = u.getGroups()
00079             else:
00080                 u_groups = ()
00081             for group in self.groups:
00082                 if group in u_groups:
00083                     break
00084             else:
00085                 return 0
00086         expr = self.expr
00087         if expr is not None:
00088             econtext = createExprContext(
00089                 StateChangeInfo(ob, wf_def, kwargs=kw))
00090             res = expr(econtext)
00091             if not res:
00092                 return 0
00093         return 1
00094 
00095     security.declareProtected(ManagePortal, 'getSummary')
00096     def getSummary(self):
00097         # Perhaps ought to be in DTML.
00098         res = []
00099         if self.permissions:
00100             res.append('Requires permission:')
00101             res.append(formatNameUnion(self.permissions))
00102         if self.roles:
00103             if res:
00104                 res.append('<br/>')
00105             res.append('Requires role:')
00106             res.append(formatNameUnion(self.roles))
00107         if self.groups:
00108             if res:
00109                 res.append('<br/>')
00110             res.append('Requires group:')
00111             res.append(formatNameUnion(self.groups))
00112         if self.expr is not None:
00113             if res:
00114                 res.append('<br/>')
00115             res.append('Requires expr:')
00116             res.append('<code>' + escape(self.expr.text) + '</code>')
00117         return ' '.join(res)
00118 
00119     def changeFromProperties(self, props):
00120         '''
00121         Returns 1 if changes were specified.
00122         '''
00123         if props is None:
00124             return 0
00125         res = 0
00126         s = props.get('guard_permissions', None)
00127         if s:
00128             res = 1
00129             p = [ permission.strip() for permission in s.split(';') ]
00130             self.permissions = tuple(p)
00131         s = props.get('guard_roles', None)
00132         if s:
00133             res = 1
00134             r = [ role.strip() for role in s.split(';') ]
00135             self.roles = tuple(r)
00136         s = props.get('guard_groups', None)
00137         if s:
00138             res = 1
00139             g = [ group.strip() for group in s.split(';') ]
00140             self.groups = tuple(g)
00141         s = props.get('guard_expr', None)
00142         if s:
00143             res = 1
00144             self.expr = Expression(s)
00145         return res
00146 
00147     security.declareProtected(ManagePortal, 'getPermissionsText')
00148     def getPermissionsText(self):
00149         if not self.permissions:
00150             return ''
00151         return '; '.join(self.permissions)
00152 
00153     security.declareProtected(ManagePortal, 'getRolesText')
00154     def getRolesText(self):
00155         if not self.roles:
00156             return ''
00157         return '; '.join(self.roles)
00158 
00159     security.declareProtected(ManagePortal, 'getGroupsText')
00160     def getGroupsText(self):
00161         if not self.groups:
00162             return ''
00163         return '; '.join(self.groups)
00164 
00165     security.declareProtected(ManagePortal, 'getExprText')
00166     def getExprText(self):
00167         if not self.expr:
00168             return ''
00169         return str(self.expr.text)
00170 
00171 InitializeClass(Guard)
00172 
00173 
00174 def formatNameUnion(names):
00175     escaped = ['<code>' + escape(name) + '</code>' for name in names]
00176     if len(escaped) == 2:
00177         return ' or '.join(escaped)
00178     elif len(escaped) > 2:
00179         escaped[-1] = ' or ' + escaped[-1]
00180     return '; '.join(escaped)