Skip to content

Z
Zope
Commit b91674c9 authored by 's avatar
Browse files
Options

Massive revamp of security

parent 5dfa37db
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 1479 additions and 963 deletions
lib/python/AccessControl/ACL.py deleted 100644 → 0
View file @ 5dfa37db
"""Access control objects"""
__version__='$Revision: 1.4 $'[11:-2]
from Persistence import Persistent
from DocumentTemplate import HTML
from Globals import MessageDialog
from Acquisition import Acquirer
from string import join, strip, split
class SafeDtml(HTML):
"""Lobotomized document template w/no editing"""
def __init__(self,name='',*args,**kw):
f=open('%s/lib/python/AccessControl/%s.dtml' % (SOFTWARE_HOME, name))
s=f.read()
f.close()
args=(self,s,)+args
apply(HTML.__init__,args,kw)
manage =None
manage_editDocument=None
manage_editForm =None
manage_edit =None
class ACL(Persistent, Acquirer):
"""An object which stores and provides a user
interface to access control information"""
def __init__(self, groups=[]):
self._data={}
for g in groups:
self._data[g]={}
id ='AccessControl'
title ='Access Control'
#icon='p_/AccessControlIcon'
#AccessControlIcon=ImageFile('www/AccessControl_icon.gif', globals())
_groupsForm=SafeDtml('groupsForm')
_groupForm =SafeDtml('groupForm')
_memberForm=SafeDtml('memberForm')
manage=manage_main=_groupsForm
def debug(self):
""" """
return '<html><XMP>%s</XMP></html>' % `self`
def __len__(self): return len(self._data)
def has_key(self,k):
return self._data.has_key(k)
def keys(self):
return self._data.keys()
def values(self):
return self._data.values()
def items(self):
return self._data.items()
def __getitem__(self,k):
return self._data[k]
def __setitem__(self,k, v):
self._data[k]=v
self.__changed__(1)
def __delitem__(self,k):
del self._data[k]
self.__changed__(1)
def groupNames(self):
return self._data.keys()
def manage_addGroup(self,REQUEST,name=''):
"""Add group"""
if not name:
return MessageDialog(title='Illegal value',
message='An illegal value was specified',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if self._data.has_key(name):
return MessageDialog(title='Illegal value',
message='An item with the specified name already exists',
action='%s/manage_main' % REQUEST['PARENT_URL'])
self._data[name]={}
self.__changed__(1)
return self._groupsForm(self,REQUEST)
def manage_groupForm(self,REQUEST,name=''):
"""Edit group"""
if not (name):
return MessageDialog(title='Illegal value',
message='An illegal value was specified',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if not self._data.has_key(name):
return MessageDialog(title='Illegal value',
message='The specified item does not exist',
action='%s/manage_main' % REQUEST['PARENT_URL'])
return self._groupForm(self,REQUEST,groupName=name,
memberNames=self._data[name].keys())
def manage_deleteGroup(self,REQUEST,names=[]):
"""Delete group"""
if not names:
return MessageDialog(title='Illegal value',
message='An illegal value was specified',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if type(names)==type('s'): names=[names]
f=self._data.has_key
if 0 in map(f, names):
return MessageDialog(title='Illegal value',
message='The specified item does not exist',
action='%s/manage_main' % REQUEST['PARENT_URL'])
for n in names:
del self._data[n]
self.__changed__(1)
return self._groupsForm(self,REQUEST)
def manage_addMember(self,REQUEST,group='',name='',password='',confirm=''):
"""Add a member"""
if not (group and name and password and confirm):
return MessageDialog(title='Illegal value',
message='An illegal value was specified',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if not self._data.has_key(group):
return MessageDialog(title='Illegal value',
message='The specified item does not exist',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if self._data[group].has_key(name):
return MessageDialog(title='Illegal value',
message='An item with the specified name already exists',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if password != confirm:
return MessageDialog(title='Illegal value',
message='Password and confirmation do not match',
action='%s/manage_main' % REQUEST['PARENT_URL'])
self._data[group][name]=password
self.__changed__(1)
return self._groupForm(self,REQUEST,groupName=group,
memberNames=self._data[group].keys())
def manage_memberForm(self,REQUEST,group='',name=''):
"""Edit member"""
if not (group and name):
return MessageDialog(title='Illegal value',
message='An illegal value was specified',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if not self._data.has_key(group):
return MessageDialog(title='Illegal value',
message='The specified item does not exist',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if not self._data[group].has_key(name):
return MessageDialog(title='Illegal value',
message='The specified item does not exist',
action='%s/manage_main' % REQUEST['PARENT_URL'])
g,n,p=group,name,self._data[group][name]
return self._memberForm(self,REQUEST,groupName=g,memberName=n,
memberPassword=p)
def manage_editMember(self,REQUEST,group='',name='',password='',
confirm=''):
"""Add a member"""
if not (group and name and password and confirm):
return MessageDialog(title='Illegal value',
message='An illegal value was specified',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if not self._data.has_key(group):
return MessageDialog(title='Illegal value',
message='The specified item does not exist',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if not self._data[group].has_key(name):
return MessageDialog(title='Illegal value',
message='The specified item does not exist',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if password != confirm:
return MessageDialog(title='Illegal value',
message='Password and confirmation do not match',
action='%s/manage_main' % REQUEST['PARENT_URL'])
self._data[group][name]=password
self.__changed__(1)
return self._groupForm(self,REQUEST,groupName=group,
memberNames=self._data[group].keys())
def manage_deleteMember(self,REQUEST,group='',names=[]):
"""Delete members"""
if not (group and names):
return MessageDialog(title='Illegal value',
message='An illegal value was specified',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if not self._data.has_key(group):
return MessageDialog(title='Illegal value',
message='The specified item does not exist',
action='%s/manage_main' % REQUEST['PARENT_URL'])
if type(names)==type('s'): names=[names]
f=self._data[group].has_key
if 0 in map(f, names):
return MessageDialog(title='Illegal value',
message='The specified item does not exist',
action='%s/manage_main' % REQUEST['PARENT_URL'])
for n in names:
del self._data[group][n]
self.__changed__(1)
return self._groupForm(self,REQUEST,groupName=group,
memberNames=self._data[group].keys())
class RoleManager:
def roles_string(self):
try: return join(self.__roles__)
except: return ''
def parse_roles_string(self, roles):
"""Utility routine for parsing roles given as a string
"""
try: del self.__roles__
except: pass
if not roles: return
roles=map(strip,split(strip(roles)))
if roles=='public':
self.__roles__=None
elif roles: self.__roles__=roles
lib/python/AccessControl/AccessControl.txt 0 → 100644
View file @ b91674c9
Security Architecture
---------------------
Users
-----
Objects representing users may be created in Principia
User Folder objects. User objects maintain the information
used to authenticate users, and allow roles to be associated
with a user.
Permissions
-----------
A "permission" is the smallest unit of access to an object,
roughly equivalent to the atomic permissions seen in NT:
R (Read), W(Write), X(Execute), etc. In Principia, a permission
usually describes a fine-grained logical operation on an object,
such as "View Management Screens", "Add Properties", etc.
Different types of objects will define different permissions
as appropriate for the object.
Types of access
---------------
A "type of access" is a named grouping of 0 or more of the
permissions defined by an object. All objects have one predefined
type of access called Full Access (all permissions defined by that
object). A user who has the special role "Manager" always has Full
Access to all objects at or below the level in the object hierarchy
at which the user is defined.
New types of access may be defined as combinations of the
various permissions defined by a given object. These new
types of access may be defined by the programmer, or by
users at runtime.
Roles
-----
A role is a name that ties users (authentication of identity)
to permissions (authorization for that identity) in the system.
Roles may be defined in any Folder (or Folderish) object in the
system. Sub folders can make use of roles defined higher in the
hierarchy. These roles can be assigned to users. All users,
including non-authenticated users have the built-in role of
"Anonymous".
Principia objects allow the association of defined roles
with a single "type of access" each, in the context of that
object. A single role is associated with one and only one
type of access in the context of a given object.
Examples
--------
User Object1
o has the role "RoleA" o has given "RoleA" Full Access
Result: the user has Full Access to Object1.
User Object2
o has the role "RoleA" o has given "RoleB" Full Access
o has given the role "RoleA" View Access,
a custom type of access that allows only
viewing of the object.
Result: the user has only View Access.
Notes
-----
All objects define a permission called "Default permission". If this
permission is given to a role, users with that role will be able to
access subobjects which do not explicitly restrict access.
Technical
---------
Objects define their permissions as logical operations.
Programmers have to determine the appropriate operations
for their object type, and provide a mapping of permission
name to attribute names. It is important to note that permissions
cannot overlap - none of the attributes named in a permission
can occur in any of the other permissions. The following are
proposed permissions for some current principia objects:
Folder
o View management screens
o Change permissions
o Undo changes
o Add objects
o Delete objects
o Add properties
o Change properties
o Delete properties
o Default permission
Confera Topic
o View management screens
o Change permissions
o Undo changes
o Add objects
o Delete objects
o Add properties
o Change properties
o Delete properties
o Default permission
o Change Configuration
o Add Messages
o Change Messages
o Delete Messages
Tabula Collection
o View management screens
o Change permissions
o Undo changes
o Add objects
o Delete objects
o Add properties
o Change properties
o Delete properties
o Default permission
o Change schema
o Upload data
o Add computed fields
o Change computed fields
o Delete computed fields
Document/Image/File
o View management screens
o Change permissions
o Change/upload data
o View
Session
o View management screens
o Change permissions
o Change session config
o Join/leave session
o Save/discard session
Mail Host
o View management screens
o Change permissions
o Change configuration
To support the architecture, developers must derive an
object from the AccessControl.RoleManager mixin class,
and define in their class an __ac_permissions__ attribute.
This should be a tuple of tuples, where each tuple represents
a permission and contains a string permission name as its first
element and a list of attribute names as its second element.
Example:
__ac_permissions__=(
('View management screens',
['manage','manage_menu','manage_main','manage_copyright',
'manage_tabs','manage_propertiesForm','manage_UndoForm']),
('Undo changes', ['manage_undo_transactions']),
('Change permissions', ['manage_access']),
('Add objects', ['manage_addObject']),
('Delete objects', ['manage_delObjects']),
('Add properties', ['manage_addProperty']),
('Change properties', ['manage_editProperties']),
('Delete properties', ['manage_delProperties']),
('Default permission', ['']),
)
The developer may also predefine useful types of access, by
specifying an __ac_types__ attribute. This should be a tuple of
tuples, where each tuple represents a type of access and contains
a string name as its first element and a list of permission names
as its second element.
By default, only "Full Access" is defined (by the RoleManager mixin).
If you wish to override __ac_types__ to provide convenient types of
access, you must always be sure to define "Full Access" as containing
the names of all possible permissions for your object.
Example:
__ac_types__=(
('Full Access', map(lambda x: x[0], __ac_permissions__)),
('Change', ['Add Objects', 'Add Properties', 'Change Properties']),
)
Developers may also provide pre-defined role names that are
not deletable via the interface by specifying an __ac_roles__
attribute. This is probably not something we'll ever use under
the new architecture, but it's there if you need it.
Example:
__ac_roles__=('Manager', 'Anonymous')
lib/python/AccessControl/Generic_manage.dtml deleted 100644 → 0
View file @ 5dfa37db
<HTML>
<HEAD>
<TITLE><!--#var title--></TITLE>
</HEAD>
<FRAMESET FRAMEBORDER="NO" BORDER="0" FRAMESPACING="0" COLS="140,*">
<FRAME SRC="manage_menu" NAME="manage_menu"
MARGINWIDTH="6" MARGINHEIGHT="6" SCROLLING="auto">
<FRAME SRC="manage_main" NAME="manage_main"
MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="auto">
</FRAMESET>
<NOFRAMES>
Management interfaces require the use of a
<STRONG>frames-capable</STRONG> web browser.
</NOFRAMES>
</HTML>
lib/python/AccessControl/Generic_manage_menu.dtml deleted 100644 → 0
View file @ 5dfa37db
<HTML>
<HEAD>
<TITLE>Management Menu</TITLE>
</HEAD>
<BODY BACKGROUND="<!--#var SOFTWARE_URL-->/App/background.jpg"
BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<TABLE BORDER="0">
<TR>
<TD ALIGN="LEFT" COLSPAN="2" VALIGN="TOP">
<IMG SRC="<!--#var SOFTWARE_URL-->/logo.jpg"
WIDTH="90" HEIGHT="90">
<BR>
</TD>
</TR>
<TR><TD></TD><TD></TD></TR>
<!--#if manage_options-->
<!--#in manage_options mapping-->
<!--#if sequence-item-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<A HREF="<!--#var action-->"
TARGET="<!--#var target-->"><IMG BORDER="0" HEIGHT="16"
WIDTH="16" ALT="<!--#var label-->"
SRC="<!--#var SOFTWARE_URL-->/<!--#var icon-->"></A>
</TD>
<TD ALIGN="LEFT">
<FONT SIZE="-1">
<A HREF="<!--#var action-->"
TARGET="<!--#var target-->">
<!--#var label-->
</A></FONT>
</TD>
</TR>
<!--#else sequence-item-->
<TR><TD COLSPAN="2"><HR></TD></TR>
<!--#/if sequence-item-->
<!--#/in manage_options-->
<!--#/if manage_options-->
</TABLE>
</BODY>
</HTML>
lib/python/AccessControl/Role.py
View file @ b91674c9
This diff is collapsed.
lib/python/AccessControl/RoleManager_manage_rolesForm.dtml deleted 100644 → 0
View file @ 5dfa37db
<HTML>
<HEAD>
<TITLE>Security</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<!--#var manage_tabs-->
<P>
You may restrict access to <EM><!--#var title_or_id--></EM> using the form
below. To add or remove roles, select or deselect
the desired role names and click &quot;Change&quot;.
<P>
<FORM ACTION="manage_editRoles" METHOD="POST">
<TABLE>
<TR>
<TD VALIGN=CENTER><STRONG>Access<BR>Control</STRONG></TD>
<TD VALIGN="TOP">
<INPUT TYPE="RADIO" NAME="acl_type" VALUE="E"<!--#var aclEChecked-->>
Allow users with selected roles
<BR>
<INPUT TYPE="RADIO" NAME="acl_type" VALUE="A"<!--#var aclAChecked-->>
Allow based on default roles
<BR>
<INPUT TYPE="RADIO" NAME="acl_type" VALUE="P"<!--#var aclPChecked-->>
Allow all users
</TD>
<TD VALIGN="TOP">
<SELECT NAME="acl_roles:list" SIZE="4" MULTIPLE>
<!--#in selectedRoles-->
<!--#var sequence-item-->
<!--#/in selectedRoles-->
</SELECT>
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" VALUE="Change">
</TD>
</TR>
</TABLE>
</FORM>
<P>
<FORM ACTION="manage_addRole" METHOD="POST">
To add a new, user-defined role to this object, enter the name of
the new role and click &quot;Add&quot;.
<BR>
<INPUT TYPE="TEXT" NAME="role" SIZE="20">
<BR>
<INPUT TYPE="SUBMIT" VALUE=" Add ">
</FORM>
</BODY>
</HTML>
lib/python/AccessControl/User.py
View file @ b91674c9
This diff is collapsed.
lib/python/AccessControl/addAccess.dtml 0 → 100644
View file @ b91674c9
<HTML>
<HEAD>
<TITLE>Security</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<!--#if manage_tabs-->
<!--#var manage_tabs-->
<!--#/if manage_tabs-->
<P>
Select one or more roles below, and a type of access that will given
to users who have those roles. Select &quot;Special Access...&quot;
if you would like to define a new type of access.
<FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2">
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Roles</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<SELECT NAME="roles:list" SIZE="4" MULTIPLE>
<!--#in valid_roles-->
<OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
<!--#/in valid_roles-->
</SELECT>
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Type of access</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<SELECT NAME="access">
<!--#in access_types-->
<OPTION VALUE="<!--#var sequence-var-name-->"><!--#var sequence-var-name-->
<!--#/in access_types-->
<OPTION VALUE="Special Access...">Special Access...
</SELECT>
<BR>
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add">
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
lib/python/AccessControl/UserFolder_manage_main.dtml lib/python/AccessControl/addUser.dtml
View file @ b91674c9
<HTML>
<HEAD>
<TITLE>Contents</TITLE>
<TITLE>Add User</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555">
<!--#var manage_tabs-->
<!--#if userNames-->
<FORM ACTION="manage_deleteUser" METHOD="POST">
The following users have been defined. Click on a user to edit
that user.
<P>
<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="2">
<!--#in userNames-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="CHECKBOX" NAME="names:list" VALUE="<!--#var sequence-item-->">
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<A HREF="manage_editForm?name=<!--#var sequence-item fmt=url-quote-->">
<IMG SRC="<!--#var SCRIPT_NAME-->/p_/User_icon"
ALT="Click to edit this user" BORDER="0">
</A>
<A HREF="manage_editForm?name=<!--#var sequence-item fmt=url-quote-->">
<!--#var sequence-item-->
</A>
</TD>
</TR>
<!--#/in userNames-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" VALUE="Delete">
</TD>
</TR>
</TABLE>
</FORM>
<!--#else userNames-->
<P>
<EM>There are no users defined.</EM>
<!--#/if userNames-->
<P>
To add a new user, enter the name, password, confirmation and
roles for the new user and click &quot;Add&quot;.
<FORM ACTION="manage_main" METHOD="POST">
<TABLE>
<TR>
<TD COLSPAN="2" VALIGN="TOP">
To add a new user, enter the name, password, confirmation and
roles for the new user and click &quot;Add&quot;.
</TD>
</TR>
<TR>
<TD COLSPAN="2" VALIGN="TOP">
<FORM ACTION="manage_addUser" METHOD="POST">
<TABLE>
<TR>
<TD VALIGN="TOP">
<STRONG>Name</STRONG>
</TD>
<TD VALIGN="TOP">
<INPUT TYPE="TEXT" NAME="name" SIZE="20">
</TD>
</TR>
<TR>
</TR>
<TR>
<TD VALIGN="TOP">
<STRONG>Password</STRONG>
</TD>
<TD VALIGN="TOP">
<INPUT TYPE="PASSWORD" NAME="password" SIZE="20">
</TD>
</TR>
<TR>
</TR>
<TR>
<TD VALIGN="TOP">
<STRONG>(Confirm)</STRONG>
</TD>
<TD VALIGN="TOP">
<INPUT TYPE="PASSWORD" NAME="confirm" SIZE="20">
</TD>
</TR>
<TR>
</TR>
<TR>
<TD VALIGN="TOP">
<STRONG>Roles</STRONG>
</TD>
<TD VALIGN="TOP">
<SELECT NAME="roles:list" SIZE="5" MULTIPLE>
<!--#if roleNames-->
<!--#in roleNames-->
<OPTION><!--#var sequence-item-->
<!--#/in roleNames-->
<!--#/if roleNames-->
<!--#in valid_roles-->
<OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
<!--#/in valid_roles-->
</SELECT>
<BR>
<INPUT TYPE="SUBMIT" VALUE=" Add ">
</TD>
</TR>
</TABLE>
</FORM>
</TD>
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add">
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
lib/python/AccessControl/editAccess.dtml 0 → 100644
View file @ b91674c9
<HTML>
<HEAD>
<TITLE>Security</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<!--#if manage_tabs-->
<!--#var manage_tabs-->
<!--#/if manage_tabs-->
<P>
<FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2">
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Role</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<EM><!--#var role--></EM>
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Type of access</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="HIDDEN" NAME="role" VALUE="<!--#var role-->">
<SELECT NAME="access">
<!--#in access_types-->
<OPTION VALUE="<!--#var sequence-var-name-->"<!--#if expr="role in _vars['sequence-item'].getRoles()"-->SELECTED<!--#/if-->><!--#var sequence-var-name-->
<!--#/in access_types-->
<OPTION VALUE="Special Access...">Special Access...
</SELECT>
<BR>
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Change">
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
lib/python/AccessControl/UserFolder_manage_editForm.dtml lib/python/AccessControl/editUser.dtml
View file @ b91674c9
......@@ -5,14 +5,14 @@
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555">
<!--#var manage_tabs-->
<FORM ACTION="manage_editUser" METHOD="POST">
<FORM ACTION="manage_main" METHOD="POST">
<TABLE>
<TR>
<TD VALIGN="TOP">
<STRONG>Name</STRONG>
</TD>
<TD VALIGN="TOP">
<!--#var name-->
<!--#var expr="user.name"-->
</TD>
</TR>
<TR>
......@@ -20,7 +20,7 @@
<STRONG>Password</STRONG>
</TD>
<TD VALIGN="TOP">
<INPUT TYPE="PASSWORD" NAME="password" VALUE="<!--#var pw-->" SIZE="20">
<INPUT TYPE="PASSWORD" NAME="password" VALUE="<!--#var password-->" SIZE="20">
</TD>
</TR>
<TR>
......@@ -28,7 +28,7 @@
<STRONG>(Confirm)</STRONG>
</TD>
<TD VALIGN="TOP">
<INPUT TYPE="PASSWORD" NAME="confirm" VALUE="<!--#var pw-->" SIZE="20">
<INPUT TYPE="PASSWORD" NAME="confirm" VALUE="<!--#var password-->" SIZE="20">
</TD>
</TR>
<TR>
......@@ -37,15 +37,17 @@
</TD>
<TD VALIGN="TOP">
<SELECT NAME="roles:list" SIZE="5" MULTIPLE>
<!--#if rolelist-->
<!--#in rolelist-->
<!--#var sequence-item-->
<!--#/in rolelist-->
<!--#/if rolelist-->
<!--#in valid_roles-->
<!--#if expr="_vars['sequence-item'] in user.roles"-->
<OPTION VALUE="<!--#var sequence-item-->" SELECTED><!--#var sequence-item-->
<!--#else-->
<OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
<!--#/if-->
<!--#/in valid_roles-->
</SELECT>
<INPUT TYPE="HIDDEN" NAME="name" VALUE="<!--#var name-->">
<INPUT TYPE="HIDDEN" NAME="name" VALUE="<!--#var expr="user.name"-->">
<BR>
<INPUT TYPE="SUBMIT" VALUE="Change">
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Change">
</TD>
</TR>
</TABLE>
......
lib/python/AccessControl/groupForm.dtml deleted 100644 → 0
View file @ 5dfa37db
<HTML>
<HEAD>
<TITLE>
Access Control
</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<FONT SIZE="+2">
Access Control
</FONT>
<BR>
<P>
<TABLE>
<!--#if memberNames-->
<TR>
<TD VALIGN="TOP">
The following members are defined for the group <B><!--#var groupName--></B>.
To edit a member, select a member from the list and click the
<I>Change Member</I> button.
</TD>
<TD VALIGN="TOP">
<FORM ACTION="manage_memberForm" METHOD="POST">
<SELECT NAME="name">
<!--#in memberNames-->
<OPTION VALUE="<!--#var sequence-item-->"> <!--#var sequence-item-->
<!--#/in memberNames-->
</SELECT>
<BR>
<INPUT TYPE="HIDDEN" NAME="group" VALUE="<!--#var groupName-->">
<INPUT TYPE="SUBMIT" VALUE="Change Member">
</FORM>
</TD>
</TR>
<!--#else memberNames-->
<TR>
<TD COLSPAN="2" VALIGN="TOP">
There are no members defined for the group <B><!--#var groupName--></B>.
</TD>
</TR>
<!--#/if memberNames-->
<TR>
<TD COLSPAN="2" VALIGN="TOP">
<BR>
To add a new member to this group, enter the name, password and
confirmation of password for the new member and click the
<I>Add Member</I> button.
</TD>
</TR>
<TR>
<TD COLSPAN="2" VALIGN="TOP">
<FORM ACTION="manage_addMember" METHOD="POST">
<TABLE>
<TR>
<TD VALIGN="TOP">Name</TD>
<TD VALIGN="TOP"><INPUT TYPE="TEXT" NAME="name" SIZE="20"></TD>
</TR>
<TR>
<TD VALIGN="TOP">Password</TD>
<TD VALIGN="TOP"><INPUT TYPE="PASSWORD" NAME="password" SIZE="20"></TD>
</TR>
<TR>
<TD VALIGN="TOP">(Confirm)</TD>
<TD VALIGN="TOP">
<INPUT TYPE="PASSWORD" NAME="confirm" SIZE="20"><BR>
<INPUT TYPE="HIDDEN" NAME="group" VALUE="<!--#var groupName-->">
<INPUT TYPE="SUBMIT" VALUE="Add Member">
</TD>
</TR>
</TABLE>
</FORM>
</TD>
</TR>
<!--#if memberNames-->
<TR>
<TD VALIGN="TOP">
<BR>
To delete one or more members from this group, select the members
you wish to delete and click the <I>Delete Members</I> button.
</TD>
<TD VALIGN="TOP">
<BR>
<FORM ACTION="manage_deleteMember" METHOD="POST">
<SELECT NAME="names:list" MULTIPLE SIZE="5" >
<!--#in memberNames-->
<OPTION VALUE="<!--#var sequence-item-->"> <!--#var sequence-item-->
<!--#/in memberNames-->
</SELECT>
<BR>
<INPUT TYPE="HIDDEN" NAME="group" VALUE="<!--#var groupName-->">
<INPUT TYPE="SUBMIT" VALUE="Delete Members">
</FORM>
</TD>
</TR>
<!--#/if memberNames-->
</TABLE>
</BODY>
</HTML>
lib/python/AccessControl/groupsForm.dtml deleted 100644 → 0
View file @ 5dfa37db
<HTML>
<HEAD>
<TITLE>
Access Control
</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<FONT SIZE="+2">
Access Control
</FONT>
<BR>
<P>
Access control allows you to restrict access to various operations on
this object. For detailed information about using access control, see
the product documentation or online help.
<P>
<TABLE>
<!--#if groupNames-->
<TR>
<TD VALIGN="TOP">
To view or edit the members of a group, select a
group and click the <I>Change Group</I> button.
</TD>
<TD VALIGN="TOP">
<FORM ACTION="manage_groupForm" METHOD="POST">
<SELECT NAME="name">
<!--#in groupNames-->
<OPTION VALUE="<!--#var sequence-item-->"> <!--#var sequence-item-->
<!--#/in groupNames-->
</SELECT>
<BR>
<INPUT TYPE="SUBMIT" VALUE="Change Group">
</FORM>
</TD>
</TR>
<!--#else groupNames-->
<TR>
<TD COLSPAN="2" VALIGN="TOP">
There are currently no access control groups defined.
</TD>
</TR>
<!--#/if groupNames-->
<TR>
<TD VALIGN="TOP">
<BR>
To add a new group, enter a name for the new
group and click the <I>Add Group</I> button.
</TD>
<TD VALIGN="TOP">
<BR>
<FORM ACTION="manage_addGroup" METHOD="POST">
<INPUT TYPE="TEXT" NAME="name" SIZE="30">
<BR>
<INPUT TYPE="SUBMIT" VALUE="Add Group">
</FORM>
</TD>
</TR>
<!--#if groupNames-->
<TR>
<TD VALIGN="TOP">
<BR>
To delete one or more groups, select the groups you wish
to delete and click the <I>Delete Groups</I> button.
</TD>
<TD VALIGN="TOP">
<BR>
<FORM ACTION="manage_deleteGroup" METHOD="POST">
<SELECT NAME="names:list" MULTIPLE SIZE="5">
<!--#in groupNames-->
<OPTION VALUE="<!--#var sequence-item-->"> <!--#var sequence-item-->
<!--#/in groupNames-->
</SELECT>
<BR>
<INPUT TYPE="SUBMIT" VALUE="Delete Groups">
</FORM>
</TD>
</TR>
<!--#/if groupNames-->
</TABLE>
</BODY>
</HTML>
lib/python/AccessControl/listAccess.dtml 0 → 100644
View file @ b91674c9
<HTML>
<HEAD>
<TITLE>Security</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<!--#if manage_tabs-->
<!--#var manage_tabs-->
<!--#/if manage_tabs-->
<FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2">
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Users with the role</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var role-->
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>have type of access</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var expr="access_type_for(role)"-->,
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>which corresponds to</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<FONT SIZE="-1">
<!--#in access_permissions-->
<INPUT TYPE="CHECKBOX" NAME="p" VALUE=""<!--#if
expr="_vars['sequence-item'].name in access_type_for(role).data"-->
CHECKED<!--#/if-->>
<!--#var sequence-var-name--><BR>
<!--#/in access_permissions-->
</FONT>
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
lib/python/AccessControl/mainAccess.dtml 0 → 100644
View file @ b91674c9
<HTML>
<HEAD>
<TITLE>Security</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<!--#if manage_tabs-->
<!--#var manage_tabs-->
<!--#/if manage_tabs-->
<P>
<!--#if access_info-->
The listing below shows the current security settings for this item.
Each role listed has been given a type of access which represents
a specific set of permissions. Click on the name of a role for details
on the specific permissions granted to that role.
<FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2">
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>
Role
</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Type of access</STRONG>
</TD>
</TR>
<!--#in access_info mapping-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="CHECKBOX" NAME="roles:list"
VALUE="<!--#var sequence-var-name-->">
<A HREF="manage_access?role=<!--#var sequence-var-name fmt=url-quote-->&SUBMIT=List"><!--#var sequence-var-name--></A>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var sequence-var-value-->
</TD>
</TR>
<!--#/in access_info-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add...">
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Remove">
</TD>
</TR>
</TABLE>
</FORM>
<P>
<!--#if access_defaults-->
Users having roles defined at this level and above that have been
given the &quot;Default permission&quot; have the following
permissions to this object: <EM>
<!--#in access_defaults-->
<!--#var sequence-var-name-->
<!--#if sequence-end--><!--#else-->, <!--#/if-->
<!--#/in access_defaults-->
</EM>
<!--#/if access_defaults-->
<!--#/if access_info-->
<!--#else access_info-->
This object is using default security. Users having roles defined at
this level and above that have been given the &quot;Default permission&quot;
have access to this object.
<P>
To set explicit security on this item, click the &quot;Add...&quot; button.
<BR>
<FORM ACTION="manage_access" METHOD="POST">
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add...">
</FORM>
<!--#/else access_info-->
<P>
<FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2">
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>
User defined roles
</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="TEXT" NAME="role" SIZE="16">
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Add Role">
</TD>
</TR>
<!--#if userdefined_roles-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<SELECT NAME="roles:list">
<!--#in userdefined_roles-->
<OPTION VALUE="<!--#var sequence-item-->"><!--#var sequence-item-->
<!--#/in userdefined_roles-->
</SELECT>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="Delete Role">
</TD>
</TR>
<!--#/if userdefined_roles-->
</TABLE>
</FORM>
<!--#if access_debug-->
<BR><BR>
<BR><BR>
<BR><BR>
Access Types:
<TABLE BORDER="0" CELLPADDING="2">
<!--#in access_types-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var sequence-var-name-->
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var sequence-var-getRoles-->
</TD>
</TR>
<!--#/in access_types-->
</TABLE>
<P>
Permissions:
<TABLE BORDER="0" CELLPADDING="2">
<!--#in access_permissions-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var sequence-var-name-->
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#var sequence-var-getRoles-->
</TD>
</TR>
<!--#/in access_permissions-->
</TABLE>
<P>
Attributes:
<TABLE BORDER="0" CELLPADDING="2">
<!--#in access_debug_info mapping-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#if sequence-var-class-->
<FONT COLOR="RED">
<!--#/if-->
<!--#var sequence-var-name-->
<!--#if sequence-var-class-->
</FONT>
<!--#/if-->
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<!--#if sequence-var-class-->
<FONT COLOR="RED">
<!--#/if-->
<!--#var sequence-var-value-->
<!--#if sequence-var-class-->
</FONT>
<!--#/if-->
</TD>
</TR>
<!--#/in access_debug_info-->
</TABLE>
<!--#/if access_debug-->
</BODY>
</HTML>
lib/python/AccessControl/mainUser.dtml 0 → 100644
View file @ b91674c9
<HTML>
<HEAD>
<TITLE>Contents</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555">
<!--#var manage_tabs-->
<FORM ACTION="manage_main" METHOD="POST">
<!--#if user_names-->
The following users have been defined. Click on a user to edit
that user.
<P>
<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="2">
<!--#in user_names-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="CHECKBOX" NAME="names:list" VALUE="<!--#var sequence-item-->">
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<A HREF="manage_main?name=<!--#var sequence-item fmt=url-quote-->&submit=Edit">
<IMG SRC="<!--#var SCRIPT_NAME-->/p_/User_icon" ALT="Click to edit user"
BORDER="0">
</A>
<A HREF="manage_main?name=<!--#var sequence-item fmt=url-quote-->&submit=Edit">
<!--#var sequence-item-->
</A>
</TD>
</TR>
<!--#/in user_names-->
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add...">
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Delete">
</TD>
</TR>
</TABLE>
<!--#else user_names-->
<P>
<EM>There are no users defined.</EM>
<P>
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add...">
<!--#/if user_names-->
</FORM>
</BODY>
</HTML>
lib/python/AccessControl/manage_rolesForm.dtml deleted 100644 → 0
View file @ 5dfa37db
<HTML>
<HEAD>
<TITLE>Security</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<!--#var manage_tabs-->
<P>
You may restrict access to this item using the form
below. To add or remove roles, select or deselect
the desired role names and click &quot;Change&quot;.
<P>
<FORM ACTION="manage_editRoles" METHOD="POST">
<TABLE>
<TR>
<TD VALIGN=CENTER><STRONG>Access<BR>Control</STRONG></TD>
<TD VALIGN="TOP">
<INPUT TYPE="RADIO" NAME="acl_type" VALUE="E"<!--#var aclEChecked-->>
Allow users with selected roles
<BR>
<INPUT TYPE="RADIO" NAME="acl_type" VALUE="A"<!--#var aclAChecked-->>
Allow based on default roles
<BR>
<INPUT TYPE="RADIO" NAME="acl_type" VALUE="P"<!--#var aclPChecked-->>
Allow all users
</TD>
<TD VALIGN="TOP">
<SELECT NAME="acl_roles:list" SIZE="4" MULTIPLE>
<!--#in selectedRoles-->
<!--#var sequence-item-->
<!--#/in selectedRoles-->
</SELECT>
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="SUBMIT" VALUE="Change">
</TD>
</TR>
</TABLE>
</FORM>
<P>
<FORM ACTION="manage_addRole" METHOD="POST">
To add a new, user-defined role to this object, enter the name of
the new role and click &quot;Add&quot;.
<BR>
<INPUT TYPE="TEXT" NAME="role" SIZE="20">
<BR>
<INPUT TYPE="SUBMIT" VALUE=" Add ">
</FORM>
</BODY>
</HTML>
lib/python/AccessControl/memberForm.dtml deleted 100644 → 0
View file @ 5dfa37db
<HTML>
<HEAD>
<TITLE>
Access Control
</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<FONT SIZE="+2">
Access Control
</FONT>
<BR>
<P>
<FORM ACTION="manage_editMember" METHOD="POST">
<TABLE>
<TR>
<TD VALIGN="TOP">Name</TD>
<TD VALIGN="TOP"><!--#var memberName-->, in <B><!--#var groupName--></B></TD>
</TR>
<TR>
<TD VALIGN="TOP">Password</TD>
<TD VALIGN="TOP">
<INPUT TYPE="PASSWORD" NAME="password" VALUE="<!--#var memberPassword-->"
SIZE="20"></TD>
</TR>
<TR>
<TD VALIGN="TOP">(Confirm)</TD>
<TD VALIGN="TOP">
<INPUT TYPE="PASSWORD" NAME="confirm" VALUE="<!--#var memberPassword-->"
SIZE="20">
<INPUT TYPE="HIDDEN" NAME="name" VALUE="<!--#var memberName-->">
<INPUT TYPE="HIDDEN" NAME="group" VALUE="<!--#var groupName-->">
<BR>
<INPUT TYPE="SUBMIT" VALUE="Save Changes">
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
lib/python/AccessControl/smallRolesWidget.dtml deleted 100644 → 0
View file @ 5dfa37db
<!--#if AUTHENTICATED_USER-->
<TR>
<TH ALIGN="LEFT" VALIGN="TOP">Access<BR>Control</TH>
<TD>
<TABLE CELLPADDING="0" CELLSPACING="0" BORDER="0">
<TR>
<TD VALIGN="TOP">
<INPUT TYPE="RADIO" NAME="acl_type" VALUE="E"<!--#var aclEChecked-->>
Allow users with selected roles
<BR>
<INPUT TYPE="RADIO" NAME="acl_type" VALUE="A"<!--#var aclAChecked-->>
Allow based on default roles
<BR>
<INPUT TYPE="RADIO" NAME="acl_type" VALUE="P"<!--#var aclPChecked-->>
Allow all users
</TD>
<TD VALIGN="TOP">
<SELECT NAME="acl_roles:list" SIZE="3" MULTIPLE>
<!--#in selectedRoles-->
<!--#var sequence-item-->
<!--#/in selectedRoles-->
</SELECT>
</TD>
</TR>
</TABLE>
</TD>
</TR>
<!--#/if AUTHENTICATED_USER-->
lib/python/AccessControl/specAccess.dtml 0 → 100644
View file @ b91674c9
<HTML>
<HEAD>
<TITLE>Security</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555" ALINK="#77003B">
<!--#if manage_tabs-->
<!--#var manage_tabs-->
<!--#/if manage_tabs-->
<P>
<FORM ACTION="manage_access" METHOD="POST">
<TABLE CELLPADDING="2">
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Roles</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<SELECT NAME="roles:list" SIZE="4" MULTIPLE>
<!--#in valid_roles-->
<OPTION VALUE="<!--#var sequence-item-->" <!--#if expr="_vars['sequence-item'] in roles"-->SELECTED<!--#/if-->><!--#var sequence-item-->
<!--#/in valid_roles-->
</SELECT>
</TD>
</TR>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<STRONG>Special access</STRONG>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="TEXT" NAME="access" SIZE="25">
<BR>
<!--#in access_permissions-->
<INPUT TYPE="CHECKBOX" NAME="permissions:list" VALUE="<!--#var sequence-var-name-->"> <EM><!--#var sequence-var-name--></EM>
<BR>
<!--#/in access_permissions-->
<BR>
<INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="OK">
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7