added permission management

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@1139 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5CPS/CPSCorePatch.py

@@ -149,5 +149,6 @@ CPSBaseDocument.getProperty = Base.getProperty
 CPSBaseDocument._setProperty = Base._setProperty
 CPSBaseDocument._edit = Base._edit
 CPSBaseDocument.asXML = Base.asXML
+CPSBaseDocument.get_local_permissions = Base.get_local_permissions
 CPSBaseDocument._propertyMap = PatchedCPSBaseDocument._propertyMap
 

product/ERP5CPS/CPSDocumentPatch.py

@@ -249,5 +249,6 @@ CPSDocument.setLayoutAndSchema = PatchedCPSDocument.setLayoutAndSchema
 CPSDocument._propertyMap = PatchedCPSDocument._propertyMap
 CPSDocument.setProperty = Base.setProperty
 CPSDocument._setProperty = PatchedCPSDocument._setProperty
+CPSDocument.get_local_permissions = Base.get_local_permissions
 CPSDocument.asXML = Base.asXML
 CPSDocument._edit = PatchedCPSDocument._edit

product/ERP5SyncML/Conduit/ERP5Conduit.py

@@ -39,6 +39,7 @@ from DateTime.DateTime import DateTime
 from email.MIMEBase import MIMEBase
 from email import Encoders
 from AccessControl import ClassSecurityInfo
+from AccessControl.PermissionMapping import setPermissionMapping
 from Products.ERP5Type import Permissions
 import pickle
 import string
@@ -184,6 +185,8 @@ class ERP5Conduit(XMLSyncUtilsMixin):
     #elif xml.nodeName in self.local_role_list or self.isLocalRole(xml)>0 and not simulate:
     elif xml.nodeName in self.local_role_list:
       conflict_list += self.addLocalRoleNode(object, xml)        
+    elif xml.nodeName in self.local_permission_list:
+      conflict_list += self.addLocalPermissionNode(object, xml)        
     else:
       conflict_list += self.updateNode(xml=xml,object=object, force=force,
                                        simulate=simulate,  **kw)
@@ -238,6 +241,9 @@ class ERP5Conduit(XMLSyncUtilsMixin):
           object.manage_delLocalRoles([user])
         elif xml.nodeName.find(self.local_group_tag)>=0:
           object.manage_delLocalGroupRoles([user])
+      if xml.nodeName in self.local_permission_list and not simulate:
+        permission = self.getAttribute(xml,'id')
+        setPermissionMapping(permission,object)
     return conflict_list
 
   security.declareProtected(Permissions.ModifyPortalContent, 'updateNode')
@@ -355,8 +361,8 @@ class ERP5Conduit(XMLSyncUtilsMixin):
           LOG('updateNode',0,'we will add history')
           conflict_list += self.addNode(xml=subnode,object=object,force=force,
                                         simulate=simulate,**kw)
-        elif keyword == self.local_role_tag and not simulate:
-          # This is the case where we have to update Roles
+        elif keyword in (self.local_role_tag,self.permission_role_tag) and not simulate:
+          # This is the case where we have to update Roles or update permission
           LOG('updateNode',0,'we will add a local role')
           #user = self.getSubObjectId(xml)
           #roles = self.convertXmlValue(data,data_type='tokens')
@@ -1026,6 +1032,24 @@ class ERP5Conduit(XMLSyncUtilsMixin):
       object.manage_setLocalGroupRoles(user,roles)
     return conflict_list
 
+  security.declareProtected(Permissions.ModifyPortalContent, 'addLocalPermissionNode')
+  def addLocalPermissionNode(self, object, xml):
+    """
+    This allows to specify how to handle the local permision informations.
+    This is really usefull if you want to write your own Conduit.
+    """      
+    conflict_list = []      
+    # We want to add a local role
+    roles = self.convertXmlValue(xml.childNodes[0].data,data_type='tokens')
+    permission = self.getAttribute(xml,'id')
+    roles = list(roles) # Needed for CPS, or we have a CPS error
+    LOG('local_role: ',0,'permission: %s roles: %s' % (repr(permission),repr(roles)))
+    #user = roles[0]
+    #roles = roles[1:]
+    if xml.nodeName.find(self.local_permission_tag)>=0:
+      setPermissionMapping(permission,object,roles)
+    return conflict_list
+
   security.declareProtected(Permissions.ModifyPortalContent, 'editDocument')
   def editDocument(self, object=None, **kw):
     """

product/ERP5Type/Base.py

@@ -28,6 +28,7 @@
 
 from Globals import InitializeClass, DTMLFile
 from AccessControl import ClassSecurityInfo
+from AccessControl.Permission import pname
 from Acquisition import aq_base, aq_inner, aq_acquire, aq_chain
 
 from Products.CMFCore.WorkflowCore import WorkflowMethod
@@ -1273,6 +1274,20 @@ class Base( CopyContainer, PortalContent, Base18, ActiveObject, ERP5PropertyMana
     """
     return getattr(self,'guid',None)
 
+  security.declareProtected(Permissions.View, 'get_local_permissions')
+  def get_local_permissions(self):
+    """
+    This works like get_local_roles. It allows to get all
+    permissions defined locally
+    """
+    local_permission_list = ()
+    for permission in self.possible_permissions():
+      permission_role = getattr(self,pname(permission),None)
+      if permission_role is not None:
+        local_permission_list += ((permission,permission_role),)
+    return local_permission_list
+
+
 class TempBase(Base):
   """
     If we need Base services (categories, edit, etc) in temporary objects

product/ERP5Type/XMLExportImport.py

@@ -157,6 +157,11 @@ def Base_asXML(object, ident=0):
     xml += ident_string + '  <local_role id="%s" type="tokens">' % user_role[0]
     xml += '@@@'.join(user_role[1])
     xml += '</local_role>\n'
+  if hasattr(self,'get_local_permissions'):
+    for user_permission in self.get_local_permissions():
+      xml += ident_string + '  <local_permission id="%s" type="tokens">' % user_permission[0]
+      xml += '@@@'.join(user_permission[1])
+      xml += '</local_permission>\n'
   # Sometimes theres is roles specified for groups, like with CPS
   if hasattr(self,'get_local_group_roles'):
     for group_role in self.get_local_group_roles():