本文整理汇总了Python中repoze.bfg.security.has_permission函数的典型用法代码示例。如果您正苦于以下问题:Python has_permission函数的具体用法?Python has_permission怎么用?Python has_permission使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了has_permission函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: show_forum_view
def show_forum_view(context, request):
page_title = context.title
api = request.api
actions = []
if has_permission('create', context, request):
actions.append(('Add Forum Topic', 'add_forum_topic.html'))
if has_permission('edit', context, request):
actions.append(('Edit', 'edit.html'))
if has_permission('delete', context, request):
actions.append(('Delete', 'delete.html'))
profiles = find_profiles(context)
appdates = getUtility(IAppDates)
topic_batch = get_topic_batch(context, request)
topic_entries = topic_batch['entries']
topics = []
for topic in topic_entries:
D = {}
profile = profiles.get(topic.creator)
posted_by = getattr(profile, 'title', None)
date = appdates(topic.created, 'longform')
D['url'] = model_url(topic, request)
D['title'] = topic.title
D['posted_by'] = posted_by
D['date'] = date
D['number_of_comments'] = len(topic['comments'])
topics.append(D)
# In the intranet side, the backlinks should go to the show_forums
# view (the default)
forums = context.__parent__
backto = {
'href': model_url(forums, request),
'title': forums.title,
}
# Get a layout
layout_provider = get_layout_provider(context, request)
layout = layout_provider('generic')
return render_template_to_response(
'templates/show_forum.pt',
api = api,
actions = actions,
title = context.title,
topics = topics,
batch_info = topic_batch,
backto=backto,
layout=layout,
)
示例2: show_forum_topic_view
def show_forum_topic_view(context, request):
post_url = model_url(context, request, "comments", "add_comment.html")
page_title = context.title
actions = []
if has_permission('edit', context, request):
actions.append(('Edit', 'edit.html'))
if has_permission('delete', context, request):
actions.append(('Delete', 'delete.html'))
api = request.api
api.page_title = page_title
byline_info = getMultiAdapter((context, request), IBylineInfo)
forum = find_interface(context, IForum)
backto = {
'href': model_url(forum, request),
'title': forum.title,
}
# provide client data for rendering current tags in the tagbox
client_json_data = dict(
tagbox = get_tags_client_data(context, request),
)
# Get a layout
layout_provider = get_layout_provider(context, request)
layout = layout_provider('community')
if support_attachments(context):
attachments = fetch_attachments(context['attachments'], request)
else:
attachments = ()
# enable imagedrawer for adding forum replies (comments)
api.karl_client_data['text'] = dict(
enable_imagedrawer_upload = True,
)
return render_template_to_response(
'templates/show_forum_topic.pt',
api=api,
actions=actions,
comments=comments_to_display(request),
attachments=attachments,
formfields=api.formfields,
post_url=post_url,
byline_info=byline_info,
head_data=convert_to_script(client_json_data),
backto=backto,
layout=layout,
comment_form={},
)
示例3: reference_outline_view
def reference_outline_view(context, request):
# Look for moveUp or moveDown in QUERY_STRING, telling us to
# reorder something
status_message = None
subpath = request.params.get('subpath')
if subpath:
direction = request.params['direction']
status_message = move_subpath(context, subpath, direction)
backto = {
'href': model_url(context.__parent__, request),
'title': context.__parent__.title,
}
actions = []
if has_permission('create', context, request):
addables = get_folder_addables(context, request)
if addables is not None:
actions.extend(addables())
if has_permission('edit', context, request):
actions.append(('Edit', 'edit.html'))
if has_permission('delete', context, request):
actions.append(('Delete', 'delete.html'))
if has_permission('administer', context, request):
actions.append(('Advanced', 'advanced.html'))
page_title = context.title
api = TemplateAPI(context, request, page_title)
# Get a layout
layout_provider = get_layout_provider(context, request)
layout = layout_provider('intranet')
# provide client data for rendering current tags in the tagbox
client_json_data = dict(
tagbox = get_tags_client_data(context, request),
)
previous, next = get_previous_next(context, request)
api.status_message = status_message
return render_template_to_response(
'templates/show_referencemanual.pt',
api=api,
actions=actions,
head_data=convert_to_script(client_json_data),
tree=getTree(context, request, api),
backto=backto,
layout=layout,
previous_entry=previous,
next_entry=next,
)
示例4: get_profile_actions
def get_profile_actions(profile, request):
actions = []
same_user = authenticated_userid(request) == profile.__name__
if has_permission("administer", profile, request):
actions.append(("Edit", "admin_edit_profile.html"))
elif same_user:
actions.append(("Edit", "edit_profile.html"))
if same_user:
actions.append(("Manage Communities", "manage_communities.html"))
actions.append(("Manage Tags", "manage_tags.html"))
if has_permission("administer", profile, request):
actions.append(("Advanced", "advanced.html"))
return actions
示例5: show_newsitem_view
def show_newsitem_view(context, request):
backto = {
'href': model_url(context.__parent__, request),
'title': context.__parent__.title,
}
actions = []
if has_permission('edit', context, request):
actions.append(('Edit', 'edit.html'))
if has_permission('delete', context, request):
actions.append(('Delete', 'delete.html'))
if has_permission('administer', context, request):
actions.append(('Advanced', 'advanced.html'))
page_title = context.title
api = TemplateAPI(context, request, page_title)
previous, next = get_previous_next(context, request)
# provide client data for rendering current tags in the tagbox
client_json_data = dict(
tagbox = get_tags_client_data(context, request),
)
# Display photo
photo = context.get('photo')
if photo is not None:
photo = {
"url": thumb_url(photo, request, PHOTO_DISPLAY_SIZE),
}
# Get a layout
layout_provider = get_layout_provider(context, request)
layout = layout_provider('generic')
return render_template_to_response(
'templates/show_newsitem.pt',
api=api,
actions=actions,
attachments=fetch_attachments(context['attachments'], request),
formfields=api.formfields,
head_data=convert_to_script(client_json_data),
backto=backto,
previous=previous,
next=next,
layout=layout,
photo=photo,
)
示例6: peopledirectory_view
def peopledirectory_view(context, request):
# show the first accessible tab
for section_id in context.order:
section = context[section_id]
if has_permission('view', section, request):
return section_view(section, request)
raise Forbidden("No accessible sections")
示例7: menuitems
def menuitems(self):
ret = list()
count = 0
path = nodepath(self.model)
if path:
curpath = path[0]
else:
curpath = ''
# work with ``self.model.root.keys()``, ``values()`` propably not works
# due to the use of factory node.
root = self.model.root
# check for default child id if no curpath
if not curpath and root.properties.default_child:
curpath = root.properties.default_child
# check wether to render mainmenu item title
empty_title = root.properties.mainmenu_empty_title
for key in root.keys():
child = root[key]
if not has_permission('view', child, self.request):
continue
item = dict()
item['id'] = key
if empty_title:
item['title'] = ' '
item['description'] = child.metadata.title
else:
item['title'] = child.metadata.title
item['description'] = child.metadata.description
item['url'] = make_url(self.request, path=[key])
item['selected'] = curpath == key
item['first'] = count == 0
ret.append(item)
count += 1
return ret
示例8: secured_execute
def secured_execute(self, context, request, transition_id):
state = getattr(context, self.state_attr, _marker)
if state is _marker:
state = self.initial_state
si = (state, transition_id)
sn = (state, None)
newstate = None
# exact state match?
if si in self.states:
newstate, transition_fn, kw = self.states[si]
# no exact match, how about a None (catch-all) match?
elif sn in self.states:
newstate, transition_fn, kw = self.states[sn]
if newstate is None:
raise StateMachineError(
'No transition from %r using transition %r'
% (state, transition_id))
permission = kw['permission']
if request is not None and permission is not None:
if not has_permission(permission, context, request):
raise StateMachineError(
'%s permission required for transition %r' % (
permission, transition_id)
)
self.before_transition(state, newstate, transition_id, context, **kw)
transition_fn(state, newstate, transition_id, context, **kw)
self.after_transition(state, newstate, transition_id, context, **kw)
setattr(context, self.state_attr, newstate)
示例9: get_container_batch
def get_container_batch(
container,
request,
batch_start=0,
batch_size=20,
sort_index=None,
reverse=False,
permission="view",
filter_func=None,
interfaces=None,
):
if "batch_start" in request.params:
batch_start = int(request.params["batch_start"])
if "batch_size" in request.params:
batch_size = int(request.params["batch_size"])
if sort_index:
catalog = find_catalog(container)
index = catalog[sort_index]
# XXX this is not part of ICatalogIndex, but it happens to work
# for most indexes. It might be useful to expand ICatalogIndex.
sort_func = index.discriminator
else:
sort_func = None
entries = [] # [(sort key, name, item)]
for name, item in container.items():
if interfaces:
# item must provide at least one of the given interfaces
for iface in interfaces:
if iface.providedBy(item):
break
else:
continue
if permission:
if not has_permission(permission, item, request):
continue
if filter_func:
if not filter_func(name, item):
continue
if sort_func is not None:
sort_key = sort_func(item, None)
else:
sort_key = None
entries.append((sort_key, name, item))
entries.sort()
if reverse:
entries.reverse()
page_entries = entries[batch_start : batch_start + batch_size]
info = {
"entries": [item for _, _, item in page_entries],
"batch_start": batch_start,
"batch_size": batch_size,
"batch_end": batch_start + len(page_entries),
"total": len(entries),
}
_add_link_data(info, container, request)
return info
示例10: upload_attachments
def upload_attachments(attachments, folder, creator, request):
""" This creates *and removes* attachments based on information
retrieved from a form"""
for attachment in attachments:
if attachment.filename:
mimetype = attachment.mimetype
filename = make_unique_name(
folder,
basename_of_filepath(attachment.filename)
)
folder[filename] = obj = create_content(
ICommunityFile,
title = filename,
stream = attachment.file,
mimetype = mimetype,
filename = filename,
creator = creator,
)
max_size = int(get_setting(folder, 'upload_limit', 0))
if max_size and obj.size > max_size:
msg = 'File size exceeds upload limit of %d.' % max_size
raise ValueError(msg)
else:
meta = attachment.metadata
if meta.get('remove') and meta.get('default'):
name = meta['default']
if name in folder:
ob = folder[name]
if has_permission('delete', ob, request):
del folder[name]
示例11: _show_calendar_view
def _show_calendar_view(context, request, make_presenter):
year, month, day = _date_requested(context, request)
focus_datetime = datetime.datetime(year, month, day)
now_datetime = _now()
# make the calendar presenter for this view
url_for = _make_calendar_presenter_url_func(context, request)
calendar = make_presenter(focus_datetime,
now_datetime,
url_for)
# find events and paint them on the calendar
selected_layer = _calendar_filter(context, request)
events = _get_catalog_events(context, request,
first_moment=calendar.first_moment,
last_moment=calendar.last_moment,
layer_name=selected_layer)
calendar.paint_events(events)
layers = _get_calendar_layers(context)
setup_url = _calendar_setup_url(context, request)
# render
api = TemplateAPI(context, request, calendar.title)
return render_template_to_response(
calendar.template_filename,
api=api,
setup_url=setup_url,
calendar=calendar,
selected_layer = selected_layer,
layers = layers,
quote = quote,
may_create = has_permission(CREATE, context, request),
)
示例12: checkPermission
def checkPermission(self, info):
""" Does user have permission to author content in the given context?
Uses ACL security policy to test.
"""
users = find_users(self.context)
for target in info['targets']:
if 'error' in target:
continue
report_name = target.get('report')
if report_name is not None:
pd = find_peopledirectory(self.context)
context = find_model(pd, report_name.split('+'))
permission = "email"
else:
communities = find_communities(self.context)
community = communities[target['community']]
context = community[target['tool']]
permission = "create" # XXX In theory could depend on target
user = users.get_by_id(info['author'])
if user is not None:
user = dict(user)
user['repoze.who.userid'] = info['author']
# BFG Security API always assumes http request, so we fabricate a
# fake request.
request = webob.Request.blank('/')
request.environ['repoze.who.identity'] = user
if not has_permission(permission, context, request):
target['error'] = 'Permission Denied'
示例13: show_page_view
def show_page_view(context, request):
backto = {
'href': model_url(context.__parent__, request),
'title': context.__parent__.title,
}
actions = []
if has_permission('create', context, request):
actions.append(
('Edit', 'edit.html')
)
if has_permission('delete', context, request):
actions.append(
('Delete', 'delete.html'),
)
page_title = context.title
api = TemplateAPI(context, request, page_title)
previous, next = get_previous_next(context, request)
# provide client data for rendering current tags in the tagbox
client_json_data = dict(
tagbox = get_tags_client_data(context, request),
)
# Get a layout
community = find_community(context)
layout_provider = get_layout_provider(context, request)
if community is not None:
layout = layout_provider('community')
else:
layout = layout_provider('generic')
return render_template_to_response(
'templates/show_page.pt',
api=api,
actions=actions,
attachments=fetch_attachments(context['attachments'], request),
formfields=api.formfields,
head_data=convert_to_script(client_json_data),
backto=backto,
previous=previous,
next=next,
layout=layout,
)
示例14: show_wikipage_view
def show_wikipage_view(context, request):
is_front_page = (context.__name__ == 'front_page')
if is_front_page:
community = find_interface(context, ICommunity)
page_title = '%s Community Wiki Page' % community.title
backto = False
else:
page_title = context.title
backto = {
'href': model_url(context.__parent__, request),
'title': context.__parent__.title,
}
actions = []
if has_permission('edit', context, request):
actions.append(('Edit', 'edit.html'))
if has_permission('delete', context, request) and not is_front_page:
actions.append(('Delete', 'delete.html'))
repo = find_repo(context)
if repo is not None and has_permission('edit', context, request):
actions.append(('History', 'history.html'))
show_trash = True
else:
show_trash = False
if has_permission('administer', context, request):
actions.append(('Advanced', 'advanced.html'))
api = TemplateAPI(context, request, page_title)
client_json_data = convert_to_script(dict(
tagbox = get_tags_client_data(context, request),
))
wiki = find_interface(context, IWiki)
feed_url = model_url(wiki, request, "atom.xml")
return dict(
api=api,
actions=actions,
head_data=client_json_data,
feed_url=feed_url,
backto=backto,
is_front_page=is_front_page,
show_trash=show_trash,
lock_info=lock.lock_info_for_view(context, request),
)
示例15: show_comment_view
def show_comment_view(context, request):
page_title = "Comment on " + context.title
api = request.api
api.page_title = page_title
actions = []
if has_permission('edit', context, request):
actions.append(('Edit', 'edit.html'))
if has_permission('delete', context, request):
actions.append(('Delete', 'delete.html'))
byline_info = getMultiAdapter((context, request), IBylineInfo)
container = find_supported_interface(context, api.supported_comment_interfaces())
if not container:
err_msg = 'unsupported interface for show_comment_view found for ' \
'context: %s' % context
log.warn(err_msg)
exception_response = ExceptionResponse(err_msg)
exception_response.status = '500 Internal Server Error'
return exception_response
backto = {
'href': model_url(container, request),
'title': container.title,
}
# Get a layout
layout_provider = get_layout_provider(context, request)
layout = layout_provider('community')
if support_attachments(context):
attachments = fetch_attachments(context, request)
else:
attachments = ()
return render_template_to_response(
'templates/show_comment.pt',
api=api,
actions=actions,
byline_info=byline_info,
attachments=attachments,
backto=backto,
layout=layout,
)