--- /dev/null
+ <h1 tal:define="global print request/pp | nothing"></h1>
+ <h1 tal:replace="structure here/manage_page_header">Header</h1>
+ <h2 tal:condition="not: print" tal:define="manage_tabs_message options/manage_tabs_message | nothing"
+ tal:replace="structure here/manage_tabs">Tabs</h2>
+
+
+ <div tal:condition="request/doIt | nothing">
+ <h4>Audit results</h4>
+
+ <table
+ border="1"
+ class="list-item"
+ tal:define="
+ global users_and_roles here/listUsersAndRoles;
+ site_tree here/getSiteTree;
+ table_cache python:here.computeSecuritySettings(site_tree, users_and_roles, [('R', request.read_permission), ('W', request.write_permission)]);
+ "
+ tal:condition="users_and_roles"
+ >
+ <tr tal:define="width python:int(100/len(users_and_roles))">
+ <td width="0" tal:attributes="width string:$width%"></td>
+ <td width="0" align="center"
+ tal:repeat="s users_and_roles"
+ tal:attributes="width string:$width%"
+ >
+ <span tal:define="color python:test(s[0] == 'user', here.user_color, test(s[0] == 'group', here.group_color, here.role_color))">
+ <font color="" tal:attributes="color color">
+ <tal:block tal:condition="not:request/use_legend|nothing">
+ <b tal:content="structure python:s[4]" /><br />
+ </tal:block>
+ <tal:block tal:condition="request/use_legend|nothing">
+ <b tal:content="python:s[3]" />
+ </tal:block>
+ </font>
+ <span tal:condition="not:request/use_legend|nothing">
+ (<font color="" tal:attributes="color color"><span tal:replace="python:s[0]" /></font>)
+ </span>
+ </span>
+ </td>
+ </tr>
+
+ <tr tal:repeat="folder site_tree">
+ <td nowrap="1">
+ <span tal:repeat="x python:range(0,folder[1])" tal:omit-tag="">-</span>
+ <a href=""
+ tal:attributes="href python:folder[2]"
+ tal:content="python:folder[0]"
+ />
+ <tal:block
+ tal:define="state python:here.portal_workflow.getInfoFor(here.restrictedTraverse(folder[2]), 'review_state')"
+ tal:on-error="nothing"
+ >
+ <br />
+ <span tal:repeat="x python:range(0,folder[1])" tal:omit-tag="">-</span>
+ <span tal:replace="state" />
+ </tal:block>
+ </td>
+ <td
+ tal:repeat="s users_and_roles"
+ >
+ <tal:block
+ tal:define="
+ R python:table_cache[folder[2]][s[:2]].get('R', None);
+ W python:table_cache[folder[2]][s[:2]].get('W', None)"
+ >
+ <span tal:condition="R">R</span>
+ <span tal:condition="W">W</span>
+ <span tal:condition="python: (not R) and (not W)"> </span>
+ </tal:block>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <div tal:condition="request/use_legend|nothing">
+ <h4>Legend</h4>
+ <ol>
+ <table>
+ <tr class="list-header">
+ <th class="list-header">Id</th>
+ <th class="list-header">Label</th>
+ <th class="list-header">Kind</th>
+ </tr>
+
+ <tr tal:repeat="actor users_and_roles">
+ <span tal:define="color python:test(actor[0] == 'user', here.user_color, test(actor[0] == 'group', here.group_color, here.role_color))">
+ <td class="list-item"><font color="" tal:attributes="color color" tal:content="python:actor[3]">Id</font></td>
+ <td class="list-item"><font color="" tal:attributes="color color" tal:content="structure python:actor[4]">Label</font></td>
+ <td class="list-item"><font color="" tal:attributes="color color" tal:content="python:actor[0]">Kind</font></td>
+ </span>
+ </tr>
+
+ </table>
+ </ol>
+ </div>
+
+ <div tal:condition="not: print" tal:omit-tag="">
+ <h4>Audit settings</h4>
+ <ol>
+ <p>
+ See help below if you do not understand those settings.
+ </p>
+
+ <form action="manage_audit" method="GET">
+ <input type="hidden" name="doIt" value="1">
+ <table
+ tal:define="default here/getDefaultPermissions"
+ >
+ <tr class="list-header">
+ <th>Parameter</th>
+ <th class="list-header">Setting</th>
+ </tr>
+ <tr>
+ <td><div class="list-item">Read permission</div></td>
+ <td>
+ <select name="read_permission" size="1">
+ <option
+ selected=0
+ value=""
+ tal:repeat="perm here/listAuditPermissions"
+ tal:attributes="
+ value perm;
+ selected python:perm == default['R'];
+ "
+ tal:content="perm"
+ />
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td><div class="list-item">Write permission</div></td>
+ <td>
+ <select name="write_permission" size="1">
+ <option
+ selected=0
+ value=""
+ tal:repeat="perm here/listAuditPermissions"
+ tal:attributes="
+ value perm;
+ selected python:perm == default['W'];
+ "
+ tal:content="perm"
+ />
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td><div class="list-item">Displayed actors</div></td>
+ <td>
+ <div class="list-item">
+ <input type="checkbox" name="display_roles" checked="" tal:attributes="checked request/display_roles|python:test(request.get('doIt',None), 0, 1)">
+ <font color="" tal:attributes="color here/role_color">Roles</font><br />
+ <input type="checkbox" name="display_groups" checked="" tal:attributes="checked request/display_groups|python:test(request.get('doIt',None), 0, 1)">
+ <font color="" tal:attributes="color here/group_color">Groups</font><br />
+ <input type="checkbox" name="display_users" checked="" tal:attributes="checked request/display_users|python:test(request.get('doIt',None), 0, 0)">
+ <font color="" tal:attributes="color here/user_color">Users</font>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top"><div class="list-item">Use a legend</div></td>
+ <td>
+ <div class="list-item">
+ <input type="checkbox" name="use_legend" checked="" tal:attributes="checked request/use_legend|nothing">
+ (Use this feature to display actors names outside the table. This will reduce the table width, which may be useful for printing, for example.)
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td><div class="list-item">Printable page</div></td>
+ <td>
+ <div class="list-item">
+ <input type="checkbox" name="pp" checked="" tal:attributes="checked request/pp|nothing">
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td></td>
+ <td><input type="submit" value="View"></td>
+ </tr>
+ </table>
+ </form>
+ </ol>
+ </div>
+
+
+ <div tal:condition="not: print" tal:omit-tag="">
+ <div tal:condition="not:request/doIt | nothing">
+
+ <h4>About the audit table</h4>
+ <ol>
+ <p>
+ This management tab allows one to check how the site security is applied for the most useful cases.<br />
+ This allows you to have a precise abstract of the security settings for a little set of permissions as
+ if it simply were "Read" and "Write" permissions.
+ </p>
+
+ <p>
+ <strong>
+ This management tab won't change anything in your security settings. It is just intended to show information and not to modify anything.
+ </strong>
+ </p>
+
+ <p>
+ Select, in the form below, the permissions you want to monitor and the kind of actors (roles, groups or users) you want to display.
+ </p>
+
+ <ol>
+ <h4>Hint</h4>
+ <p>
+ Usually, for a regular Zope site, the
+ permission set would be mapped this way:
+ </p>
+
+ <ul>
+ <li>Read: View</li>
+ <li>Write: Change Images and Files</li>
+ </ul>
+ <p>
+ For a Plone site, the
+ permission set would be mapped this way:
+ </p>
+
+ <ul>
+ <li>Read: View</li>
+ <li>Write: Modify portal content</li>
+ </ul>
+ <p>
+ If you have <strong>a lot of users</strong>, rendering this audit can be very time-consuming.<br />
+ In such conditions, you can select only "roles" to make things a lot faster.
+ </ol>
+ </ol>
+ </div>
+ </div>
+
+ <h1 tal:replace="structure here/manage_page_footer">Footer</h1>