Context Navigation

_accessmanager.py @ 1790

Revision 1790, 37.4 KB checked in by zmsdev, 4 weeks ago (diff)
applied fix for purge of local-role: local-users on level-1 get lost

Line
1	################################################################################
2	# _accessmanager.py
3	#
4	# This program is free software; you can redistribute it and/or
5	# modify it under the terms of the GNU General Public License
6	# as published by the Free Software Foundation; either version 2
7	# of the License, or (at your option) any later version.
8	#
9	# This program is distributed in the hope that it will be useful,
10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	# GNU General Public License for more details.
13	#
14	# You should have received a copy of the GNU General Public License
15	# along with this program; if not, write to the Free Software
16	# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17	################################################################################
18
19	# Imports.
20	from App.special_dtml import HTMLFile
21	try: # Zope >= 2.13.0
22	from OFS.userfolder import UserFolder
23	except:
24	from AccessControl.User import UserFolder
25	from types import StringTypes
26	import copy
27	import sys
28	import time
29	import urllib
30	import zExceptions
31	# Product Imports.
32	import _globals
33
34
35	# ------------------------------------------------------------------------------
36	# _accessmanager.user_folder_meta_types:
37	#
38	# User Folder Meta-Types.
39	# ------------------------------------------------------------------------------
40	user_folder_meta_types = ['LDAPUserFolder','User Folder','Simple User Folder','Group User Folder']
41
42	# ------------------------------------------------------------------------------
43	# _accessmanager.role_defs:
44	#
45	# Role Definitions.
46	# ------------------------------------------------------------------------------
47	role_defs = {
48	'ZMSAdministrator':{}
49	,'ZMSEditor':{'revoke':['Change DTML Methods','ZMS Administrator','ZMS UserAdministrator']}
50	,'ZMSAuthor':{'revoke':['Change DTML Methods','Import/Export objects','ZMS Administrator','ZMS UserAdministrator']}
51	,'ZMSSubscriber':{'grant':['Access contents information','View']}
52	,'ZMSUserAdministrator':{'revoke':['Change DTML Methods','Import/Export objects','ZMS Administrator','ZMS Author']}
53	}
54
55	# ------------------------------------------------------------------------------
56	# _accessmanager.getUserId:
57	# ------------------------------------------------------------------------------
58	def getUserId(user):
59	if type(user) is dict:
60	user = user['__id__']
61	elif user is not None and type(user) not in StringTypes:
62	user = user.getId()
63	return user
64
65	# ------------------------------------------------------------------------------
66	# _accessmanager.role_permissions:
67	#
68	# Role Permissions.
69	# ------------------------------------------------------------------------------
70	def role_permissions(self, role):
71	permissions = map(lambda x: x['name'],self.permissionsOfRole('Manager'))
72	if role_defs.has_key(role):
73	role_def = role_defs[role]
74	if role_def.has_key('revoke'):
75	for revoke in role_def['revoke']:
76	if revoke in permissions:
77	permissions.remove(revoke)
78	elif role_def.has_key('grant'):
79	permissions = role_def['grant']
80	return permissions
81
82	# ------------------------------------------------------------------------------
83	# _accessmanager.insertUser:
84	# ------------------------------------------------------------------------------
85	def insertUser(self, newId, newPassword, newEmail, REQUEST):
86	id = ''
87	lang = REQUEST['lang']
88	userFldr = self.getUserFolder()
89
90	# Init user.
91	# ----------
92	newRoles = []
93	newDomains = []
94	userFldr.userFolderAddUser(newId,newPassword,newRoles,newDomains)
95	userObj = userFldr.getUser(newId)
96	if userObj is not None:
97
98	# Set user.
99	# ---------
100	self.setUserAttr(userObj,'email',newEmail)
101	id = getUserId(userObj)
102
103	return id
104
105
106	# ------------------------------------------------------------------------------
107	# _accessmanager.deleteUser:
108	# ------------------------------------------------------------------------------
109	def deleteUser(self, id):
110
111	# Delete local roles in node.
112	nodes = self.getUserAttr(id,'nodes',{})
113	for node in nodes.keys():
114	ob = self.getLinkObj(node)
115	if ob is not None:
116	ob.manage_delLocalRoles(userids=[id])
117
118	# Delete user from ZMS dictionary.
119	self.delUserAttr(id)
120
121	# Delete user from User-Folder.
122	userFldr = self.getUserFolder()
123	if userFldr.meta_type != 'LDAPUserFolder':
124	userObj = userFldr.getUser(id)
125	if userObj is not None:
126	userFldr.userFolderDelUsers([id])
127
128
129	################################################################################
130	################################################################################
131	###
132	### Class AccessableObject
133	###
134	################################################################################
135	################################################################################
136	class AccessableObject:
137
138	# --------------------------------------------------------------------------
139	# AccessableObject.getUsers:
140	# --------------------------------------------------------------------------
141	def getUsers(self, REQUEST):
142	users = {}
143	d = self.getConfProperty('ZMS.security.users',{})
144	for user in d.keys():
145	roles = self.getUserRoles( user, aq_parent=0)
146	langs = self.getUserLangs( user, aq_parent=0)
147	if len(roles) > 0 and len( langs) > 0:
148	users[ user] = {'roles':roles,'langs':langs}
149	return users
150
151	# --------------------------------------------------------------------------
152	# AccessableObject.hasAccess:
153	# --------------------------------------------------------------------------
154	def hasAccess(self, REQUEST):
155	auth_user = REQUEST.get('AUTHENTICATED_USER')
156	access = auth_user.has_permission( 'View', self) in [ 1, True]
157	if not access:
158	access = access or self.hasPublicAccess()
159	return access
160
161	# --------------------------------------------------------------------------
162	# AccessableObject.getUserRoles:
163	# --------------------------------------------------------------------------
164	def getUserRoles(self, userObj, aq_parent=1):
165	roles = []
166	try:
167	roles.extend(list(userObj.getRolesInContext(self)))
168	if 'Manager' in roles:
169	roles = self.concat_list(roles,['ZMSAdministrator','ZMSEditor','ZMSAuthor','ZMSSubscriber','ZMSUserAdministrator'])
170	except:
171	pass
172	nodes = self.getUserAttr(userObj,'nodes',{})
173	ob = self
174	depth = 0
175	while ob is not None:
176	if depth > sys.getrecursionlimit():
177	raise zExceptions.InternalError("Maximum recursion depth exceeded")
178	depth = depth + 1
179	nodekey = self.getRefObjPath(ob)
180	if nodekey in nodes.keys():
181	roles = self.concat_list(roles,nodes[nodekey]['roles'])
182	break
183	if aq_parent:
184	ob = ob.getParentNode()
185	else:
186	ob = None
187	# Resolve security_roles.
188	security_roles = self.getConfProperty('ZMS.security.roles',{})
189	for id in filter(lambda x: x in security_roles.keys(),roles):
190	dict = security_roles.get(id,{})
191	for v in dict.values():
192	for role in map(lambda x: x.replace( ' ', ''),v.get('roles',[])):
193	if role not in roles:
194	roles.append( role)
195	return roles
196
197	# --------------------------------------------------------------------------
198	# AccessableObject.getUserLangs:
199	# --------------------------------------------------------------------------
200	def getUserLangs(self, userObj, aq_parent=1):
201	langs = []
202	try:
203	langs.extend(list(getattr(userObj,'langs',['*'])))
204	except:
205	pass
206	nodes = self.getUserAttr(userObj, 'nodes', {})
207	ob = self
208	depth = 0
209	while ob is not None:
210	if depth > sys.getrecursionlimit():
211	raise zExceptions.InternalError("Maximum recursion depth exceeded")
212	depth = depth + 1
213	nodekey = self.getRefObjPath(ob)
214	if nodekey in nodes.keys():
215	langs = nodes[nodekey]['langs']
216	break
217	if aq_parent:
218	ob = ob.getParentNode()
219	else:
220	ob = None
221	return langs
222
223
224	############################################################################
225	###
226	### Public Access (Subscribers)
227	###
228	############################################################################
229
230	# --------------------------------------------------------------------------
231	# AccessableObject.hasRestrictedAccess:
232	# --------------------------------------------------------------------------
233	def hasRestrictedAccess(self):
234	restricted = False
235	if 'attr_dc_accessrights_restricted' in self.getObjAttrs().keys():
236	req = {'lang':self.getPrimaryLanguage()}
237	restricted = restricted or self.getObjProperty( 'attr_dc_accessrights_restricted', req) in [ 1, True]
238	return restricted
239
240	# --------------------------------------------------------------------------
241	# AccessableObject.hasPublicAccess:
242	# --------------------------------------------------------------------------
243	def hasPublicAccess(self):
244	if 'attr_dc_accessrights_public' in self.getObjAttrs().keys():
245	req = {'lang':self.getPrimaryLanguage()}
246	if self.getObjProperty( 'attr_dc_accessrights_public', req) in [ 1, True]:
247	return True
248	public = not self.hasRestrictedAccess()
249	parent = self.getParentNode()
250	if parent is not None and isinstance( parent, AccessableObject):
251	public = public and parent.hasPublicAccess()
252	return public
253
254
255	# --------------------------------------------------------------------------
256	# AccessableObject.synchronizePublicAccess:
257	# --------------------------------------------------------------------------
258	def synchronizePublicAccess(self):
259	# This is ugly, but necessary since ZMSObject is inherited from
260	# AccessableObject and ZMSContainerObject is inherited from
261	# AccessableContainer!
262	restricted = self.hasRestrictedAccess()
263	if self.meta_id == 'ZMSLinkElement' and self.isEmbedded( self.REQUEST):
264	ob = self.getRefObj()
265	if ob is not None:
266	for item in ob.breadcrumbs_obj_path():
267	restricted = restricted or item.hasRestrictedAccess()
268	if restricted:
269	break
270	else:
271	ob = self
272	if isinstance( ob, AccessableContainer):
273	if restricted:
274	self.revokePublicAccess()
275	else:
276	self.grantPublicAccess()
277
278
279	############################################################################
280	###
281	### Properties
282	###
283	############################################################################
284
285	############################################################################
286	# AccessableObject.manage_user:
287	#
288	# Change user.
289	############################################################################
290	manage_userForm = HTMLFile('dtml/ZMS/manage_user', globals())
291	def manage_user(self, btn, lang, REQUEST, RESPONSE):
292	""" AccessManager.manage_user """
293	message = ''
294
295	# Change.
296	# -------
297	if btn == self.getZMILangStr('BTN_SAVE'):
298	id = getUserId(REQUEST['AUTHENTICATED_USER'])
299	userObj = self.findUser(id)
300	password = REQUEST.get('password','******')
301	confirm = REQUEST.get('confirm','')
302	if password!='******' and password==confirm:
303	for userFldr in self.getUserFolders():
304	if id in userFldr.getUserNames():
305	try:
306	roles = userObj.getRoles()
307	domains = userObj.getDomains()
308	userFldr.userFolderEditUser(id, password, roles, domains)
309	except:
310	message += _globals.writeError(self,'[manage_user]: can\'t change password')
311	break
312	self.setUserAttr(userObj,'email',REQUEST.get('email','').strip())
313	#-- Assemble message.
314	message += self.getZMILangStr('MSG_CHANGED')
315
316	# Return with message.
317	message = urllib.quote(message)
318	return RESPONSE.redirect('manage_main?lang=%s&manage_tabs_message=%s'%(lang,message))
319
320
321	################################################################################
322	################################################################################
323	###
324	### Class AccessableContainer
325	###
326	################################################################################
327	################################################################################
328	class AccessableContainer(AccessableObject):
329
330	# --------------------------------------------------------------------------
331	# AccessableContainer.synchronizeRolesAccess:
332	# --------------------------------------------------------------------------
333	def synchronizeRolesAccess(self):
334	message = []
335	security_roles = self.getConfProperty('ZMS.security.roles',{})
336	for id in security_roles.keys():
337	self.manage_role(role_to_manage=id,permissions=[])
338	message.append("id="+id)
339	d = security_roles.get(id,{})
340	for node in d.keys():
341	message.append("node="+node)
342	ob = self.getLinkObj(node)
343	if ob is not None:
344	message.append("ob="+ob.absolute_url())
345	roles = d[node]['roles']
346	message.append("roles="+str(roles))
347	permissions = []
348	for role in roles:
349	permissions = ob.concat_list(permissions,role_permissions(self,role.replace(' ','')))
350	message.append("permissions="+str(permissions))
351	ob.manage_role(role_to_manage=id,permissions=permissions)
352	return '\n'.join(message)
353
354
355	# --------------------------------------------------------------------------
356	# AccessableContainer.restrictAccess:
357	# --------------------------------------------------------------------------
358	def restrictAccess(self):
359	for lang in self.getLangIds():
360	for key in ['index_%s.html','index_print_%s.html','search_%s.html','sitemap_%s.html']:
361	id = key%lang
362	if hasattr(self,id):
363	ob = getattr(self,id)
364	ob.manage_acquiredPermissions(permissions=['Access contents information','View'])
365	for role in ['Manager']:
366	ob.manage_role(role_to_manage=role,permissions=role_permissions(ob,role))
367
368	# --------------------------------------------------------------------------
369	# AccessableContainer.grantPublicAccess:
370	# --------------------------------------------------------------------------
371	def grantPublicAccess(self):
372	self.restrictAccess()
373	self.manage_acquiredPermissions(role_permissions(self,'Manager'))
374	security_roles = self.getConfProperty('ZMS.security.roles',{})
375	for role in filter(lambda x: x not in ['Anonymous','Authenticated','Owner','Manager',],self.valid_roles()):
376	permissions = []
377	if self.getLevel() == 0:
378	permissions = role_permissions(self,role)
379	self.manage_role(role_to_manage=role,permissions=permissions)
380	# Anonymous / Authenticated.
381	permissions = []
382	if self.getLevel() == 0:
383	permissions = ['Access contents information','View']
384	self.manage_role(role_to_manage='Anonymous',permissions=permissions)
385	self.manage_role(role_to_manage='Authenticated',permissions=permissions)
386
387	# --------------------------------------------------------------------------
388	# AccessableContainer.revokePublicAccess:
389	# --------------------------------------------------------------------------
390	def revokePublicAccess(self):
391	self.restrictAccess()
392	self.manage_acquiredPermissions([])
393	security_roles = self.getConfProperty('ZMS.security.roles',{})
394	for role in filter(lambda x: x not in ['Anonymous','Authenticated','Owner','Manager',],self.valid_roles()):
395	permissions=role_permissions(self,role)
396	if role in security_roles.keys():
397	permissions = []
398	# Authors & Editors
399	if len(permissions) == 0:
400	ob = self.getParentNode()
401	while ob is not None and len(permissions)==0:
402	permissions = map(lambda x: x['name'], filter(lambda x: x['selected']=='SELECTED',ob.permissionsOfRole(role)))
403	ob = ob.getParentNode()
404	# Subscribers
405	if len(permissions) == 0:
406	security_role = security_roles[role]
407	for node in security_role.keys():
408	ob = self.getLinkObj(node)
409	if ob == self:
410	for node_role in security_role[node]['roles']:
411	node_role_id = node_role.replace(' ','')
412	node_role_permissions = role_permissions(self,node_role_id)
413	permissions = self.concat_list(permissions,node_role_permissions)
414	self.manage_role(role_to_manage=role,permissions=permissions)
415	# Anonymous / Authenticated.
416	permissions=['Access contents information']
417	self.manage_role(role_to_manage='Anonymous',permissions=permissions)
418	self.manage_role(role_to_manage='Authenticated',permissions=permissions)
419
420
421	################################################################################
422	################################################################################
423	###
424	### Class AccessManager
425	###
426	################################################################################
427	################################################################################
428	class AccessManager(AccessableContainer):
429
430	# --------------------------------------------------------------------------
431	# AccessManager.getValidUserids:
432	# --------------------------------------------------------------------------
433	def getValidUserids(self, search_term=''):
434	valid_userids = []
435	c = 0
436	for userFldr in self.getUserFolders():
437	if userFldr.aq_parent.objectValues(['ZMS']):
438	if c == 0 and userFldr.meta_type == 'LDAPUserFolder':
439	search_param = self.getConfProperty('LDAPUserFolder.login_attr',userFldr.getProperty('_login_attr'))
440	users = userFldr.findUser(search_param=search_param,search_term=search_term)
441	try:
442	for user in users:
443	d = {}
444	d['localUserFldr'] = userFldr
445	d['name'] = user[search_param]
446	for extra in ['givenName','sn']:
447	try: d[extra] = user[extra]
448	except: pass
449	valid_userids.append(d)
450	except:
451	_globals.writeError( self, '[getValidUserids]')
452	return valid_userids
453	elif userFldr.meta_type != 'LDAPUserFolder':
454	for userName in userFldr.getUserNames():
455	if search_term == '' or search_term == userName:
456	d = {}
457	d['localUserFldr'] = userFldr
458	d['name'] = userName
459	valid_userids.append(d)
460	c += 1
461	return valid_userids
462
463	# --------------------------------------------------------------------------
464	# AccessManager.setUserAttr:
465	# --------------------------------------------------------------------------
466	def setUserAttr(self, user, name, value):
467	user = getUserId(user)
468	d = self.getConfProperty('ZMS.security.users',{})
469	i = d.get(user,{})
470	i[name] = value
471	d[user] = i.copy()
472	self.setConfProperty('ZMS.security.users',d.copy())
473
474	# --------------------------------------------------------------------------
475	# AccessManager.getLDAPUserAttr:
476	# --------------------------------------------------------------------------
477	def getLDAPUserAttr(self, user, name):
478	user = getUserId(user)
479	userFldr = self.getUserFolder()
480	if userFldr.meta_type == 'LDAPUserFolder':
481	userObj = userFldr.getUserByAttr( userFldr.getProperty( '_login_attr' ), user, pwd=None, cache=1)
482	if userObj is not None:
483	if name in userObj._properties:
484	value = userObj.getProperty( name)
485	return value
486	elif name == 'email':
487	for key in userObj._properties:
488	value = userObj.getProperty( key)
489	if value.find( '@') > 0 and value.rfind( '.') > 0 and value.find( '@') < value.rfind( '.'):
490	return value
491	return None
492
493	# --------------------------------------------------------------------------
494	# AccessManager.getUserAttr:
495	# --------------------------------------------------------------------------
496	def getUserAttr(self, user, name, default, flag=0):
497	user = getUserId(user)
498	if name not in [ 'nodes']:
499	v = self.getLDAPUserAttr( user, name)
500	if v is not None:
501	return v
502	d = self.getConfProperty('ZMS.security.users',{})
503	i = d.get(user,{})
504	v = i.get(name,default)
505	# Process master.
506	if flag == 0:
507	portalMaster = self.getPortalMaster()
508	if portalMaster is not None:
509	w = portalMaster.getUserAttr(user, name, default, 1)
510	if type(w) in StringTypes:
511	if type(v) in StringTypes:
512	if len(v) == 0:
513	v = w
514	# Process clients.
515	if flag == 0:
516	for portalClient in self.getPortalClients():
517	w = portalClient.getUserAttr(user, name, default)
518	if type(w) is dict:
519	v = v.copy()
520	for node in w.keys():
521	ob = portalClient.getLinkObj(node)
522	newNode = self.getRefObjPath(ob)
523	v[newNode] = w[node]
524	return v
525
526	# --------------------------------------------------------------------------
527	# AccessManager.delUserAttr:
528	# --------------------------------------------------------------------------
529	def delUserAttr(self, user):
530	user = getUserId(user)
531	d = self.getConfProperty('ZMS.security.users',{})
532	try:
533	del d[user]
534	self.setConfProperty('ZMS.security.users',d)
535	except:
536	_globals.writeError(self,'[delUserAttr]: user=%s not deleted!'%user)
537
538	# --------------------------------------------------------------------------
539	# AccessManager.initRoleDefs:
540	#
541	# Init Role-Definitions and Permission Settings
542	# --------------------------------------------------------------------------
543	def initRoleDefs(self):
544
545	# Init Roles.
546	for role in role_defs.keys():
547	role_def = role_defs[role]
548	# Add Local Role.
549	if not role in self.valid_roles(): self._addRole(role)
550	# Set permissions for Local Role.
551	self.manage_role(role_to_manage=role,permissions=role_permissions(self,role))
552
553	# Clear acquired permissions.
554	self.manage_acquiredPermissions([])
555
556	# Grant public access.
557	self.synchronizePublicAccess()
558
559
560	# --------------------------------------------------------------------------
561	# AccessManager.findUser:
562	# --------------------------------------------------------------------------
563	def findUser(self, name):
564	for userFldr in self.getUserFolders():
565	userObj = None
566	if userFldr.meta_type=='LDAPUserFolder':
567	ldapUsersObjs = userFldr.findUser(search_param=userFldr.getProperty('_login_attr'),search_term=name)
568	if len(ldapUsersObjs) == 1:
569	userObj = ldapUsersObjs[0]
570	userObj['__id__'] = userObj[userFldr.getProperty( '_login_attr' )]
571	else:
572	userObj = userFldr.getUser(name)
573	if userObj is not None:
574	return userObj
575	return None
576
577	# --------------------------------------------------------------------------
578	# AccessManager.getUserFolder:
579	# --------------------------------------------------------------------------
580	def getUserFolder(self):
581	homeElmnt = self.getHome()
582	userFldrs = homeElmnt.objectValues(user_folder_meta_types)
583	if len(userFldrs)==0:
584	portalMaster = self.getPortalMaster()
585	if portalMaster is not None:
586	userFldr = portalMaster.getUserFolder()
587	else:
588	userFldr = UserFolder()
589	homeElmnt._setObject(userFldr.id, userFldr)
590	else:
591	userFldr = userFldrs[0]
592	return userFldr
593
594
595	# --------------------------------------------------------------------------
596	# AccessManager.getUserFolders:
597	# --------------------------------------------------------------------------
598	def getUserFolders(self):
599	userFolders = []
600	ob = self
601	depth = 0
602	while True:
603	if depth > sys.getrecursionlimit():
604	raise zExceptions.InternalError("Maximum recursion depth exceeded")
605	depth = depth + 1
606	if ob is None:
607	break
608	try:
609	localUserFolders = ob.objectValues(user_folder_meta_types)
610	if len(localUserFolders)==1:
611	localUserFolder = localUserFolders[0]
612	if localUserFolder not in userFolders:
613	userFolders.append(localUserFolder)
614	ob = ob.aq_parent
615	except:
616	ob = None
617	return userFolders
618
619
620	############################################################################
621	###
622	### Local Users
623	###
624	############################################################################
625
626	# ------------------------------------------------------------------------------
627	# AccessManager.purgeLocalUsers
628	# ------------------------------------------------------------------------------
629	def purgeLocalUsers(self, ob=None, valid_userids=[], invalid_userids=[]):
630	rtn = ""
631	if ob is None: ob = self
632
633	for local_role in ob.get_local_roles():
634	delLocalRoles = False
635	userid = local_role[0]
636	userroles = local_role[1]
637	if 'Owner' not in userroles:
638	if userid not in valid_userids and userid not in invalid_userids:
639	userob = ob.findUser(userid)
640	if userob is None:
641	invalid_userids.append(userid)
642	else:
643	valid_userids.append(userid)
644	if userid in valid_userids:
645	nodes = self.getUserAttr(userid,'nodes',{})
646	if len(filter(lambda x: (x=="{$}" and ob.id=="content") or x=="{$%s}"%ob.id or x.endswith("/%s}"%ob.id),nodes.keys()))==0:
647	delLocalRoles = True
648	elif userid in invalid_userids:
649	delLocalRoles = True
650	if delLocalRoles:
651	rtn += ob.absolute_url()+ " " + userid + " " + str(userroles) + "<br/>"
652	ob.manage_delLocalRoles(userids=[userid])
653
654	# Process subtree.
655	for subob in ob.objectValues(ob.dGlobalAttrs.keys()):
656	rtn += self.purgeLocalUsers(subob, valid_userids, invalid_userids)
657
658	return rtn
659
660
661	# --------------------------------------------------------------------------
662	# AccessManager.setLocalUser:
663	# --------------------------------------------------------------------------
664	def setLocalUser(self, id, node, roles, langs):
665
666	# Insert node to user-properties.
667	nodes = self.getUserAttr(id,'nodes',{})
668	nodes[node] = {'langs':langs,'roles':roles}
669	nodes = nodes.copy()
670	self.setUserAttr(id,'nodes',nodes)
671	roles = list(roles)
672	if 'ZMSAdministrator' in roles:
673	roles.append('Manager')
674
675	# Set local roles in node.
676	ob = self.getLinkObj(node,self.REQUEST)
677	if ob is not None:
678	ob.manage_setLocalRoles(id,roles)
679
680
681	# --------------------------------------------------------------------------
682	# AccessManager.delLocalUser:
683	# --------------------------------------------------------------------------
684	def delLocalUser(self, id, node):
685
686	# Delete node from user-properties.
687	nodes = self.getUserAttr(id,'nodes',{})
688	if nodes.has_key(node): del nodes[node]
689	nodes = nodes.copy()
690	self.setUserAttr(id,'nodes',nodes)
691
692	# Delete local roles in node.
693	ob = self.getLinkObj(node,self.REQUEST)
694	if ob is not None:
695	ob.manage_delLocalRoles(userids=[id])
696
697
698	############################################################################
699	###
700	### Properties
701	###
702	############################################################################
703
704	# Management Interface.
705	# ---------------------
706	manage_users = HTMLFile('dtml/ZMS/manage_users', globals())
707	manage_users_sitemap = HTMLFile('dtml/ZMS/manage_users_sitemap', globals())
708
709	############################################################################
710	# AccessManager.manage_roleProperties:
711	#
712	# Change or delete roles.
713	############################################################################
714	def manage_roleProperties(self, btn, key, lang, REQUEST, RESPONSE=None):
715	""" AccessManager.manage_roleProperties """
716	message = ''
717	id = REQUEST.get('id','')
718
719	# Cancel.
720	# -------
721	if btn in [ self.getZMILangStr('BTN_CANCEL'), self.getZMILangStr('BTN_BACK')]:
722	id = ''
723
724	# Insert.
725	# -------
726	if btn == self.getZMILangStr('BTN_INSERT'):
727	if key=='obj':
728	#-- Add local role.
729	id = REQUEST.get('newId').strip()
730	if id not in self.valid_roles(): self._addRole(role=id,REQUEST=REQUEST)
731	#-- Prepare nodes from config-properties.
732	security_roles = self.getConfProperty('ZMS.security.roles',{})
733	security_roles[id] = {}
734	security_roles = security_roles.copy()
735	self.setConfProperty('ZMS.security.roles',security_roles)
736	#-- Assemble message.
737	message = self.getZMILangStr('MSG_INSERTED')%self.getZMILangStr('ATTR_ROLE')
738	elif key=='attr':
739	#-- Insert node to config-properties.
740	node = REQUEST.get('node')
741	roles = REQUEST.get('roles',[])
742	if not type(roles) is list: roles = [roles]
743	security_roles = self.getConfProperty('ZMS.security.roles',{})
744	dict = security_roles.get(id,{})
745	dict[node] = {'roles':roles}
746	security_roles[id] = dict
747	security_roles = security_roles.copy()
748	self.setConfProperty('ZMS.security.roles',security_roles)
749	#-- Set permissions in node.
750	ob = self.getLinkObj(node,REQUEST)
751	permissions = []
752	for role in roles:
753	permissions = ob.concat_list(permissions,role_permissions(self,role.replace(' ','')))
754	ob.manage_role(role_to_manage=id,permissions=permissions)
755	#-- Assemble message.
756	message = self.getZMILangStr('MSG_INSERTED')%self.getZMILangStr('ATTR_NODE')
757
758	# Delete.
759	# -------
760	elif btn in ['delete', self.getZMILangStr('BTN_DELETE')]:
761	if key=='obj':
762	#-- Delete local role.
763	self._delRoles(roles=[id],REQUEST=REQUEST)
764	#-- Delete nodes from config-properties.
765	security_roles = self.getConfProperty('ZMS.security.roles',{})
766	if security_roles.has_key(id): del security_roles[id]
767	security_roles = security_roles.copy()
768	self.setConfProperty('ZMS.security.roles',security_roles)
769	id = ''
770	elif key=='attr':
771	#-- Delete node from config-properties.
772	node = REQUEST.get('nodekey')
773	security_roles = self.getConfProperty('ZMS.security.roles',{})
774	dict = security_roles.get(id,{})
775	if dict.has_key(node): del dict[node]
776	security_roles[id] = dict
777	security_roles = security_roles.copy()
778	self.setConfProperty('ZMS.security.roles',security_roles)
779	#-- Delete permissions in node.
780	permissions = []
781	ob = self.getLinkObj(node,REQUEST)
782	if ob is not None:
783	ob.manage_role(role_to_manage=id,permissions=permissions)
784	#-- Assemble message.
785	message = self.getZMILangStr('MSG_DELETED')%int(1)
786
787	# Return with message.
788	if RESPONSE:
789	message = urllib.quote(message)
790	return RESPONSE.redirect('manage_users?lang=%s&manage_tabs_message=%s&id=%s'%(lang,message,id))
791
792
793	############################################################################
794	# AccessManager.manage_userProperties:
795	#
796	# Change or delete users.
797	############################################################################
798	def manage_userProperties(self, btn, key, lang, REQUEST, RESPONSE=None):
799	""" AccessManager.manage_userProperties """
800	message = ''
801	id = REQUEST.get('id','')
802
803	# Cancel.
804	# -------
805	if btn in [ self.getZMILangStr('BTN_CANCEL'), self.getZMILangStr('BTN_BACK')]:
806	id = ''
807
808	# Insert.
809	# -------
810	if btn == self.getZMILangStr('BTN_INSERT'):
811	if key=='obj':
812	#-- Insert user.
813	newId = REQUEST.get('newId','').strip()
814	newPassword = REQUEST.get('newPassword','').strip()
815	newConfirm = REQUEST.get('newConfirm','').strip()
816	newEmail = REQUEST.get('newEmail','').strip()
817	id = insertUser(self,newId,newPassword,newEmail,REQUEST)
818	#-- Assemble message.
819	message = self.getZMILangStr('MSG_INSERTED')%self.getZMILangStr('ATTR_USER')
820	elif key=='attr':
821	#-- Insert local user.
822	langs = REQUEST.get('langs',[])
823	if not type(langs) is list: langs = [langs]
824	roles = REQUEST.get('roles',[])
825	if not type(roles) is list: roles = [roles]
826	node = REQUEST.get('node')
827	ob = self.getLinkObj(node,REQUEST)
828	docElmnt = ob.getDocumentElement()
829	node = docElmnt.getRefObjPath(ob)
830	docElmnt.setLocalUser(id, node, roles, langs)
831	#-- Assemble message.
832	message = self.getZMILangStr('MSG_INSERTED')%self.getZMILangStr('ATTR_NODE')
833
834	# Change.
835	# -------
836	elif btn == self.getZMILangStr('BTN_SAVE'):
837	userObj = self.findUser(id)
838	if key=='obj':
839	password = REQUEST.get('password','******')
840	confirm = REQUEST.get('confirm','')
841	if password!='******' and password==confirm:
842	try:
843	userFldr = self.getUserFolder()
844	roles = userObj.getRoles()
845	domains = userObj.getDomains()
846	userFldr.userFolderEditUser(id, password, roles, domains)
847	except:
848	_globals.writeError(self,'[manage_user]: can\'t change password')
849	self.setUserAttr(userObj,'email',REQUEST.get('email','').strip())
850	self.setUserAttr(userObj,'profile',REQUEST.get('profile','').strip())
851	elif key=='attr':
852	pass
853	#-- Assemble message.
854	message = self.getZMILangStr('MSG_CHANGED')
855
856	# Delete.
857	# -------
858	elif btn in ['delete', self.getZMILangStr('BTN_DELETE')]:
859	if key=='obj':
860	#-- Delete user.
861	deleteUser(self,id)
862	id = ''
863	#-- Assemble message.
864	message = self.getZMILangStr('MSG_DELETED')%int(1)
865	elif key=='attr':
866	#-- Delete local user.
867	node = REQUEST.get('nodekey')
868	try:
869	self.delLocalUser(id, node)
870	except:
871	pass
872	try:
873	docElmnt = self.getDocumentElement()
874	ob = self.getLinkObj(node,REQUEST)
875	if ob is not None:
876	docElmnt = ob.getDocumentElement()
877	node = docElmnt.getRefObjPath(ob)
878	docElmnt.delLocalUser(id, node)
879	except:
880	pass
881	#-- Assemble message.
882	message = self.getZMILangStr('MSG_DELETED')%int(1)
883
884	# Invite.
885	# -------
886	elif btn == self.getZMILangStr('BTN_INVITE'):
887	if key=='obj':
888	email = self.getUserAttr(id,'email','')
889	nodekeys = REQUEST.get('nodekeys',[])
890	if len(email) > 0 and len(nodekeys) > 0:
891	# Send notification.
892	# ------------------
893	#-- Recipient
894	mto = email
895	#-- Body
896	userObj = self.findUser(id)
897	mbody = []
898	mbody.append(self.getTitle(REQUEST)+' '+self.getHref2IndexHtml(REQUEST))
899	mbody.append('\n')
900	mbody.append('\n%s: %s'%(self.getZMILangStr('ATTR_ID'),id))
901	mbody.append('\n')
902	for nodekey in nodekeys:
903	ob = self.getLinkObj(nodekey,REQUEST)
904	mbody.append('\n * '+ob.getTitlealt(REQUEST)+' ['+ob.display_type(REQUEST)+']: '+ob.absolute_url()+'/manage')
905	mbody.append('\n')
906	mbody.append('\n' + self.getZMILangStr('WITH_BEST_REGARDS'))
907	mbody.append('\n' + str(REQUEST['AUTHENTICATED_USER']))
908	mbody.append('\n-------------------------------')
909	mbody = ''.join(mbody)
910	#-- Subject
911	msubject = '%s (invitation)'%self.getTitlealt(REQUEST)
912	#-- Send
913	self.sendMail(mto,msubject,mbody,REQUEST)
914	#-- Assemble message.
915	message = self.getZMILangStr('MSG_CHANGED')
916
917	# Return with message.
918	if RESPONSE:
919	message = urllib.quote(message)
920	return RESPONSE.redirect('manage_users?lang=%s&manage_tabs_message=%s&id=%s'%(lang,message,id))
921
922	################################################################################

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: ZMS/trunk/_accessmanager.py @ 1790

Download in other formats: