genshi/mirror: examples/trac/trac/perm.py annotate

annotate examples/trac/trac/perm.py @ 39:93b4dcbafd7b trunk

Copy Trac to main branch.

author	cmlenz
date	Mon, 03 Jul 2006 18:53:27 +0000
parents
children	fc685d0c9342

rev	line source
39 93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	1 # -- coding: utf-8 --
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	2 #
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	3 # Copyright (C) 2003-2005 Edgewall Software
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	4 # Copyright (C) 2003-2004 Jonas Borgström <jonas@edgewall.com>
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	5 # Copyright (C) 2005 Christopher Lenz <cmlenz@gmx.de>
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	6 # All rights reserved.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	7 #
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	8 # This software is licensed as described in the file COPYING, which
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	9 # you should have received as part of this distribution. The terms
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	10 # are also available at http://trac.edgewall.com/license.html.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	11 #
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	12 # This software consists of voluntary contributions made by many
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	13 # individuals. For the exact contribution history, see the revision
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	14 # history and logs, available at http://projects.edgewall.com/trac/.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	15 #
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	16 # Author: Jonas Borgström <jonas@edgewall.com>
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	17 # Christopher Lenz <cmlenz@gmx.de>
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	18
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	19 """Management of permissions."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	20
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	21 from trac.config import ExtensionOption
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	22 from trac.core import *
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	23
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	24 __all__ = ['IPermissionRequestor', 'IPermissionStore',
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	25 'IPermissionGroupProvider', 'PermissionError', 'PermissionSystem']
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	26
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	27 class PermissionError(StandardError):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	28 """Insufficient permissions to complete the operation"""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	29
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	30 def __init__ (self, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	31 StandardError.__init__(self)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	32 self.action = action
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	33
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	34 def __str__ (self):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	35 return '%s privileges are required to perform this operation' % self.action
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	36
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	37
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	38 class IPermissionRequestor(Interface):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	39 """Extension point interface for components that define actions."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	40
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	41 def get_permission_actions():
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	42 """Return a list of actions defined by this component.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	43
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	44 The items in the list may either be simple strings, or
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	45 `(string, sequence)` tuples. The latter are considered to be "meta
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	46 permissions" that group several simple actions under one name for
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	47 convenience.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	48 """
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	49
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	50
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	51 class IPermissionStore(Interface):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	52 """Extension point interface for components that provide storage and
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	53 management of permissions."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	54
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	55 def get_user_permissions(username):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	56 """Return all permissions for the user with the specified name.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	57
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	58 The permissions are returned as a dictionary where the key is the name
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	59 of the permission, and the value is either `True` for granted
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	60 permissions or `False` for explicitly denied permissions."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	61
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	62 def get_all_permissions():
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	63 """Return all permissions for all users.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	64
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	65 The permissions are returned as a list of (subject, action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	66 formatted tuples."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	67
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	68 def grant_permission(username, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	69 """Grant a user permission to perform an action."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	70
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	71 def revoke_permission(username, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	72 """Revokes the permission of the given user to perform an action."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	73
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	74
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	75 class IPermissionGroupProvider(Interface):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	76 """Extension point interface for components that provide information about
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	77 user groups.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	78 """
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	79
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	80 def get_permission_groups(username):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	81 """Return a list of names of the groups that the user with the specified
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	82 name is a member of."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	83
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	84
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	85 class DefaultPermissionStore(Component):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	86 """Default implementation of permission storage and simple group management.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	87
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	88 This component uses the `PERMISSION` table in the database to store both
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	89 permissions and groups.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	90 """
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	91 implements(IPermissionStore)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	92
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	93 group_providers = ExtensionPoint(IPermissionGroupProvider)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	94
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	95 def get_user_permissions(self, username):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	96 """Retrieve the permissions for the given user and return them in a
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	97 dictionary.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	98
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	99 The permissions are stored in the database as (username, action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	100 records. There's simple support for groups by using lowercase names for
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	101 the action column: such a record represents a group and not an actual
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	102 permission, and declares that the user is part of that group.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	103 """
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	104 subjects = [username]
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	105 for provider in self.group_providers:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	106 subjects += list(provider.get_permission_groups(username))
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	107
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	108 actions = []
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	109 db = self.env.get_db_cnx()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	110 cursor = db.cursor()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	111 cursor.execute("SELECT username,action FROM permission")
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	112 rows = cursor.fetchall()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	113 while True:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	114 num_users = len(subjects)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	115 num_actions = len(actions)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	116 for user, action in rows:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	117 if user in subjects:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	118 if not action.islower() and action not in actions:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	119 actions.append(action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	120 if action.islower() and action not in subjects:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	121 # action is actually the name of the permission group
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	122 # here
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	123 subjects.append(action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	124 if num_users == len(subjects) and num_actions == len(actions):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	125 break
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	126 return [action for action in actions if not action.islower()]
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	127
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	128 def get_all_permissions(self):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	129 """Return all permissions for all users.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	130
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	131 The permissions are returned as a list of (subject, action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	132 formatted tuples."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	133 db = self.env.get_db_cnx()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	134 cursor = db.cursor()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	135 cursor.execute("SELECT username,action FROM permission")
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	136 return [(row[0], row[1]) for row in cursor]
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	137
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	138 def grant_permission(self, username, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	139 """Grants a user the permission to perform the specified action."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	140 db = self.env.get_db_cnx()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	141 cursor = db.cursor()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	142 cursor.execute("INSERT INTO permission VALUES (%s, %s)",
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	143 (username, action))
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	144 self.log.info('Granted permission for %s to %s' % (action, username))
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	145 db.commit()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	146
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	147 def revoke_permission(self, username, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	148 """Revokes a users' permission to perform the specified action."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	149 db = self.env.get_db_cnx()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	150 cursor = db.cursor()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	151 cursor.execute("DELETE FROM permission WHERE username=%s AND action=%s",
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	152 (username, action))
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	153 self.log.info('Revoked permission for %s to %s' % (action, username))
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	154 db.commit()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	155
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	156
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	157 class DefaultPermissionGroupProvider(Component):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	158 """Provides the basic builtin permission groups 'anonymous' and
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	159 'authenticated'."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	160
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	161 implements(IPermissionGroupProvider)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	162
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	163 def get_permission_groups(self, username):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	164 groups = ['anonymous']
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	165 if username and username != 'anonymous':
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	166 groups.append('authenticated')
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	167 return groups
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	168
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	169
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	170 class PermissionSystem(Component):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	171 """Sub-system that manages user permissions."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	172
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	173 implements(IPermissionRequestor)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	174
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	175 requestors = ExtensionPoint(IPermissionRequestor)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	176
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	177 store = ExtensionOption('trac', 'permission_store', IPermissionStore,
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	178 'DefaultPermissionStore',
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	179 """Name of the component implementing `IPermissionStore`, which is used
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	180 for managing user and group permissions.""")
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	181
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	182 # Public API
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	183
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	184 def grant_permission(self, username, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	185 """Grant the user with the given name permission to perform to specified
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	186 action."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	187 if action.isupper() and action not in self.get_actions():
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	188 raise TracError, '%s is not a valid action.' % action
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	189
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	190 self.store.grant_permission(username, action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	191
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	192 def revoke_permission(self, username, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	193 """Revokes the permission of the specified user to perform an action."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	194 # TODO: Validate that this permission does in fact exist
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	195 if action.isupper() and action not in self.get_actions():
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	196 raise TracError, '%s is not a valid action.' % action
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	197
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	198 self.store.revoke_permission(username, action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	199
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	200 def get_actions(self):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	201 actions = []
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	202 for requestor in self.requestors:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	203 for action in requestor.get_permission_actions():
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	204 if isinstance(action, tuple):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	205 actions.append(action[0])
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	206 else:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	207 actions.append(action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	208 return actions
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	209
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	210 def get_user_permissions(self, username=None):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	211 """Return the permissions of the specified user.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	212
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	213 The return value is a dictionary containing all the actions as keys, and
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	214 a boolean value. `True` means that the permission is granted, `False`
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	215 means the permission is denied."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	216 actions = []
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	217 for requestor in self.requestors:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	218 actions += list(requestor.get_permission_actions())
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	219 permissions = {}
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	220 if username:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	221 # Return all permissions that the given user has
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	222 meta = {}
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	223 for action in actions:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	224 if isinstance(action, tuple):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	225 name, value = action
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	226 meta[name] = value
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	227 def _expand_meta(action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	228 permissions[action] = True
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	229 if meta.has_key(action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	230 [_expand_meta(perm) for perm in meta[action]]
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	231 for perm in self.store.get_user_permissions(username):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	232 _expand_meta(perm)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	233 else:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	234 # Return all permissions available in the system
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	235 for action in actions:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	236 if isinstance(action, tuple):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	237 permissions[action[0]] = True
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	238 else:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	239 permissions[action] = True
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	240 return permissions
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	241
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	242 def get_all_permissions(self):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	243 """Return all permissions for all users.
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	244
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	245 The permissions are returned as a list of (subject, action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	246 formatted tuples."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	247 return self.store.get_all_permissions()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	248
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	249 # IPermissionRequestor methods
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	250
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	251 def get_permission_actions(self):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	252 """Implement the global `TRAC_ADMIN` meta permission."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	253 actions = []
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	254 for requestor in [r for r in self.requestors if r is not self]:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	255 for action in requestor.get_permission_actions():
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	256 if isinstance(action, tuple):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	257 actions.append(action[0])
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	258 else:
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	259 actions.append(action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	260 return [('TRAC_ADMIN', actions)]
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	261
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	262
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	263 class PermissionCache(object):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	264 """Cache that maintains the permissions of a single user."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	265
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	266 def __init__(self, env, username):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	267 self.perms = PermissionSystem(env).get_user_permissions(username)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	268
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	269 def has_permission(self, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	270 return self.perms.has_key(action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	271
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	272 def assert_permission(self, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	273 if not self.perms.has_key(action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	274 raise PermissionError(action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	275
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	276 def permissions(self):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	277 return self.perms.keys()
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	278
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	279
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	280 class NoPermissionCache(object):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	281 """Permission cache for ''anonymous requests''."""
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	282
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	283 def has_permission(self, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	284 return False
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	285
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	286 def assert_permission(self, action):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	287 raise PermissionError(action)
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	288
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	289 def permissions(self):
93b4dcbafd7b Copy Trac to main branch. cmlenz parents: diff changeset	290 return []

Mercurial > genshi > mirror

annotate examples/trac/trac/perm.py @ 39:93b4dcbafd7b trunk