Re: [Zope3-Users] Security related questions
Le mercredi 17 janvier 2007 à 11:06 +0100, FB a écrit : Hi, On Tue, Jan 16, 2007 at 01:15:53PM -0500, Stephan Richter wrote: On Tuesday 16 January 2007 12:39, FB wrote: is there a way to get all the permissions and roles, the current principal is associated to for a given object? Something like: getAllRoles(context) getAllPermissions(context) No. You would have to write your own code doing that. Note that it really depends on the security policy on what roles and permissions are available. My securitypolicy is z.a.securitypolicy :-) . Hi, I've written my own adapter to get the list of roles granted or denied for a given principal, and the list of principals granted or denied for a given role, always in the context of the adapted object ; you'll find the source code into joined files, just having to configure it : adapter factory=.manager.SecurityManager provides=.interfaces.ISecurityManager for=zope.annotation.interfaces.IAnnotatable trusted=true / class class=.manager.SecurityManager allow interface=.interfaces.ISecurityManager / /class I'm far from sure if this is the best approach, but at list it works for my own needs in the context of zope.app.securitypolicy. Writing the same adapter to get the list of permissions (by iterating throught the list of granted or denied roles and using the IRolePermissionManager interface) shouldn't be too difficult... Hope this will help you, Thierry Florac -- Chef de projet intranet/internet Office National des Forêts - Département Informatique 2, Avenue de Saint-Mandé 75570 PARIS Cedex 12 Mél : [EMAIL PROTECTED] Tél. : +33 01.40.19.59.64 Fax. : +33 01.40.19.59.85 # Copyright (C) ONF 2006 by Thierry Florac __version__ = $Revision: $ __release__ = $Id: $ __docformat__ = 'restructuredtext' # import Zope3 interfaces from zope.interface import Interface # import local interfaces # import Zope3 packages # import local packages from ulthar import _ class ISecurityManager(Interface): This facility class is used to access roles and permissions on a given object for current interaction def getLocalRoles(principal=None): Get principal allowed and denied roles on current object Result is given as a dictionary : { 'allow': ['role1','role2'], 'deny': ['role3',] } def getLocalAllowedRoles(principal=None): Get list of locally allowed roles def getLocalDeniedRoles(principal=None): Get list of locally denied roles def getRoles(principal=None): Get list of roles, including inherited ones Result is given as a dictionary : { 'allow': ['role1','role2'], 'deny': ['role3',] } def getAllowedRoles(principal=None): Get list of allowed roles, including inherited ones def getDeniedRoles(principal=None): Get list of denied roles, including inherited ones def getLocalPrincipals(roleId): Get list of principals with locally defined role Result is given as a dictionary : { 'allow': ['principal1','principal2'], 'deny': ['principal3',] } def getLocalAllowedPrincipals(roleId): Get list of principals with locally granted role def getLocalDeniedPrincipals(roleId): Get list of principals with locally denied role def getPrincipals(roleId): Get list of principals with access defined for allowed role, including inherited ones Result is given as a dictionary : { 'allow': ['principal1','principal2'], 'deny': ['principal3',] } def getAllowedPrincipals(roleId): Get list of principals with granted access to specified role, including inherited ones def getDeniedPrincipals(roleId): Get list of principals with denied access to specified role, including inherited ones def canUseRole(roleId, principal=None): Return true or false to specify role usage for given principal def canUsePermission(permission, principal=None): Return true or false to specify permission usage for given principal def canView(principal=None): Return true or false if 'zope.View' permission is granted to given principal # Copyright (C) ONF 2006 by Thierry Florac __version__ = $Revision: $ __release__ = $Id: $ __docformat__ = 'restructuredtext' # import Zope3 interfaces from zope.interface import implements from zope.publisher.interfaces import IRequest from zope.security.interfaces import IPrincipal from zope.app.securitypolicy.interfaces import IPrincipalRoleManager # import local interfaces from interfaces import ISecurityManager # import Zope3 packages from zope.app import zapi from zope.security.management import checkPermission, getInteraction # import local
Re: [Zope3-Users] Can't rename objects
Am Mittwoch, 17. Januar 2007 08:39 schrieb David Johnson: See my post about 2 weeks ago. If you Adapter to IContainerNameChooser rename will not be allowed. Do not adapt to IContainerNameChosoer. But I want to choose names for certain kind of objects. It works when I'm not implementing IContainerNamesContainer. On Jan 16, 2007, at 10:37 PM, Florian Lindner wrote: Am Dienstag, 16. Januar 2007 22:15 schrieb Christian Theune: Do you have a specific exception with traceback that prevents you from renaming? So far I have tried it only using the ZMI (logged in as manager). There is no rename button and also if I add another object I can't name it, it's just names like Folder-n. Just no possibility to even try. How to test it best programmatically? The security declarations are: require permission=zope.Public interface=.interfaces.IXGM / require permission=zope.ManageContent set_schema=.interfaces.IXGM / Thanks, Florian Christian Am Dienstag, den 16.01.2007, 21:05 +0100 schrieb Florian Lindner: Hello, I have a container object to which I can add and remove object but can not rename them. I suspet my I namechooser to be faulty: from zope.app.container.interfaces import INameChooser from zope.app.container.contained import NameChooser class XGMNameChooser(NameChooser): implements(INameChooser) def chooseName(self, name, object): if IAbbreviation.providedBy(object): # my name choosing code return n else: return super(XGMNameChooser, self).chooseName(name, object) registered like that: adapter for=.interfaces.IXGM provides=zope.app.container.interfaces.INameChooser factory=.xgm.XGMNameChooser / furthermore the objects interface implements: IContainer, IContained, IPossibleSite, IAttributeAnnotatable, IContainerNamesContainer. the class itself: BTreeContainer, SiteManagerContainer What's wrong? Thanks, Florian ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Can't rename objects
Am Mittwoch, 17. Januar 2007 00:44 schrieb Marius Gedminas: On Tue, Jan 16, 2007 at 09:05:59PM +0100, Florian Lindner wrote: I have a container object to which I can add and remove object but can not rename them. I suspet my I namechooser to be faulty: That might be true. from zope.app.container.interfaces import INameChooser from zope.app.container.contained import NameChooser class XGMNameChooser(NameChooser): implements(INameChooser) def chooseName(self, name, object): if IAbbreviation.providedBy(object): # my name choosing code return n I'm not sure I remember things correctly, but shouldn't your name chooser verify and optionally accept ``name`` here, if you want the user's desired name to ever be used? else: return super(XGMNameChooser, self).chooseName(name, object) registered like that: adapter for=.interfaces.IXGM provides=zope.app.container.interfaces.INameChooser factory=.xgm.XGMNameChooser / furthermore the objects interface implements: IContainer, IContained, IPossibleSite, IAttributeAnnotatable, IContainerNamesContainer. IContainerNamesContainer means the user will *never* get to specify the names used for the elements stored in this container, instead the names will *always* be computed automatically by the name chooser. Remove this interface and you will get your Rename button in the ZMI. Thanks, that does the trick. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Skinning problem
On Wed, Jan 17, 2007 at 09:50:58PM +0100, Florian Lindner wrote: Hello, I have a ressourceDirectory with a file styles.css resourceDirectory directory=files name=files / I refer to it in my default template: link rel=stylesheet type=text/css tal:attributes=href context/@@/files/styles.css / That's no good. The /@@/ view only works when context is a site. Besides, I'm not sure you can use it in a TALES expression like this. You want link rel=stylesheet type=text/css tal:attributes=href context/++resource++files/styles.css / I think. (I'm sure href context/++resource++name.css is the right solution for plain resource files, but I haven't used resourceDirectory much.) Marius Gedminas -- A: No. Q: Should I include quotations after my reply? signature.asc Description: Digital signature ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users