source: WAeUP_SRP/trunk/PatchCPSUserFolderUserFolderWithGroups.py @ 884

Last change on this file since 884 was 883, checked in by joachim, 18 years ago

getRolesInContext now does additional checks for ClearanceOfficer?.

File size: 4.3 KB
Line 
1from AccessControl import ClassSecurityInfo
2from ExtensionClass import Base
3from Acquisition import Implicit
4from Acquisition import aq_base, aq_parent, aq_inner
5
6security = ClassSecurityInfo()
7
8security.declarePublic('getRolesInContext')
9def getRolesInContext(self, object):
10    """Return the list of roles assigned to the user,
11       including local roles assigned in context of
12       the passed in object."""
13    name = self.getUserName()
14    roles = self.getRoles()
15    groups = self.getGroups() + ('role:Anonymous',)
16    if 'Authenticated' in roles:
17        groups = groups + ('role:Authenticated',)
18    local = {}
19    stop_loop = 0
20    object = aq_inner(object)
21    import pdb; pdb.set_trace()
22    while 1:
23        # Collect all roles info
24        lrd = {}
25        local_roles = getattr(object, '__ac_local_roles__', None)
26        if local_roles:
27            if callable(local_roles):
28                local_roles = local_roles() or {}
29            for r in local_roles.get(name, ()):
30                if r:
31                    lrd[r] = None
32        local_group_roles = getattr(object, '__ac_local_group_roles__', None)
33        if local_group_roles:
34            if callable(local_group_roles):
35                local_group_roles = local_group_roles() or {}
36            for g in groups:
37                for r in local_group_roles.get(g, ()):
38                    if r:
39                        lrd[r] = None
40        lr = lrd.keys()
41        # Positive role assertions
42        for r in lr:
43            if r[0] != '-':
44                if not local.has_key(r):
45                    local[r] = 1 # acquired role
46        # Negative (blocking) role assertions
47        for r in lr:
48            if r[0] == '-':
49                r = r[1:]
50                if not r:
51                    # role '-' blocks all acquisition
52                    stop_loop = 1
53                    break
54                if not local.has_key(r):
55                    local[r] = 0 # blocked role
56        if stop_loop:
57            break
58        inner = getattr(object, 'aq_inner', object)
59        parent = getattr(inner, 'aq_parent', None)
60        if parent is not None:
61            object = parent
62            continue
63        if hasattr(object, 'im_self'):
64            object = object.im_self
65            object = getattr(object, 'aq_inner', object)
66            continue
67        break
68    roles = list(roles)
69    for r, v in local.items():
70        if v: # only if not blocked
71            roles.append(r)
72    ## patch to assign dynamic roles for WAeUP
73    info = self.getStudentInfo()
74    while 1:
75        if info is None:
76            break
77        if info['course'] is None:
78            break
79        res = self.portal_catalog(portal_type="Department",id=info['course_doc'].department)
80        if len(res) != 1:
81            break
82        dynamic_roles = self.getRolesInContext(res[0].getObject())
83        for dr in self.getDynamicRoles():
84            if dr in dynamic_roles:
85                roles.append(dr)
86        break
87    return roles
88
89security.declarePublic('allowed')
90def allowed(self, object, object_roles=None):
91    """Check whether the user has access to object. The user must
92       have one of the roles in object_roles to allow access."""
93
94    if object_roles is _what_not_even_god_should_do:
95        return 0
96
97    # Short-circuit the common case of anonymous access.
98    if object_roles is None or 'Anonymous' in object_roles:
99        return 1
100
101    # Provide short-cut access if object is protected by 'Authenticated'
102    # role and user is not nobody
103    if 'Authenticated' in object_roles and (
104        self.getUserName() != 'Anonymous User'):
105        return 1
106
107    # Check for a role match with the normal roles given to
108    # the user, then with local roles only if necessary. We
109    # want to avoid as much overhead as possible.
110    user_roles = self.getRoles()
111    for role in object_roles:
112        if role in user_roles:
113            if self._check_context(object):
114                return 1
115            return None
116
117    # Check local roles, calling getRolesInContext to avoid too much
118    # complexity, at the expense of speed.
119    for role in self.getRolesInContext(object):
120        if role in object_roles:
121            return 1
122
123    return None
124
125from Products.CPSUserFolder.UserFolderWithGroups import PatchBasicUser 
126PatchBasicUser.getRolesInContext = getRolesInContext
127PatchBasicUser.allowed = allowed
Note: See TracBrowser for help on using the repository browser.