6263629025

Committed 21 Sep 2023 03:12PM UTC coverage: 82.146% (-0.01%) from 82.159%

Build # 6263629025

Build Type

Pull #1164

github

Committed by

web-flow

Commit Message

[pre-commit.ci lite] apply automatic fixes

Pull Request Pull Request #1164: Move all linters to pre-commit.

Run Details

4353 of 6963 branches covered (0.0%)

Branch coverage included in aggregate %.

487 of 487 new or added lines in 186 files covered. (100.0%)

27394 of 31684 relevant lines covered (86.46%)

0.86 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

46.74

/src/OFS/role.py

##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Role manager."""

import html

from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from AccessControl.Permission import Permission
from AccessControl.Permissions import change_permissions
from AccessControl.requestmethod import requestmethod
from AccessControl.rolemanager import RoleManager as BaseRoleManager
from AccessControl.rolemanager import _string_hash
from AccessControl.rolemanager import reqattr
from App.special_dtml import DTMLFile
from zExceptions import BadRequest


class RoleManager(BaseRoleManager):
    """An object that has configurable permissions."""

    security = ClassSecurityInfo()

    manage_options = (
        {
            'label': 'Security',
            'action': 'manage_access',
        },
    )

    security.declareProtected(change_permissions, 'manage_roleForm')  # NOQA: D001,E501
    manage_roleForm = DTMLFile(
        'dtml/roleEdit',
        globals(),
        management_view='Security'
    )

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
        """Change the permissions given to the given role."""
        BaseRoleManager.manage_role(
            self, role_to_manage, permissions=permissions)
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    security.declareProtected(change_permissions, 'manage_acquiredForm')  # NOQA: D001,E501
    manage_acquiredForm = DTMLFile(
        'dtml/acquiredEdit',
        globals(),
        management_view='Security'
    )

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
        """Change the permissions that acquire."""
        BaseRoleManager.manage_acquiredPermissions(
            self, permissions=permissions)
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    security.declareProtected(change_permissions, 'manage_permissionForm')  # NOQA: D001,E501
    manage_permissionForm = DTMLFile(
        'dtml/permissionEdit',
        globals(),
        management_view='Security'
    )

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_permission(
        self,
        permission_to_manage,
        roles=[],
        acquire=0,
        REQUEST=None
    ):
        """Change the settings for the given permission.

        If optional arg acquire is true, then the roles for the
        permission are acquired, in addition to the ones specified,
        otherwise the permissions are restricted to only the designated
        roles.
        """
        BaseRoleManager.manage_permission(
            self, permission_to_manage, roles=roles, acquire=acquire)
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    _normal_manage_access = DTMLFile('dtml/access', globals())
    manage_reportUserPermissions = DTMLFile(
        'dtml/reportUserPermissions',
        globals()
    )

    @security.protected(change_permissions)
    def manage_access(self, REQUEST, **kw):
        """Return an interface for making permissions settings."""
        return self._normal_manage_access(**kw)

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_changePermissions(self, REQUEST):
        """Change all permissions settings, called by management screen."""
        valid_roles = self.valid_roles()
        have = REQUEST.__contains__
        permissions = self.ac_inherited_permissions(1)
        fails = []
        for ip in range(len(permissions)):
            permission_name = permissions[ip][0]
            permission_hash = _string_hash(permission_name)
            roles = []
            for role in valid_roles:
                role_name = role
                role_hash = _string_hash(role_name)
                if have(f"permission_{permission_hash}role_{role_hash}"):
                    roles.append(role)
            name, value = permissions[ip][:2]
            try:
                p = Permission(name, value, self)
                if not have('acquire_%s' % permission_hash):
                    roles = tuple(roles)
                p.setRoles(roles)
            except Exception:
                fails.append(name)

        if fails:
            raise BadRequest('Some permissions had errors: '
                             + html.escape(', '.join(fails), True))
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    security.declareProtected(change_permissions, 'manage_listLocalRoles')  # NOQA: D001,E501
    manage_listLocalRoles = DTMLFile(
        'dtml/listLocalRoles',
        globals(),
        management_view='Security'
    )

    security.declareProtected(change_permissions, 'manage_editLocalRoles')  # NOQA: D001,E501
    manage_editLocalRoles = DTMLFile(
        'dtml/editLocalRoles',
        globals(),
        management_view='Security'
    )

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_addLocalRoles(self, userid, roles, REQUEST=None):
        """Set local roles for a user."""
        BaseRoleManager.manage_addLocalRoles(self, userid, roles)
        if REQUEST is not None:
            stat = 'Your changes have been saved.'
            return self.manage_listLocalRoles(self, REQUEST, stat=stat)

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_setLocalRoles(self, userid, roles=[], REQUEST=None):
        """Set local roles for a user."""
        if roles:
            BaseRoleManager.manage_setLocalRoles(self, userid, roles)
        else:
            return self.manage_delLocalRoles((userid,), REQUEST)
        if REQUEST is not None:
            stat = 'Your changes have been saved.'
            return self.manage_listLocalRoles(self, REQUEST, stat=stat)

    @security.protected(change_permissions)
    @requestmethod('POST')
    def manage_delLocalRoles(self, userids, REQUEST=None):
        """Remove all local roles for a user."""
        BaseRoleManager.manage_delLocalRoles(self, userids)
        if REQUEST is not None:
            stat = 'Your changes have been saved.'
            return self.manage_listLocalRoles(self, REQUEST, stat=stat)

    @security.protected(change_permissions)
    def manage_defined_roles(self, submit=None, REQUEST=None):
        """Called by management screen."""
        if submit == 'Add Role':
            role = reqattr(REQUEST, 'role').strip()
            return self._addRole(role, REQUEST)

        if submit == 'Delete Role':
            roles = reqattr(REQUEST, 'roles')
            return self._delRoles(roles, REQUEST)

        return self.manage_access(REQUEST)

    @requestmethod('POST')
    def _addRole(self, role, REQUEST=None):
        if not role:
            raise BadRequest('You must specify a role name')
        if role in self.__ac_roles__:
            raise BadRequest('The given role is already defined')
        data = list(self.__ac_roles__)
        data.append(role)
        self.__ac_roles__ = tuple(data)
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    @requestmethod('POST')
    def _delRoles(self, roles, REQUEST=None):
        if not roles:
            raise BadRequest('You must specify a role name')
        data = list(self.__ac_roles__)
        for role in roles:
            try:
                data.remove(role)
            except Exception:
                pass
        self.__ac_roles__ = tuple(data)
        if REQUEST is not None:
            return self.manage_access(REQUEST)

    def _has_user_defined_role(self, role):
        return role in self.__ac_roles__

    # Compatibility names only!!

    smallRolesWidget = selectedRoles = ''
    aclAChecked = aclPChecked = aclEChecked = ''
    validRoles = BaseRoleManager.valid_roles

    def manage_editRoles(self, REQUEST, acl_type='A', acl_roles=[]):
        pass

    def _setRoles(self, acl_type, acl_roles):
        pass


InitializeClass(RoleManager)

1	##############################################################################
2	#
3	# Copyright (c) 2002 Zope Foundation and Contributors.
4	#
5	# This software is subject to the provisions of the Zope Public License,
6	# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
7	# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
8	# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
9	# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
10	# FOR A PARTICULAR PURPOSE
11	#
12	##############################################################################
13	"""Role manager."""	1✔
14
15	import html	1✔
16
17	from AccessControl import ClassSecurityInfo	1✔
18	from AccessControl.class_init import InitializeClass	1✔
19	from AccessControl.Permission import Permission	1✔
20	from AccessControl.Permissions import change_permissions	1✔
21	from AccessControl.requestmethod import requestmethod	1✔
22	from AccessControl.rolemanager import RoleManager as BaseRoleManager	1✔
23	from AccessControl.rolemanager import _string_hash	1✔
24	from AccessControl.rolemanager import reqattr	1✔
25	from App.special_dtml import DTMLFile	1✔
26	from zExceptions import BadRequest	1✔
27
28
29	class RoleManager(BaseRoleManager):	1✔
30	"""An object that has configurable permissions."""
31
32	security = ClassSecurityInfo()	1✔
33
34	manage_options = (	1✔
35	{
36	'label': 'Security',
37	'action': 'manage_access',
38	},
39	)
40
41	security.declareProtected(change_permissions, 'manage_roleForm') # NOQA: D001,E501	1✔
42	manage_roleForm = DTMLFile(	1✔
43	'dtml/roleEdit',
44	globals(),
45	management_view='Security'
46	)
47
48	@security.protected(change_permissions)	1✔
49	@requestmethod('POST')	1✔
50	def manage_role(self, role_to_manage, permissions=[], REQUEST=None):	1✔
51	"""Change the permissions given to the given role."""
52	BaseRoleManager.manage_role(	1✔
53	self, role_to_manage, permissions=permissions)
54	if REQUEST is not None:	1!
55	return self.manage_access(REQUEST)	×
56
57	security.declareProtected(change_permissions, 'manage_acquiredForm') # NOQA: D001,E501	1✔
58	manage_acquiredForm = DTMLFile(	1✔
59	'dtml/acquiredEdit',
60	globals(),
61	management_view='Security'
62	)
63
64	@security.protected(change_permissions)	1✔
65	@requestmethod('POST')	1✔
66	def manage_acquiredPermissions(self, permissions=[], REQUEST=None):	1✔
67	"""Change the permissions that acquire."""
68	BaseRoleManager.manage_acquiredPermissions(	×
69	self, permissions=permissions)
70	if REQUEST is not None:	×
71	return self.manage_access(REQUEST)	×
72
73	security.declareProtected(change_permissions, 'manage_permissionForm') # NOQA: D001,E501	1✔
74	manage_permissionForm = DTMLFile(	1✔
75	'dtml/permissionEdit',
76	globals(),
77	management_view='Security'
78	)
79
80	@security.protected(change_permissions)	1✔
81	@requestmethod('POST')	1✔
82	def manage_permission(	1✔
83	self,
84	permission_to_manage,
85	roles=[],
86	acquire=0,
87	REQUEST=None
88	):
89	"""Change the settings for the given permission.
90
91	If optional arg acquire is true, then the roles for the
92	permission are acquired, in addition to the ones specified,
93	otherwise the permissions are restricted to only the designated
94	roles.
95	"""
96	BaseRoleManager.manage_permission(	1✔
97	self, permission_to_manage, roles=roles, acquire=acquire)
98	if REQUEST is not None:	1!
99	return self.manage_access(REQUEST)	×
100
101	_normal_manage_access = DTMLFile('dtml/access', globals())	1✔
102	manage_reportUserPermissions = DTMLFile(	1✔
103	'dtml/reportUserPermissions',
104	globals()
105	)
106
107	@security.protected(change_permissions)	1✔
108	def manage_access(self, REQUEST, **kw):	1✔
109	"""Return an interface for making permissions settings."""
110	return self._normal_manage_access(**kw)	×
111
112	@security.protected(change_permissions)	1✔
113	@requestmethod('POST')	1✔
114	def manage_changePermissions(self, REQUEST):	1✔
115	"""Change all permissions settings, called by management screen."""
116	valid_roles = self.valid_roles()	×
117	have = REQUEST.__contains__	×
118	permissions = self.ac_inherited_permissions(1)	×
119	fails = []	×
120	for ip in range(len(permissions)):	×
121	permission_name = permissions[ip][0]	×
122	permission_hash = _string_hash(permission_name)	×
123	roles = []	×
124	for role in valid_roles:	×
125	role_name = role	×
126	role_hash = _string_hash(role_name)	×
127	if have(f"permission_{permission_hash}role_{role_hash}"):	×
128	roles.append(role)	×
129	name, value = permissions[ip][:2]	×
130	try:	×
131	p = Permission(name, value, self)	×
132	if not have('acquire_%s' % permission_hash):	×
133	roles = tuple(roles)	×
134	p.setRoles(roles)	×
135	except Exception:	×
136	fails.append(name)	×
137
138	if fails:	×
139	raise BadRequest('Some permissions had errors: '	×
140	+ html.escape(', '.join(fails), True))
141	if REQUEST is not None:	×
142	return self.manage_access(REQUEST)	×
143
144	security.declareProtected(change_permissions, 'manage_listLocalRoles') # NOQA: D001,E501	1✔
145	manage_listLocalRoles = DTMLFile(	1✔
146	'dtml/listLocalRoles',
147	globals(),
148	management_view='Security'
149	)
150
151	security.declareProtected(change_permissions, 'manage_editLocalRoles') # NOQA: D001,E501	1✔
152	manage_editLocalRoles = DTMLFile(	1✔
153	'dtml/editLocalRoles',
154	globals(),
155	management_view='Security'
156	)
157
158	@security.protected(change_permissions)	1✔
159	@requestmethod('POST')	1✔
160	def manage_addLocalRoles(self, userid, roles, REQUEST=None):	1✔
161	"""Set local roles for a user."""
162	BaseRoleManager.manage_addLocalRoles(self, userid, roles)	1✔
163	if REQUEST is not None:	1!
164	stat = 'Your changes have been saved.'	×
165	return self.manage_listLocalRoles(self, REQUEST, stat=stat)	×
166
167	@security.protected(change_permissions)	1✔
168	@requestmethod('POST')	1✔
169	def manage_setLocalRoles(self, userid, roles=[], REQUEST=None):	1✔
170	"""Set local roles for a user."""
171	if roles:	1!
172	BaseRoleManager.manage_setLocalRoles(self, userid, roles)	1✔
173	else:
174	return self.manage_delLocalRoles((userid,), REQUEST)	×
175	if REQUEST is not None:	1!
176	stat = 'Your changes have been saved.'	×
177	return self.manage_listLocalRoles(self, REQUEST, stat=stat)	×
178
179	@security.protected(change_permissions)	1✔
180	@requestmethod('POST')	1✔
181	def manage_delLocalRoles(self, userids, REQUEST=None):	1✔
182	"""Remove all local roles for a user."""
183	BaseRoleManager.manage_delLocalRoles(self, userids)	×
184	if REQUEST is not None:	×
185	stat = 'Your changes have been saved.'	×
186	return self.manage_listLocalRoles(self, REQUEST, stat=stat)	×
187
188	@security.protected(change_permissions)	1✔
189	def manage_defined_roles(self, submit=None, REQUEST=None):	1✔
190	"""Called by management screen."""
191	if submit == 'Add Role':	×
192	role = reqattr(REQUEST, 'role').strip()	×
193	return self._addRole(role, REQUEST)	×
194
195	if submit == 'Delete Role':	×
196	roles = reqattr(REQUEST, 'roles')	×
197	return self._delRoles(roles, REQUEST)	×
198
199	return self.manage_access(REQUEST)	×
200
201	@requestmethod('POST')	1✔
202	def _addRole(self, role, REQUEST=None):	1✔
203	if not role:	1!
204	raise BadRequest('You must specify a role name')	×
205	if role in self.__ac_roles__:	1!
206	raise BadRequest('The given role is already defined')	×
207	data = list(self.__ac_roles__)	1✔
208	data.append(role)	1✔
209	self.__ac_roles__ = tuple(data)	1✔
210	if REQUEST is not None:	1!
211	return self.manage_access(REQUEST)	×
212
213	@requestmethod('POST')	1✔
214	def _delRoles(self, roles, REQUEST=None):	1✔
215	if not roles:	×
216	raise BadRequest('You must specify a role name')	×
217	data = list(self.__ac_roles__)	×
218	for role in roles:	×
219	try:	×
220	data.remove(role)	×
221	except Exception:	×
222	pass	×
223	self.__ac_roles__ = tuple(data)	×
224	if REQUEST is not None:	×
225	return self.manage_access(REQUEST)	×
226
227	def _has_user_defined_role(self, role):	1✔
228	return role in self.__ac_roles__	×
229
230	# Compatibility names only!!
231
232	smallRolesWidget = selectedRoles = ''	1✔
233	aclAChecked = aclPChecked = aclEChecked = ''	1✔
234	validRoles = BaseRoleManager.valid_roles	1✔
235
236	def manage_editRoles(self, REQUEST, acl_type='A', acl_roles=[]):	1✔
237	pass	×
238
239	def _setRoles(self, acl_type, acl_roles):	1✔
240	pass	×
241
242
243	InitializeClass(RoleManager)	1✔

zopefoundation / Zope / 6263629025

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous