Mercurial > p > roundup > code
comparison roundup/security.py @ 905:502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
The two templates have been migrated to that setup. Lots of unit
tests. Still some issue in the web form for editing Roles assigned to
users.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 26 Jul 2002 08:27:00 +0000 |
| parents | b0d3d3535998 |
| children | a8d80ffe37cc |
comparison
equal
deleted
inserted
replaced
| 904:02763530b9e8 | 905:502a5ae11cc5 |
|---|---|
| 61 self.addRole(name="Anonymous", description="An anonymous user") | 61 self.addRole(name="Anonymous", description="An anonymous user") |
| 62 | 62 |
| 63 ee = self.addPermission(name="Edit", | 63 ee = self.addPermission(name="Edit", |
| 64 description="User may edit everthing") | 64 description="User may edit everthing") |
| 65 self.addPermissionToRole('Admin', ee) | 65 self.addPermissionToRole('Admin', ee) |
| 66 ae = self.addPermission(name="Access", | 66 ae = self.addPermission(name="View", |
| 67 description="User may access everything") | 67 description="User may access everything") |
| 68 self.addPermissionToRole('Admin', ae) | |
| 69 ae = self.addPermission(name="Assign", | |
| 70 description="User may be assigned to anything") | |
| 71 self.addPermissionToRole('Admin', ae) | 68 self.addPermissionToRole('Admin', ae) |
| 72 reg = self.addPermission(name="Register Web", | 69 reg = self.addPermission(name="Register Web", |
| 73 description="User may register through the web") | 70 description="User may register through the web") |
| 74 self.addPermissionToRole('Anonymous', reg) | |
| 75 reg = self.addPermission(name="Register Email", | 71 reg = self.addPermission(name="Register Email", |
| 76 description="User may register through the email") | 72 description="User may register through the email") |
| 77 self.addPermissionToRole('Anonymous', reg) | |
| 78 | 73 |
| 79 # initialise the permissions and roles needed for the UIs | 74 # initialise the permissions and roles needed for the UIs |
| 80 from roundup import cgi_client, mailgw | 75 from roundup import cgi_client, mailgw |
| 81 cgi_client.initialiseSecurity(self) | 76 cgi_client.initialiseSecurity(self) |
| 82 mailgw.initialiseSecurity(self) | 77 mailgw.initialiseSecurity(self) |
| 83 | 78 |
| 84 def hasClassPermission(self, classname, permission, userid): | 79 def getPermission(self, permission, classname=None): |
| 80 ''' Find the Permission matching the name and for the class, if the | |
| 81 classname is specified. | |
| 82 | |
| 83 Raise ValueError if there is no exact match. | |
| 84 ''' | |
| 85 perm = self.db.permission | |
| 86 for permissionid in perm.stringFind(name=permission): | |
| 87 klass = perm.get(permissionid, 'klass') | |
| 88 if classname is not None and classname == klass: | |
| 89 return permissionid | |
| 90 elif not classname and not klass: | |
| 91 return permissionid | |
| 92 if not classname: | |
| 93 raise ValueError, 'No permission "%s" defined'%permission | |
| 94 raise ValueError, 'No permission "%s" defined for "%s"'%(permission, | |
| 95 classname) | |
| 96 | |
| 97 def hasPermission(self, permission, userid, classname=None): | |
| 85 ''' Look through all the Roles, and hence Permissions, and see if | 98 ''' Look through all the Roles, and hence Permissions, and see if |
| 86 "permission" is there for the specified classname. | 99 "permission" is there for the specified classname. |
| 87 | 100 |
| 88 ''' | 101 ''' |
| 89 roles = self.db.user.get(userid, 'roles') | 102 roles = self.db.user.get(userid, 'roles') |
| 90 for roleid in roles: | 103 if roles is None: |
| 104 return 0 | |
| 105 for rolename in roles.split(','): | |
| 106 if not rolename: | |
| 107 continue | |
| 108 roleid = self.db.role.lookup(rolename) | |
| 91 for permissionid in self.db.role.get(roleid, 'permissions'): | 109 for permissionid in self.db.role.get(roleid, 'permissions'): |
| 92 if self.db.permission.get(permissionid, 'name') != permission: | 110 if self.db.permission.get(permissionid, 'name') != permission: |
| 93 continue | 111 continue |
| 94 klass = self.db.permission.get(permissionid, 'klass') | 112 klass = self.db.permission.get(permissionid, 'klass') |
| 95 if klass is None or klass == classname: | 113 if klass is None or klass == classname: |