Re: [Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles

Thu, 22 Jul 2004 23:08:56 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 23 Jul 2004 03:30 am, Dieter Maurer wrote:
> Moreover, I propose to change the local role management pages.
> When setting local roles, information about "acquired"
> local role definitions is very helpful.
> I therefore propose to display this information on the local
> role edit page.

I have implemented a "security information" page that details this and more
info. I've always found the default security edit pages to be less than
useful since they inherently use acquisition, but don't tell you what would
be or is currently acquired.

The code is attached. We mix it in with every object. A sample output is also
attached.

I have found it invaluable when debugging permissions problems.

Would this be a useful thing to add to 2.8?


    Richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBAKsMrGisBEHG6TARAiwuAJ9n7wLGWzhDa7kGyr/5q8zwi3SV0QCfXX1f
JAcHE9s71y9N/4oyNgRiRg4=
=ATJ2
-----END PGP SIGNATURE-----

Attachment: ManageViewAccess.py
Description: application/python

<dtml-var manage_page_header>
<dtml-var manage_tabs>

<h2>Access permissions dump</h2>


<dl>
<dt><strong>Valid Roles:</strong>
<dd><dtml-var "', '.join(valid_roles())">
<dt><strong>User Defined Roles:</strong>
<dd><dtml-var "', '.join(userdefined_roles())">
<dt><strong>Local Roles:</strong>
<dd>
<table class="listing">
<tbody>
<tr><th>At Object</th><th>Local Roles Defined</th></tr>
<dtml-in list_local_roles>
<tr><td>
<dtml-var sequence-key>
</td><td>
<dtml-var "'<br>'.join(['%s: %s'%(i[0], ', '.join(i[1])) for i in 
_['sequence-item']])">
</td></tr>
</dtml-in>
</tbody>
</table>

<dt><strong>Permission Usage:</strong>
<dd>
<table class="listing">
<tbody>
<tr><th>Permission</th><th>Assigned To</th></tr>
<dtml-in list_permission_use mapping>
<tr><td>
&dtml-sequence-key;
</td><td>
&dtml-perm; from &dtml-from;
</td></tr>
</dtml-in>
</tbody>
</table>

<dt><strong>Permission Settings:</strong>
<dd>
<table class="listing">
<tbody>
<tr><th>Permission</th><th>Has Roles Assigned</th></tr>
<dtml-in list_permission_roles>
<tr><td>
<dtml-var sequence-key>
</td><td>
<dtml-var "'<br>'.join([', '.join(d['roles']) + ' from %(from)s'%d for d in 
_['sequence-item']])"><br>
</td></tr>
</dtml-in>
</tbody>
</table>

</dl>

<dtml-var manage_page_footer>
Title: CGPublisher
› Zope › CGPublisher › publishers › 1 (Jane's Books) › products › 2 (Jane's test book 2) › details

Access permissions dump

Valid Roles:
Actioner, Anonymous, Authenticated, Contributor, Creator, Manager, Owner, Publisher, System RPC, Visitor
User Defined Roles:
Local Roles:
At ObjectLocal Roles Defined
details
2
products admin: Owner
1 2: Publisher
publishers admin: Owner
CGPublisher admin: Owner
Permission Usage:
PermissionAssigned To
DELETE Delete objects from webdav.Resource.Resource
HEAD View from webdav.Resource.Resource
LOCK WebDAV Lock items from webdav.Resource.Resource
PROPFIND WebDAV access from webdav.Resource.Resource
PROPPATCH Manage properties from webdav.Resource.Resource
UNLOCK WebDAV Unlock items from webdav.Resource.Resource
ac_inherited_permissions Change permissions from AccessControl.Role.RoleManager
acquiredRolesAreUsedBy Change permissions from AccessControl.Role.RoleManager
addStorageData Manage properties from Products.CGPublisher.storage.Storage.Storage
addStorageDataForm Manage properties from Products.CGPublisher.storage.Storage.Storage
asCGXML View public storage metadata from Products.CGPublisher.storage.Storage.Storage
countRepetitions Access contents information from Products.CGPublisher.storage.Storage.Storage
dummy_public View public storage metadata from Products.CGPublisher.storage.Storage.Storage
dummy_shared View shared storage metadata from Products.CGPublisher.storage.Storage.Storage
dump View private storage metadata from Products.CGPublisher.storage.Storage.Storage
editPane View from Products.CGPublisher.storage.Storage.Storage
editPaneHelper View from Products.CGPublisher.storage.Storage.Storage
genericSchemaForm View from Products.CGPublisher.storage.Storage.Storage
getAttribute Access contents information from OFS.ZDOM.Element
getAttributeNode Access contents information from OFS.ZDOM.Element
getAttributes Access contents information from OFS.ZDOM.Node
getChildNodes Access contents information from OFS.ZDOM.Node
getElementsByTagName Access contents information from OFS.ZDOM.Element
getFirstChild Access contents information from OFS.ZDOM.Node
getLastChild Access contents information from OFS.ZDOM.Node
getNextSibling Access contents information from OFS.ZDOM.Node
getNodeName Access contents information from OFS.ZDOM.Node
getNodeValue Access contents information from OFS.ZDOM.Node
getOntology Access contents information from Products.Ontology.UsesOntology.UsesOntology
getOntologyRealm Access contents information from Products.Ontology.UsesOntology.UsesOntology
getOwnerDocument Access contents information from OFS.ZDOM.Node
getParentNode Access contents information from OFS.ZDOM.Node
getPreviousSibling Access contents information from OFS.ZDOM.Node
getSchemasForPaneSelect View from Products.CGPublisher.storage.Storage.Storage
getTagName Access contents information from OFS.ZDOM.Element
hasChildNodes Access contents information from OFS.ZDOM.Node
hasTerm View from Products.CGPublisher.storage.Storage.Storage
has_key View from Products.CGPublisher.storage.Storage.Storage
index_html View from Products.CGPublisher.storage.Storage.Storage
listDAVObjects WebDAV access from webdav.Resource.Resource
list_local_roles View restricted management screens from Products.CGPublisher.support.mgmt.NicerManager
list_permission_roles View restricted management screens from Products.CGPublisher.support.mgmt.NicerManager
list_permission_use View restricted management screens from Products.CGPublisher.support.mgmt.NicerManager
manage_DAVget WebDAV access from webdav.Resource.Resource
manage_UndoForm Undo changes from App.Undo.UndoSupport
manage_access Change permissions from AccessControl.Role.RoleManager
manage_acquiredForm Change permissions from AccessControl.Role.RoleManager
manage_acquiredPermissions Change permissions from AccessControl.Role.RoleManager
manage_addLocalRoles Change permissions from AccessControl.Role.RoleManager
manage_changeOwnershipType Take ownership from AccessControl.Owned.Owned
manage_changePermissions Change permissions from AccessControl.Role.RoleManager
manage_defined_roles Change permissions from AccessControl.Role.RoleManager
manage_delLocalRoles Change permissions from AccessControl.Role.RoleManager
manage_editLocalRoles Change permissions from AccessControl.Role.RoleManager
manage_listLocalRoles Change permissions from AccessControl.Role.RoleManager
manage_owner View restricted management screens from Products.CGPublisher.support.mgmt.NicerManager
manage_permission Change permissions from AccessControl.Role.RoleManager
manage_permissionForm Change permissions from AccessControl.Role.RoleManager
manage_role Change permissions from AccessControl.Role.RoleManager
manage_roleForm Change permissions from AccessControl.Role.RoleManager
manage_setLocalRoles Change permissions from AccessControl.Role.RoleManager
manage_takeOwnership Take ownership from AccessControl.Owned.Owned
manage_undo_transactions Undo changes from App.Undo.UndoSupport
manage_view View from Products.CGPublisher.support.mgmt.NicerManager
manage_view_access View restricted management screens from Products.CGPublisher.support.mgmt.NicerManager
owner_info View management screens from AccessControl.Owned.Owned
permission_settings Change permissions from AccessControl.Role.RoleManager
permissionsOfRole Change permissions from AccessControl.Role.RoleManager
rolesOfPermission Change permissions from AccessControl.Role.RoleManager
schemas Access contents information from Products.CGPublisher.storage.Storage.Storage
tabs_path_default View from Products.CGPublisher.support.mgmt.NicerManager
this Access contents information from Products.CGPublisher.support.NicerItem.NicerItem
title_and_id Access contents information from Products.CGPublisher.support.NicerItem.NicerItem
title_or_id Access contents information from Products.CGPublisher.support.NicerItem.NicerItem
tpURL Access contents information from Products.CGPublisher.support.NicerItem.NicerItem
tpValues Access contents information from Products.CGPublisher.support.NicerItem.NicerItem
undoable_transactions Undo changes from App.Undo.UndoSupport
userCanChangeOwnershipType View management screens from AccessControl.Owned.Owned
userdefined_roles Change permissions from AccessControl.Role.RoleManager
valueFormFields View from Products.CGPublisher.storage.Storage.Storage
viewStorage View restricted management screens from Products.CGPublisher.storage.Storage.Storage
wl_clearLocks Manage WebDAV Locks from webdav.Lockable.LockableItem
wl_delLock WebDAV Unlock items from webdav.Lockable.LockableItem
wl_grantLockToUser WebDAV Lock items from webdav.Lockable.LockableItem
wl_setLock WebDAV Lock items from webdav.Lockable.LockableItem
Permission Settings:
PermissionHas Roles Assigned
Access contents information Manager, Anonymous from *default*
Change permissions Manager from *default*
Delete objects Manager from *default*
Manage WebDAV Locks Manager from *default*
Manage properties Manager from *default*
Take ownership Owner from *default*
Undo changes Manager from *default*
View Manager, Publisher, Visitor from products
View management screens Manager, Authenticated from CGPublisher
View private storage metadata Manager, Publisher from publishers
View public storage metadata Manager, Anonymous from CGPublisher
View restricted management screens Manager from *default*
View shared storage metadata Manager, Publisher, Creator, Contributor from publishers
WebDAV Lock items Owner, Manager from *default*
WebDAV Unlock items Owner, Manager from *default*
WebDAV access Authenticated, Manager from *default*
 
_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to