Back to index

plone3  3.1.7
role.py
Go to the documentation of this file.
00001 ##############################################################################
00002 #
00003 # PlonePAS - Adapt PluggableAuthService for use in Plone
00004 # Copyright (C) 2005 Enfold Systems, Kapil Thangavelu, et al
00005 #
00006 # This software is subject to the provisions of the Zope Public License,
00007 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this
00008 # distribution.
00009 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
00010 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00011 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
00012 # FOR A PARTICULAR PURPOSE.
00013 #
00014 ##############################################################################
00015 """
00016 group aware role manager, returns roles assigned to group a principal
00017 is a member of, in addition to the explicit roles assigned directly
00018 to the principal.
00019 
00020 """
00021 
00022 from AccessControl import ClassSecurityInfo
00023 from Globals import DTMLFile, InitializeClass
00024 from Acquisition import aq_parent, aq_inner
00025 
00026 from zope.interface import implementedBy
00027 
00028 from Products.PluggableAuthService.utils import classImplements
00029 from Products.PluggableAuthService.plugins.ZODBRoleManager \
00030      import ZODBRoleManager
00031 
00032 from Products.PlonePAS.utils import unique
00033 from Products.PlonePAS.interfaces.capabilities import IAssignRoleCapability
00034 
00035 from Products.PluggableAuthService.permissions import ManageUsers
00036 
00037 from AccessControl.requestmethod import postonly
00038 
00039 def manage_addGroupAwareRoleManager( self, id, title='', RESPONSE=None):
00040     """
00041     this is a doc string
00042     """
00043     garm = GroupAwareRoleManager( id, title )
00044     self._setObject( garm.getId(), garm)
00045 
00046     if RESPONSE is not None:
00047         RESPONSE.redirect('manage_workspace')
00048 
00049 manage_addGroupAwareRoleManagerForm = DTMLFile(
00050     '../zmi/GroupAwareRoleManagerForm', globals())
00051 
00052 
00053 class GroupAwareRoleManager( ZODBRoleManager ):
00054 
00055     meta_type = "Group Aware Role Manager"
00056 
00057     security = ClassSecurityInfo()
00058 
00059     def updateRolesList(self):
00060         role_holder = aq_parent( aq_inner( self._getPAS() ) )
00061         for role in getattr( role_holder, '__ac_roles__', () ):
00062             if role not in ('Anonymous', 'Authenticated') and \
00063                     role not in self._roles:
00064                 try:
00065                     self.addRole( role )
00066                 except KeyError:
00067                     pass
00068 
00069 
00070     # don't blow up if manager already exists; mostly for ZopeVersionControl
00071     def manage_afterAdd( self, item, container ):
00072 
00073         try:
00074             self.addRole( 'Manager' )
00075         except KeyError:
00076             pass
00077 
00078         if item is self:
00079             self.updateRolesList()
00080 
00081     security.declareProtected( ManageUsers, 'assignRolesToPrincipal' )
00082     def assignRolesToPrincipal( self, roles, principal_id, REQUEST=None ):
00083         """ Assign a specific set of roles, and only those roles, to a principal.
00084 
00085         o no return value
00086 
00087         o Raise KeyError if a role_id is unknown.
00088         """
00089         for role_id in roles:
00090             if role_id not in ('Authenticated','Anonymous','Owner'):
00091                 try:
00092                     role_info = self._roles[ role_id ] # raise KeyError if unknown!
00093                 except KeyError:
00094                     # Lazily update our roles list and try again
00095                     self.updateRolesList()
00096                     role_info = self._roles[ role_id ] # raise KeyError if unknown!
00097 
00098 
00099         self._principal_roles[ principal_id ] = tuple(roles)
00100     assignRolesToPrincipal = postonly(assignRolesToPrincipal)
00101 
00102     security.declarePrivate( 'getRolesForPrincipal' )
00103     def getRolesForPrincipal( self, principal, request=None ):
00104         """ See IRolesPlugin.
00105         """
00106         roles = []
00107         principal_ids = [principal.getId()]
00108         # not all user objects are propertied users with groups support.
00109         # theres no interface for now - so use an ugly hasattr
00110         if hasattr(principal, 'getGroups'):
00111             principal_ids.extend( principal.getGroups() )
00112         for pid in principal_ids:
00113             roles.extend( self._principal_roles.get( pid, () ) )
00114         return tuple( unique( roles ) )
00115 
00116     ## implement IAssignRoleCapability
00117 
00118     def allowRoleAssign(self, user_id, role_id):
00119         """True iff this plugin will allow assigning a certain user a certain role."""
00120         present = self.getRoleInfo(role_id)
00121         if present: return 1   # if we have a role, we can assign it
00122                                # slightly naive, but should be okay.
00123         return 0
00124 
00125     def listRoleIds(self):
00126         self.updateRolesList()
00127         return ZODBRoleManager.listRoleIds(self)
00128 
00129     def listRoleInfo(self):
00130         self.updateRolesList()
00131         return ZODBRoleManager.listRoleInfo(self)
00132 
00133     def getRoleInfo(self, role_id):
00134         if role_id not in self._roles:
00135             self.updateRolesList()
00136         return ZODBRoleManager.getRoleInfo(self, role_id)
00137 
00138     def getRoleInfo(self, role_id):
00139         if role_id not in self._roles:
00140             self.updateRolesList()
00141         return ZODBRoleManager.getRoleInfo(self, role_id)
00142 
00143 
00144 classImplements(GroupAwareRoleManager,
00145                 IAssignRoleCapability, *implementedBy(ZODBRoleManager))
00146 
00147 InitializeClass( GroupAwareRoleManager )