Back to index

plone3  3.1.7
Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes
PluggableAuthService.PropertiedUser.PropertiedUser Class Reference
Inheritance diagram for PluggableAuthService.PropertiedUser.PropertiedUser:
Inheritance graph
[legend]
Collaboration diagram for PluggableAuthService.PropertiedUser.PropertiedUser:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def __init__
def getId
def getUserName
def getRoles
def getGroups
def getDomains
def getRolesInContext
def allowed
def listPropertysheets
def getPropertysheet
def addPropertysheet

Private Member Functions

def _addGroups
def _addRoles

Private Attributes

 _id
 _login
 _propertysheets
 _groups
 _roles

Static Private Attributes

 __getitem__ = getPropertysheet

Detailed Description

User objects which manage propertysheets, obtained from decorators.

Definition at line 30 of file PropertiedUser.py.


Constructor & Destructor Documentation

def PluggableAuthService.PropertiedUser.PropertiedUser.__init__ (   self,
  id,
  login = None 
)

Definition at line 34 of file PropertiedUser.py.

00034 
00035     def __init__( self, id, login=None ):
00036 
00037         self._id = id
00038 
00039         if login is None:
00040             login = id
00041 
00042         self._login = login
00043 
00044         self._propertysheets = {}   # *Not* persistent!
00045         self._groups = {}
00046         self._roles = {}
00047 


Member Function Documentation

def PluggableAuthService.PropertiedUser.PropertiedUser._addGroups (   self,
  groups = () 
) [private]
Extend our set of groups.

o Don't complain about duplicates.

Definition at line 240 of file PropertiedUser.py.

00240 
00241     def _addGroups( self, groups=() ):
00242 
00243         """ Extend our set of groups.
00244 
00245         o Don't complain about duplicates.
00246         """
00247         for group in groups:
00248             self._groups[ group ] = 1

def PluggableAuthService.PropertiedUser.PropertiedUser._addRoles (   self,
  roles = () 
) [private]
Extend our set of roles.

o Don't complain about duplicates.

Definition at line 249 of file PropertiedUser.py.

00249 
00250     def _addRoles( self, roles=() ):
00251 
00252         """ Extend our set of roles.
00253 
00254         o Don't complain about duplicates.
00255         """
00256         for role in roles:
00257             self._roles[ role ] = 1
00258 

Add a new propertysheet.

o Raise KeyError if a sheet of the given ID already exists.

Definition at line 278 of file PropertiedUser.py.

00278 
00279     def addPropertysheet( self, id, data ):
00280 
00281         """ Add a new propertysheet.
00282 
00283         o Raise KeyError if a sheet of the given ID already exists.
00284         """
00285         if self._propertysheets.get( id ) is not None:
00286             raise KeyError, "Duplicate property sheet: %s" % id
00287 
00288         if IPropertySheet.providedBy(data):
00289             self._propertysheets[ id ] = data
00290         else:
00291             self._propertysheets[ id ] = UserPropertySheet( id, **data )
00292 
00293 
00294 classImplements( PropertiedUser,
00295                  IPropertiedUser )

Here is the call graph for this function:

def PluggableAuthService.PropertiedUser.PropertiedUser.allowed (   self,
  object,
  object_roles = None 
)
Check whether the user has access to object.

o The user must have one of the roles in object_roles to allow access.

o Include *both* local roles assigned directly to us *and* those
  assigned to our groups.

o Ripped off from AccessControl.User.BasicUser, which provides
  no other extension mechanism. :(

Definition at line 142 of file PropertiedUser.py.

00142 
00143     def allowed( self, object, object_roles=None ):
00144 
00145         """ Check whether the user has access to object.
00146 
00147         o The user must have one of the roles in object_roles to allow access.
00148 
00149         o Include *both* local roles assigned directly to us *and* those
00150           assigned to our groups.
00151 
00152         o Ripped off from AccessControl.User.BasicUser, which provides
00153           no other extension mechanism. :(
00154         """
00155         if object_roles is _what_not_even_god_should_do:
00156             return 0
00157 
00158         # Short-circuit the common case of anonymous access.
00159         if object_roles is None or 'Anonymous' in object_roles:
00160             return 1
00161 
00162         # Provide short-cut access if object is protected by 'Authenticated'
00163         # role and user is not nobody
00164         if 'Authenticated' in object_roles and (
00165             self.getUserName() != 'Anonymous User'):
00166             return 1
00167 
00168         # Check for ancient role data up front, convert if found.
00169         # This should almost never happen, and should probably be
00170         # deprecated at some point.
00171         if 'Shared' in object_roles:
00172             object_roles = self._shared_roles(object)
00173             if object_roles is None or 'Anonymous' in object_roles:
00174                 return 1
00175 
00176         # Check for a role match with the normal roles given to
00177         # the user, then with local roles only if necessary. We
00178         # want to avoid as much overhead as possible.
00179         user_roles = self.getRoles()
00180         for role in object_roles:
00181             if role in user_roles:
00182                 if self._check_context(object):
00183                     return 1
00184                 return None
00185 
00186         # Still have not found a match, so check local roles. We do
00187         # this manually rather than call getRolesInContext so that
00188         # we can incur only the overhead required to find a match.
00189         inner_obj = aq_inner( object )
00190         user_id = self.getId()
00191         # [ x.getId() for x in self.getGroups() ]
00192         group_ids = self.getGroups()
00193 
00194         principal_ids = list( group_ids )
00195         principal_ids.insert( 0, user_id )
00196 
00197         while 1:
00198 
00199             local_roles = getattr( inner_obj, '__ac_local_roles__', None )
00200 
00201             if local_roles:
00202 
00203                 if callable( local_roles ):
00204                     local_roles = local_roles()
00205 
00206                 dict = local_roles or {}
00207 
00208                 for principal_id in principal_ids:
00209 
00210                     local_roles = dict.get( principal_id, [] )
00211 
00212                     for role in object_roles:
00213 
00214                         if role in local_roles:
00215 
00216                             if self._check_context( object ):
00217                                 return 1
00218 
00219                             return 0
00220 
00221             inner = aq_inner( inner_obj )
00222             parent = aq_parent( inner )
00223 
00224             if parent is not None:
00225                 inner_obj = parent
00226                 continue
00227 
00228             new = getattr( inner_obj, 'im_self', None )
00229 
00230             if new is not None:
00231                 inner_obj = aq_inner( new )
00232                 continue
00233 
00234             break
00235 
00236         return None

-> [ domain ]

o The list represents the only domains from which the user is
  allowed to access the system.

Definition at line 78 of file PropertiedUser.py.

00078 
00079     def getDomains( self ):
00080 
00081         """ -> [ domain ]
00082 
00083         o The list represents the only domains from which the user is
00084           allowed to access the system.
00085         """
00086         return ()

-> [group]

o Return the groups the user is in.

Definition at line 71 of file PropertiedUser.py.

00071 
00072     def getGroups(self):
00073         """ -> [group]
00074 
00075         o Return the groups the user is in.
00076         """
00077         return self._groups.keys()

Here is the caller graph for this function:

-> user ID

Definition at line 51 of file PropertiedUser.py.

00051 
00052     def getId( self ):
00053 
00054         """ -> user ID
00055         """
00056         return self._id

id -> sheet

o Raise KeyError if no such seet exists.

Definition at line 268 of file PropertiedUser.py.

00268 
00269     def getPropertysheet( self, id ):
00270 
00271         """ id -> sheet
00272 
00273         o Raise KeyError if no such seet exists.
00274         """
00275         return self._propertysheets[ id ]

-> [ role ]

o Include only "global" roles.

Definition at line 63 of file PropertiedUser.py.

00063 
00064     def getRoles( self ):
00065 
00066         """ -> [ role ]
00067 
00068         o Include only "global" roles.
00069         """
00070         return self._roles.keys()

Here is the caller graph for this function:

Return the list of roles assigned to the user.

o Include local roles assigned in context of the passed-in object.

o Include *both* local roles assigned directly to us *and* those
  assigned to our groups.

o Ripped off from AccessControl.User.BasicUser, which provides
  no other extension mechanism. :(

Definition at line 87 of file PropertiedUser.py.

00087 
00088     def getRolesInContext( self, object ):
00089 
00090         """ Return the list of roles assigned to the user.
00091 
00092         o Include local roles assigned in context of the passed-in object.
00093 
00094         o Include *both* local roles assigned directly to us *and* those
00095           assigned to our groups.
00096 
00097         o Ripped off from AccessControl.User.BasicUser, which provides
00098           no other extension mechanism. :(
00099         """
00100         user_id = self.getId()
00101         # [ x.getId() for x in self.getGroups() ]
00102         group_ids = self.getGroups()
00103 
00104         principal_ids = list( group_ids )
00105         principal_ids.insert( 0, user_id )
00106 
00107         local ={} 
00108         object = aq_inner( object )
00109 
00110         while 1:
00111 
00112             local_roles = getattr( object, '__ac_local_roles__', None )
00113 
00114             if local_roles:
00115 
00116                 if callable( local_roles ):
00117                     local_roles = local_roles()
00118 
00119                 dict = local_roles or {}
00120 
00121                 for principal_id in principal_ids:
00122                     for role in dict.get( principal_id, [] ):
00123                         local[ role ] = 1
00124 
00125             inner = aq_inner( object )
00126             parent = aq_parent( inner )
00127 
00128             if parent is not None:
00129                 object = parent
00130                 continue
00131 
00132             new = getattr( object, 'im_self', None )
00133 
00134             if new is not None:
00135 
00136                 object = aq_inner( new )
00137                 continue
00138 
00139             break
00140 
00141         return list( self.getRoles() ) + local.keys()

-> login name

Definition at line 57 of file PropertiedUser.py.

00057 
00058     def getUserName( self ):
00059 
00060         """ -> login name
00061         """
00062         return self._login

Here is the caller graph for this function:

-> [ propertysheet_id ]

Definition at line 262 of file PropertiedUser.py.

00262 
00263     def listPropertysheets( self ):
00264 
00265         """ -> [ propertysheet_id ]
00266         """
00267         return self._propertysheets.keys()


Member Data Documentation

Definition at line 276 of file PropertiedUser.py.

Definition at line 44 of file PropertiedUser.py.

Definition at line 36 of file PropertiedUser.py.

Definition at line 41 of file PropertiedUser.py.

Definition at line 43 of file PropertiedUser.py.

Definition at line 45 of file PropertiedUser.py.


The documentation for this class was generated from the following file: