from zope.interface import implements
from zope.component import adapts
 
from plone.portlets.interfaces import IPortletAssignmentMapping
 
from plone.app.portlets.interfaces import IUserPortletAssignmentMapping
from plone.app.portlets.interfaces import IGroupDashboardPortletAssignmentMapping
from plone.app.portlets.interfaces import IPortletPermissionChecker
 
from AccessControl import getSecurityManager, Unauthorized
from Acquisition import aq_inner
 
 
class DefaultPortletPermissionChecker(object):
    implements(IPortletPermissionChecker)
    adapts(IPortletAssignmentMapping)
 
    def __init__(self, context):
        self.context = context
 
    def __call__(self):
        sm = getSecurityManager()
        context = aq_inner(self.context)
 
        # If the user has the global Manage Portlets permission, let them
        # run wild
        if not sm.checkPermission("Portlets: Manage portlets", context):
            raise Unauthorized("You are not allowed to manage portlets")
 
 
class UserPortletPermissionChecker(object):
    implements(IPortletPermissionChecker)
    adapts(IUserPortletAssignmentMapping)
 
    def __init__(self, context):
        self.context = context
 
    def __call__(self):
        sm = getSecurityManager()
        context = aq_inner(self.context)
 
        # If the user has the global Manage Portlets permission, let them
        # run wild
        if not sm.checkPermission("Portlets: Manage own portlets", context):
            raise Unauthorized("You are not allowed to manage portlets")
 
        user_id = sm.getUser().getId()
 
        if context.__name__ != user_id:
            raise Unauthorized("You are only allowed to manage your own portlets")
 
 
class GroupDashboardPortletPermissionChecker(object):
    implements(IPortletPermissionChecker)
    adapts(IGroupDashboardPortletAssignmentMapping)
 
    def __init__(self, context):
        self.context = context
 
    def __call__(self):
        sm = getSecurityManager()
        context = aq_inner(self.context)
 
        if not sm.checkPermission("Portlets: Manage group portlets", context):
            raise Unauthorized("You are not allowed to manage group portlets")