Ignore:
Timestamp:
22 Nov 2011, 09:51:18 (13 years ago)
Author:
Henrik Bettermann
Message:

Users must own their own account object in order to edit edit. Therefore we need a local owner role and an event handler which assigns the local role after user creation.

Location:
main/waeup.sirp/trunk/src/waeup/sirp
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.sirp/trunk/src/waeup/sirp/authentication.txt

    r6746 r7163  
    4646
    4747Accounts also hold infos about local roles assigned to a user. In the
    48 beginning, users have no local roles at all:
    49 
    50   >>> alice.getLocalRoles()
    51   {}
    52 
    53 But we can tell an account, that Alice got some role for a certain
    54 object:
     48beginning, users have only the local owner role of their own account object:
     49
     50  >>> alice.getLocalRoles()
     51  {'waeup.local.Owner': [<waeup.sirp.authentication.Account object at 0x...>]}
     52
     53We can tell an account, that Alice got some role for another object:
    5554
    5655  >>> chalet = object()
     
    6766  >>> alice.notifyLocalRoleChanged(chalet, 'BigBoss', granted=False)
    6867  >>> alice.getLocalRoles()
    69   {}
     68  {'waeup.local.Owner': [<waeup.sirp.authentication.Account object at 0x...>]}
    7069
    7170We can also use events to trigger such actions. This is recommended
     
    107106   >>> del root['app']['bobs_fac']
    108107   >>> bob.getLocalRoles()
    109    {}
     108   {'waeup.local.Owner': [<waeup.sirp.authentication.Account object at 0x...>]}
    110109
    111110If one notifies the machinery of a local role removal for an object
  • main/waeup.sirp/trunk/src/waeup/sirp/permissions.py

    r7148 r7163  
    3131    grok.name('waeup.manageUsers')
    3232
     33class EditUser(grok.Permission):
     34    grok.name('waeup.editUser')
     35
    3336class ManageDataCenter(grok.Permission):
    3437    grok.name('waeup.manageDataCenter')
     
    5255    grok.title(u'Course Adviser')
    5356    grok.permissions('waeup.View', 'waeup.Public')
     57
     58class Owner(grok.Role):
     59    grok.name('waeup.local.Owner')
     60    grok.title(u'Owner')
     61    grok.permissions('waeup.editUser')
    5462
    5563# Global Roles
  • main/waeup.sirp/trunk/src/waeup/sirp/permissions.txt

    r7154 r7163  
    4242
    4343    >>> len(list(getWAeUPRoles(also_local=True)))
    44     13
     44    14
    4545
    4646
  • main/waeup.sirp/trunk/src/waeup/sirp/users.py

    r7137 r7163  
    44from zope.event import notify
    55from zope.interface import Interface
    6 from zope.securitypolicy.interfaces import IPrincipalRoleMap
     6from zope.securitypolicy.interfaces import (
     7    IPrincipalRoleMap, IPrincipalRoleManager)
    78from waeup.sirp.authentication import Account
    8 from waeup.sirp.interfaces import IUserContainer, ILocalRoleSetEvent
     9from waeup.sirp.interfaces import (
     10    IUserContainer, ILocalRoleSetEvent, IUserAccount)
    911
    1012class UserContainer(grok.Container):
     
    7476                obj, local_role, user_name, granted=False))
    7577    return
     78
     79@grok.subscribe(IUserAccount, grok.IObjectAddedEvent)
     80def handle_user_added(account, event):
     81    """If an account is added the local owner role must be set.
     82    """
     83    # First we have to set the local owner role of the account object
     84    role_manager = IPrincipalRoleManager(account)
     85    role_manager.assignRoleToPrincipal(
     86        'waeup.local.Owner', account.name)
     87    # Then we have to notify the user account that the local role
     88    # of the same object has changed
     89    notify(LocalRoleSetEvent(
     90        account, 'waeup.local.Owner', account.name, granted=True))
     91    return
Note: See TracChangeset for help on using the changeset viewer.