Log message for revision 72051:
added permission/role reporting for a particular user in the
context of the current object
Changed:
U Zope/trunk/doc/CHANGES.txt
U Zope/trunk/lib/python/AccessControl/Role.py
U Zope/trunk/lib/python/AccessControl/dtml/access.dtml
U Zope/trunk/lib/python/AccessControl/dtml/methodAccess.dtml
A Zope/trunk/lib/python/AccessControl/dtml/reportUserPermissions.dtml
-=-
Modified: Zope/trunk/doc/CHANGES.txt
===================================================================
--- Zope/trunk/doc/CHANGES.txt 2007-01-16 12:04:52 UTC (rev 72050)
+++ Zope/trunk/doc/CHANGES.txt 2007-01-16 12:53:25 UTC (rev 72051)
@@ -71,6 +71,11 @@
Products/PageTemplates/(configure.zcml, unicodeconflictresolver.py,
interfaces.py)
+ - AccessControl.Role: added new method
manage_getUserRolesAndPermissions().
+
+ - AccessControl: the form behind the "Security" tab has a new form
+ for user-related reporting of permissions and roles
+
Bugs Fixed
- Collector #2261: Acquisition when creating objects via Webdav.
Modified: Zope/trunk/lib/python/AccessControl/Role.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/Role.py 2007-01-16 12:04:52 UTC (rev
72050)
+++ Zope/trunk/lib/python/AccessControl/Role.py 2007-01-16 12:53:25 UTC (rev
72051)
@@ -160,6 +160,59 @@
if REQUEST is not None: return self.manage_access(REQUEST)
+ def manage_getUserRolesAndPermissions(self, user):
+ """ collect user related security settings """
+
+ from AccessControl.SecurityManagement import newSecurityManager
+
+ d = {}
+
+ current = self
+ while 1:
+ try:
+ uf = current.acl_users
+ except AttributeError:
+ raise ValueError('User %s could not be found' % user)
+
+ userObj = uf.getUser(user)
+ if userObj:
+ break
+ else:
+ current = current.aq_parent
+
+
+ userObj = userObj.__of__(uf)
+
+ d = {'user_defined_in' : '/' + uf.absolute_url(1)}
+
+ # roles
+ roles = list(userObj.getRoles())
+ roles.sort()
+ d['roles'] = roles
+
+
+ # roles in context
+ roles = list(userObj.getRolesInContext(self))
+ roles.sort()
+ d['roles_in_context'] = roles
+
+ # permissions
+ allowed = []
+ disallowed = []
+ permMap = self.manage_getPermissionMapping()
+ for item in permMap:
+ p = item['permission_name']
+ if userObj.has_permission(p, self):
+ allowed.append(p)
+ else:
+ disallowed.append(p)
+
+ d['allowed_permissions'] = allowed
+ d['disallowed_permissions'] = disallowed
+
+ return d
+
+
security.declareProtected(change_permissions, 'manage_permissionForm')
manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(),
management_view='Security',
@@ -193,6 +246,7 @@
_normal_manage_access=DTMLFile('dtml/access', globals())
_method_manage_access=DTMLFile('dtml/methodAccess', globals())
+ manage_reportUserPermissions=DTMLFile('dtml/reportUserPermissions',
globals())
security.declareProtected(change_permissions, 'manage_access')
def manage_access(self, REQUEST, **kw):
Modified: Zope/trunk/lib/python/AccessControl/dtml/access.dtml
===================================================================
--- Zope/trunk/lib/python/AccessControl/dtml/access.dtml 2007-01-16
12:04:52 UTC (rev 72050)
+++ Zope/trunk/lib/python/AccessControl/dtml/access.dtml 2007-01-16
12:53:25 UTC (rev 72051)
@@ -20,6 +20,15 @@
a permission in addition to selecting to acquire permissions.
</p>
+
+<div>
+ <form action="manage_reportUserPermissions" method="GET">
+ Username:
+ <input type="text" name="user" size="20" />
+ <input type="submit" value="Show me the user permissions and roles in
the context of the current object" />
+ </form>
+</div>
+
<dtml-with expr="_.namespace(valid_roles=valid_roles())">
<form action="manage_changePermissions" method="post">
Modified: Zope/trunk/lib/python/AccessControl/dtml/methodAccess.dtml
===================================================================
--- Zope/trunk/lib/python/AccessControl/dtml/methodAccess.dtml 2007-01-16
12:04:52 UTC (rev 72050)
+++ Zope/trunk/lib/python/AccessControl/dtml/methodAccess.dtml 2007-01-16
12:53:25 UTC (rev 72051)
@@ -22,6 +22,9 @@
mappings for this item.
</p>
+
+xx
+
<dtml-with "_(valid=permissionMappingPossibleValues())">
<form action="manage_setPermissionMapping" method="post">
Added: Zope/trunk/lib/python/AccessControl/dtml/reportUserPermissions.dtml
===================================================================
--- Zope/trunk/lib/python/AccessControl/dtml/reportUserPermissions.dtml
2007-01-16 12:04:52 UTC (rev 72050)
+++ Zope/trunk/lib/python/AccessControl/dtml/reportUserPermissions.dtml
2007-01-16 12:53:25 UTC (rev 72051)
@@ -0,0 +1,49 @@
+<dtml-var manage_page_header>
+<dtml-with "_(management_view='Security')">
+<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
+</dtml-with>
+
+<h1>Permissions and roles for user &dtml-user;</h1>
+
+<dtml-let result="manage_getUserRolesAndPermissions(user)">
+
+<div>
+ <b>Roles</b>: <dtml-var "', '.join(result['roles'])">
+ <br/>
+ <b>Roles in Context</b>: <dtml-var "', '
.join(result['roles_in_context'])">
+ <br/>
+ <b>User account defined in</b>: <dtml-var "result['user_defined_in']">
+</div>
+
+<table>
+ <thead>
+ <tr>
+ <th>Allowed permissions</th>
+ <th>Disallowed permissions</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td valign="top">
+ <ul>
+ <dtml-in "result['allowed_permissions']">
+ <li>&dtml-sequence-item;
+ </dtml-in>
+ </ul>
+ </td>
+ <td valign="top">
+ <ul>
+ <dtml-in "result['disallowed_permissions']">
+ <li>&dtml-sequence-item;
+ </dtml-in>
+ </ul>
+ </td>
+ </tr>
+ </tbody>
+</table>
+
+
+</dtml-let>
+
+<dtml-var manage_page_footer>
+
_______________________________________________
Zope-Checkins maillist - Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins
