cleanup, added entry to interfaces

e2bc6401 · Andreas Jung · 90bcfc29 · e2bc6401 · e2bc6401 · e2bc6401
Commit e2bc6401 authored Jan 16, 2007 by Andreas Jung
4 changed files
--- a/lib/python/AccessControl/Role.py
+++ b/lib/python/AccessControl/Role.py
@@ -20,6 +20,7 @@ from Globals import DTMLFile, MessageDialog, Dictionary
 from Acquisition import Implicit, Acquired, aq_get
 from Globals import InitializeClass
 from AccessControl import ClassSecurityInfo
+from AccessControl.SecurityManagement import newSecurityManager
 from AccessControl.Permissions import change_permissions
 import ExtensionClass, PermissionMapping, Products
 from App.Common import aq_base
@@ -160,10 +161,16 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):

        if REQUEST is not None: return self.manage_access(REQUEST)

-    def manage_getUserRolesAndPermissions(self, user):
-        """ collect user related security settings """
+    def manage_getUserRolesAndPermissions(self, user_id):
+        """ Used for permission/role reporting for a given user_id.
+            Returns a dict mapping

-        from AccessControl.SecurityManagement import newSecurityManager
+            'user_defined_in' -> path where the user account is defined
+            'roles' -> global roles,
+            'roles_in_context' -> roles in context of the current object,
+            'allowed_permissions' -> permissions allowed for the user,
+            'disallowed_permissions' -> all other permissions 
+        """
        
        d = {}

@@ -172,15 +179,16 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
            try:
                uf = current.acl_users
            except AttributeError:
-                raise ValueError('User %s could not be found' % user)
+                raise ValueError('User %s could not be found' % user_id)

-            userObj = uf.getUser(user)
+            userObj = uf.getUser(user_id)
            if userObj:
                break
            else:
                current = current.aq_parent


+        newSecurityManager(None, userObj) # necessary?
        userObj = userObj.__of__(uf)

        d = {'user_defined_in' : '/' + uf.absolute_url(1)}

--- a/lib/python/AccessControl/dtml/access.dtml
+++ b/lib/python/AccessControl/dtml/access.dtml
@@ -24,7 +24,7 @@ a permission in addition to selecting to acquire permissions.
 <div>
    <form action="manage_reportUserPermissions" method="GET">
        Username:
-        <input type="text" name="user" size="20" />
+        <input type="text" name="user_id" size="20" />
        <input type="submit" value="Show me the user permissions and roles in the context of the current object" />
    </form>
 </div>

--- a/lib/python/AccessControl/dtml/reportUserPermissions.dtml
+++ b/lib/python/AccessControl/dtml/reportUserPermissions.dtml
@@ -3,9 +3,9 @@
 <dtml-if  manage_tabs><dtml-var manage_tabs></dtml-if>
 </dtml-with>

-<h1>Permissions and roles for user &dtml-user;</h1>
+<h1>Permissions and roles for user &dtml-user_id;</h1>

-<dtml-let result="manage_getUserRolesAndPermissions(user)">
+<dtml-let result="manage_getUserRolesAndPermissions(user_id)">

 <div>
    <b>Roles</b>: <dtml-var "', '.join(result['roles'])"> 

--- a/lib/python/AccessControl/interfaces.py
+++ b/lib/python/AccessControl/interfaces.py
@@ -265,6 +265,16 @@ class IRoleManager(IPermissionMappingSupport):
        """
        """

+    def manage_getUserRolesAndPermissions(user_id):
+        """ Used for permission/role reporting for a given user_id.
+            Returns a dict mapping
+
+            'user_defined_in' -> path where the user account is defined
+            'roles' -> global roles,
+            'roles_in_context' -> roles in context of the current object,
+            'allowed_permissions' -> permissions allowed for the user,
+            'disallowed_permissions' -> all other permissions 
+        """

 class IStandardUserFolder(Interface):