| 1 | from AccessControl import ClassSecurityInfo |
|---|
| 2 | from ExtensionClass import Base |
|---|
| 3 | from Acquisition import Implicit |
|---|
| 4 | from Acquisition import aq_base, aq_parent, aq_inner |
|---|
| 5 | |
|---|
| 6 | security = ClassSecurityInfo() |
|---|
| 7 | |
|---|
| 8 | security.declarePublic('getRolesInContext') |
|---|
| 9 | def getRolesInContext(self, object): |
|---|
| 10 | """Get the list of roles assigned to the user. |
|---|
| 11 | This includes local roles assigned in the context of |
|---|
| 12 | the passed in object. |
|---|
| 13 | Knows about local roles blocking (roles starting with '-'). |
|---|
| 14 | """ |
|---|
| 15 | name = self.getUserName() |
|---|
| 16 | roles = self.getRoles() |
|---|
| 17 | # deal with groups |
|---|
| 18 | groups = self.getComputedGroups() |
|---|
| 19 | # end groups |
|---|
| 20 | local = {} |
|---|
| 21 | stop_loop = 0 |
|---|
| 22 | real_object = object |
|---|
| 23 | object = aq_inner(object) |
|---|
| 24 | while 1: |
|---|
| 25 | # Collect all roles info |
|---|
| 26 | lrd = {} |
|---|
| 27 | local_roles = getattr(object, '__ac_local_roles__', None) |
|---|
| 28 | if local_roles: |
|---|
| 29 | if callable(local_roles): |
|---|
| 30 | local_roles = local_roles() or {} |
|---|
| 31 | for r in local_roles.get(name, ()): |
|---|
| 32 | if r: |
|---|
| 33 | lrd[r] = None |
|---|
| 34 | local_group_roles = getattr(object, '__ac_local_group_roles__', None) |
|---|
| 35 | if local_group_roles: |
|---|
| 36 | if callable(local_group_roles): |
|---|
| 37 | local_group_roles = local_group_roles() or {} |
|---|
| 38 | for g in groups: |
|---|
| 39 | for r in local_group_roles.get(g, ()): |
|---|
| 40 | if r: |
|---|
| 41 | lrd[r] = None |
|---|
| 42 | lr = lrd.keys() |
|---|
| 43 | # Positive role assertions |
|---|
| 44 | for r in lr: |
|---|
| 45 | if r[0] != '-': |
|---|
| 46 | if not local.has_key(r): |
|---|
| 47 | local[r] = 1 # acquired role |
|---|
| 48 | # Negative (blocking) role assertions |
|---|
| 49 | for r in lr: |
|---|
| 50 | if r[0] == '-': |
|---|
| 51 | r = r[1:] |
|---|
| 52 | if not r: |
|---|
| 53 | # role '-' blocks all acquisition |
|---|
| 54 | stop_loop = 1 |
|---|
| 55 | break |
|---|
| 56 | if not local.has_key(r): |
|---|
| 57 | local[r] = 0 # blocked role |
|---|
| 58 | if stop_loop: |
|---|
| 59 | break |
|---|
| 60 | if hasattr(object, 'aq_parent'): |
|---|
| 61 | object = aq_inner(object.aq_parent) |
|---|
| 62 | continue |
|---|
| 63 | if hasattr(object, 'im_self'): |
|---|
| 64 | object = aq_inner(object.im_self) |
|---|
| 65 | continue |
|---|
| 66 | break |
|---|
| 67 | roles = list(roles) |
|---|
| 68 | for r, v in local.items(): |
|---|
| 69 | if v: # only if not blocked |
|---|
| 70 | roles.append(r) |
|---|
| 71 | ## patch to assign dynamic roles for WAeUP |
|---|
| 72 | while 1: |
|---|
| 73 | #from pdb import set_trace;set_trace() |
|---|
| 74 | if self.isStudent(): |
|---|
| 75 | break |
|---|
| 76 | groups = self.portal_membership.getAuthenticatedMember().getGroups() |
|---|
| 77 | if not ("ClearanceOfficer" in groups or "CourseAdviser" in groups): |
|---|
| 78 | break |
|---|
| 79 | if callable(real_object) and hasattr(real_object,'im_self'): |
|---|
| 80 | real_object = real_object.im_self |
|---|
| 81 | |
|---|
| 82 | if real_object is None: |
|---|
| 83 | break |
|---|
| 84 | if hasattr(real_object,'portal_type') and\ |
|---|
| 85 | real_object.portal_type not in ("Student", |
|---|
| 86 | "StudentClearance", |
|---|
| 87 | "StudentStudyLevel"): |
|---|
| 88 | break |
|---|
| 89 | |
|---|
| 90 | # can be later simplified by replacing by students_catalog values - Henrik |
|---|
| 91 | # getattr works always because of acquisition ?! Henrik |
|---|
| 92 | sc = getattr(real_object,'study_course',None) |
|---|
| 93 | if sc is None: |
|---|
| 94 | break |
|---|
| 95 | sc_obj = sc.getContent() |
|---|
| 96 | cert_id = sc_obj.study_course |
|---|
| 97 | res_cert = self.portal_catalog(id = cert_id) |
|---|
| 98 | if len(res_cert) != 1: |
|---|
| 99 | break |
|---|
| 100 | certificate_brain = res_cert[0] |
|---|
| 101 | certificate_obj = certificate_brain.getObject() |
|---|
| 102 | cert_path = certificate_brain.getPath().split('/') |
|---|
| 103 | fac_id = cert_path[-4] |
|---|
| 104 | dep_id = cert_path[-3] |
|---|
| 105 | # temporary self-healing function |
|---|
| 106 | # deprecated after reindexing the students_catalog |
|---|
| 107 | student_id = self.getStudentId() |
|---|
| 108 | res = self.students_catalog(id=student_id) |
|---|
| 109 | if len(res) != 1: |
|---|
| 110 | break |
|---|
| 111 | st_entry = res[0] |
|---|
| 112 | if st_entry.faculty != fac_id or\ |
|---|
| 113 | st_entry.department != dep_id or\ |
|---|
| 114 | st_entry.course != cert_id: |
|---|
| 115 | self.students_catalog.modifyRecord(id = student_id, |
|---|
| 116 | faculty = fac_id, |
|---|
| 117 | department = dep_id, |
|---|
| 118 | course = cert_id |
|---|
| 119 | ) |
|---|
| 120 | if real_object.portal_type == "StudentStudyLevel": |
|---|
| 121 | if real_object.meta_type == "StudentStudyLevel": |
|---|
| 122 | #if it is not a Proxy |
|---|
| 123 | break |
|---|
| 124 | context_obj = getattr(certificate_obj,real_object.getId(),None) |
|---|
| 125 | if context_obj is None: |
|---|
| 126 | break |
|---|
| 127 | allowed = ('CourseAdviser', 'SectionManager') |
|---|
| 128 | else: |
|---|
| 129 | res = self.portal_catalog(portal_type="Department",id=dep_id) |
|---|
| 130 | allowed = ('ClearanceOfficer', 'SectionManager') |
|---|
| 131 | if len(res) != 1: |
|---|
| 132 | break |
|---|
| 133 | context_obj = res[0].getObject() |
|---|
| 134 | dynamic_roles = self.getRolesInContext(context_obj) |
|---|
| 135 | for dr in allowed: |
|---|
| 136 | if dr in dynamic_roles: |
|---|
| 137 | roles.append(dr) |
|---|
| 138 | break |
|---|
| 139 | return roles |
|---|
| 140 | |
|---|
| 141 | from Products.CPSUserFolder.CPSUserFolder import CPSUser |
|---|
| 142 | CPSUser.getRolesInContext = getRolesInContext |
|---|
