1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# -*- coding: iso-8859-1 -*-
"""
MoinMoin - FusionForge groups backed
This backend assigns group membership according to FusionForge user
access.
@copyright: 2009 MoinMoin:DmitrijsMilajevs
@license: GPL, see COPYING for details
"""
from MoinMoin.datastruct.backends import LazyGroup, LazyGroupsBackend
import logging
import re
def parse_group_name(group_name):
m = re.match \
("FF(Site(Admins|Users)|Project_(.*)_(Admins|Writers|Readers))Group$",
group_name)
if m:
if m.group (1)[0:4] == 'Site':
return ('Site', '', m.group (2))
else:
return ('Project', m.group (3), m.group (4))
else:
return None
class FFLazyGroup(LazyGroup):
pass
class FFLazyGroups(LazyGroupsBackend):
def __init__(self, request, ffsa):
super(FFLazyGroups, self).__init__(request)
self._ffsa = ffsa
if request.user.valid:
self._username = request.user.name
else:
self._username = None
logging.debug ("FFLazyGroups __init__: username=%s", (self._username,))
def __contains__(self, group_name):
logging.debug \
("FFLazyGroups __contains__: group_name=%s", (group_name,))
try:
(scope, project, permission) = parse_group_name (group_name)
except:
return False
if scope == "Site":
return True
elif scope == "Project":
return project in self._ffsa.projects
else:
return False
def __iter__(self):
return reduce \
(lambda a, b: a+b,
[ [ 'SiteAdmins', 'SiteUsers' ] ]
+ map (lambda p:
map (lambda r: 'FFProject_%s_%sGroup' % (p, r),
[ 'Admins', 'Writers', 'Readers' ]),
self._projects))
def __getitem__(self, group_name):
return FFLazyGroup(self.request, group_name, self)
def _iter_group_members(self, group_name):
logging.debug \
("FFLazyGroups _iter_group_members: group_name=%s", (group_name,))
try:
(scope, project, permission) = parse_group_name (group_name)
except:
return None
if scope == "Site":
if permission == "User":
# ??? iterator on all Forge users
raise NotImplemented
elif permission == "Admin":
return self._ffsa.admins.__iter__ ()
elif scope == "Project":
try:
return self._ffsa.get_permission_entries(project,permission).__iter__()
except:
return None
def _group_has_member(self, group_name, member):
logging.debug \
("FFLazyGroups _group_has_member: group_name=%s member=%s _user=%s" \
% (group_name, member, self._username))
# For anonymous (non-logged-in) users, member is "" and self._username
# is None. For authenticated users, both are assumed to be set to
# the user's login. If not, we consider that we have an unexpected
# inconsistency, and return False.
if member == "" or member != self._username:
return False
try:
(scope, project, permission) = parse_group_name (group_name)
except:
logging.debug \
("FFLazyGroups _group_has_member: False (can't parse)")
return False
logging.debug \
("FFLazyGroups _group_has_member: scope=%s project=%s perm=%s" \
% (scope, project, permission))
result = False
if scope == "Site":
if permission == "Users":
result = self._username != None
elif permission == "Admins":
# ??? ffsa should instead provide is_super_user
result = self._username in self._ffsa.admins
elif scope == "Project":
result = self._ffsa.check_permission (project, permission, self._username)
logging.debug \
("FFLazyGroups _group_has_member: %s" % (result,))
return result
|
