Text File
granting.txt

Granting View

The granting view allows the user to grant permissions and roles to principals. The view unfortunately depends on a lot of other components:

(This is Jim's understanding of a "easy" setup!)

Now that we have all the components we need, let's create the view.

>>> ob = Content()
>>> from zope.publisher.browser import TestRequest
>>> request = TestRequest()
>>> from zope.app.securitypolicy.browser.granting import Granting
>>> view = Granting(ob, request)

If we call status, we get nothing and the view's principal attribute is None:

>>> view.status()
u''
>>> view.principal

Since we have not selected a principal, we have no role or permission widgets:

>>> getattr(view, 'roles', None)
>>> getattr(view, 'permissions', None)

Now that we have a selected principal, then

>>> view.request.form['field.principal.displayed'] = 'y'
>>> view.request.form['field.principal'] = 'amlt'

(Yes, 'amlt' is the base 64 code for 'jim'.)

>>> view.status()
u''

and now the view.principal is set:

>>> view.principal
'jim'

Now we should have a list of role and permission widgets, and all of them should be unset, because do not have any settings for 'jim'.

>>> [role.context.title for role in view.roles]
[u'Role 1', u'Role 2', u'Role 3']
>>> [perm.context.title for perm in view.permissions]
[u'Permission 1', u'Permission 2', u'Permission 3']

Now we change some settings and submit the form:

>>> from zope.securitypolicy.interfaces import Allow, Deny, Unset
>>> view.request.form['field.amlt.role.role1'] = 'unset'
>>> view.request.form['field.amlt.role.role1-empty-makrer'] = 1
>>> view.request.form['field.amlt.role.role2'] = 'allow'
>>> view.request.form['field.amlt.role.role2-empty-makrer'] = 1
>>> view.request.form['field.amlt.role.role3'] = 'deny'
>>> view.request.form['field.amlt.role.role3-empty-makrer'] = 1
>>> view.request.form['field.amlt.permission.permission1'] = 'unset'
>>> view.request.form['field.amlt.permission.permission1-empty-makrer'] = 1
>>> view.request.form['field.amlt.permission.permission2'] = 'allow'
>>> view.request.form['field.amlt.permission.permission2-empty-makrer'] = 1
>>> view.request.form['field.amlt.permission.permission3'] = 'deny'
>>> view.request.form['field.amlt.permission.permission3-empty-makrer'] = 1
>>> view.request.form['GRANT_SUBMIT'] = 'Submit'

If we get the status now, the data should be written and a status message should be returned:

>>> view.status()
u'Grants updated.'
>>> roles = IPrincipalRoleManager(ob)
>>> roles.getSetting('role1', 'jim') is Unset
True
>>> roles.getSetting('role2', 'jim') is Allow
True
>>> roles.getSetting('role3', 'jim') is Deny
True
>>> roles = IPrincipalPermissionManager(ob)
>>> roles.getSetting('permission1', 'jim') is Unset
True
>>> roles.getSetting('permission2', 'jim') is Allow
True
>>> roles.getSetting('permission3', 'jim') is Deny
True