Changeset 28546

Show
Ignore:
Timestamp:
10/23/05 03:46:45 (4 years ago)
Author:
atchertchian
Message:

fix #923: Local role blocking is propagated to children ; fixing this bug led to remove possibility to view inherited blocked roles

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • CPSDefault/trunk/CHANGES

    r28504 r28546  
    2121  displaying the exact import error message. This partly fixes #1037. 
    2222- #983: adding new custom portlet for (hidden) accesskeys 
     23- #923: Local role blocking is propagated to children ; fixing this bug led 
     24  to remove possibility to view inherited blocked roles. 
    2325New internal features: 
    2426~~~~~~~~~~~~~~~~~~~~~~ 

  • CPSDefault/trunk/MembershipTool.py

    r28520 r28546  
    347347        context and tell if local roles are blocked using this dictionnary 
    348348        """ 
     349        dict_roles = self.getMergedLocalRolesWithPath(obj) 
     350        local_roles_blocked = 0 
     351 
     352        # get info about role blockings 
     353        anon_infos = dict_roles.get('group:role:Anonymous') 
     354        blocked_rpaths = [] 
     355        if anon_infos is not None: 
     356            for role_info in anon_infos: 
     357                if '-' in role_info['roles']: 
     358                    rpath = role_info['url'] 
     359                    blocked_rpaths.append(rpath) 
     360 
     361        blocked_rpath = '' 
     362        if blocked_rpaths: 
     363            # consider latest blocking 
     364            blocked_rpaths.sort() 
     365            blocked_rpath = blocked_rpaths[-1] 
     366            # check if roles are blocked at current level 
     367            url_tool = getToolByName(self, 'portal_url') 
     368            local_rpath = url_tool.getRpath(obj) 
     369            if blocked_rpath == local_rpath: 
     370                local_roles_blocked = 1 
     371 
     372        # filter blocked roles and roles not relevant in context 
    349373        if cps_roles is None: 
    350374            cps_roles = self.getCPSCandidateLocalRoles(obj) 
    351  
    352         # Get local roles settings from the membership tool 
    353         dict_roles = self.getMergedLocalRolesWithPath(obj) 
    354         local_roles_blocked = 0 
    355  
    356         url_tool = getToolByName(self, 'portal_url') 
    357         local_url = url_tool.getRelativeContentURL(obj) 
    358  
    359         # Filter special roles, and only take local roles 
    360375        for item, role_infos in dict_roles.items(): 
    361376            for role_info in role_infos: 
    362  
     377                if blocked_rpath: 
     378                    rpath = role_info['url'] 
     379                    # skip roles set STRICTLY above blocking ; roles set at the 
     380                    # blocking_rpath level have to be kept 
     381                    if rpath.find(blocked_rpath) == -1: 
     382                        role_info['roles'] = [] 
     383                        continue 
    363384                roles = role_info['roles'] 
    364                 if (item == "group:role:Anonymous" and "-" in roles and 
    365                     role_info['url'] == local_url): 
    366                     local_roles_blocked = 1 
    367  
    368                 # filter with roles in context 
    369385                role_info['roles'] = [r for r in roles if r in cps_roles] 
     386 
     387            # delete role info if no roles are left 
    370388            dict_roles[item] = [x for x in dict_roles[item] if x['roles']] 
    371389 
     
    414432 
    415433    security.declarePublic('getCPSLocalRolesRender') 
    416     def getCPSLocalRolesRender(self, obj, cps_roles, filtered_role=None, 
    417                                show_blocked_roles=0): 
     434    def getCPSLocalRolesRender(self, obj, cps_roles, filtered_role=None): 
    418435        """ Get dictionnaries that will be used by the template 
    419436        presenting local roles. 
     
    425442        Also return information about local roles blocking. 
    426443 
    427         filtered_role and show_blocked_roles parameters are only passed to be kept or 
    428         changed while displaying roles. 
     444        If filtered_role is set to one of the relevant local roles, only 
     445        display users with given role (inherited or not), and their other roles 
     446        if they have some. 
    429447        """ 
    430448        # XXX need to be broken in sub methods 
     
    462480                    here = 0 
    463481                # maybe skip inherited blocked roles 
    464                 if here or not local_roles_blocked or show_blocked_roles
     482                if here or not local_roles_blocked
    465483                    for role in role_info['roles']: 
    466484                        # take filtering on roles into account 
     
    522540    security.declarePublic('folderLocalRoleBlock') 
    523541    def folderLocalRoleBlock(self, obj, lr_block=None, lr_unblock=None, 
    524                              filtered_role=None, show_blocked_roles=0, 
    525                              REQUEST=None): 
     542                             filtered_role=None, REQUEST=None): 
    526543        """ 
    527544        Block/unblock local roles acquisition 
     
    533550        anonymous users. 
    534551 
    535         filtered_role and show_blocked_roles parameters are only passed to be kept 
    536         while blocking/unblocking. 
    537         """ 
    538         member = self.getAuthenticatedMember() 
    539         member_id = member.getUserName() 
    540  
     552        filtered_role parameter is only passed to be kept while 
     553        blocking/unblocking. 
     554        """ 
    541555        reindex = 0 
    542556        kwargs = {} 
    543557 
    544558        if lr_block is not None: 
    545             # For security, before blocking everything, we readd the current user 
    546             # as a XyzManager of the current workspace/section. 
     559            # Prevent user from losing local roles management rights: readd the 
     560            # current user as a XyzManager of the current workspace/section 
     561            # before blocking. 
     562            member = self.getAuthenticatedMember() 
     563            member_id = member.getUserName() 
     564            # XXX AT: why not use self.roles_managing_local_roles and 
     565            # getCPSCandidateLocalRoles to get the good role(s) to add, and 
     566            # skip if user is a Manager? 
    547567            for r in self.getCPSCandidateLocalRoles(obj): 
    548568                if r == 'Manager': 
     
    569589        if REQUEST is not None: 
    570590            kwargs['filtered_role'] = filtered_role 
    571             kwargs['show_blocked_roles'] = show_blocked_roles 
    572591            REQUEST.RESPONSE.redirect('%s/folder_localrole_form?%s'%( 
    573592                obj.absolute_url(), urlencode(kwargs))) 

  • CPSDefault/trunk/skins/cps_default/folder_localrole_assigned.pt

    r25259 r28546  
    66<metal:block define-macro="assigned" tal:define=" 
    77  filtered_role python:request.get('filtered_role'); 
    8   show_blocked_roles python:request.get('show_blocked_roles', 0); 
    9   cpslr python:here.getCPSLocalRolesRender(cps_roles, filtered_role, 
    10                                            show_blocked_roles=show_blocked_roles); 
     8  cpslr python:here.getCPSLocalRolesRender(cps_roles, filtered_role); 
    119  sorted_users python:cpslr[0]; 
    1210  users python:cpslr[1]; 
     
    4442      <input type="submit" name="lr_block" value="button_local_roles_block" 
    4543             i18n:attributes="value" class="standalone" /> 
    46     </div> 
    47   </form> 
    48  
    49   <form method="post" action="folder_localrole_form" 
    50     tal:condition="local_roles_blocked" 
    51     tal:attributes="action string:${here_url}/folder_localrole_form"> 
    52     <div tal:condition="show_blocked_roles"> 
    53       <tal:block i18n:translate="legend_local_roles_hide_blocked_roles"> 
    54         You can hide blocked roles: 
    55       </tal:block> 
    56       <input type="hidden" name="show_blocked_roles:int" value="0" /> 
    57       <metal:block use-macro="here/folder_localrole_assigned/macros/hidden_filtered_role" /> 
    58       <input type="submit" name="show_blocked_roles_submit" 
    59         value="button_hide_blocked_roles" 
    60         i18n:attributes="value" class="standalone" /> 
    61     </div> 
    62     <div tal:condition="not:show_blocked_roles"> 
    63       <tal:block i18n:translate="legend_local_roles_show_blocked_roles"> 
    64         You can show blocked roles: 
    65       </tal:block> 
    66       <input type="hidden" name="show_blocked_roles:int" value="1" /> 
    67       <metal:block use-macro="here/folder_localrole_assigned/macros/hidden_filtered_role" /> 
    68       <input type="submit" name="show_blocked_roles_submit" 
    69         value="button_show_blocked_roles" 
    70         i18n:attributes="value" class="standalone" /> 
    7144    </div> 
    7245  </form> 
     
    9568    </option> 
    9669  </select> 
    97   <metal:block use-macro="here/folder_localrole_assigned/macros/hidden_show_blocked_roles"/> 
    9870  <input type="submit" value="button_apply" 
    9971    name="filter_local_roles" 
     
    150122  </tal:block> 
    151123</p> 
    152 <p tal:condition="python:local_roles_blocked and show_blocked_roles"> 
    153   <span class="inheritedBlockedRole" 
    154     i18n:translate="label_inherited_blocked_role"> 
    155     Inherited blocked role 
    156   </span> : 
    157   <tal:block i18n:translate="legend_local_roles_inherited_blocked_role"> 
    158     this colour means that corresponding roles are set in parent folders and 
    159     are blocked. 
    160   </tal:block> 
    161 </p> 
    162124 
    163125</div> 
     
    165127 
    166128<metal:block define-macro="hidden_parameters"> 
    167   <metal:block define-macro="hidden_show_blocked_roles"> 
    168     <input type="hidden" name="show_blocked_roles:int" 
    169       tal:attributes="value show_blocked_roles" /> 
    170   </metal:block> 
    171129  <metal:block define-macro="hidden_filtered_role"> 
    172130    <input type="hidden" name="filtered_role" 
     
    196154      </th> 
    197155      <th i18n:translate="label_inherited_roles" 
    198         tal:condition="python:not local_roles_blocked or show_blocked_roles"> 
     156        tal:condition="python:not local_roles_blocked"> 
    199157        Inherited roles 
    200158      </th> 
     
    228186                          inherited python:here_roles[role]['inherited'];" 
    229187              tal:attributes="class python:test(inherited and not 
    230               local_roles_blocked, 'inheritedRole', test(inherited and 
    231               local_roles_blocked and show_blocked_roles, 
    232               'inheritedBlockedRole', 'assignedRole'));"> 
     188              local_roles_blocked, 'inheritedRole', 'assignedRole');"> 
    233189            <input type="checkbox" name="member_id_roles:list" 
    234190              tal:attributes="value role; 
     
    238194          </td> 
    239195        </tal:block> 
    240         <td tal:condition="python:not local_roles_blocked or show_blocked_roles"> 
     196        <td tal:condition="python:not local_roles_blocked"> 
    241197          <tal:block define="inherited member_info/inherited_roles; 
    242198                             roles inherited/keys"> 

  • CPSDefault/trunk/skins/cps_default/folder_localrole_block.py

    r28520 r28546  
    1 ##parameters=lr_block=None, lr_unblock=None, filtered_role=None, show_blocked_roles=0, REQUEST=None 
     1##parameters=lr_block=None, lr_unblock=None, filtered_role=None, REQUEST=None 
    22# $Id$ 
    33""" 
     
    88 
    99mtool.folderLocalRoleBlock(context, lr_block, lr_unblock, 
    10                            filtered_role, show_blocked_roles, REQUEST) 
     10                           filtered_role, REQUEST) 

  • CPSDefault/trunk/skins/cps_default/folder_localrole_edit.py

    r28104 r28546  
    1 ##parameters=delete_ids=[], edit_ids=[], filtered_role=None, show_blocked_roles=0, REQUEST=None, **kw 
     1##parameters=delete_ids=[], edit_ids=[], filtered_role=None, REQUEST=None, **kw 
    22# $Id$ 
    33"""Edit local roles (delete/edit) 
     
    1818'role_group_tata'. 
    1919 
    20 filtered_role and show_blocked_roles parameters are only passed to be kept 
    21 while editing. 
     20filtered_role parameter is only passed to be kept while editing. 
    2221""" 
    2322 
     
    122121if REQUEST is not None: 
    123122    kwargs['filtered_role'] = filtered_role 
    124     kwargs['show_blocked_roles'] = show_blocked_roles 
    125123    REQUEST.RESPONSE.redirect('%s/folder_localrole_form?%s'%( 
    126124        context.absolute_url(), urlencode(kwargs))) 

  • CPSDefault/trunk/skins/cps_default/getCPSCandidateLocalRoles.py

    r28509 r28546  
    33""" 
    44XXX content moved into portal_membership 
     5 
     6Override this template if you have new portal types or new roles with a 
     7specific mapping to register. 
    58""" 
    69from Products.CMFCore.utils import getToolByName 

  • CPSDefault/trunk/skins/cps_default/getCPSLocalRolesRender.py

    r28509 r28546  
    1 ##parameters=cps_roles, filtered_role=None, show_blocked_roles=0 
     1##parameters=cps_roles, filtered_role=None 
    22# $Id$ 
    33""" 
     
    66from Products.CMFCore.utils import getToolByName 
    77mtool = getToolByName(context, 'portal_membership') 
    8 return mtool.getCPSLocalRolesRender(context, cps_roles, filtered_role, 
    9                                     show_blocked_roles) 
     8return mtool.getCPSLocalRolesRender(context, cps_roles, filtered_role) 
     9 

  • CPSDefault/trunk/skins/cps_styles/default.css.dtml

    r28504 r28546  
    800800span.inheritedRole { 
    801801  background: <dtml-var inheritedRole>; 
    802 } 
    803  
    804 table.localRolesAssignment td.inheritedBlockedRole { 
    805   text-align: center; 
    806   background: <dtml-var inheritedBlockedRole>; 
    807 } 
    808  
    809 span.inheritedBlockedRole { 
    810   background: <dtml-var inheritedBlockedRole>; 
    811802} 
    812803 

  • CPSDefault/trunk/skins/cps_styles/nuxeo/stylesheet_properties.props

    r22268 r28546  
    155155 
    156156inheritedRole:string=#ffff99 
    157 inheritedBlockedRole:string=#ff9999