Log message for revision 72051: added permission/role reporting for a particular user in the context of the current object
Changed: U Zope/trunk/doc/CHANGES.txt U Zope/trunk/lib/python/AccessControl/Role.py U Zope/trunk/lib/python/AccessControl/dtml/access.dtml U Zope/trunk/lib/python/AccessControl/dtml/methodAccess.dtml A Zope/trunk/lib/python/AccessControl/dtml/reportUserPermissions.dtml -=- Modified: Zope/trunk/doc/CHANGES.txt =================================================================== --- Zope/trunk/doc/CHANGES.txt 2007-01-16 12:04:52 UTC (rev 72050) +++ Zope/trunk/doc/CHANGES.txt 2007-01-16 12:53:25 UTC (rev 72051) @@ -71,6 +71,11 @@ Products/PageTemplates/(configure.zcml, unicodeconflictresolver.py, interfaces.py) + - AccessControl.Role: added new method manage_getUserRolesAndPermissions(). + + - AccessControl: the form behind the "Security" tab has a new form + for user-related reporting of permissions and roles + Bugs Fixed - Collector #2261: Acquisition when creating objects via Webdav. Modified: Zope/trunk/lib/python/AccessControl/Role.py =================================================================== --- Zope/trunk/lib/python/AccessControl/Role.py 2007-01-16 12:04:52 UTC (rev 72050) +++ Zope/trunk/lib/python/AccessControl/Role.py 2007-01-16 12:53:25 UTC (rev 72051) @@ -160,6 +160,59 @@ if REQUEST is not None: return self.manage_access(REQUEST) + def manage_getUserRolesAndPermissions(self, user): + """ collect user related security settings """ + + from AccessControl.SecurityManagement import newSecurityManager + + d = {} + + current = self + while 1: + try: + uf = current.acl_users + except AttributeError: + raise ValueError('User %s could not be found' % user) + + userObj = uf.getUser(user) + if userObj: + break + else: + current = current.aq_parent + + + userObj = userObj.__of__(uf) + + d = {'user_defined_in' : '/' + uf.absolute_url(1)} + + # roles + roles = list(userObj.getRoles()) + roles.sort() + d['roles'] = roles + + + # roles in context + roles = list(userObj.getRolesInContext(self)) + roles.sort() + d['roles_in_context'] = roles + + # permissions + allowed = [] + disallowed = [] + permMap = self.manage_getPermissionMapping() + for item in permMap: + p = item['permission_name'] + if userObj.has_permission(p, self): + allowed.append(p) + else: + disallowed.append(p) + + d['allowed_permissions'] = allowed + d['disallowed_permissions'] = disallowed + + return d + + security.declareProtected(change_permissions, 'manage_permissionForm') manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(), management_view='Security', @@ -193,6 +246,7 @@ _normal_manage_access=DTMLFile('dtml/access', globals()) _method_manage_access=DTMLFile('dtml/methodAccess', globals()) + manage_reportUserPermissions=DTMLFile('dtml/reportUserPermissions', globals()) security.declareProtected(change_permissions, 'manage_access') def manage_access(self, REQUEST, **kw): Modified: Zope/trunk/lib/python/AccessControl/dtml/access.dtml =================================================================== --- Zope/trunk/lib/python/AccessControl/dtml/access.dtml 2007-01-16 12:04:52 UTC (rev 72050) +++ Zope/trunk/lib/python/AccessControl/dtml/access.dtml 2007-01-16 12:53:25 UTC (rev 72051) @@ -20,6 +20,15 @@ a permission in addition to selecting to acquire permissions. </p> + +<div> + <form action="manage_reportUserPermissions" method="GET"> + Username: + <input type="text" name="user" size="20" /> + <input type="submit" value="Show me the user permissions and roles in the context of the current object" /> + </form> +</div> + <dtml-with expr="_.namespace(valid_roles=valid_roles())"> <form action="manage_changePermissions" method="post"> Modified: Zope/trunk/lib/python/AccessControl/dtml/methodAccess.dtml =================================================================== --- Zope/trunk/lib/python/AccessControl/dtml/methodAccess.dtml 2007-01-16 12:04:52 UTC (rev 72050) +++ Zope/trunk/lib/python/AccessControl/dtml/methodAccess.dtml 2007-01-16 12:53:25 UTC (rev 72051) @@ -22,6 +22,9 @@ mappings for this item. </p> + +xx + <dtml-with "_(valid=permissionMappingPossibleValues())"> <form action="manage_setPermissionMapping" method="post"> Added: Zope/trunk/lib/python/AccessControl/dtml/reportUserPermissions.dtml =================================================================== --- Zope/trunk/lib/python/AccessControl/dtml/reportUserPermissions.dtml 2007-01-16 12:04:52 UTC (rev 72050) +++ Zope/trunk/lib/python/AccessControl/dtml/reportUserPermissions.dtml 2007-01-16 12:53:25 UTC (rev 72051) @@ -0,0 +1,49 @@ +<dtml-var manage_page_header> +<dtml-with "_(management_view='Security')"> +<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if> +</dtml-with> + +<h1>Permissions and roles for user &dtml-user;</h1> + +<dtml-let result="manage_getUserRolesAndPermissions(user)"> + +<div> + <b>Roles</b>: <dtml-var "', '.join(result['roles'])"> + <br/> + <b>Roles in Context</b>: <dtml-var "', ' .join(result['roles_in_context'])"> + <br/> + <b>User account defined in</b>: <dtml-var "result['user_defined_in']"> +</div> + +<table> + <thead> + <tr> + <th>Allowed permissions</th> + <th>Disallowed permissions</th> + </tr> + </thead> + <tbody> + <tr> + <td valign="top"> + <ul> + <dtml-in "result['allowed_permissions']"> + <li>&dtml-sequence-item; + </dtml-in> + </ul> + </td> + <td valign="top"> + <ul> + <dtml-in "result['disallowed_permissions']"> + <li>&dtml-sequence-item; + </dtml-in> + </ul> + </td> + </tr> + </tbody> +</table> + + +</dtml-let> + +<dtml-var manage_page_footer> + _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins