Changeset 9211 for main/waeup.kofa/branches/uli-zc-async/src/waeup/kofa/applicants/dynamicroles.py

Timestamp:

21 Sep 2012, 08:19:35 (12 years ago)

Author:

uli

Message:

Rollback r9209. Looks like multiple merges from trunk confuse svn when merging back into trunk.

Location:

main/waeup.kofa/branches/uli-zc-async

Files:

• . (modified) (1 prop)
• src/waeup/kofa/applicants/dynamicroles.py (modified) (2 diffs)

main/waeup.kofa/branches/uli-zc-async/src/waeup/kofa/applicants/dynamicroles.py

@@ -24 +24 @@
 import grok
 from zope.securitypolicy.interfaces import IPrincipalRoleManager
-from zope.securitypolicy.principalrole import AnnotationPrincipalRoleManager
 from waeup.kofa.applicants.interfaces import IApplicant
+from waeup.kofa.students.dynamicroles import StudentPrincipalRoleManager
 
 # All components in here have the same context: Applicant instances
 grok.context(IApplicant)
 
-class ApplicantPrincipalRoleManager(AnnotationPrincipalRoleManager,
-                                    grok.Adapter):
+class ApplicantPrincipalRoleManager(StudentPrincipalRoleManager):
+
     grok.provides(IPrincipalRoleManager)
 
     #: The attribute name to lookup for additional roles
     extra_attrib = 'course1'
+    subcontainer = None
 
     # Role name mapping:
@@ -44 +45 @@
         'waeup.local.ClearanceOfficer':'waeup.ApplicationsOfficer',
         }
-
-    def getRolesForPrincipal(self, principal_id):
-        """Get roles for principal with id `principal_id`.
-
-        Different to the default implementation, this method also
-        takes into account local roles set on any department connected
-        to the context student.
-
-        If the given principal has at least one of the
-        `external_rolenames` roles granted for the external object, it
-        additionally gets `additional_rolename` role for the context
-        student.
-
-        For the additional roles the `extra_attrib` and all its parent
-        objects are looked up, because 'role inheritance' does not
-        work on that basic level of permission handling.
-
-        Some advantages of this approach:
-
-        - we don't have to store extra local roles for clearance
-          officers in ZODB for each student
-
-        - when local roles on a department change, we don't have to
-          update thousands of students; the local role is assigned
-          dynamically.
-
-        Disadvantage:
-
-        - More expensive role lookups when a clearance officer wants
-          to see an student form.
-
-        This implementation is designed to be usable also for other
-        contexts than students. You can inherit from it and set
-        different role names to lookup/set easily via the static class
-        attributes.
-        """
-        apr_manager = AnnotationPrincipalRoleManager(self._context)
-        result = apr_manager.getRolesForPrincipal(principal_id)
-        if result != []:
-            # If there are local roles defined here, no additional
-            # lookup is done.
-            return result
-        # The principal has no local roles yet. Let's lookup the
-        # connected course, dept, etc.
-        obj = getattr(self._context, self.extra_attrib, None)
-        # Lookup local roles for connected course and all parent
-        # objects. This way we fake 'role inheritance'.
-        while obj is not None:
-            extra_roles = IPrincipalRoleManager(obj).getRolesForPrincipal(
-                principal_id)
-            for role_id, setting in extra_roles:
-                if role_id in self.rolename_mapping.keys():
-                    # Grant additional role
-                    # permissions (allow, deny or unset)
-                    # according to the rolename mapping above.
-                    result.append(
-                        (self.rolename_mapping[role_id], setting))
-                    return result
-            obj = getattr(obj, '__parent__', None)
-        return result