source: WAeUP_SRP/branches/uli/PatchCPSUserFolderUserFolder.py @ 17959

Last change on this file since 17959 was 1653, checked in by uli, 18 years ago

Incorporated changeset 1593:1652 of trunk into uli-branch.

File size: 6.0 KB
Line 
1from AccessControl import ClassSecurityInfo
2from ExtensionClass import Base
3from Acquisition import Implicit
4from Acquisition import aq_base, aq_parent, aq_inner
5
6security = ClassSecurityInfo()
7
8security.declarePublic('getRolesInContext')
9def getRolesInContext(self, object):
10    """Get the list of roles assigned to the user.
11    This includes local roles assigned in the context of
12    the passed in object.
13    Knows about local roles blocking (roles starting with '-').
14    """
15    name = self.getUserName()
16    roles = self.getRoles()
17    # deal with groups
18    groups = self.getComputedGroups()
19    # end groups
20    local = {}
21    stop_loop = 0
22    real_object = object
23    object = aq_inner(object)
24    while 1:
25        # Collect all roles info
26        lrd = {}
27        local_roles = getattr(object, '__ac_local_roles__', None)
28        if local_roles:
29            if callable(local_roles):
30                local_roles = local_roles() or {}
31            for r in local_roles.get(name, ()):
32                if r:
33                    lrd[r] = None
34        local_group_roles = getattr(object, '__ac_local_group_roles__', None)
35        if local_group_roles:
36            if callable(local_group_roles):
37                local_group_roles = local_group_roles() or {}
38            for g in groups:
39                for r in local_group_roles.get(g, ()):
40                    if r:
41                        lrd[r] = None
42        lr = lrd.keys()
43        # Positive role assertions
44        for r in lr:
45            if r[0] != '-':
46                if not local.has_key(r):
47                    local[r] = 1 # acquired role
48        # Negative (blocking) role assertions
49        for r in lr:
50            if r[0] == '-':
51                r = r[1:]
52                if not r:
53                    # role '-' blocks all acquisition
54                    stop_loop = 1
55                    break
56                if not local.has_key(r):
57                    local[r] = 0 # blocked role
58        if stop_loop:
59            break
60        if hasattr(object, 'aq_parent'):
61            object = aq_inner(object.aq_parent)
62            continue
63        if hasattr(object, 'im_self'):
64            object = aq_inner(object.im_self)
65            continue
66        break
67    roles = list(roles)
68    for r, v in local.items():
69        if v: # only if not blocked
70            roles.append(r)
71    ## patch to assign dynamic roles for WAeUP
72    while 1:
73        if self.isStudent():
74            break
75        groups = self.portal_membership.getAuthenticatedMember().getGroups()
76        if not ("ClearanceOfficers" in groups or "CourseAdvisers" in groups):
77            break
78        if callable(real_object) and hasattr(real_object,'im_self'):
79            real_object = real_object.im_self
80
81        if real_object is None:
82            break
83        if hasattr(real_object,'portal_type') and\
84                   real_object.portal_type not in ("Student",
85                                                   "StudentClearance",
86                                                   "StudentStudyLevel"):
87            break
88
89        # don't test if it is not a proxy
90        #if real_object.portal_type == real_object.meta_type:
91        #    break
92       
93        # can be later simplified by replacing by students_catalog values - Henrik
94        # getattr works always because of acquisition ?! Henrik
95        sc = getattr(real_object,'study_course',None)
96        if sc is None:
97            break
98        sc_obj = sc.getContent()
99        cert_id = sc_obj.study_course
100        res_cert = self.portal_catalog(id = cert_id)
101        if len(res_cert) != 1:
102            break
103        certificate_brain = res_cert[0]
104        certificate_obj = certificate_brain.getObject()
105        cert_path = certificate_brain.getPath().split('/')
106        fac_id = cert_path[-4]
107        dep_id = cert_path[-3]
108        # temporary self-healing function
109        # deprecated after reindexing the students_catalog
110        student_id = self.getStudentId()
111        res = self.students_catalog(id=student_id)
112        if len(res) != 1:
113            break
114        st_entry = res[0]
115        if st_entry.faculty != fac_id or\
116           st_entry.department != dep_id or\
117           st_entry.course != cert_id:
118               self.students_catalog.modifyRecord(id = student_id,
119                                                faculty = fac_id,
120                                                department = dep_id,
121                                                course = cert_id
122                                                )
123        if real_object.portal_type == "StudentStudyLevel":
124            if real_object.meta_type != "StudentStudyLevel":
125                context_obj = getattr(certificate_obj,real_object.getId(),None)
126            else:
127                context_obj = getattr(certificate_obj,real_object.aq_parent.getId(),None)
128            if context_obj is None:
129                #from pdb import set_trace;set_trace()
130                break
131            allowed = set(('CourseAdviser', 'SectionManager'))
132        elif real_object.portal_type == "Student" and "CourseAdvisers" in groups:
133            #we need some special processing since CourseAdvisers are only
134            #specified per StudyLevel
135            allowed = set(('CourseAdviser', 'SectionManager'))
136            for context_obj in certificate_obj.objectValues():
137                dynamic_roles = set(self.getRolesInContext(context_obj))
138                intersect = dynamic_roles & allowed
139                if intersect:
140                    roles.extend(list(intersect))
141            break
142        else:
143            res = self.portal_catalog(portal_type="Department",id=dep_id)
144            allowed = set(('ClearanceOfficer', 'SectionManager'))
145            if len(res) != 1:
146                break
147            context_obj = res[0].getObject()
148        dynamic_roles = set(self.getRolesInContext(context_obj))
149        intersect = dynamic_roles & allowed
150        if intersect:
151            roles.extend(list(intersect))
152        break
153    return roles
154
155from Products.CPSUserFolder.CPSUserFolder import CPSUser
156CPSUser.getRolesInContext = getRolesInContext
Note: See TracBrowser for help on using the repository browser.