The granting view allows the user to grant permissions and roles to principals. The view unfortunately depends on a lot of other components:
Roles
>>> from zope.app.testing import ztapi >>> from zope.securitypolicy.role import Role >>> from zope.securitypolicy.interfaces import IRole >>> ztapi.provideUtility(IRole, Role(u'role1', u'Role 1'), u'role1') >>> ztapi.provideUtility(IRole, Role(u'role2', u'Role 2'), u'role2') >>> ztapi.provideUtility(IRole, Role(u'role3', u'Role 3'), u'role3')Permissions
>>> from zope.security.permission import Permission >>> from zope.security.interfaces import IPermission >>> ztapi.provideUtility(IPermission, Permission(u'permission1', ... u'Permission 1'), u'permission1') >>> ztapi.provideUtility(IPermission, Permission(u'permission2', ... u'Permission 2'), u'permission2') >>> ztapi.provideUtility(IPermission, Permission(u'permission3', ... u'Permission 3'), u'permission3')Authentication Utility
>>> class Principal: ... def __init__(self, id, title): self.id, self.title = id, title>>> from zope.app.security.interfaces import IAuthentication >>> from zope.app.security.interfaces import PrincipalLookupError >>> from zope.interface import implements >>> class AuthUtility: ... implements(IAuthentication) ... data = {'jim': Principal('jim', 'Jim Fulton'), ... 'stephan': Principal('stephan', 'Stephan Richter')} ... ... def getPrincipal(self, id): ... try: ... return self.data.get(id) ... except KeyError: ... raise PrincipalLookupError(id) ... ... def getPrincipals(self, search): ... return [principal ... for principal in self.data.values() ... if search in principal.title]>>> ztapi.provideUtility(IAuthentication, AuthUtility())Security-related Adapters
>>> from zope.annotation.interfaces import IAnnotatable >>> from zope.securitypolicy.interfaces import IPrincipalRoleManager >>> from zope.securitypolicy.principalrole import \ ... AnnotationPrincipalRoleManager>>> ztapi.provideAdapter(IAnnotatable, IPrincipalRoleManager, ... AnnotationPrincipalRoleManager)>>> from zope.securitypolicy.interfaces import \ ... IPrincipalPermissionManager >>> from zope.securitypolicy.principalpermission import \ ... AnnotationPrincipalPermissionManager>>> ztapi.provideAdapter(IAnnotatable, IPrincipalPermissionManager, ... AnnotationPrincipalPermissionManager)Vocabulary Choice Widgets
>>> from zope.schema.interfaces import IChoice >>> from zope.app.form.browser import ChoiceInputWidget >>> from zope.app.form.interfaces import IInputWidget >>> ztapi.browserViewProviding(IChoice, ChoiceInputWidget, IInputWidget)>>> from zope.schema.interfaces import IVocabularyTokenized >>> from zope.publisher.interfaces.browser import IBrowserRequest >>> from zope.app.form.browser import DropdownWidget >>> ztapi.provideMultiView((IChoice, IVocabularyTokenized), ... IBrowserRequest, IInputWidget, '', ... DropdownWidget)Support Views for the Principal Source Widget
>>> from zope.app.security.interfaces import IPrincipalSource >>> from zope.app.security.browser.principalterms import PrincipalTerms >>> from zope.app.form.browser.interfaces import ITerms >>> ztapi.browserViewProviding(IPrincipalSource, PrincipalTerms, ITerms)>>> from zope.app.security.browser.auth import AuthUtilitySearchView >>> from zope.app.form.browser.interfaces import ISourceQueryView >>> ztapi.browserViewProviding(IAuthentication, ... AuthUtilitySearchView, ... ISourceQueryView)>>> from zope.schema.interfaces import ISource >>> from zope.app.form.browser.source import SourceInputWidget >>> ztapi.provideMultiView((IChoice, ISource), IBrowserRequest, ... IInputWidget, '', SourceInputWidget)Attribute Annotatable Adapter
>>> from zope.app.testing import setup >>> setup.setUpAnnotations() >>> setup.setUpSiteManagerLookup()Content Object
>>> from zope.annotation.interfaces import IAttributeAnnotatable >>> class Content: ... implements(IAttributeAnnotatable) ... __annotations__ = {}(This is Jim's understanding of a "easy" setup!)
Now that we have all the components we need, let's create the view.
>>> ob = Content() >>> from zope.publisher.browser import TestRequest >>> request = TestRequest()>>> from zope.app.securitypolicy.browser.granting import Granting >>> view = Granting(ob, request)
If we call status, we get nothing and the view's principal attribute is None:
>>> view.status() u'' >>> view.principal
Since we have not selected a principal, we have no role or permission widgets:
>>> getattr(view, 'roles', None) >>> getattr(view, 'permissions', None)
Now that we have a selected principal, then
>>> view.request.form['field.principal.displayed'] = 'y' >>> view.request.form['field.principal'] = 'amlt'
(Yes, 'amlt' is the base 64 code for 'jim'.)
>>> view.status() u''
and now the view.principal is set:
>>> view.principal 'jim'
Now we should have a list of role and permission widgets, and all of them should be unset, because do not have any settings for 'jim'.
>>> [role.context.title for role in view.roles] [u'Role 1', u'Role 2', u'Role 3'] >>> [perm.context.title for perm in view.permissions] [u'Permission 1', u'Permission 2', u'Permission 3']
Now we change some settings and submit the form:
>>> from zope.securitypolicy.interfaces import Allow, Deny, Unset>>> view.request.form['field.amlt.role.role1'] = 'unset' >>> view.request.form['field.amlt.role.role1-empty-makrer'] = 1 >>> view.request.form['field.amlt.role.role2'] = 'allow' >>> view.request.form['field.amlt.role.role2-empty-makrer'] = 1 >>> view.request.form['field.amlt.role.role3'] = 'deny' >>> view.request.form['field.amlt.role.role3-empty-makrer'] = 1>>> view.request.form['field.amlt.permission.permission1'] = 'unset' >>> view.request.form['field.amlt.permission.permission1-empty-makrer'] = 1 >>> view.request.form['field.amlt.permission.permission2'] = 'allow' >>> view.request.form['field.amlt.permission.permission2-empty-makrer'] = 1 >>> view.request.form['field.amlt.permission.permission3'] = 'deny' >>> view.request.form['field.amlt.permission.permission3-empty-makrer'] = 1>>> view.request.form['GRANT_SUBMIT'] = 'Submit'
If we get the status now, the data should be written and a status message should be returned:
>>> view.status() u'Grants updated.'>>> roles = IPrincipalRoleManager(ob) >>> roles.getSetting('role1', 'jim') is Unset True >>> roles.getSetting('role2', 'jim') is Allow True >>> roles.getSetting('role3', 'jim') is Deny True>>> roles = IPrincipalPermissionManager(ob) >>> roles.getSetting('permission1', 'jim') is Unset True >>> roles.getSetting('permission2', 'jim') is Allow True >>> roles.getSetting('permission3', 'jim') is Deny True