1 | from AccessControl import ClassSecurityInfo |
---|
2 | from ExtensionClass import Base |
---|
3 | from Acquisition import Implicit |
---|
4 | from Acquisition import aq_base, aq_parent, aq_inner |
---|
5 | import re |
---|
6 | security = ClassSecurityInfo() |
---|
7 | |
---|
8 | def getCertificateObject(self,st_entry): |
---|
9 | try: |
---|
10 | return getattr(getattr(getattr(self.portal_url.getPortalObject().campus.academics,st_entry.faculty), |
---|
11 | st_entry.department).certificates,st_entry.course) |
---|
12 | except: |
---|
13 | return None |
---|
14 | |
---|
15 | security.declarePublic('getRolesInContext') |
---|
16 | def getRolesInContext(self, object): |
---|
17 | """Get the list of roles assigned to the user. |
---|
18 | This includes local roles assigned in the context of |
---|
19 | the passed in object. |
---|
20 | Knows about local roles blocking (roles starting with '-'). |
---|
21 | """ |
---|
22 | name = self.getUserName() |
---|
23 | roles = self.getRoles() |
---|
24 | # deal with groups |
---|
25 | groups = self.getComputedGroups() |
---|
26 | # end groups |
---|
27 | local = {} |
---|
28 | stop_loop = 0 |
---|
29 | real_object = object |
---|
30 | object = aq_inner(object) |
---|
31 | while 1: |
---|
32 | # Collect all roles info |
---|
33 | lrd = {} |
---|
34 | local_roles = getattr(object, '__ac_local_roles__', None) |
---|
35 | if local_roles: |
---|
36 | if callable(local_roles): |
---|
37 | local_roles = local_roles() or {} |
---|
38 | for r in local_roles.get(name, ()): |
---|
39 | if r: |
---|
40 | lrd[r] = None |
---|
41 | local_group_roles = getattr(object, '__ac_local_group_roles__', None) |
---|
42 | if local_group_roles: |
---|
43 | if callable(local_group_roles): |
---|
44 | local_group_roles = local_group_roles() or {} |
---|
45 | for g in groups: |
---|
46 | for r in local_group_roles.get(g, ()): |
---|
47 | if r: |
---|
48 | lrd[r] = None |
---|
49 | lr = lrd.keys() |
---|
50 | # Positive role assertions |
---|
51 | for r in lr: |
---|
52 | if r[0] != '-': |
---|
53 | if not local.has_key(r): |
---|
54 | local[r] = 1 # acquired role |
---|
55 | # Negative (blocking) role assertions |
---|
56 | for r in lr: |
---|
57 | if r[0] == '-': |
---|
58 | r = r[1:] |
---|
59 | if not r: |
---|
60 | # role '-' blocks all acquisition |
---|
61 | stop_loop = 1 |
---|
62 | break |
---|
63 | if not local.has_key(r): |
---|
64 | local[r] = 0 # blocked role |
---|
65 | if stop_loop: |
---|
66 | break |
---|
67 | if hasattr(object, 'aq_parent'): |
---|
68 | object = aq_inner(object.aq_parent) |
---|
69 | continue |
---|
70 | if hasattr(object, 'im_self'): |
---|
71 | object = aq_inner(object.im_self) |
---|
72 | continue |
---|
73 | break |
---|
74 | roles = list(roles) |
---|
75 | for r, v in local.items(): |
---|
76 | if v: # only if not blocked |
---|
77 | roles.append(r) |
---|
78 | ## patch to assign dynamic roles for WAeUP |
---|
79 | while 1: |
---|
80 | #if self.isStudent(): |
---|
81 | # break |
---|
82 | # if re.match(r'\D\d\d\d\d\d\d',name): |
---|
83 | # break |
---|
84 | #if len(name) != 7: |
---|
85 | # break |
---|
86 | #try: |
---|
87 | # int(name[1:]) |
---|
88 | #except: |
---|
89 | # break |
---|
90 | o = ord(name[1]) |
---|
91 | if o >= 48 and o <= 57: |
---|
92 | break |
---|
93 | groups = self.portal_membership.getAuthenticatedMember().getGroups() |
---|
94 | if not ("ClearanceOfficers" in groups or "CourseAdvisers" in groups): |
---|
95 | break |
---|
96 | if callable(real_object) and hasattr(real_object,'im_self'): |
---|
97 | real_object = real_object.im_self |
---|
98 | |
---|
99 | if real_object is None: |
---|
100 | break |
---|
101 | if hasattr(real_object,'portal_type') and\ |
---|
102 | real_object.portal_type not in ("Student", |
---|
103 | "StudentClearance", |
---|
104 | "StudentStudyLevel", |
---|
105 | "StudentCourseResult", |
---|
106 | ): |
---|
107 | break |
---|
108 | |
---|
109 | # don't test if it is not a proxy |
---|
110 | #if real_object.portal_type == real_object.meta_type: |
---|
111 | # break |
---|
112 | |
---|
113 | # can be later simplified by replacing by students_catalog values - Henrik |
---|
114 | # getattr works always because of acquisition ?! Henrik |
---|
115 | # sc = getattr(real_object,'study_course',None) |
---|
116 | # if sc is None: |
---|
117 | # break |
---|
118 | # sc_obj = sc.getContent() |
---|
119 | # cert_id = sc_obj.study_course |
---|
120 | # res_cert = self.portal_catalog(id = cert_id) |
---|
121 | # if len(res_cert) != 1: |
---|
122 | # break |
---|
123 | # certificate_brain = res_cert[0] |
---|
124 | # certificate_obj = certificate_brain.getObject() |
---|
125 | # cert_path = certificate_brain.getPath().split('/') |
---|
126 | # fac_id = cert_path[-4] |
---|
127 | # dep_id = cert_path[-3] |
---|
128 | # temporary self-healing function |
---|
129 | # deprecated after reindexing the students_catalog |
---|
130 | student_id = self.getStudentId() |
---|
131 | res = self.students_catalog(id=student_id) |
---|
132 | if len(res) != 1: |
---|
133 | break |
---|
134 | st_entry = res[0] |
---|
135 | # if st_entry.faculty != fac_id or\ |
---|
136 | # st_entry.department != dep_id or\ |
---|
137 | # st_entry.course != cert_id: |
---|
138 | # self.students_catalog.modifyRecord(id = student_id, |
---|
139 | # faculty = fac_id, |
---|
140 | # department = dep_id, |
---|
141 | # course = cert_id |
---|
142 | # ) |
---|
143 | if real_object.portal_type in ("StudentStudyLevel","StudentCourseResult"): |
---|
144 | # res_cert = self.portal_catalog(id = st_entry.course) |
---|
145 | # if len(res_cert) != 1: |
---|
146 | # break |
---|
147 | # certificate_brain = res_cert[0] |
---|
148 | # certificate_obj = certificate_brain.getObject() |
---|
149 | certificate_obj = getCertificateObject(self,st_entry) |
---|
150 | if certificate_obj is None: |
---|
151 | #from pdb import set_trace;set_trace() |
---|
152 | break |
---|
153 | if real_object.meta_type.endswith('Folder'): # it is a proxy |
---|
154 | object = real_object |
---|
155 | else: |
---|
156 | object = real_object.aq_parent |
---|
157 | if real_object.portal_type == "StudentStudyLevel": |
---|
158 | level = object.getId() |
---|
159 | elif real_object.portal_type == "StudentCourseResult": |
---|
160 | level = object.aq_parent.getId() |
---|
161 | context_obj = getattr(certificate_obj,level,None) |
---|
162 | if context_obj is None: |
---|
163 | #from pdb import set_trace;set_trace() |
---|
164 | break |
---|
165 | allowed = set(('CourseAdviser', 'SectionManager')) |
---|
166 | elif real_object.portal_type == "Student" and "CourseAdvisers" in groups: |
---|
167 | #we need some special processing since CourseAdvisers are only |
---|
168 | #specified per StudyLevel |
---|
169 | certificate_obj = getCertificateObject(self,st_entry) |
---|
170 | if certificate_obj is None: |
---|
171 | #from pdb import set_trace;set_trace() |
---|
172 | break |
---|
173 | allowed = set(('CourseAdviser', 'SectionManager')) |
---|
174 | for context_obj in certificate_obj.objectValues(): |
---|
175 | dynamic_roles = set(self.getRolesInContext(context_obj)) |
---|
176 | intersect = dynamic_roles & allowed |
---|
177 | if intersect: |
---|
178 | roles.extend(list(intersect)) |
---|
179 | break |
---|
180 | else: |
---|
181 | res = self.portal_catalog(portal_type="Department",id=st_entry.dep_id) |
---|
182 | allowed = set(('ClearanceOfficer', 'SectionManager')) |
---|
183 | if len(res) != 1: |
---|
184 | break |
---|
185 | context_obj = res[0].getObject() |
---|
186 | dynamic_roles = set(self.getRolesInContext(context_obj)) |
---|
187 | intersect = dynamic_roles & allowed |
---|
188 | if intersect: |
---|
189 | roles.extend(list(intersect)) |
---|
190 | break |
---|
191 | return roles |
---|
192 | |
---|
193 | from Products.CPSUserFolder.CPSUserFolder import CPSUser |
---|
194 | CPSUser.getRolesInContext = getRolesInContext |
---|