本文整理汇总了Python中pyramid.security.principals_allowed_by_permission函数的典型用法代码示例。如果您正苦于以下问题:Python principals_allowed_by_permission函数的具体用法?Python principals_allowed_by_permission怎么用?Python principals_allowed_by_permission使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了principals_allowed_by_permission函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: test_ongoing_meeting_upcoming_ai
def test_ongoing_meeting_upcoming_ai(self):
m = self._fixture()
security.unrestricted_wf_transition_to(m, 'ongoing')
security.unrestricted_wf_transition_to(m['ai'], 'upcoming')
self.assertEqual(principals_allowed_by_permission(m['ai']['d'], security.VIEW), admin | viewer | moderator)
self.assertEqual(principals_allowed_by_permission(m['ai']['d'], security.EDIT), admin | moderator)
self.assertEqual(principals_allowed_by_permission(m['ai']['d'], security.DELETE), admin | moderator | owner)
开发者ID:tobsan,项目名称:voteit.core,代码行数:7,代码来源:test_discussion_post.py
示例2: outstanding_principals
def outstanding_principals(permission, context, request):
"""Returns a list of sets of principals, where the attainment of all of the
principals in any one of the sets would be sufficient to grant the current
user (``request.user``) the `permission` in the given `context`."""
# TODO be able to determine a context based on a route name
if has_permission(permission, context, request):
return []
principals = principals_allowed_by_permission(context, permission)
if not principals:
# the permission must not exist at all within this context
return ['__unattainable__']
effective = set(effective_principals(request))
outstanding = []
for p in principals:
if p in TRUST_MAP:
for alternative_principals in TRUST_MAP[p]:
diff = set(alternative_principals) - effective
if len(diff) > 0 and 'auth:insecure' not in diff:
outstanding.append(diff)
else:
outstanding.append(set([p]))
return outstanding
开发者ID:eevee,项目名称:floof,代码行数:28,代码来源:authz.py
示例3: allowed
def allowed(context, request):
from pyramid.security import principals_allowed_by_permission
permission = request.params.get('permission', 'view')
return {
'has_permission': bool(request.has_permission(permission, context)),
'principals_allowed_by_permission': principals_allowed_by_permission(context, permission),
}
开发者ID:hms-dbmi,项目名称:encode,代码行数:7,代码来源:testing_views.py
示例4: get_recepients
def get_recepients(context, permission="state_change"):
"""
Get a list of principals that have the permission in context and a email.
:param context: Object for that the permission is needed.
:type context: :class:`kotti.resources.Node`
:param permission:
:type permission: str
:result: List of principals.
:rtype: set
"""
principal_db = get_principals()
recepients = []
for p in principals_allowed_by_permission(context, permission):
# set(['role:owner', 'role:editor'])
for principal in principal_db.search(groups=u'*%s*' % p).all():
recepients.append(principal)
for principal in map_principals_with_local_roles(context):
# [
# (
# <Principal u'disko'>,
# (
# [u'role:owner', u'group:admins', u'role:admin'],
# [u'role:owner', u'group:admins', u'role:admin']))]
if p in principal[1][0] or p in principal[1][1]:
recepients.append(principal[0])
return set([r for r in recepients if r.email])
开发者ID:disko,项目名称:kotti_yellow_pages,代码行数:32,代码来源:events.py
示例5: get_allowed_to_view
def get_allowed_to_view(object, default):
principals = principals_allowed_by_permission(object, 'view')
if not principals:
# An empty value tells the catalog to match anything, whereas when
# there are no principals with permission to view we want for there
# to be no matches.
principals = ['NO ONE no way NO HOW',]
return principals
开发者ID:karlproject,项目名称:karl,代码行数:8,代码来源:site.py
示例6: item_index_data
def item_index_data(context, request):
uuid = str(context.uuid)
properties = context.upgrade_properties()
links = context.links(properties)
unique_keys = context.unique_keys(properties)
principals_allowed = {}
for permission in ('view', 'edit', 'audit'):
p = principals_allowed_by_permission(context, permission)
if p is Everyone:
p = [Everyone]
principals_allowed[permission] = sorted(p)
path = resource_path(context)
paths = {path}
collection = context.collection
if collection.unique_key in unique_keys:
paths.update(
resource_path(collection, key)
for key in unique_keys[collection.unique_key])
for base in (collection, request.root):
for key_name in ('accession', 'alias'):
if key_name not in unique_keys:
continue
paths.add(resource_path(base, uuid))
paths.update(
resource_path(base, key)
for key in unique_keys[key_name])
path = path + '/'
embedded = request.embed(path, '@@embedded')
object = request.embed(path, '@@object')
audit = request.embed(path, '@@audit')['audit']
document = {
'audit': audit,
'embedded': embedded,
'embedded_uuids': sorted(request._embedded_uuids),
'item_type': context.item_type,
'linked_uuids': sorted(request._linked_uuids),
'links': links,
'object': object,
'paths': sorted(paths),
'principals_allowed': principals_allowed,
'properties': properties,
'propsheets': {
name: context.propsheets[name]
for name in context.propsheets.keys() if name != ''
},
'tid': context.tid,
'unique_keys': unique_keys,
'uuid': uuid,
}
return document
开发者ID:ClinGen,项目名称:clincoded,代码行数:57,代码来源:resources.py
示例7: get_allowed_to_view
def get_allowed_to_view(object, default):
""" Return a list of all roles allowed to view this object. """
principals = principals_allowed_by_permission(object, VIEW)
if not principals:
# An empty value tells the catalog to match anything, whereas when
# there are no principals with permission to view we want for there
# to be no matches.
principals = [NEVER_EVER_PRINCIPAL,]
return principals
开发者ID:tobsan,项目名称:voteit.core,代码行数:9,代码来源:catalog.py
示例8: authorize
def authorize(request, annotation, action, user=None):
annotation = wrap_annotation(request, annotation)
allowed = security.principals_allowed_by_permission(annotation, action)
if user is None:
principals = request.effective_principals
else:
principals = [security.Everyone, security.Authenticated, user.id]
return set(allowed) & set(principals) != set()
开发者ID:nlholdem,项目名称:h,代码行数:10,代码来源:api.py
示例9: get_allowed_to_view
def get_allowed_to_view(obj, default):
""" Useful as a KeywordIndex discriminator. Looks up the principals
allowed by the ``view`` permission against the object and indexes them if
any are found."""
principals = principals_allowed_by_permission(obj, 'view')
if not principals:
# An empty value tells the catalog to match anything, whereas when
# there are no principals with permission to view we want for there
# to be no matches.
principals = [NoWay()]
return principals
开发者ID:dextermilo,项目名称:substanced,代码行数:11,代码来源:discriminators.py
示例10: item_index_data
def item_index_data(context, request):
uuid = str(context.uuid)
properties = context.upgrade_properties()
links = context.links(properties)
unique_keys = context.unique_keys(properties)
principals_allowed = {}
for permission in ("view", "edit", "audit"):
p = principals_allowed_by_permission(context, permission)
if p is Everyone:
p = [Everyone]
principals_allowed[permission] = sorted(p)
path = resource_path(context)
paths = {path}
collection = context.collection
if collection.unique_key in unique_keys:
paths.update(resource_path(collection, key) for key in unique_keys[collection.unique_key])
for base in (collection, request.root):
for key_name in ("accession", "alias"):
if key_name not in unique_keys:
continue
paths.add(resource_path(base, uuid))
paths.update(resource_path(base, key) for key in unique_keys[key_name])
path = path + "/"
embedded = request.embed(path, "@@embedded")
object = request.embed(path, "@@object")
audit = request.embed(path, "@@audit")["audit"]
document = {
"audit": audit,
"embedded": embedded,
"embedded_uuids": sorted(request._embedded_uuids),
"item_type": context.type_info.item_type,
"linked_uuids": sorted(request._linked_uuids),
"links": links,
"object": object,
"paths": sorted(paths),
"principals_allowed": principals_allowed,
"properties": properties,
"propsheets": {name: context.propsheets[name] for name in context.propsheets.keys() if name != ""},
"tid": context.tid,
"unique_keys": unique_keys,
"uuid": uuid,
}
return document
开发者ID:kidaa,项目名称:encoded,代码行数:50,代码来源:indexing_views.py
示例11: authorize
def authorize(request, annotation, action, user=None):
annotation = wrap_annotation(request, annotation)
allowed = security.principals_allowed_by_permission(annotation, action)
if user is None:
principals = request.session.get('personas', [])
else:
principals = [user.id]
if len(principals):
principals.append(security.Authenticated)
principals.append(security.Everyone)
return set(allowed) & set(principals) != set()
开发者ID:ercchy,项目名称:h,代码行数:15,代码来源:api.py
示例12: calc_principals
def calc_principals(context):
principals_allowed = {}
for permission in ('view', 'edit', 'audit'):
principals = principals_allowed_by_permission(context, permission)
if principals is Everyone:
principals = [Everyone]
elif Everyone in principals:
principals = [Everyone]
elif Authenticated in principals:
principals = [Authenticated]
# Filter our roles
principals_allowed[permission] = [
p for p in sorted(principals) if not p.startswith('role.')
]
return principals_allowed
开发者ID:j1z0,项目名称:snovault,代码行数:15,代码来源:authentication.py
示例13: _getInfo
def _getInfo(profile, content):
community = context = find_community(content)
if context is None:
# try for content inside a profile
context = find_interface(content, IProfile)
if context is None:
context_name = context_url = None
else:
context_name = context.title
context_url = resource_path(context)
tagger = find_tags(content)
if tagger is not None:
cloud = list(tagger.getCloud(items=(content.docid,)))
tag_counts = sorted(cloud, key=lambda x: x[1], reverse=True)[:3]
tags = [x[0] for x in tag_counts]
else:
tags = ()
content_type = get_content_type(content)
desc = getattr(content, 'description', '')
short = len(desc) > 256 and '%s...' % desc[:256] or desc
if IPosts.providedBy(content):
comment_count = len(content.get('comments', ()))
else:
comment_count = False
content_creator = profile.__name__
if IComment.providedBy(content):
# my content filter needs to know if a comment was made inside my post
content_creator = content.__parent__.__parent__.creator
return {'content_type': content_type.getTaggedValue('name'),
'userid': profile.__name__,
'context_name': context_name,
'context_url': context_url,
'content_creator': content_creator,
'url': resource_path(content),
'title': content.title,
'description': desc,
'short_description': short,
'allowed':
principals_allowed_by_permission(content, 'view'),
'comment_count': comment_count,
'tags': tags, #XXX
'author': profile.title,
'profile_url': '/profiles/%s' % profile.__name__,
'thumbnail': '/profiles/%s/profile_thumbnail' % profile.__name__,
'timestamp': _NOW(),
}
开发者ID:araymund,项目名称:karl,代码行数:46,代码来源:contentfeeds.py
示例14: _getInfo
def _getInfo(profile, content):
community = context = find_community(content)
if context is None:
# try for content inside a profile
context = find_interface(content, IProfile)
if context is None:
context_name = context_url = None
else:
context_name = context.title
context_url = resource_path(context)
tagger = find_tags(content)
if tagger is not None:
cloud = list(tagger.getCloud(items=(content.docid,)))
tag_counts = sorted(cloud, key=lambda x: x[1], reverse=True)[:3]
tags = [x[0] for x in tag_counts]
else:
tags = ()
content_type = get_content_type(content)
desc = getattr(content, "description", "")
short = len(desc) > 80 and "%s..." % desc[:80] or desc
if IPosts.providedBy(content):
comment_count = len(content.get("comments", ()))
else:
comment_count = False
content_creator = profile.__name__
if IComment.providedBy(content):
# my content filter needs to know if a comment was made inside my post
content_creator = content.__parent__.__parent__.creator
return {
"content_type": content_type.getTaggedValue("name"),
"userid": profile.__name__,
"context_name": context_name,
"context_url": context_url,
"content_creator": content_creator,
"url": resource_path(content),
"title": content.title,
"description": desc,
"short_description": short,
"allowed": principals_allowed_by_permission(content, "view"),
"comment_count": comment_count,
"tags": tags, # XXX
"author": profile.title,
"profile_url": "/profiles/%s" % profile.__name__,
"thumbnail": "/profiles/%s/profile_thumbnail" % profile.__name__,
"timestamp": _NOW(),
}
开发者ID:hathawsh,项目名称:karl,代码行数:46,代码来源:contentfeeds.py
示例15: send_notifications
def send_notifications(event):
# Extract data
action = event.action
request = event.request
annotation = event.annotation
# And for them we need only the creation action
if action != 'create':
return
# Check for authorization. Send notification only for public annotation
# XXX: This will be changed and fine grained when
# user groups will be introduced
if Everyone not in principals_allowed_by_permission(annotation, 'read'):
return
# Store the parent values as additional data
data = {
'parent': parent_values(annotation)
}
subscriptions = Subscriptions.get_active_subscriptions_for_a_type(
request,
types.REPLY_TYPE
)
for subscription in subscriptions:
data['subscription'] = subscription.__json__(request)
# Validate annotation
if check_conditions(annotation, data):
try:
# Render e-mail parts
tmap = create_template_map(request, annotation, data)
text = render(TXT_TEMPLATE, tmap, request).strip()
html = render(HTML_TEMPLATE, tmap, request).strip()
subject = render(SUBJECT_TEMPLATE, tmap, request).strip()
recipients = get_recipients(request, data)
send_email(request, subject, text, html, recipients)
# ToDo: proper exception handling here
except TemplateRenderException:
log.exception('Failed to render subscription'
' template %s', subscription)
except:
log.exception('Unknown error when trying to render'
' subscription template %s', subscription)
开发者ID:Forethinker,项目名称:h,代码行数:45,代码来源:reply_template.py
示例16: domain_notification
def domain_notification(event):
if event.action != 'create':
return
try:
annotation = event.annotation
request = event.request
# Check for authorization. Send notification only for public annotation
# XXX: This will be changed and fine grained when
# user groups will be introduced
allowed = principals_allowed_by_permission(annotation, 'read')
if Everyone not in allowed:
return
uri = annotation['uri']
# TODO: Fetching the page should be done via a webproxy
r = requests.get(uri)
emails = get_document_owners(r.text)
# Now send the notifications
url_struct = urlparse(annotation['uri'])
domain = url_struct.hostname or url_struct.path
domain = re.sub(r'^www.', '', domain)
for email in emails:
# Domain matching
mail_domain = email.split('@')[-1]
if mail_domain == domain:
try:
# Render e-mail parts
tmap = create_template_map(request, annotation)
text = render(TXT_TEMPLATE, tmap, request).strip()
html = render(HTML_TEMPLATE, tmap, request).strip()
subject = render(SUBJECT_TEMPLATE, tmap, request).strip()
send_email(request, subject, text, html, [email])
# ToDo: proper exception handling here
except TemplateRenderException:
log.exception('Failed to render domain-mailer template')
except:
log.exception(
'Unknown error when trying to render'
'domain-mailer template')
except:
log.exception('Problem with domain notification')
开发者ID:Forethinker,项目名称:h,代码行数:45,代码来源:domain_mailer.py
示例17: __call__
def __call__(self, resource, default):
permissions = self.permissions
if permissions is None:
registry = get_current_registry() # XXX lame
permissions = get_all_permissions(registry)
values = []
for permission in permissions:
principals = principals_allowed_by_permission(resource, permission)
values.extend([(principal, permission) for principal in principals])
if not values:
# An empty value tells the catalog to match anything, whereas
# when there are no principals with permission to view we
# want for there to be no matches.
values = [(NoWay, NoWay)]
return values
开发者ID:erowan,项目名称:substanced,代码行数:20,代码来源:discriminators.py
示例18: permissions
def permissions(self):
"""
Return a permissions dict for the given annotation.
Converts our simple internal annotation storage format into the legacy
complex permissions dict format that is still used in some places.
"""
read = self.annotation.userid
if self.annotation.shared:
read = 'group:{}'.format(self.annotation.groupid)
principals = security.principals_allowed_by_permission(
self.annotation_resource, 'read')
if security.Everyone in principals:
read = 'group:__world__'
return {'read': [read],
'admin': [self.annotation.userid],
'update': [self.annotation.userid],
'delete': [self.annotation.userid]}
开发者ID:chinmaygghag,项目名称:h,代码行数:21,代码来源:annotation_json.py
示例19: __call__
def __call__(self, resource, default):
permissions = self.permissions
if permissions is None:
registry = get_current_registry() # XXX lame
permissions = get_all_permissions(registry)
values = []
for permission in permissions:
principal_ids = principals_allowed_by_permission(
resource,
permission
)
for principal_id in principal_ids:
principal_repr = get_principal_repr(principal_id)
values.append((principal_repr, permission))
if not values:
return default
return values
开发者ID:Adniel,项目名称:substanced,代码行数:22,代码来源:discriminators.py
示例20: _group_principals
def _group_principals(group):
if group is None:
return []
return principals_allowed_by_permission(group, 'read')
开发者ID:chinmaygghag,项目名称:h,代码行数:4,代码来源:contexts.py
注:本文中的pyramid.security.principals_allowed_by_permission函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论