From 654f749ff7a79eb7a21915b4a1b88f4870c51cd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cillian=20de=20R=C3=B3iste?= Date: Mon, 14 Oct 2013 13:31:03 +0200 Subject: [PATCH] api.user.get_roles(): add the option to ignore inherited roles --- src/plone/api/tests/test_user.py | 56 ++++++++++++++++++++++++++++++++ src/plone/api/user.py | 15 +++++++-- 2 files changed, 68 insertions(+), 3 deletions(-) diff --git a/src/plone/api/tests/test_user.py b/src/plone/api/tests/test_user.py index e7a4363..2d10ddd 100644 --- a/src/plone/api/tests/test_user.py +++ b/src/plone/api/tests/test_user.py @@ -323,6 +323,58 @@ class TestPloneApiUser(unittest.TestCase): with self.assertRaises(UserNotFoundError): api.user.get_roles(username='theurbanspaceman') + def test_get_roles_in_context(self): + """Test get local and inherited roles for a user on an object""" + api.user.create( + username='chuck', + email='chuck@norris.org', + password='secret', + ) + + portal = api.portal.get() + folder = api.content.create( + container=portal, + type='Folder', + id='folder_one', + title='Folder One', + ) + document = api.content.create( + container=folder, + type='Document', + id='document_one', + title='Document One', + ) + api.user.grant_roles(username='chuck', roles=['Editor'], obj=folder) + self.assertIn( + 'Editor', api.user.get_roles(username='chuck', obj=document)) + + def test_get_roles_local_only(self): + """Test get local roles for a user on an object""" + api.user.create( + username='chuck', + email='chuck@norris.org', + password='secret', + ) + + portal = api.portal.get() + folder = api.content.create( + container=portal, + type='Folder', + id='folder_one', + title='Folder One', + ) + document = api.content.create( + container=folder, + type='Document', + id='document_one', + title='Document One', + ) + api.user.grant_roles(username='chuck', roles=['Editor'], obj=folder) + self.assertNotIn( + 'Editor', + api.user.get_roles(username='chuck', obj=document, inherit=False), + ) + def test_get_permissions_root(self): """Test get permissions on site root.""" @@ -566,6 +618,10 @@ class TestPloneApiUser(unittest.TestCase): 'Editor', api.user.get_roles(username='chuck', obj=folder), ) + self.assertEqual( + ('Editor',), + api.user.get_roles(username='chuck', obj=folder, inherit=False), + ) self.assertIn( 'Editor', api.user.get_roles(user=user, obj=folder), diff --git a/src/plone/api/user.py b/src/plone/api/user.py index fc3c76a..89d2aca 100644 --- a/src/plone/api/user.py +++ b/src/plone/api/user.py @@ -199,7 +199,7 @@ def is_anonymous(): @mutually_exclusive_parameters('username', 'user') -def get_roles(username=None, user=None, obj=None): +def get_roles(username=None, user=None, obj=None, inherit=True): """Get user's site-wide or local roles. Arguments ``username`` and ``user`` are mutually exclusive. You @@ -213,6 +213,9 @@ def get_roles(username=None, user=None, obj=None): :param obj: If obj is set then return local roles on this context. If obj is not given, the site root local roles will be returned. :type obj: content object + :param inherit: if obj is set and inherit is False, only return + local roles + :type inherit: bool :raises: MissingParameterError :Example: :ref:`user_get_roles_example` @@ -229,7 +232,13 @@ def get_roles(username=None, user=None, obj=None): if user is None: raise UserNotFoundError - return user.getRolesInContext(obj) if obj is not None else user.getRoles() + if obj is not None: + if inherit: + return user.getRolesInContext(obj) + else: + return obj.get_local_roles_for_userid(username) + else: + return user.getRoles() @contextmanager @@ -309,7 +318,7 @@ def grant_roles(username=None, user=None, obj=None, roles=None): if 'Anonymous' in roles or 'Authenticated' in roles: raise InvalidParameterError - roles.extend(get_roles(user=user, obj=obj)) + roles.extend(get_roles(user=user, obj=obj, inherit=False)) if obj is None: user.setSecurityProfile(roles=roles)