Mercurial > p > roundup > code
comparison roundup/hyperdb.py @ 4306:966592263fb8
Clean up all the places where role processing occurs.
This is now in a central place in hyperdb.Class and is used
consistently throughout. This also means now a template can override
the way role processing occurs (e.g. for elaborate permission
schemes). Thanks to intevation for funding the change.
Note: On first glance the hyperdb.Class may not be the ideal place for
role processing. On second thought: Roles may appear in other classes,
too (e.g., a user_group or similar) which then don't need to reinvent
the wheel. And I didn't want to introduce a separate UserClass (as is
the case for the HTML classes) due to compatibility issues with existing
schema.py out there.
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Tue, 15 Dec 2009 15:11:27 +0000 |
| parents | eddb82d0964c |
| children | 06af6d5bedbe |
comparison
equal
deleted
inserted
replaced
| 4305:e39b88a7150a | 4306:966592263fb8 |
|---|---|
| 758 | 758 |
| 759 This method must be called at the end of processing. | 759 This method must be called at the end of processing. |
| 760 | 760 |
| 761 """ | 761 """ |
| 762 | 762 |
| 763 def iter_roles(roles): | |
| 764 ''' handle the text processing of turning the roles list | |
| 765 into something python can use more easily | |
| 766 ''' | |
| 767 if not roles or not roles.strip(): | |
| 768 raise StopIteration, "Empty roles given" | |
| 769 for role in [x.lower().strip() for x in roles.split(',')]: | |
| 770 yield role | |
| 771 | |
| 772 | |
| 763 # | 773 # |
| 764 # The base Class class | 774 # The base Class class |
| 765 # | 775 # |
| 766 class Class: | 776 class Class: |
| 767 """ The handle to a particular class of nodes in a hyperdatabase. | 777 """ The handle to a particular class of nodes in a hyperdatabase. |
| 1225 def export_propnames(self): | 1235 def export_propnames(self): |
| 1226 """List the property names for export from this Class""" | 1236 """List the property names for export from this Class""" |
| 1227 propnames = self.getprops().keys() | 1237 propnames = self.getprops().keys() |
| 1228 propnames.sort() | 1238 propnames.sort() |
| 1229 return propnames | 1239 return propnames |
| 1240 # | |
| 1241 # convenience methods | |
| 1242 # | |
| 1243 def get_roles(self, nodeid): | |
| 1244 """Return iterator for all roles for this nodeid. | |
| 1245 | |
| 1246 Yields string-processed roles. | |
| 1247 This method can be overridden to provide a hook where we can | |
| 1248 insert other permission models (e.g. get roles from database) | |
| 1249 In standard schemas only a user has a roles property but | |
| 1250 this may be different in customized schemas. | |
| 1251 Note that this is the *central place* where role | |
| 1252 processing happens! | |
| 1253 """ | |
| 1254 node = self.db.getnode(self.classname, nodeid) | |
| 1255 return iter_roles(node['roles']) | |
| 1256 | |
| 1257 def has_role(self, nodeid, *roles): | |
| 1258 '''See if this node has any roles that appear in roles. | |
| 1259 | |
| 1260 For convenience reasons we take a list. | |
| 1261 In standard schemas only a user has a roles property but | |
| 1262 this may be different in customized schemas. | |
| 1263 ''' | |
| 1264 roles = dict.fromkeys ([r.strip().lower() for r in roles]) | |
| 1265 for role in self.get_roles(nodeid): | |
| 1266 if role in roles: | |
| 1267 return True | |
| 1268 return False | |
| 1230 | 1269 |
| 1231 | 1270 |
| 1232 class HyperdbValueError(ValueError): | 1271 class HyperdbValueError(ValueError): |
| 1233 """ Error converting a raw value into a Hyperdb value """ | 1272 """ Error converting a raw value into a Hyperdb value """ |
| 1234 pass | 1273 pass |