Commit 90bcfc29 authored by Andreas Jung's avatar Andreas Jung

added permission/role reporting for a particular user in the

context of the current object
parent 0344047a
......@@ -71,6 +71,11 @@ Zope Changes
Products/PageTemplates/(configure.zcml, unicodeconflictresolver.py,
interfaces.py)
- AccessControl.Role: added new method manage_getUserRolesAndPermissions().
- AccessControl: the form behind the "Security" tab has a new form
for user-related reporting of permissions and roles
Bugs Fixed
- Collector #2261: Acquisition when creating objects via Webdav.
......
......@@ -160,6 +160,59 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
if REQUEST is not None: return self.manage_access(REQUEST)
def manage_getUserRolesAndPermissions(self, user):
""" collect user related security settings """
from AccessControl.SecurityManagement import newSecurityManager
d = {}
current = self
while 1:
try:
uf = current.acl_users
except AttributeError:
raise ValueError('User %s could not be found' % user)
userObj = uf.getUser(user)
if userObj:
break
else:
current = current.aq_parent
userObj = userObj.__of__(uf)
d = {'user_defined_in' : '/' + uf.absolute_url(1)}
# roles
roles = list(userObj.getRoles())
roles.sort()
d['roles'] = roles
# roles in context
roles = list(userObj.getRolesInContext(self))
roles.sort()
d['roles_in_context'] = roles
# permissions
allowed = []
disallowed = []
permMap = self.manage_getPermissionMapping()
for item in permMap:
p = item['permission_name']
if userObj.has_permission(p, self):
allowed.append(p)
else:
disallowed.append(p)
d['allowed_permissions'] = allowed
d['disallowed_permissions'] = disallowed
return d
security.declareProtected(change_permissions, 'manage_permissionForm')
manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(),
management_view='Security',
......@@ -193,6 +246,7 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
_normal_manage_access=DTMLFile('dtml/access', globals())
_method_manage_access=DTMLFile('dtml/methodAccess', globals())
manage_reportUserPermissions=DTMLFile('dtml/reportUserPermissions', globals())
security.declareProtected(change_permissions, 'manage_access')
def manage_access(self, REQUEST, **kw):
......
......@@ -20,6 +20,15 @@ acquired permission settings may be augmented by selecting Roles for
a permission in addition to selecting to acquire permissions.
</p>
<div>
<form action="manage_reportUserPermissions" method="GET">
Username:
<input type="text" name="user" size="20" />
<input type="submit" value="Show me the user permissions and roles in the context of the current object" />
</form>
</div>
<dtml-with expr="_.namespace(valid_roles=valid_roles())">
<form action="manage_changePermissions" method="post">
......
......@@ -22,6 +22,9 @@ an object should be disabled. The listing below shows the current permission
mappings for this item.
</p>
xx
<dtml-with "_(valid=permissionMappingPossibleValues())">
<form action="manage_setPermissionMapping" method="post">
......
<dtml-var manage_page_header>
<dtml-with "_(management_view='Security')">
<dtml-if manage_tabs><dtml-var manage_tabs></dtml-if>
</dtml-with>
<h1>Permissions and roles for user &dtml-user;</h1>
<dtml-let result="manage_getUserRolesAndPermissions(user)">
<div>
<b>Roles</b>: <dtml-var "', '.join(result['roles'])">
<br/>
<b>Roles in Context</b>: <dtml-var "', ' .join(result['roles_in_context'])">
<br/>
<b>User account defined in</b>: <dtml-var "result['user_defined_in']">
</div>
<table>
<thead>
<tr>
<th>Allowed permissions</th>
<th>Disallowed permissions</th>
</tr>
</thead>
<tbody>
<tr>
<td valign="top">
<ul>
<dtml-in "result['allowed_permissions']">
<li>&dtml-sequence-item;
</dtml-in>
</ul>
</td>
<td valign="top">
<ul>
<dtml-in "result['disallowed_permissions']">
<li>&dtml-sequence-item;
</dtml-in>
</ul>
</td>
</tr>
</tbody>
</table>
</dtml-let>
<dtml-var manage_page_footer>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment