entrouvert
/
plone.api
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge pull request #147 from plone/local-roles 

api.user.get_roles(): add the option to ignore inherited roles
This commit is contained in:
Nejc Zupan 2013-11-05 23:45:28 -08:00
parent 55ac152d97 0889c76959
commit edb226ae3b
2 changed files with 68 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/plone/api/tests/test_user.py
View File

@ -323,6 +323,58 @@ class TestPloneApiUser(unittest.TestCase):
with self.assertRaises(UserNotFoundError):
api.user.get_roles(username='theurbanspaceman')
def test_get_roles_in_context(self):
"""Test get local and inherited roles for a user on an object"""
api.user.create(
username='chuck',
email='chuck@norris.org',
password='secret',
)
portal = api.portal.get()
folder = api.content.create(
container=portal,
type='Folder',
id='folder_one',
title='Folder One',
)
document = api.content.create(
container=folder,
type='Document',
id='document_one',
title='Document One',
)
api.user.grant_roles(username='chuck', roles=['Editor'], obj=folder)
self.assertIn(
'Editor', api.user.get_roles(username='chuck', obj=document))
def test_get_roles_local_only(self):
"""Test get local roles for a user on an object"""
api.user.create(
username='chuck',
email='chuck@norris.org',
password='secret',
)
portal = api.portal.get()
folder = api.content.create(
container=portal,
type='Folder',
id='folder_one',
title='Folder One',
)
document = api.content.create(
container=folder,
type='Document',
id='document_one',
title='Document One',
)
api.user.grant_roles(username='chuck', roles=['Editor'], obj=folder)
self.assertNotIn(
'Editor',
api.user.get_roles(username='chuck', obj=document, inherit=False),
)
def test_get_permissions_root(self):
"""Test get permissions on site root."""
@ -566,6 +618,10 @@ class TestPloneApiUser(unittest.TestCase):
'Editor',
api.user.get_roles(username='chuck', obj=folder),
)
self.assertEqual(
('Editor',),
api.user.get_roles(username='chuck', obj=folder, inherit=False),
)
self.assertIn(
'Editor',
api.user.get_roles(user=user, obj=folder),

15
src/plone/api/user.py
View File

@ -199,7 +199,7 @@ def is_anonymous():
@mutually_exclusive_parameters('username', 'user')
def get_roles(username=None, user=None, obj=None):
def get_roles(username=None, user=None, obj=None, inherit=True):
"""Get user's site-wide or local roles.
Arguments ``username`` and ``user`` are mutually exclusive. You
@ -213,6 +213,9 @@ def get_roles(username=None, user=None, obj=None):
:param obj: If obj is set then return local roles on this context.
If obj is not given, the site root local roles will be returned.
:type obj: content object
:param inherit: if obj is set and inherit is False, only return
local roles
:type inherit: bool
:raises:
MissingParameterError
:Example: :ref:`user_get_roles_example`
@ -229,7 +232,13 @@ def get_roles(username=None, user=None, obj=None):
if user is None:
raise UserNotFoundError
return user.getRolesInContext(obj) if obj is not None else user.getRoles()
if obj is not None:
if inherit:
return user.getRolesInContext(obj)
else:
return obj.get_local_roles_for_userid(username)
else:
return user.getRoles()
@contextmanager
@ -309,7 +318,7 @@ def grant_roles(username=None, user=None, obj=None, roles=None):
if 'Anonymous' in roles or 'Authenticated' in roles:
raise InvalidParameterError
roles.extend(get_roles(user=user, obj=obj))
roles.extend(get_roles(user=user, obj=obj, inherit=False))
if obj is None:
user.setSecurityProfile(roles=roles)