4
The granting view allows the user to grant permissions and roles to
5
principals. The view unfortunately depends on a lot of other components:
9
>>> from zope.app.testing import ztapi
10
>>> from zope.app.securitypolicy.role import Role
11
>>> from zope.app.securitypolicy.interfaces import IRole
12
>>> ztapi.provideUtility(IRole, Role(u'role1', u'Role 1'), u'role1')
13
>>> ztapi.provideUtility(IRole, Role(u'role2', u'Role 2'), u'role2')
14
>>> ztapi.provideUtility(IRole, Role(u'role3', u'Role 3'), u'role3')
18
>>> from zope.security.permission import Permission
19
>>> from zope.security.interfaces import IPermission
20
>>> ztapi.provideUtility(IPermission, Permission(u'permission1',
21
... u'Permission 1'), u'permission1')
22
>>> ztapi.provideUtility(IPermission, Permission(u'permission2',
23
... u'Permission 2'), u'permission2')
24
>>> ztapi.provideUtility(IPermission, Permission(u'permission3',
25
... u'Permission 3'), u'permission3')
27
- Authentication Utility
30
... def __init__(self, id, title): self.id, self.title = id, title
32
>>> from zope.app.security.interfaces import IAuthentication
33
>>> from zope.app.security.interfaces import PrincipalLookupError
34
>>> from zope.interface import implements
35
>>> class AuthUtility:
36
... implements(IAuthentication)
37
... data = {'jim': Principal('jim', 'Jim Fulton'),
38
... 'stephan': Principal('stephan', 'Stephan Richter')}
40
... def getPrincipal(self, id):
42
... return self.data.get(id)
44
... raise PrincipalLookupError(id)
46
... def getPrincipals(self, search):
48
... for principal in self.data.values()
49
... if search in principal.title]
51
>>> ztapi.provideUtility(IAuthentication, AuthUtility())
53
- Security-related Adapters
55
>>> from zope.annotation.interfaces import IAnnotatable
56
>>> from zope.app.securitypolicy.interfaces import IPrincipalRoleManager
57
>>> from zope.app.securitypolicy.principalrole import \
58
... AnnotationPrincipalRoleManager
60
>>> ztapi.provideAdapter(IAnnotatable, IPrincipalRoleManager,
61
... AnnotationPrincipalRoleManager)
63
>>> from zope.app.securitypolicy.interfaces import \
64
... IPrincipalPermissionManager
65
>>> from zope.app.securitypolicy.principalpermission import \
66
... AnnotationPrincipalPermissionManager
68
>>> ztapi.provideAdapter(IAnnotatable, IPrincipalPermissionManager,
69
... AnnotationPrincipalPermissionManager)
71
- Vocabulary Choice Widgets
73
>>> from zope.schema.interfaces import IChoice
74
>>> from zope.app.form.browser import ChoiceInputWidget
75
>>> from zope.app.form.interfaces import IInputWidget
76
>>> ztapi.browserViewProviding(IChoice, ChoiceInputWidget, IInputWidget)
78
>>> from zope.schema.interfaces import IVocabularyTokenized
79
>>> from zope.publisher.interfaces.browser import IBrowserRequest
80
>>> from zope.app.form.browser import DropdownWidget
81
>>> ztapi.provideMultiView((IChoice, IVocabularyTokenized),
82
... IBrowserRequest, IInputWidget, '',
85
- Support Views for the Principal Source Widget
87
>>> from zope.app.security.interfaces import IPrincipalSource
88
>>> from zope.app.security.browser.principalterms import PrincipalTerms
89
>>> from zope.app.form.browser.interfaces import ITerms
90
>>> ztapi.browserViewProviding(IPrincipalSource, PrincipalTerms, ITerms)
92
>>> from zope.app.security.browser.auth import AuthUtilitySearchView
93
>>> from zope.app.form.browser.interfaces import ISourceQueryView
94
>>> ztapi.browserViewProviding(IAuthentication,
95
... AuthUtilitySearchView,
99
>>> from zope.schema.interfaces import ISource
100
>>> from zope.app.form.browser.source import SourceInputWidget
101
>>> ztapi.provideMultiView((IChoice, ISource), IBrowserRequest,
102
... IInputWidget, '', SourceInputWidget)
104
- Attribute Annotatable Adapter
106
>>> from zope.app.testing import setup
107
>>> setup.setUpAnnotations()
108
>>> setup.setUpSiteManagerLookup()
112
>>> from zope.annotation.interfaces import IAttributeAnnotatable
114
... implements(IAttributeAnnotatable)
115
... __annotations__ = {}
117
(This is Jim's understanding of a "easy" setup!)
119
Now that we have all the components we need, let's create *the* view.
122
>>> from zope.publisher.browser import TestRequest
123
>>> request = TestRequest()
125
>>> from zope.app.securitypolicy.browser.granting import Granting
126
>>> view = Granting(ob, request)
128
If we call status, we get nothing and the view's principal attribute is `None`:
134
Since we have not selected a principal, we have no role or permission widgets:
136
>>> getattr(view, 'roles', None)
137
>>> getattr(view, 'permissions', None)
139
Now that we have a selected principal, then
142
>>> view.request.form['field.principal.displayed'] = 'y'
143
>>> view.request.form['field.principal'] = 'amlt'
145
(Yes, 'amlt' is the base 64 code for 'jim'.)
150
and now the `view.principal` is set:
155
Now we should have a list of role and permission widgets, and all of them
156
should be unset, because do not have any settings for 'jim'.
158
>>> [role.context.title for role in view.roles]
159
[u'Role 1', u'Role 2', u'Role 3']
160
>>> [perm.context.title for perm in view.permissions]
161
[u'Permission 1', u'Permission 2', u'Permission 3']
163
Now we change some settings and submit the form:
165
>>> from zope.app.securitypolicy.interfaces import Allow, Deny, Unset
167
>>> view.request.form['field.amlt.role.role1'] = 'unset'
168
>>> view.request.form['field.amlt.role.role1-empty-makrer'] = 1
169
>>> view.request.form['field.amlt.role.role2'] = 'allow'
170
>>> view.request.form['field.amlt.role.role2-empty-makrer'] = 1
171
>>> view.request.form['field.amlt.role.role3'] = 'deny'
172
>>> view.request.form['field.amlt.role.role3-empty-makrer'] = 1
174
>>> view.request.form['field.amlt.permission.permission1'] = 'unset'
175
>>> view.request.form['field.amlt.permission.permission1-empty-makrer'] = 1
176
>>> view.request.form['field.amlt.permission.permission2'] = 'allow'
177
>>> view.request.form['field.amlt.permission.permission2-empty-makrer'] = 1
178
>>> view.request.form['field.amlt.permission.permission3'] = 'deny'
179
>>> view.request.form['field.amlt.permission.permission3-empty-makrer'] = 1
181
>>> view.request.form['GRANT_SUBMIT'] = 'Submit'
183
If we get the status now, the data should be written and a status message
189
>>> roles = IPrincipalRoleManager(ob)
190
>>> roles.getSetting('role1', 'jim') is Unset
192
>>> roles.getSetting('role2', 'jim') is Allow
194
>>> roles.getSetting('role3', 'jim') is Deny
197
>>> roles = IPrincipalPermissionManager(ob)
198
>>> roles.getSetting('permission1', 'jim') is Unset
200
>>> roles.getSetting('permission2', 'jim') is Allow
202
>>> roles.getSetting('permission3', 'jim') is Deny