diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/ERP5Type_asSecurityGroupId.xml b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/ERP5Type_asSecurityGroupId.xml index b0bbd06330ecdae2b5a4dc04a9804c78691fd930..02eafd3b2b8650c94deffc2a0cd560edc5be0abb 100755 --- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/ERP5Type_asSecurityGroupId.xml +++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/ERP5Type_asSecurityGroupId.xml @@ -74,12 +74,16 @@ # site=\'france/lille\', group=\'nexedi\', function=\'accounting/accountant\')\n # This will generate a string like \'LIL_NXD_ACT\' where "LIL", "NXD" and "ACT" are the codification\n # of respecively "france/lille", "nexedi" and "accounting/accountant" categories\n +#\n +# ERP5Type_asSecurityGroupId can also return a list of users whenever a category points\n +# to a Person instance. This is useful to implement user based local role assignments\n \n code_list = []\n +user_list = []\n \n # sort the category list lexicographically\n # this prevents us to choose the exact order we want,\n -# but also prevents some human mistake to f*ck everything up by creating site_function instead of function_site\n +# but also prevents some human mistake to break everything up by creating site_function instead of function_site\n if category_order not in (None, \'\'):\n category_order = [ x for x in category_order]\n category_order.sort()\n @@ -87,14 +91,23 @@ else:\n category_order = []\n \n for base_category in category_order:\n - category = kw[base_category]\n - category_path = \'%s/%s\' % (base_category, category)\n - category_object = context.portal_categories.getCategoryValue(category_path)\n - if category_object in (None, \'\'):\n - raise "SecurityRoleDefinitionError", "Category \'%s\' doesn\'t exist" % (category_path)\n - category_code = category_object.getCodification() or category_object.getId()\n - code_list.append(category_code)\n + category_list = kw[base_category]\n + for category in category_list:\n + category_path = \'%s/%s\' % (base_category, category)\n + category_object = context.portal_categories.getCategoryValue(category_path)\n + if category_object in (None, \'\'):\n + raise "SecurityRoleDefinitionError", "Category \'%s\' doesn\'t exist" % (category_path)\n + if category_object.getPortalType() == \'Person\':\n + # We define a person here\n + user_name = category_object.getReference()\n + if user_name is not None: user_list.append(user_name)\n + else:\n + # We define a group item here\n + category_code = category_object.getCodification() or category_object.getId()\n + code_list.append(category_code)\n \n +# Return a list of users or a single group\n +if user_list: return user_list\n return \'_\'.join(code_list)\n </string> </value> </item> @@ -139,6 +152,7 @@ return \'_\'.join(code_list)\n <string>category_order</string> <string>kw</string> <string>code_list</string> + <string>user_list</string> <string>None</string> <string>append</string> <string>$append0</string> @@ -147,10 +161,12 @@ return \'_\'.join(code_list)\n <string>_getattr_</string> <string>base_category</string> <string>_getitem_</string> + <string>category_list</string> <string>category</string> <string>category_path</string> <string>context</string> <string>category_object</string> + <string>user_name</string> <string>category_code</string> </tuple> </value> diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/ERP5Type_getSecurityCategoryFromArrow.xml b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/ERP5Type_getSecurityCategoryFromArrow.xml new file mode 100755 index 0000000000000000000000000000000000000000..02ed27ee947ab75ba42b3289dd7287d9c2b48d0a --- /dev/null +++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/ERP5Type_getSecurityCategoryFromArrow.xml @@ -0,0 +1,179 @@ +<?xml version="1.0"?> +<ZopeData> + <record id="1" aka="AAAAAAAAAAE="> + <pickle> + <tuple> + <tuple> + <string>Products.PythonScripts.PythonScript</string> + <string>PythonScript</string> + </tuple> + <none/> + </tuple> + </pickle> + <pickle> + <dictionary> + <item> + <key> <string>Python_magic</string> </key> + <value> <string encoding="base64">O/INCg==</string> </value> + </item> + <item> + <key> <string>Script_magic</string> </key> + <value> <int>3</int> </value> + </item> + <item> + <key> <string>__ac_local_roles__</string> </key> + <value> + <none/> + </value> + </item> + <item> + <key> <string>_bind_names</string> </key> + <value> + <object> + <klass> + <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/> + </klass> + <tuple/> + <state> + <dictionary> + <item> + <key> <string>_asgns</string> </key> + <value> + <dictionary> + <item> + <key> <string>name_container</string> </key> + <value> <string>container</string> </value> + </item> + <item> + <key> <string>name_context</string> </key> + <value> <string>context</string> </value> + </item> + <item> + <key> <string>name_m_self</string> </key> + <value> <string>script</string> </value> + </item> + <item> + <key> <string>name_subpath</string> </key> + <value> <string>traverse_subpath</string> </value> + </item> + </dictionary> + </value> + </item> + </dictionary> + </state> + </object> + </value> + </item> + <item> + <key> <string>_body</string> </key> + <value> <string># XXX For now, this script requires proxy manager\n +\n +# base_category_list : list of category values we need to retrieve\n +# user_name : string obtained from getSecurityManager().getUser().getUserName() [NuxUserGroup]\n +# When using PluggableAuthService with ERP5GroupMAnager, user_name is the id\n +# of the person linked to getUser().getId() through getReference() (which is its login).\n +# object : object which we want to assign roles to.\n +# portal_type : portal type of object\n +\n +# must always return a list of dicts\n +\n +category_list = []\n +\n +if object is None:\n + return []\n +\n +for base_category in base_category_list:\n + category_list.append({base_category: object.getCategoryMembershipList(base_category)})\n +\n +return category_list\n +</string> </value> + </item> + <item> + <key> <string>_code</string> </key> + <value> + <none/> + </value> + </item> + <item> + <key> <string>_filepath</string> </key> + <value> <string>Script (Python):/nexedi/portal_skins/erp5_core/ERP5Type_getSecurityCategoryFromArrow</string> </value> + </item> + <item> + <key> <string>_owner</string> </key> + <value> + <none/> + </value> + </item> + <item> + <key> <string>_params</string> </key> + <value> <string>base_category_list, user_name, object, portal_type</string> </value> + </item> + <item> + <key> <string>_proxy_roles</string> </key> + <value> + <tuple> + <string>Manager</string> + </tuple> + </value> + </item> + <item> + <key> <string>errors</string> </key> + <value> + <tuple/> + </value> + </item> + <item> + <key> <string>func_code</string> </key> + <value> + <object> + <klass> + <global name="FuncCode" module="Shared.DC.Scripts.Signature"/> + </klass> + <tuple/> + <state> + <dictionary> + <item> + <key> <string>co_argcount</string> </key> + <value> <int>4</int> </value> + </item> + <item> + <key> <string>co_varnames</string> </key> + <value> + <tuple> + <string>base_category_list</string> + <string>user_name</string> + <string>object</string> + <string>portal_type</string> + <string>category_list</string> + <string>None</string> + <string>_getiter_</string> + <string>base_category</string> + <string>_getattr_</string> + </tuple> + </value> + </item> + </dictionary> + </state> + </object> + </value> + </item> + <item> + <key> <string>func_defaults</string> </key> + <value> + <none/> + </value> + </item> + <item> + <key> <string>id</string> </key> + <value> <string>ERP5Type_getSecurityCategoryFromArrow</string> </value> + </item> + <item> + <key> <string>warnings</string> </key> + <value> + <tuple/> + </value> + </item> + </dictionary> + </pickle> + </record> +</ZopeData> diff --git a/product/ERP5/bootstrap/erp5_core/bt/change_log b/product/ERP5/bootstrap/erp5_core/bt/change_log index ffcb20b3c7672d2f3f909eee7aa3dcecd0fb34d9..d3d2e4640f32ffabf2b06b25063c341fde39b5ba 100755 --- a/product/ERP5/bootstrap/erp5_core/bt/change_log +++ b/product/ERP5/bootstrap/erp5_core/bt/change_log @@ -1,3 +1,6 @@ +2006-01-21 JP +* Added support for user based role assignment (ERP5Type_getSecurityCategoryFromArrow) + 2006-01-20 JP & Jerome * Added document template initial support to Base_doAction and erp5_html_style