Changeset 7163

Timestamp:

22 Nov 2011, 09:51:18 (13 years ago)

Author:

Henrik Bettermann

Message:

Users must own their own account object in order to edit edit. Therefore we need a local owner role and an event handler which assigns the local role after user creation.

Location:

main/waeup.sirp/trunk/src/waeup/sirp

Files:

• authentication.txt (modified) (3 diffs)
• permissions.py (modified) (2 diffs)
• permissions.txt (modified) (1 diff)
• users.py (modified) (2 diffs)

main/waeup.sirp/trunk/src/waeup/sirp/authentication.txt

@@ -46 +46 @@
 
 Accounts also hold infos about local roles assigned to a user. In the
-beginning, users have no local roles at all:
-
-  >>> alice.getLocalRoles()
-  {}
-
-But we can tell an account, that Alice got some role for a certain
-object:
+beginning, users have only the local owner role of their own account object:
+
+  >>> alice.getLocalRoles()
+  {'waeup.local.Owner': [<waeup.sirp.authentication.Account object at 0x...>]}
+
+We can tell an account, that Alice got some role for another object:
 
   >>> chalet = object()
@@ -67 +66 @@
   >>> alice.notifyLocalRoleChanged(chalet, 'BigBoss', granted=False)
   >>> alice.getLocalRoles()
-  {}
+  {'waeup.local.Owner': [<waeup.sirp.authentication.Account object at 0x...>]}
 
 We can also use events to trigger such actions. This is recommended
@@ -107 +106 @@
    >>> del root['app']['bobs_fac']
    >>> bob.getLocalRoles()
-   {}
+   {'waeup.local.Owner': [<waeup.sirp.authentication.Account object at 0x...>]}
 
 If one notifies the machinery of a local role removal for an object

main/waeup.sirp/trunk/src/waeup/sirp/permissions.py

@@ -31 +31 @@
     grok.name('waeup.manageUsers')
 
+class EditUser(grok.Permission):
+    grok.name('waeup.editUser')
+
 class ManageDataCenter(grok.Permission):
     grok.name('waeup.manageDataCenter')
@@ -52 +55 @@
     grok.title(u'Course Adviser')
     grok.permissions('waeup.View', 'waeup.Public')
+
+class Owner(grok.Role):
+    grok.name('waeup.local.Owner')
+    grok.title(u'Owner')
+    grok.permissions('waeup.editUser')
 
 # Global Roles

main/waeup.sirp/trunk/src/waeup/sirp/permissions.txt

@@ -42 +42 @@
 
     >>> len(list(getWAeUPRoles(also_local=True)))
-    13
+    14
 
 

main/waeup.sirp/trunk/src/waeup/sirp/users.py

@@ -4 +4 @@
 from zope.event import notify
 from zope.interface import Interface
-from zope.securitypolicy.interfaces import IPrincipalRoleMap
+from zope.securitypolicy.interfaces import (
+    IPrincipalRoleMap, IPrincipalRoleManager)
 from waeup.sirp.authentication import Account
-from waeup.sirp.interfaces import IUserContainer, ILocalRoleSetEvent
+from waeup.sirp.interfaces import (
+    IUserContainer, ILocalRoleSetEvent, IUserAccount)
 
 class UserContainer(grok.Container):
@@ -74 +76 @@
                 obj, local_role, user_name, granted=False))
     return
+
+@grok.subscribe(IUserAccount, grok.IObjectAddedEvent)
+def handle_user_added(account, event):
+    """If an account is added the local owner role must be set.
+    """
+    # First we have to set the local owner role of the account object
+    role_manager = IPrincipalRoleManager(account)
+    role_manager.assignRoleToPrincipal(
+        'waeup.local.Owner', account.name)
+    # Then we have to notify the user account that the local role
+    # of the same object has changed
+    notify(LocalRoleSetEvent(
+        account, 'waeup.local.Owner', account.name, granted=True))
+    return