本文整理汇总了Python中utils._checkPermission函数的典型用法代码示例。如果您正苦于以下问题:Python _checkPermission函数的具体用法?Python _checkPermission怎么用?Python _checkPermission使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了_checkPermission函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: doActionFor
def doActionFor(self, ob, action, comment=''):
'''
Allows the user to request a workflow action. This method
must perform its own security checks.
'''
allow_review = _checkPermission('Review portal content', ob)
allow_request = _checkPermission('Request review', ob)
review_state = self.getReviewStateOf(ob)
tool = aq_parent(aq_inner(self))
if action == 'submit':
if not allow_request or review_state != 'private':
raise 'Unauthorized'
self.setReviewStateOf(ob, 'pending', action, comment)
elif action == 'retract':
if not allow_request or review_state == 'private':
raise 'Unauthorized'
content_creator = ob.Creator()
pm = getToolByName(self, 'portal_membership')
current_user = pm.getAuthenticatedMember().getUserName()
if content_creator != current_user:
raise 'Unauthorized'
self.setReviewStateOf(ob, 'private', action, comment)
elif action == 'publish':
if not allow_review:
raise 'Unauthorized'
self.setReviewStateOf(ob, 'published', action, comment)
elif action == 'reject':
if not allow_review:
raise 'Unauthorized'
self.setReviewStateOf(ob, 'private', action, comment)示例2: listUndoableTransactionsFor
def listUndoableTransactionsFor(self, object,
first_transaction=None,
last_transaction=None,
PrincipiaUndoBatchSize=None):
'''Lists all transaction IDs the user is allowed to undo.
'''
# arg list for undoable_transactions() changed in Zope 2.2.
portal = queryUtility(ISiteRoot)
if site is None:
# fallback
portal = self.aq_inner.aq_parent
transactions = portal.undoable_transactions(
first_transaction=first_transaction,
last_transaction=last_transaction,
PrincipiaUndoBatchSize=PrincipiaUndoBatchSize)
for t in transactions:
# Ensure transaction ids don't have embedded LF.
t['id'] = t['id'].replace('\n', '')
if not _checkPermission(ManagePortal, portal):
# Filter out transactions done by other members of the portal.
user_id = _getAuthenticatedUser(self).getId()
transactions = filter(
lambda record, user_id=user_id:
record['user_name'].split()[-1] == user_id,
transactions
)
return transactions示例3: listGlobalActions
def listGlobalActions(self, info):
'''
Allows this workflow to
include actions to be displayed in the actions box.
Called on every request.
Returns the actions to be displayed to the user.
'''
if (info.isAnonymous or not _checkPermission(
'Review portal content', info.portal)):
return None
actions = []
catalog = getToolByName(self, 'portal_catalog', None)
if catalog is not None:
pending = len(catalog.searchResults(
review_state='pending'))
if pending > 0:
actions.append(
{'name': 'Pending review (%d)' % pending,
'url': info.portal_url +
'/search?review_state=pending',
'permissions': (),
'category': 'global'}
)
return actions示例4: checkPermission
def checkPermission(self, permissionName, object, subobjectName=None):
'''
Checks whether the current user has the given permission on
the given object or subobject.
'''
if subobjectName is not None:
object = getattr(object, subobjectName)
return _checkPermission(permissionName, object)示例5: listDAVObjects
def listDAVObjects(self):
# List sub-objects for PROPFIND requests.
# (method is without docstring to disable publishing)
#
if _checkPermission(ManagePortal, self):
return self.objectValues()
else:
return self.listFolderContents()示例6: _verifyActionPermissions
def _verifyActionPermissions(self, action):
pp = action.get('permissions', ())
if not pp:
return 1
for p in pp:
if _checkPermission(p, self):
return 1
return 0示例7: _verifyObjectPaste
def _verifyObjectPaste(self, object, validate_src=1):
# This assists the version in OFS.CopySupport.
# It enables the clipboard to function correctly
# with objects created by a multi-factory.
if (hasattr(object, '__factory_meta_type__') and
hasattr(self, 'all_meta_types')):
mt = object.__factory_meta_type__
method_name=None
permission_name = None
meta_types = self.all_meta_types
if callable(meta_types): meta_types = meta_types()
for d in meta_types:
if d['name']==mt:
method_name=d['action']
permission_name = d.get('permission', None)
break
if permission_name is not None:
if _checkPermission(permission_name,self):
if not validate_src:
# We don't want to check the object on the clipboard
return
try: parent = aq_parent(aq_inner(object))
except: parent = None
if getSecurityManager().validate(None, parent,
None, object):
# validation succeeded
return
raise 'Unauthorized', object.getId()
else:
raise 'Unauthorized', permission_name
#
# Old validation for objects that may not have registered
# themselves in the proper fashion.
#
elif method_name is not None:
meth=self.unrestrictedTraverse(method_name)
if hasattr(meth, 'im_self'):
parent = meth.im_self
else:
try: parent = aq_parent(aq_inner(meth))
except: parent = None
if getSecurityManager().validate(None, parent, None, meth):
# Ensure the user is allowed to access the object on the
# clipboard.
if not validate_src:
return
try: parent = aq_parent(aq_inner(object))
except: parent = None
if getSecurityManager().validate(None, parent,
None, object):
return
id = object.getId()
raise 'Unauthorized', id
else:
raise 'Unauthorized', method_name
PortalFolder.inheritedAttribute(
'_verifyObjectPaste')(self, object, validate_src)示例8: searchResults
def searchResults(self, REQUEST=None, **kw):
"""
Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see.
"""
user = _getAuthenticatedUser(self)
kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )
if not _checkPermission( AccessInactivePortalContent, self ):
base = aq_base( self )
now = DateTime()
self._convertQuery(kw)
# Intersect query restrictions with those implicit to the tool
for k in 'effective', 'expires':
if kw.has_key(k):
range = kw[k]['range'] or ''
query = kw[k]['query']
if (not isinstance(query, TupleType) and
not isinstance(query, ListType)):
query = (query,)
else:
range = ''
query = None
if range.find('min') > -1:
lo = min(query)
else:
lo = None
if range.find('max') > -1:
hi = max(query)
else:
hi = None
if k == 'effective':
if hi is None or hi > now:
hi = now
if lo is not None and hi < lo:
return ()
else: # 'expires':
if lo is None or lo < now:
lo = now
if hi is not None and hi < lo:
return ()
# Rebuild a query
if lo is None:
query = hi
range = 'max'
elif hi is None:
query = lo
range = 'min'
else:
query = (lo, hi)
range = 'min:max'
kw[k] = {'query': query, 'range': range}
return ZCatalog.searchResults(self, REQUEST, **kw)示例9: getInfoFor
def getInfoFor(self, ob, name, default):
'''
Allows the user to request information provided by the
workflow. This method must perform its own security checks.
'''
# Treat this as public.
if name == 'review_state':
return self.getReviewStateOf(ob)
allow_review = _checkPermission('Review portal content', ob)
allow_request = _checkPermission('Request review', ob)
if not allow_review and not allow_request:
return default
elif name == 'review_history':
tool = aq_parent(aq_inner(self))
history = tool.getHistoryOf(self.id, ob)
# Make copies for security.
return tuple(map(lambda dict: dict.copy(), history))示例10: getCandidateLocalRoles
def getCandidateLocalRoles(self, obj):
""" What local roles can I assign?
"""
member = self.getAuthenticatedMember()
member_roles = member.getRolesInContext(obj)
if _checkPermission(ManageUsers, obj):
local_roles = self.getPortalRoles()
if "Manager" not in member_roles:
local_roles.remove("Manager")
else:
local_roles = [role for role in member_roles if role not in ("Member", "Authenticated")]
local_roles.sort()
return tuple(local_roles)示例11: searchResults
def searchResults(self, REQUEST=None, **kw):
"""
Calls ZCatalog.searchResults with extra arguments that
limit the results to what the user is allowed to see.
"""
user = _getAuthenticatedUser(self)
kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )
if not _checkPermission( AccessInactivePortalContent, self ):
now = DateTime()
kw['effective'] = {'query': now, 'range': 'max'}
kw['expires'] = {'query': now, 'range': 'min'}
return ZCatalog.searchResults(self, REQUEST, **kw)示例12: listActionInfos
def listActionInfos(self, action_chain=None, object=None,
check_visibility=1, check_permissions=1,
check_condition=1, max=-1):
# List Action info mappings.
# (method is without docstring to disable publishing)
#
ec = getExprContext(self, object)
actions = self.listActions(object=object)
if action_chain:
filtered_actions = []
if isinstance(action_chain, StringType):
action_chain = (action_chain,)
for action_ident in action_chain:
sep = action_ident.rfind('/')
category, id = action_ident[:sep], action_ident[sep+1:]
for ai in actions:
if id == ai.getId() and category == ai.getCategory():
filtered_actions.append(ai)
actions = filtered_actions
action_infos = []
for ai in actions:
if check_visibility and not ai.getVisibility():
continue
if check_permissions:
permissions = ai.getPermissions()
if permissions:
category = ai.getCategory()
if (object is not None and
(category.startswith('object') or
category.startswith('workflow'))):
context = object
elif (ec.contexts['folder'] is not None and
category.startswith('folder')):
context = ec.contexts['folder']
else:
context = ec.contexts['portal']
for permission in permissions:
allowed = _checkPermission(permission, context)
if allowed:
break
if not allowed:
continue
if check_condition and not ai.testCondition(ec):
continue
action_infos.append( ai.getAction(ec) )
if max + 1 and len(action_infos) >= max:
break
return action_infos示例13: _checkId
def _checkId(self, id, allow_dup=0):
PortalFolder.inheritedAttribute('_checkId')(self, id, allow_dup)
# This method prevents people other than the portal manager
# from overriding skinned names.
if not allow_dup:
if not _checkPermission(ManagePortal, self):
ob = self
while ob is not None and not getattr(ob, '_isPortalRoot', 0):
ob = aq_parent(aq_inner(ob))
if ob is not None:
# If the portal root has an object by this name,
# don't allow an override.
# FIXME: needed to allow index_html for join code
if hasattr(ob, id) and id != 'index_html':
raise BadRequest('The id "%s" is reserved.' % id)示例14: setLocalRoles
def setLocalRoles(self, obj, member_ids, member_role, reindex=1, REQUEST=None):
""" Add local roles on an item.
"""
if _checkPermission(ChangeLocalRoles, obj) and member_role in self.getCandidateLocalRoles(obj):
for member_id in member_ids:
roles = list(obj.get_local_roles_for_userid(userid=member_id))
if member_role not in roles:
roles.append(member_role)
obj.manage_setLocalRoles(member_id, roles)
if reindex:
# It is assumed that all objects have the method
# reindexObjectSecurity, which is in CMFCatalogAware and
# thus PortalContent and PortalFolder.
obj.reindexObjectSecurity()示例15: deleteLocalRoles
def deleteLocalRoles(self, obj, member_ids, reindex=1, recursive=0):
""" Delete local roles of specified members.
"""
if _checkPermission(ChangeLocalRoles, obj):
for member_id in member_ids:
if obj.get_local_roles_for_userid(userid=member_id):
obj.manage_delLocalRoles(userids=member_ids)
break
if recursive and hasattr( aq_base(obj), 'contentValues' ):
for subobj in obj.contentValues():
self.deleteLocalRoles(subobj, member_ids, 0, 1)
if reindex:
# reindexObjectSecurity is always recursive
obj.reindexObjectSecurity()