source: WAeUP_SRP/branches/uli/PatchCPSUserFolderUserFolder.py @ 17388

Last change on this file since 17388 was 1653, checked in by uli, 18 years ago

Incorporated changeset 1593:1652 of trunk into uli-branch.

File size: 6.0 KB
RevLine 
[880]1from AccessControl import ClassSecurityInfo
2from ExtensionClass import Base
3from Acquisition import Implicit
4from Acquisition import aq_base, aq_parent, aq_inner
5
6security = ClassSecurityInfo()
7
8security.declarePublic('getRolesInContext')
9def getRolesInContext(self, object):
[881]10    """Get the list of roles assigned to the user.
11    This includes local roles assigned in the context of
12    the passed in object.
13    Knows about local roles blocking (roles starting with '-').
14    """
[880]15    name = self.getUserName()
16    roles = self.getRoles()
[881]17    # deal with groups
18    groups = self.getComputedGroups()
19    # end groups
[880]20    local = {}
21    stop_loop = 0
[881]22    real_object = object
[880]23    object = aq_inner(object)
24    while 1:
25        # Collect all roles info
26        lrd = {}
27        local_roles = getattr(object, '__ac_local_roles__', None)
28        if local_roles:
29            if callable(local_roles):
30                local_roles = local_roles() or {}
31            for r in local_roles.get(name, ()):
32                if r:
33                    lrd[r] = None
34        local_group_roles = getattr(object, '__ac_local_group_roles__', None)
35        if local_group_roles:
36            if callable(local_group_roles):
37                local_group_roles = local_group_roles() or {}
38            for g in groups:
39                for r in local_group_roles.get(g, ()):
40                    if r:
41                        lrd[r] = None
42        lr = lrd.keys()
43        # Positive role assertions
44        for r in lr:
45            if r[0] != '-':
46                if not local.has_key(r):
47                    local[r] = 1 # acquired role
48        # Negative (blocking) role assertions
49        for r in lr:
50            if r[0] == '-':
51                r = r[1:]
52                if not r:
53                    # role '-' blocks all acquisition
54                    stop_loop = 1
55                    break
56                if not local.has_key(r):
57                    local[r] = 0 # blocked role
58        if stop_loop:
59            break
[881]60        if hasattr(object, 'aq_parent'):
61            object = aq_inner(object.aq_parent)
[880]62            continue
63        if hasattr(object, 'im_self'):
[881]64            object = aq_inner(object.im_self)
[880]65            continue
66        break
67    roles = list(roles)
68    for r, v in local.items():
69        if v: # only if not blocked
70            roles.append(r)
71    ## patch to assign dynamic roles for WAeUP
72    while 1:
[1593]73        if self.isStudent():
74            break
75        groups = self.portal_membership.getAuthenticatedMember().getGroups()
76        if not ("ClearanceOfficers" in groups or "CourseAdvisers" in groups):
77            break
[1035]78        if callable(real_object) and hasattr(real_object,'im_self'):
79            real_object = real_object.im_self
[1593]80
81        if real_object is None:
82            break
[1035]83        if hasattr(real_object,'portal_type') and\
[1593]84                   real_object.portal_type not in ("Student",
85                                                   "StudentClearance",
86                                                   "StudentStudyLevel"):
[880]87            break
[1653]88
89        # don't test if it is not a proxy
90        #if real_object.portal_type == real_object.meta_type:
91        #    break
92       
[1593]93        # can be later simplified by replacing by students_catalog values - Henrik
94        # getattr works always because of acquisition ?! Henrik
[902]95        sc = getattr(real_object,'study_course',None)
96        if sc is None:
97            break
[1471]98        sc_obj = sc.getContent()
[1593]99        cert_id = sc_obj.study_course
100        res_cert = self.portal_catalog(id = cert_id)
101        if len(res_cert) != 1:
[1471]102            break
[1593]103        certificate_brain = res_cert[0]
104        certificate_obj = certificate_brain.getObject()
105        cert_path = certificate_brain.getPath().split('/')
[1471]106        fac_id = cert_path[-4]
107        dep_id = cert_path[-3]
[1593]108        # temporary self-healing function
[1471]109        # deprecated after reindexing the students_catalog
[1076]110        student_id = self.getStudentId()
111        res = self.students_catalog(id=student_id)
[1066]112        if len(res) != 1:
113            break
[1593]114        st_entry = res[0]
115        if st_entry.faculty != fac_id or\
116           st_entry.department != dep_id or\
117           st_entry.course != cert_id:
118               self.students_catalog.modifyRecord(id = student_id,
[1471]119                                                faculty = fac_id,
120                                                department = dep_id,
[1593]121                                                course = cert_id
[1515]122                                                )
[1593]123        if real_object.portal_type == "StudentStudyLevel":
[1653]124            if real_object.meta_type != "StudentStudyLevel":
125                context_obj = getattr(certificate_obj,real_object.getId(),None)
126            else:
127                context_obj = getattr(certificate_obj,real_object.aq_parent.getId(),None)
[1593]128            if context_obj is None:
[1653]129                #from pdb import set_trace;set_trace()
[1593]130                break
131            allowed = set(('CourseAdviser', 'SectionManager'))
132        elif real_object.portal_type == "Student" and "CourseAdvisers" in groups:
[1653]133            #we need some special processing since CourseAdvisers are only
[1593]134            #specified per StudyLevel
135            allowed = set(('CourseAdviser', 'SectionManager'))
136            for context_obj in certificate_obj.objectValues():
137                dynamic_roles = set(self.getRolesInContext(context_obj))
138                intersect = dynamic_roles & allowed
139                if intersect:
140                    roles.extend(list(intersect))
[1515]141            break
[1593]142        else:
143            res = self.portal_catalog(portal_type="Department",id=dep_id)
144            allowed = set(('ClearanceOfficer', 'SectionManager'))
145            if len(res) != 1:
146                break
147            context_obj = res[0].getObject()
148        dynamic_roles = set(self.getRolesInContext(context_obj))
149        intersect = dynamic_roles & allowed
150        if intersect:
151            roles.extend(list(intersect))
[880]152        break
153    return roles
154
[881]155from Products.CPSUserFolder.CPSUserFolder import CPSUser
156CPSUser.getRolesInContext = getRolesInContext
Note: See TracBrowser for help on using the repository browser.