Re: [Zope3-Users] Security related questions

2007-01-17 Thread Thierry Florac 
Le mercredi 17 janvier 2007 à 11:06 +0100, FB a écrit :
 Hi,
 
 On Tue, Jan 16, 2007 at 01:15:53PM -0500, Stephan Richter wrote:
  On Tuesday 16 January 2007 12:39, FB wrote:
   is there a way to get all the permissions and roles, the current principal
   is associated to for a given object?
  
   Something like:
  
getAllRoles(context)
getAllPermissions(context)
  
  No. You would have to write your own code doing that. Note that it really 
  depends on the security policy on what roles and permissions are available.
 
 My securitypolicy is z.a.securitypolicy :-) .

Hi,

I've written my own adapter to get the list of roles granted or denied
for a given principal, and the list of principals granted or denied for
a given role, always in the context of the adapted object ; you'll find
the source code into joined files, just having to configure it :

adapter
factory=.manager.SecurityManager
provides=.interfaces.ISecurityManager
for=zope.annotation.interfaces.IAnnotatable
trusted=true /

class class=.manager.SecurityManager
allow
interface=.interfaces.ISecurityManager /
/class

I'm far from sure if this is the best approach, but at list it works for
my own needs in the context of zope.app.securitypolicy.
Writing the same adapter to get the list of permissions (by iterating
throught the list of granted or denied roles and using the
IRolePermissionManager interface) shouldn't be too difficult...

Hope this will help you,

  Thierry Florac
-- 
  Chef de projet intranet/internet
  Office National des Forêts - Département Informatique
  2, Avenue de Saint-Mandé
  75570 PARIS Cedex 12
  Mél : [EMAIL PROTECTED]
  Tél. : +33 01.40.19.59.64
  Fax. : +33 01.40.19.59.85
# Copyright (C) ONF 2006 by Thierry Florac





__version__   = $Revision: $
__release__   = $Id: $
__docformat__ = 'restructuredtext'


# import Zope3 interfaces
from zope.interface import Interface

# import local interfaces

# import Zope3 packages

# import local packages

from ulthar import _


class ISecurityManager(Interface):
This facility class is used to access roles and permissions on a given object for current interaction

def getLocalRoles(principal=None):
Get principal allowed and denied roles on current object

Result is given as a dictionary :
{ 'allow': ['role1','role2'], 'deny': ['role3',] }


def getLocalAllowedRoles(principal=None):
Get list of locally allowed roles

def getLocalDeniedRoles(principal=None):
Get list of locally denied roles

def getRoles(principal=None):
Get list of roles, including inherited ones

Result is given as a dictionary :
{ 'allow': ['role1','role2'], 'deny': ['role3',] }


def getAllowedRoles(principal=None):
Get list of allowed roles, including inherited ones

def getDeniedRoles(principal=None):
Get list of denied roles, including inherited ones

def getLocalPrincipals(roleId):
Get list of principals with locally defined role

Result is given as a dictionary :
{ 'allow': ['principal1','principal2'], 'deny': ['principal3',] }


def getLocalAllowedPrincipals(roleId):
Get list of principals with locally granted role

def getLocalDeniedPrincipals(roleId):
Get list of principals with locally denied role

def getPrincipals(roleId):
Get list of principals with access defined for allowed role, including inherited ones

Result is given as a dictionary :
{ 'allow': ['principal1','principal2'], 'deny': ['principal3',] }


def getAllowedPrincipals(roleId):
Get list of principals with granted access to specified role, including inherited ones

def getDeniedPrincipals(roleId):
Get list of principals with denied access to specified role, including inherited ones

def canUseRole(roleId, principal=None):
Return true or false to specify role usage for given principal

def canUsePermission(permission, principal=None):
Return true or false to specify permission usage for given principal

def canView(principal=None):
Return true or false if 'zope.View' permission is granted to given principal
# Copyright (C) ONF 2006 by Thierry Florac





__version__   = $Revision: $
__release__   = $Id: $
__docformat__ = 'restructuredtext'


# import Zope3 interfaces
from zope.interface import implements
from zope.publisher.interfaces import IRequest
from zope.security.interfaces import IPrincipal
from zope.app.securitypolicy.interfaces import IPrincipalRoleManager

# import local interfaces
from interfaces import ISecurityManager

# import Zope3 packages
from zope.app import zapi
from zope.security.management import checkPermission, getInteraction

# import local

Re: [Zope3-Users] Can't rename objects

2007-01-17 Thread Florian Lindner 
Am Mittwoch, 17. Januar 2007 08:39 schrieb David Johnson:
 See my post about 2 weeks ago.  If you Adapter to
 IContainerNameChooser rename will not be allowed.

 Do not adapt to IContainerNameChosoer.

But I want to choose names for certain kind of objects. It works when I'm not 
implementing IContainerNamesContainer.


 On Jan 16, 2007, at 10:37 PM, Florian Lindner wrote:
  Am Dienstag, 16. Januar 2007 22:15 schrieb Christian Theune:
  Do you have a specific exception with traceback that prevents you
  from
  renaming?
 
  So far I have tried it only using the ZMI (logged in as manager).
  There is no
  rename button and also if I add another object I can't name it,
  it's just
  names like Folder-n. Just no possibility to even try.
  How to test it best programmatically?
 
  The security declarations are:
 
  require permission=zope.Public interface=.interfaces.IXGM /
  require permission=zope.ManageContent
  set_schema=.interfaces.IXGM /
 
  Thanks,
 
  Florian
 
  Christian
 
  Am Dienstag, den 16.01.2007, 21:05 +0100 schrieb Florian Lindner:
  Hello,
  I have a container object to which I can add and remove object
  but can
  not rename them. I suspet my I namechooser to be faulty:
 
  from zope.app.container.interfaces import INameChooser
  from zope.app.container.contained import NameChooser
 
  class XGMNameChooser(NameChooser):
  implements(INameChooser)
 
  def chooseName(self, name, object):
  if IAbbreviation.providedBy(object):
  # my name choosing code
  return n
  else:
  return super(XGMNameChooser, self).chooseName(name,
  object)
 
 
  registered like that:
 
  adapter
  for=.interfaces.IXGM
  provides=zope.app.container.interfaces.INameChooser
  factory=.xgm.XGMNameChooser
  /
 
 
  furthermore the objects interface implements:
 
  IContainer, IContained, IPossibleSite, IAttributeAnnotatable,
  IContainerNamesContainer.
 
  the class itself:
 
  BTreeContainer, SiteManagerContainer
 
  What's wrong?
 
  Thanks,
 
  Florian
  ___
  Zope3-users mailing list
  Zope3-users@zope.org
  http://mail.zope.org/mailman/listinfo/zope3-users
 
  ___
  Zope3-users mailing list
  Zope3-users@zope.org
  http://mail.zope.org/mailman/listinfo/zope3-users

 ___
 Zope3-users mailing list
 Zope3-users@zope.org
 http://mail.zope.org/mailman/listinfo/zope3-users
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users

Re: [Zope3-Users] Can't rename objects

2007-01-17 Thread Florian Lindner 
Am Mittwoch, 17. Januar 2007 00:44 schrieb Marius Gedminas:
 On Tue, Jan 16, 2007 at 09:05:59PM +0100, Florian Lindner wrote:
  I have a container object to which I can add and remove object but can
  not rename them. I suspet my I namechooser to be faulty:

 That might be true.

  from zope.app.container.interfaces import INameChooser
  from zope.app.container.contained import NameChooser
 
  class XGMNameChooser(NameChooser):
  implements(INameChooser)
 
  def chooseName(self, name, object):
  if IAbbreviation.providedBy(object):
  # my name choosing code
  return n

 I'm not sure I remember things correctly, but shouldn't your name
 chooser verify and optionally accept ``name`` here, if you want the
 user's desired name to ever be used?

  else:
  return super(XGMNameChooser, self).chooseName(name, object)
 
 
  registered like that:
 
  adapter
  for=.interfaces.IXGM
  provides=zope.app.container.interfaces.INameChooser
  factory=.xgm.XGMNameChooser
  /
 
 
  furthermore the objects interface implements:
 
  IContainer, IContained, IPossibleSite, IAttributeAnnotatable,
  IContainerNamesContainer.

 IContainerNamesContainer means the user will *never* get to specify the
 names used for the elements stored in this container, instead the names
 will *always* be computed automatically by the name chooser.

 Remove this interface and you will get your Rename button in the ZMI.

Thanks, that does the trick.
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users

Re: [Zope3-Users] Skinning problem

2007-01-17 Thread Marius Gedminas 
On Wed, Jan 17, 2007 at 09:50:58PM +0100, Florian Lindner wrote:
 Hello,
 I have a ressourceDirectory with a file styles.css
 
 resourceDirectory
 directory=files
 name=files
 /
 
 I refer to it in my default template:
 
 link rel=stylesheet type=text/css tal:attributes=href 
 context/@@/files/styles.css /

That's no good.  The /@@/ view  only works when context is a site.
Besides, I'm not sure you can use it in a TALES expression like this.

You want

  link rel=stylesheet type=text/css
tal:attributes=href context/++resource++files/styles.css /

I think.  (I'm sure href context/++resource++name.css is the right
solution for plain resource files, but I haven't used resourceDirectory
much.)

Marius Gedminas
-- 
A: No.
Q: Should I include quotations after my reply?


signature.asc
Description: Digital signature
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users