3956162881

Build Type

push

github

Committed by Michael Howitz

Commit Message

Update to deprecation warning free releases.

Run Details

4401 of 7036 branches covered (62.55%)

Branch coverage included in aggregate %.

27161 of 31488 relevant lines covered (86.26%)

0.86 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

46.74

/src/OFS/role.py

##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Role manager
"""

import html

from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from AccessControl.Permission import Permission
from AccessControl.Permissions import change_permissions
from AccessControl.requestmethod import requestmethod
from AccessControl.rolemanager import RoleManager as BaseRoleManager
from AccessControl.rolemanager import _string_hash
from AccessControl.rolemanager import reqattr
from App.special_dtml import DTMLFile
from zExceptions import BadRequest


class RoleManager(BaseRoleManager):
    """An object that has configurable permissions"""

    security = ClassSecurityInfo()

    manage_options = (
        {
            'label': 'Security',
            'action': 'manage_access',
        },
    )

    security.declareProtected(change_permissions, 'manage_roleForm')  # NOQA: D001,E501
    manage_roleForm = DTMLFile(
        'dtml/roleEdit',
        globals(),
        management_view='Security'
    )

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
        """Change the permissions given to the given role.
        """
        BaseRoleManager.manage_role(
            self, role_to_manage, permissions=permissions)
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    security.declareProtected(change_permissions, 'manage_acquiredForm')  # NOQA: D001,E501
    manage_acquiredForm = DTMLFile(
        'dtml/acquiredEdit',
        globals(),
        management_view='Security'
    )

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
        """Change the permissions that acquire.
        """
        BaseRoleManager.manage_acquiredPermissions(
            self, permissions=permissions)
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    security.declareProtected(change_permissions, 'manage_permissionForm')  # NOQA: D001,E501
    manage_permissionForm = DTMLFile(
        'dtml/permissionEdit',
        globals(),
        management_view='Security'
    )

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_permission(
        self,
        permission_to_manage,
        roles=[],
        acquire=0,
        REQUEST=None
    ):
        """Change the settings for the given permission.

        If optional arg acquire is true, then the roles for the permission
        are acquired, in addition to the ones specified, otherwise the
        permissions are restricted to only the designated roles.
        """
        BaseRoleManager.manage_permission(
            self, permission_to_manage, roles=roles, acquire=acquire)
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    _normal_manage_access = DTMLFile('dtml/access', globals())
    manage_reportUserPermissions = DTMLFile(
        'dtml/reportUserPermissions',
        globals()
    )

    @security.protected(change_permissions)
    def manage_access(self, REQUEST, **kw):
        """Return an interface for making permissions settings."""
        return self._normal_manage_access(**kw)

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_changePermissions(self, REQUEST):
        """Change all permissions settings, called by management screen."""
        valid_roles = self.valid_roles()
        have = REQUEST.__contains__
        permissions = self.ac_inherited_permissions(1)
        fails = []
        for ip in range(len(permissions)):
            permission_name = permissions[ip][0]
            permission_hash = _string_hash(permission_name)
            roles = []
            for role in valid_roles:
                role_name = role
                role_hash = _string_hash(role_name)
                if have(f"permission_{permission_hash}role_{role_hash}"):
                    roles.append(role)
            name, value = permissions[ip][:2]
            try:
                p = Permission(name, value, self)
                if not have('acquire_%s' % permission_hash):
                    roles = tuple(roles)
                p.setRoles(roles)
            except Exception:
                fails.append(name)

        if fails:
            raise BadRequest('Some permissions had errors: '
                             + html.escape(', '.join(fails), True))
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    security.declareProtected(change_permissions, 'manage_listLocalRoles')  # NOQA: D001,E501
    manage_listLocalRoles = DTMLFile(
        'dtml/listLocalRoles',
        globals(),
        management_view='Security'
    )

    security.declareProtected(change_permissions, 'manage_editLocalRoles')  # NOQA: D001,E501
    manage_editLocalRoles = DTMLFile(
        'dtml/editLocalRoles',
        globals(),
        management_view='Security'
    )

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_addLocalRoles(self, userid, roles, REQUEST=None):
        """Set local roles for a user."""
        BaseRoleManager.manage_addLocalRoles(self, userid, roles)
        if REQUEST is not None:
            stat = 'Your changes have been saved.'
            return self.manage_listLocalRoles(self, REQUEST, stat=stat)

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_setLocalRoles(self, userid, roles=[], REQUEST=None):
        """Set local roles for a user."""
        if roles:
            BaseRoleManager.manage_setLocalRoles(self, userid, roles)
        else:
            return self.manage_delLocalRoles((userid,), REQUEST)
        if REQUEST is not None:
            stat = 'Your changes have been saved.'
            return self.manage_listLocalRoles(self, REQUEST, stat=stat)

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_delLocalRoles(self, userids, REQUEST=None):
        """Remove all local roles for a user."""
        BaseRoleManager.manage_delLocalRoles(self, userids)
        if REQUEST is not None:
            stat = 'Your changes have been saved.'
            return self.manage_listLocalRoles(self, REQUEST, stat=stat)

    @security.protected(change_permissions)
    def manage_defined_roles(self, submit=None, REQUEST=None):
        """Called by management screen."""
        if submit == 'Add Role':
            role = reqattr(REQUEST, 'role').strip()
            return self._addRole(role, REQUEST)

        if submit == 'Delete Role':
            roles = reqattr(REQUEST, 'roles')
            return self._delRoles(roles, REQUEST)

        return self.manage_access(REQUEST)

    @requestmethod('POST')
    def _addRole(self, role, REQUEST=None):
        if not role:
            raise BadRequest('You must specify a role name')
        if role in self.__ac_roles__:
            raise BadRequest('The given role is already defined')
        data = list(self.__ac_roles__)
        data.append(role)
        self.__ac_roles__ = tuple(data)
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    @requestmethod('POST')
    def _delRoles(self, roles, REQUEST=None):
        if not roles:
            raise BadRequest('You must specify a role name')
        data = list(self.__ac_roles__)
        for role in roles:
            try:
                data.remove(role)
            except Exception:
                pass
        self.__ac_roles__ = tuple(data)
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    def _has_user_defined_role(self, role):
        return role in self.__ac_roles__

    # Compatibility names only!!

    smallRolesWidget = selectedRoles = ''
    aclAChecked = aclPChecked = aclEChecked = ''
    validRoles = BaseRoleManager.valid_roles

    def manage_editRoles(self, REQUEST, acl_type='A', acl_roles=[]):
        pass

    def _setRoles(self, acl_type, acl_roles):
        pass


InitializeClass(RoleManager)

1	##############################################################################
2	#
3	# Copyright (c) 2002 Zope Foundation and Contributors.
4	#
5	# This software is subject to the provisions of the Zope Public License,
6	# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
7	# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
8	# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
9	# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
10	# FOR A PARTICULAR PURPOSE
11	#
12	##############################################################################
13	"""Role manager	1✔
14	"""
15
16	import html	1✔
17
18	from AccessControl import ClassSecurityInfo	1✔
19	from AccessControl.class_init import InitializeClass	1✔
20	from AccessControl.Permission import Permission	1✔
21	from AccessControl.Permissions import change_permissions	1✔
22	from AccessControl.requestmethod import requestmethod	1✔
23	from AccessControl.rolemanager import RoleManager as BaseRoleManager	1✔
24	from AccessControl.rolemanager import _string_hash	1✔
25	from AccessControl.rolemanager import reqattr	1✔
26	from App.special_dtml import DTMLFile	1✔
27	from zExceptions import BadRequest	1✔
28
29
30	class RoleManager(BaseRoleManager):	1✔
31	"""An object that has configurable permissions"""
32
33	security = ClassSecurityInfo()	1✔
34
35	manage_options = (	1✔
36	{
37	'label': 'Security',
38	'action': 'manage_access',
39	},
40	)
41
42	security.declareProtected(change_permissions, 'manage_roleForm') # NOQA: D001,E501	1✔
43	manage_roleForm = DTMLFile(	1✔
44	'dtml/roleEdit',
45	globals(),
46	management_view='Security'
47	)
48
49	@security.protected(change_permissions)	1✔
50	@requestmethod('POST')	1✔
51	def manage_role(self, role_to_manage, permissions=[], REQUEST=None):	1✔
52	"""Change the permissions given to the given role.
53	"""
54	BaseRoleManager.manage_role(	1✔
55	self, role_to_manage, permissions=permissions)
56	if REQUEST is not None:	1!
57	return self.manage_access(REQUEST)	×
58
59	security.declareProtected(change_permissions, 'manage_acquiredForm') # NOQA: D001,E501	1✔
60	manage_acquiredForm = DTMLFile(	1✔
61	'dtml/acquiredEdit',
62	globals(),
63	management_view='Security'
64	)
65
66	@security.protected(change_permissions)	1✔
67	@requestmethod('POST')	1✔
68	def manage_acquiredPermissions(self, permissions=[], REQUEST=None):	1✔
69	"""Change the permissions that acquire.
70	"""
71	BaseRoleManager.manage_acquiredPermissions(	×
72	self, permissions=permissions)
73	if REQUEST is not None:	×
74	return self.manage_access(REQUEST)	×
75
76	security.declareProtected(change_permissions, 'manage_permissionForm') # NOQA: D001,E501	1✔
77	manage_permissionForm = DTMLFile(	1✔
78	'dtml/permissionEdit',
79	globals(),
80	management_view='Security'
81	)
82
83	@security.protected(change_permissions)	1✔
84	@requestmethod('POST')	1✔
85	def manage_permission(	1✔
86	self,
87	permission_to_manage,
88	roles=[],
89	acquire=0,
90	REQUEST=None
91	):
92	"""Change the settings for the given permission.
93
94	If optional arg acquire is true, then the roles for the permission
95	are acquired, in addition to the ones specified, otherwise the
96	permissions are restricted to only the designated roles.
97	"""
98	BaseRoleManager.manage_permission(	1✔
99	self, permission_to_manage, roles=roles, acquire=acquire)
100	if REQUEST is not None:	1!
101	return self.manage_access(REQUEST)	×
102
103	_normal_manage_access = DTMLFile('dtml/access', globals())	1✔
104	manage_reportUserPermissions = DTMLFile(	1✔
105	'dtml/reportUserPermissions',
106	globals()
107	)
108
109	@security.protected(change_permissions)	1✔
110	def manage_access(self, REQUEST, **kw):	1✔
111	"""Return an interface for making permissions settings."""
112	return self._normal_manage_access(**kw)	×
113
114	@security.protected(change_permissions)	1✔
115	@requestmethod('POST')	1✔
116	def manage_changePermissions(self, REQUEST):	1✔
117	"""Change all permissions settings, called by management screen."""
118	valid_roles = self.valid_roles()	×
119	have = REQUEST.__contains__	×
120	permissions = self.ac_inherited_permissions(1)	×
121	fails = []	×
122	for ip in range(len(permissions)):	×
123	permission_name = permissions[ip][0]	×
124	permission_hash = _string_hash(permission_name)	×
125	roles = []	×
126	for role in valid_roles:	×
127	role_name = role	×
128	role_hash = _string_hash(role_name)	×
129	if have(f"permission_{permission_hash}role_{role_hash}"):	×
130	roles.append(role)	×
131	name, value = permissions[ip][:2]	×
132	try:	×
133	p = Permission(name, value, self)	×
134	if not have('acquire_%s' % permission_hash):	×
135	roles = tuple(roles)	×
136	p.setRoles(roles)	×
137	except Exception:	×
138	fails.append(name)	×
139
140	if fails:	×
141	raise BadRequest('Some permissions had errors: '	×
142	+ html.escape(', '.join(fails), True))
143	if REQUEST is not None:	×
144	return self.manage_access(REQUEST)	×
145
146	security.declareProtected(change_permissions, 'manage_listLocalRoles') # NOQA: D001,E501	1✔
147	manage_listLocalRoles = DTMLFile(	1✔
148	'dtml/listLocalRoles',
149	globals(),
150	management_view='Security'
151	)
152
153	security.declareProtected(change_permissions, 'manage_editLocalRoles') # NOQA: D001,E501	1✔
154	manage_editLocalRoles = DTMLFile(	1✔
155	'dtml/editLocalRoles',
156	globals(),
157	management_view='Security'
158	)
159
160	@security.protected(change_permissions)	1✔
161	@requestmethod('POST')	1✔
162	def manage_addLocalRoles(self, userid, roles, REQUEST=None):	1✔
163	"""Set local roles for a user."""
164	BaseRoleManager.manage_addLocalRoles(self, userid, roles)	1✔
165	if REQUEST is not None:	1!
166	stat = 'Your changes have been saved.'	×
167	return self.manage_listLocalRoles(self, REQUEST, stat=stat)	×
168
169	@security.protected(change_permissions)	1✔
170	@requestmethod('POST')	1✔
171	def manage_setLocalRoles(self, userid, roles=[], REQUEST=None):	1✔
172	"""Set local roles for a user."""
173	if roles:	1!
174	BaseRoleManager.manage_setLocalRoles(self, userid, roles)	1✔
175	else:
176	return self.manage_delLocalRoles((userid,), REQUEST)	×
177	if REQUEST is not None:	1!
178	stat = 'Your changes have been saved.'	×
179	return self.manage_listLocalRoles(self, REQUEST, stat=stat)	×
180
181	@security.protected(change_permissions)	1✔
182	@requestmethod('POST')	1✔
183	def manage_delLocalRoles(self, userids, REQUEST=None):	1✔
184	"""Remove all local roles for a user."""
185	BaseRoleManager.manage_delLocalRoles(self, userids)	×
186	if REQUEST is not None:	×
187	stat = 'Your changes have been saved.'	×
188	return self.manage_listLocalRoles(self, REQUEST, stat=stat)	×
189
190	@security.protected(change_permissions)	1✔
191	def manage_defined_roles(self, submit=None, REQUEST=None):	1✔
192	"""Called by management screen."""
193	if submit == 'Add Role':	×
194	role = reqattr(REQUEST, 'role').strip()	×
195	return self._addRole(role, REQUEST)	×
196
197	if submit == 'Delete Role':	×
198	roles = reqattr(REQUEST, 'roles')	×
199	return self._delRoles(roles, REQUEST)	×
200
201	return self.manage_access(REQUEST)	×
202
203	@requestmethod('POST')	1✔
204	def _addRole(self, role, REQUEST=None):	1✔
205	if not role:	1!
206	raise BadRequest('You must specify a role name')	×
207	if role in self.__ac_roles__:	1!
208	raise BadRequest('The given role is already defined')	×
209	data = list(self.__ac_roles__)	1✔
210	data.append(role)	1✔
211	self.__ac_roles__ = tuple(data)	1✔
212	if REQUEST is not None:	1!
213	return self.manage_access(REQUEST)	×
214
215	@requestmethod('POST')	1✔
216	def _delRoles(self, roles, REQUEST=None):	1✔
217	if not roles:	×
218	raise BadRequest('You must specify a role name')	×
219	data = list(self.__ac_roles__)	×
220	for role in roles:	×
221	try:	×
222	data.remove(role)	×
223	except Exception:	×
224	pass	×
225	self.__ac_roles__ = tuple(data)	×
226	if REQUEST is not None:	×
227	return self.manage_access(REQUEST)	×
228
229	def _has_user_defined_role(self, role):	1✔
230	return role in self.__ac_roles__	×
231
232	# Compatibility names only!!
233
234	smallRolesWidget = selectedRoles = ''	1✔
235	aclAChecked = aclPChecked = aclEChecked = ''	1✔
236	validRoles = BaseRoleManager.valid_roles	1✔
237
238	def manage_editRoles(self, REQUEST, acl_type='A', acl_roles=[]):	1✔
239	pass	×
240
241	def _setRoles(self, acl_type, acl_roles):	1✔
242	pass	×
243
244
245	InitializeClass(RoleManager)	1✔

zopefoundation / Zope / 3956162881

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous