+# -*- coding: utf-8 -*-
+#######################################################################################
+# Plinn - http://plinn.org #
+# Copyright (C) 2005-2007 Benoît PIN <benoit.pin@ensmp.fr> #
+# #
+# This program is free software; you can redistribute it and/or #
+# modify it under the terms of the GNU General Public License #
+# as published by the Free Software Foundation; either version 2 #
+# of the License, or (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program; if not, write to the Free Software #
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. #
+#######################################################################################
+""" Plinn portal_membership
+
+
+
+"""
+
+from AccessControl import ClassSecurityInfo, getSecurityManager
+from AccessControl.unauthorized import Unauthorized
+from AccessControl.SpecialUsers import nobody
+from AccessControl.Permission import Permission
+from Acquisition import aq_base, aq_inner
+from Globals import InitializeClass, MessageDialog
+from Products.PageTemplates.PageTemplateFile import PageTemplateFile
+
+from Products.CMFDefault.MembershipTool import MembershipTool as BaseTool
+from Products.CMFCore.permissions import View, ListPortalMembers, ManagePortal, SetOwnPassword, ChangePermissions
+from permissions import RemoveMember, SetLocalRoles, CheckMemberPermission
+from utils import _checkMemberPermission
+from Products.CMFCore.utils import _checkPermission, _getAuthenticatedUser
+from Products.CMFCore.utils import getUtilityByInterfaceName
+from utils import formatFullName, translate
+from Products.CMFDefault.utils import decode
+from Products.CMFDefault.Document import addDocument
+
+from sets import Set
+from types import TupleType
+
+
+from time import time
+from logging import getLogger
+console = getLogger('Plinn.MembershipTool')
+
+
+class MembershipTool( BaseTool ):
+ """ Implement 'portal_membership' interface using "stock" policies.
+ """
+
+
+ meta_type = 'Plinn Membership Tool'
+
+ manage_options=( ({ 'label' : 'Configuration'
+ , 'action' : 'manage_mapRoles'
+ },) + BaseTool.manage_options[1:])
+
+ security = ClassSecurityInfo()
+
+ security.declareProtected(ManagePortal, 'manage_mapRoles')
+ manage_mapRoles = PageTemplateFile('www/configureMembershipTool', globals(),
+ __name__='manage_mapRoles')
+
+ #
+ # 'portal_membership' interface methods
+ #
+
+ # change security settings for inherited methods
+ security.declareProtected(ListPortalMembers, 'getMemberById')
+
+
+ memberareaPortalType = 'Huge Plinn Folder'
+
+
+# security.declareProtected(SetOwnPassword, 'setPassword')
+# def setPassword(self, password, domains=None):
+# '''Allows the authenticated member to set his/her own password.
+# '''
+# user_folder = self.__getPUS()
+# if user_folder.meta_type == 'Group User Folder' :
+# registration = getToolByName(self, 'portal_registration', None)
+# if not self.isAnonymousUser():
+# member = self.getAuthenticatedMember()
+# if registration:
+# failMessage = registration.testPasswordValidity(password)
+# if failMessage is not None:
+# raise 'Bad Request', failMessage
+# member.setSecurityProfile(password=password, domains=domains)
+# member.changePassword(password)
+# else:
+# raise 'Bad Request', 'Not logged in.'
+#
+# else :
+# BaseTool.setPassword(self, password, domains=None)
+
+
+
+ security.declareProtected(ListPortalMembers, 'listMemberIds')
+ def listMemberIds(self):
+ '''Lists the ids of all members. This may eventually be
+ replaced with a set of methods for querying pieces of the
+ list rather than the entire list at once.
+ '''
+ user_folder = self.__getPUS()
+ if user_folder.meta_type == 'Group User Folder' :
+ return user_folder.getPureUserNames()
+ else :
+ return [ x.getId() for x in user_folder.getUsers() ]
+
+
+ security.declareProtected(CheckMemberPermission, 'checkMemberPermission')
+ def checkMemberPermission(self, userid, permissionName, object, subobjectName=None):
+ '''
+ Checks whether the current user has the given permission on
+ the given object or subobject.
+ '''
+ if subobjectName is not None:
+ object = getattr(object, subobjectName)
+
+ return _checkMemberPermission(userid, permissionName, object)
+
+ security.declareProtected(ListPortalMembers, 'listMembers')
+ def listMembers(self):
+ '''Gets the list of all members.
+ '''
+ user_folder = self.__getPUS()
+ if user_folder.meta_type == 'Group User Folder' :
+ return map(self.wrapUser, user_folder.getPureUsers())
+ else :
+ return map(self.wrapUser, user_folder.getUsers())
+
+
+ security.declareProtected(View, 'getCandidateLocalRoles')
+ def getCandidateLocalRoles(self, obj) :
+ """ What local roles can I assign?
+ """
+ member = self.getAuthenticatedMember()
+ valid_roles = obj.valid_roles()
+ if 'Manager' in member.getRoles():
+ local_roles = [r for r in valid_roles if r != 'Anonymous']
+ else:
+ sm = getSecurityManager()
+ allPermissions = self.ac_inherited_permissions(1)
+
+ # construct a dictionary of permissions indexed by role
+ # and get permissions of user in obj context
+ memberPermissions = Set()
+ rolesMappings = {}
+ for role in valid_roles :
+ rolesMappings[role] = Set()
+
+ for p in allPermissions:
+ name, value = p[:2]
+
+ p=Permission(name,value,obj)
+ rolesOfPerm = p.getRoles()
+
+ for role in rolesOfPerm :
+ try : rolesMappings[role].add(name)
+ except KeyError :
+ trName = p._p
+ if hasattr(obj, trName):
+ l = list(getattr(obj, trName))
+ l.remove(role)
+ setattr(obj, trName, tuple(l))
+ msg = '%s role has been removed for %s permission on %s ' % (role, name, obj.absolute_url())
+ #LOG('portal_membership', WARNING, msg)
+
+ parent = obj.aq_inner.aq_parent
+ while type(rolesOfPerm) != TupleType :
+ p=Permission(name, value, parent)
+ rolesOfPerm = p.getRoles()
+ for role in rolesOfPerm :
+ try : rolesMappings[role].add(name)
+ except KeyError : pass
+ try : parent = parent.aq_inner.aq_parent
+ except AttributeError : break
+
+
+ if sm.checkPermission(name, obj) :
+ memberPermissions.add(name)
+
+ local_roles = []
+ for role in valid_roles :
+ if rolesMappings[role] and rolesMappings[role].issubset(memberPermissions) :
+ local_roles.append(role)
+
+ local_roles = [ role for role in local_roles if role not in ('Shared', 'Authenticated', 'Member', 'Anonymous') ]
+ local_roles.sort()
+ return tuple(local_roles)
+
+
+ security.declareProtected(View, 'setLocalRoles')
+ def setLocalRoles( self, obj, member_ids, role, remove=0, reindex=1 ):
+ """ Set local roles on an item """
+ if role not in self.getCandidateLocalRoles(obj) :
+ raise Unauthorized, "You are not allowed to manage %s role" % role
+
+ if self.checkPermission(SetLocalRoles, obj) :
+ if not remove :
+ for member_id in member_ids :
+ # current roles for user id in obj
+ roles = list(obj.get_local_roles_for_userid( userid=member_id ))
+ if role not in roles :
+ roles.append(role)
+ obj.manage_setLocalRoles( member_id, roles)
+ else :
+ for member_id in member_ids :
+ # current roles for user id in obj
+ roles = list(obj.get_local_roles_for_userid( userid=member_id ))
+ try : roles.remove(role)
+ except ValueError : pass
+ else :
+ if len(roles) >= 1 :
+ obj.manage_setLocalRoles( member_id, roles)
+ else :
+ obj.manage_delLocalRoles( userids=[member_id] )
+
+ else :
+ raise Unauthorized
+
+ if reindex:
+ # It is assumed that all objects have the method
+ # reindexObjectSecurity, which is in CMFCatalogAware and
+ # thus PortalContent and PortalFolder.
+ obj.reindexObjectSecurity()
+
+
+ security.declarePublic('getMemberFullNameById')
+ def getMemberFullNameById(self, userid, nameBefore = 1) :
+ """ Return the best formated representation of user fullname. """
+
+ memberFullName = ''
+ if userid and userid != 'No owner' :
+ # No owner is a possible value returned by DefaultDublinCoreImpl.Creator
+ member = self.getMemberById(userid)
+ if not member :
+ return userid
+ memberFullName = member.getMemberFullName(nameBefore=nameBefore)
+
+ return memberFullName
+
+ security.declareProtected(ListPortalMembers, 'getMembers')
+ def getMembers(self, users) :
+ """ Return wraped users """
+ members = []
+ for user in users :
+ members.append(self.getMemberById(user))
+
+ members = filter(None, members)
+ members.sort( lambda m0, m1 : cmp(m0.getMemberSortableFormat(), m1.getMemberSortableFormat()) )
+ return members
+
+
+ security.declareProtected(ListPortalMembers, 'getOtherMembers')
+ def getOtherMembers(self, users) :
+ """ Return members who are not in users list"""
+ allMemberIds = self.listMemberIds()
+ otherMemberIds = [ userId for userId in allMemberIds if userId not in users ]
+ return self.getMembers(otherMemberIds)
+
+
+
+ security.declareProtected(ListPortalMembers, 'getMembersMetadata')
+ def getMembersMetadata(self, users) :
+ """ return metadata from portal_catalog """
+ userDict = {}
+ for u in users : userDict[u] = True
+ ctool = getUtilityByInterfaceName('Products.CMFCore.interfaces.ICatalogTool')
+ memberBrains = ctool(portal_type='Member Data', sort_on='getMemberSortableFormat')
+ memberList = []
+ complementList = []
+
+ if users :
+ for mb in memberBrains :
+ metadata = {'id' : mb.getId, 'fullname' : mb.getMemberFullName}
+ if userDict.has_key(mb.getId) :
+ memberList.append(metadata)
+ else :
+ complementList.append(metadata)
+ else :
+ complementList = [{'id' : mb.getId, 'fullname' : mb.getMemberFullName} for mb in memberBrains]
+
+ return {'memberList' : memberList, 'complementList' : complementList}
+
+
+
+ security.declareProtected(RemoveMember, 'removeMembers')
+ def removeMembers(self, memberIds = []) :
+ """ remove member
+ """
+ # TODO : remove member document ?
+ mdtool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IMemberDataTool')
+ for m in self.getMembers(memberIds) :
+ m.manage_beforeDelete()
+ mdtool.deleteMemberData(m.getId())
+
+ self.aq_inner.acl_users.deleteUsers(users = memberIds)
+
+
+
+ security.declareProtected(ManagePortal, 'setMemberAreaPortalType')
+ def setMemberAreaPortalType(self, member_folder_portal_type):
+ """ Set member area portal type to construct."""
+ ttool = getUtilityByInterfaceName('Products.CMFCore.interfaces.ITypesTool')
+ if member_folder_portal_type not in ttool.objectIds() :
+ raise ValueError, "Unknown portal type : %s" % str(member_folder_portal_type)
+
+ self.memberareaPortalType = member_folder_portal_type
+ return MessageDialog(title ='Type updated',
+ message='The member area type have been updated',
+ action ='manage_mapRoles')
+
+ def getMemberAreaPortalType(self) :
+ return self.memberareaPortalType
+
+
+ def getHomeFolder(self, id=None, verifyPermission=0):
+ """ Return a member's home folder object, or None.
+ """
+ if id is None:
+ member = self.getAuthenticatedMember()
+ if not hasattr(member, 'getMemberId'):
+ return None
+ id = member.getMemberId()
+ members = self.getMembersFolder()
+ if members is not None:
+ if not hasattr(members, id) and getattr(self, 'memberareaCreationFlag', 0) != 0 :
+ self.createMemberArea(id)
+ try:
+ folder = members._getOb(id)
+ if verifyPermission and not _checkPermission(View, folder):
+ # Don't return the folder if the user can't get to it.
+ return None
+ return folder
+ except (AttributeError, TypeError, KeyError):
+ pass
+ return None
+
+ security.declarePublic('createMemberArea')
+ def createMemberArea(self, member_id=''):
+ """ Create a member area for 'member_id' or authenticated user.
+ """
+ if not self.getMemberareaCreationFlag():
+ return None
+ members = self.getMembersFolder()
+ if not members:
+ return None
+ if self.isAnonymousUser():
+ return None
+ # Note: We can't use getAuthenticatedMember() and getMemberById()
+ # because they might be wrapped by MemberDataTool.
+ user = _getAuthenticatedUser(self)
+ user_id = user.getId()
+ if member_id in ('', user_id):
+ member = user
+ member_id = user_id
+ else:
+ if _checkPermission(ManageUsers, self):
+ member = self.acl_users.getUserById(member_id, None)
+ if member:
+ member = member.__of__(self.acl_users)
+ else:
+ raise ValueError, 'Member %s does not exist' % member_id
+ else:
+ return None
+
+ if hasattr( aq_base(members), member_id ):
+ return None
+
+ ttool = getUtilityByInterfaceName('Products.CMFCore.interfaces.ITypesTool')
+ info = getattr(ttool, self.memberareaPortalType)
+
+ memberFullName = self.getMemberFullNameById(member_id, nameBefore = 0)
+ f = info._constructInstance( members, member_id, title=memberFullName )
+
+ # Grant Ownership and Owner role to Member
+ f.changeOwnership(user)
+ f.__ac_local_roles__ = None
+ f.manage_setLocalRoles(member_id, ['Owner'])
+
+ f.reindexObjectSecurity()
+ return f
+
+
+ security.declareProtected(ListPortalMembers, 'looseSearchMembers')
+ def looseSearchMembers(self, searchString) :
+ """ """
+
+ words = searchString.strip().split()
+ words = [word.lower() for word in words]
+
+ mdtool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IMemberDataTool')
+ mdProperties = mdtool.propertyIds()
+ searchableProperties = [ p['id'] for p in mdtool.propertyMap() if p['type'] == 'string' ] + ['id']
+ try : searchableProperties.remove('portal_skin')
+ except ValueError : pass
+
+ match = []
+ for m in self.listMembers() :
+ allWordsMatch = False
+ for word in words :
+ for p in searchableProperties :
+ if str(m.getProperty(p, '')).lower().find(word) != -1 :
+ allWordsMatch = True
+ break
+ else :
+ allWordsMatch = False
+
+ if not allWordsMatch :
+ break
+ else :
+ match.append(m)
+
+ return match
+
+ def __getPUS(self):
+ # CMFCore.MembershipTool.MembershipTool tests 'getUsers' method but :
+ # "enumeration" methods ('getUserNames', 'getUsers') are *not*
+ # part of the contract! See IEnumerableUserFolder.
+ # (from PluggableAuthService.interfaces.authservice #233)
+ return self.acl_users
+
+
+InitializeClass(MembershipTool)
projects / Plinn.git / blobdiff