# -*- coding: utf-8 -*-
## GroupUserFolder
## Copyright (C)2006 Ingeniweb
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## GNU General Public License for more details.
## You should have received a copy of the GNU General Public License
## along with this program; see the file COPYING. If not, write to the
## Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
## Copyright (c) 2003 The Connexions Project, All Rights Reserved
## initially written by J Cameron Cooper, 11 June 2003
## concept with Brent Hendricks, George Runyan
Basic usergroup tool.
__version__ = "$Revision$"
# $Source:  $
# $Id: GroupsTool.py 50142 2007-09-25 13:13:12Z wichert $
__docformat__ = 'restructuredtext'
from Products.CMFCore.utils import UniqueObject
from Products.CMFCore.utils import getToolByName
from Products.CMFCore.utils import _checkPermission
from OFS.SimpleItem import SimpleItem
from Globals import InitializeClass, DTMLFile, MessageDialog
from Acquisition import aq_base
from AccessControl.User import nobody
from AccessControl import ClassSecurityInfo
from ZODB.POSException import ConflictError
# BBB CMF < 1.5
    from Products.CMFCore.permissions import ManagePortal
    from Products.CMFCore.permissions import View
    from Products.CMFCore.permissions import ViewManagementScreens
except ImportError:
    from Products.CMFCore.CMFCorePermissions import ManagePortal
    from Products.CMFCore.CMFCorePermissions import View
    from Products.CMFCore.CMFCorePermissions import ViewManagementScreens
from Products.GroupUserFolder import postonly
from GroupsToolPermissions import AddGroups
from GroupsToolPermissions import ManageGroups
from GroupsToolPermissions import DeleteGroups
from GroupsToolPermissions import ViewGroups
from GroupsToolPermissions import SetGroupOwnership
from Products.CMFCore.ActionProviderBase import ActionProviderBase
from interfaces.portal_groups import portal_groups as IGroupsTool
from global_symbols import *
# Optional feature-preview support
import PloneFeaturePreview
class GroupsTool (UniqueObject, SimpleItem, ActionProviderBase, ):
    """ This tool accesses group data through a GRUF acl_users object.
    It can be replaced with something that groups member data in a
    different way.
    # Show implementation only if  IGroupsTool is defined
    # The latter will work only with Plone 1.1 => hence, the if
    if hasattr(ActionProviderBase, '__implements__'):
        __implements__ = (IGroupsTool, ActionProviderBase.__implements__)
    id = 'portal_groups'
    meta_type = 'CMF Groups Tool'
    _actions = ()
    security = ClassSecurityInfo()
    groupworkspaces_id = "groups"
    groupworkspaces_title = "Groups"
    groupWorkspacesCreationFlag = 1
    groupWorkspaceType = "Folder"
    groupWorkspaceContainerType = "Folder"
            ( { 'label' : 'Configure'
                     , 'action' : 'manage_config'
                ) + ActionProviderBase.manage_options +
                ( { 'label' : 'Overview'
                     , 'action' : 'manage_overview'
                ) + SimpleItem.manage_options)
    #                                                   #
    #                   ZMI methods                     #
    #                                                   #
    security.declareProtected(ViewManagementScreens, 'manage_overview')
    manage_overview = DTMLFile('dtml/explainGroupsTool', globals())     # unlike MembershipTool
    security.declareProtected(ViewManagementScreens, 'manage_config')
    manage_config = DTMLFile('dtml/configureGroupsTool', globals())
    security.declareProtected(ManagePortal, 'manage_setGroupWorkspacesFolder')
    def manage_setGroupWorkspacesFolder(self, id='groups', title='Groups', REQUEST=None):
        """ZMI method for workspace container name set."""
        self.setGroupWorkspacesFolder(id, title)
        return self.manage_config(manage_tabs_message="Workspaces folder name set to %s" % id)
    security.declareProtected(ManagePortal, 'manage_setGroupWorkspaceType')
    def manage_setGroupWorkspaceType(self, type='Folder', REQUEST=None):
        """ZMI method for workspace type set."""
        return self.manage_config(manage_tabs_message="Group Workspaces type set to %s" % type)
    security.declareProtected(ManagePortal, 'manage_setGroupWorkspaceContainerType')
    def manage_setGroupWorkspaceContainerType(self, type='Folder', REQUEST=None):
        """ZMI method for workspace type set."""
        return self.manage_config(manage_tabs_message="Group Workspaces container type set to %s" % type)
    security.declareProtected(ViewGroups, 'getGroupById')
    def getGroupById(self, id):
        Returns the portal_groupdata-ish object for a group corresponding to this id.
        if id==None:
            return None
        g = self.acl_users.getGroupByName(id, None)
        if g is not None:
            g = self.wrapGroup(g)
        return g
    security.declareProtected(ViewGroups, 'getGroupsByUserId')
    def getGroupsByUserId(self, userid):
        """Return a list of the groups the user corresponding to 'userid' belongs to."""
        #log("getGroupsByUserId(%s)" % userid)
        user = self.acl_users.getUser(userid)
        #log("user '%s' is in groups %s" % (userid, user.getGroups()))
        if user:
            groups = user.getGroups() or []
            groups = []
        return [self.getGroupById(elt) for elt in groups]
    security.declareProtected(ViewGroups, 'listGroups')
    def listGroups(self):
        """Return a list of the available portal_groupdata-ish objects."""
        return [ self.wrapGroup(elt) for elt in self.acl_users.getGroups() ]
    security.declareProtected(ViewGroups, 'listGroupIds')
    def listGroupIds(self):
        """Return a list of the available groups' ids as entered (without group prefixes)."""
        return self.acl_users.getGroupNames()
    security.declareProtected(ViewGroups, 'listGroupNames')
    def listGroupNames(self):
        """Return a list of the available groups' ids as entered (without group prefixes)."""
        return self.acl_users.getGroupNames()
    def isGroup(self, u):
        """Test if a user/group object is a group or not.
        You must pass an object you get earlier with wrapUser() or wrapGroup()
        base = aq_base(u)
        if hasattr(base, "isGroup") and base.isGroup():
            return 1
        return 0
    security.declareProtected(View, 'searchForGroups')
    def searchForGroups(self, REQUEST = {}, **kw):
        """Return a list of groups meeting certain conditions. """
        # arguments need to be better refined?
        if REQUEST:
            dict = REQUEST
            dict = kw
        name = dict.get('name', None)
        email = dict.get('email', None)
        roles = dict.get('roles', None)
        title = dict.get('title', None)
        title_or_name = dict.get('title_or_name', None)
        last_login_time = dict.get('last_login_time', None)
        #is_manager = self.checkPermission('Manage portal', self)
        if name:
            name = name.strip().lower()
        if not name:
            name = None
        if email:
            email = email.strip().lower()
        if not email:
            email = None
        if title:
            title = title.strip().lower()
        if title_or_name:
            title_or_name = title_or_name.strip().lower()
        if not title:
            title = None
        res = []
        portal = self.portal_url.getPortalObject()
        for g in portal.portal_groups.listGroups():
            #if not (g.listed or is_manager):
            #    continue
            if name:
                if (g.getGroupName().lower().find(name) == -1) and (g.getGroupId().lower().find(name) == -1):
            if email:
                if g.email.lower().find(email) == -1:
            if roles:
                group_roles = g.getRoles()
                found = 0
                for r in roles:
                    if r in group_roles:
                        found = 1
                if not found:
            if title:
                if g.title.lower().find(title) == -1:
            if title_or_name:
                # first search for title
                if g.title.lower().find(title_or_name) == -1:
                    # not found, now search for name
                    if (g.getGroupName().lower().find(title_or_name) == -1) and (g.getGroupId().lower().find(title_or_name) == -1):
            if last_login_time:
                if g.last_login_time < last_login_time:
        return res
    security.declareProtected(AddGroups, 'addGroup')
    def addGroup(self, id, roles = [], groups = [], REQUEST=None, *args, **kw):
        """Create a group, and a group workspace if the toggle is on, with the supplied id, roles, and domains.
        Underlying user folder must support adding users via the usual Zope API.
        Passwords for groups ARE irrelevant in GRUF."""
        if id in self.listGroupIds():
            raise ValueError, "Group '%s' already exists." % (id, )
        self.acl_users.userFolderAddGroup(id, roles = roles, groups = groups )
    addGroup = postonly(addGroup)
    security.declareProtected(ManageGroups, 'editGroup')
    def editGroup(self, id, roles = None, groups = None, REQUEST=None, *args, **kw):
        """Edit the given group with the supplied password, roles, and domains.
        Underlying user folder must support editing users via the usual Zope API.
        Passwords for groups seem to be currently irrelevant in GRUF."""
        self.acl_users.userFolderEditGroup(id, roles = roles, groups = groups, )
    editGroup = postonly(editGroup)
    security.declareProtected(DeleteGroups, 'removeGroups')
    def removeGroups(self, ids, keep_workspaces=0, REQUEST=None):
        """Remove the group in the provided list (if possible).
        Will by default remove this group's GroupWorkspace if it exists. You may
        turn this off by specifying keep_workspaces=true.
        Underlying user folder must support removing users via the usual Zope API."""
        for gid in ids:
            gdata = self.getGroupById(gid)
            gusers = gdata.getGroupMembers()
            for guser in gusers:
        gwf = self.getGroupWorkspacesFolder()
        if not gwf: # _robert_
        if not keep_workspaces:
            for id in ids:
                if hasattr(aq_base(gwf), id):
    removeGroups = postonly(removeGroups)
    security.declareProtected(SetGroupOwnership, 'setGroupOwnership')
    def setGroupOwnership(self, group, object, REQUEST=None):
        """Make the object 'object' owned by group 'group' (a portal_groupdata-ish object).
        For GRUF this is easy. Others may have to re-implement."""
        user = group.getGroup()
        if user is None:
            raise ValueError, "Invalid group: '%s'." % (group, )
        object.manage_setLocalRoles(user.getId(), ['Owner'])
    setGroupOwnership = postonly(setGroupOwnership)
    security.declareProtected(ManagePortal, 'setGroupWorkspacesFolder')
    def setGroupWorkspacesFolder(self, id="", title=""):
        """ Set the location of the Group Workspaces folder by id.
        The Group Workspaces Folder contains all the group workspaces, just like the
        Members folder contains all the member folders.
         If anyone really cares, we can probably make the id work as a path as well,
         but for the moment it's only an id for a folder in the portal root, just like the
         corresponding MembershipTool functionality. """
        self.groupworkspaces_id = id.strip()
        self.groupworkspaces_title = title
    security.declareProtected(ManagePortal, 'getGroupWorkspacesFolderId')
    def getGroupWorkspacesFolderId(self):
        """ Get the Group Workspaces folder object's id.
        The Group Workspaces Folder contains all the group workspaces, just like the
        Members folder contains all the member folders. """
        return self.groupworkspaces_id
    security.declareProtected(ManagePortal, 'getGroupWorkspacesFolderTitle')
    def getGroupWorkspacesFolderTitle(self):
        """ Get the Group Workspaces folder object's title.
        return self.groupworkspaces_title
    def getGroupWorkspacesFolder(self):
        """ Get the Group Workspaces folder object.
        The Group Workspaces Folder contains all the group workspaces, just like the
        Members folder contains all the member folders. """
        parent = self.aq_inner.aq_parent
        folder = getattr(parent, self.getGroupWorkspacesFolderId(), None)
        return folder
    security.declareProtected(ManagePortal, 'toggleGroupWorkspacesCreation')
    def toggleGroupWorkspacesCreation(self, REQUEST=None):
        """ Toggles the flag for creation of a GroupWorkspaces folder upon creation of the group. """
        if not hasattr(self, 'groupWorkspacesCreationFlag'):
            self.groupWorkspacesCreationFlag = 0
        self.groupWorkspacesCreationFlag = not self.groupWorkspacesCreationFlag
        m = self.groupWorkspacesCreationFlag and 'turned on' or 'turned off'
        return self.manage_config(manage_tabs_message="Workspaces creation %s" % m)
    security.declareProtected(ManagePortal, 'getGroupWorkspacesCreationFlag')
    def getGroupWorkspacesCreationFlag(self):
        """Return the (boolean) flag indicating whether the Groups Tool will create a group workspace
        upon the creation of the group (if one doesn't exist already). """
        return self.groupWorkspacesCreationFlag
    security.declareProtected(AddGroups, 'createGrouparea')
    def createGrouparea(self, id):
        """Create a space in the portal for the given group, much like member home
        parent = self.aq_inner.aq_parent
        workspaces = self.getGroupWorkspacesFolder()
        pt = getToolByName( self, 'portal_types' )
        if id and self.getGroupWorkspacesCreationFlag():
            if workspaces is None:
                # add GroupWorkspaces folder
                    type_name = self.getGroupWorkspaceContainerType(),
                    container = parent,
                    id = self.getGroupWorkspacesFolderId(),
                workspaces = self.getGroupWorkspacesFolder()
                workspaces.setDescription("Container for " + self.getGroupWorkspacesFolderId())
                # how about ownership?
                # this stuff like MembershipTool...
                portal_catalog = getToolByName( self, 'portal_catalog' )
                portal_catalog.unindexObject(workspaces)     # unindex GroupWorkspaces folder
                workspaces._setProperty('right_slots', (), 'lines')
            if workspaces is not None and not hasattr(workspaces.aq_base, id):
                # add workspace to GroupWorkspaces folder
                    type_name = self.getGroupWorkspaceType(),
                    container = workspaces,
                    id = id,
                space = self.getGroupareaFolder(id)
                space.setTitle("%s workspace" % id)
                space.setDescription("Container for objects shared by this group")
                if hasattr(space, 'setInitialGroup'):
                    # GroupSpaces can have their own policies regarding the group
                    # that they are created for.
                    user = self.getGroupById(id).getGroup()
                    if user is not None:
                    self.setGroupOwnership(self.getGroupById(id), space)
                # Hook to allow doing other things after grouparea creation.
                notify_script = getattr(workspaces, 'notifyGroupAreaCreated', None)
                if notify_script is not None:
                # Re-indexation
                portal_catalog = getToolByName( self, 'portal_catalog' )
    security.declareProtected(ManagePortal, 'getGroupWorkspaceType')
    def getGroupWorkspaceType(self):
        """Return the Type (as in TypesTool) to make the GroupWorkspace."""
        return self.groupWorkspaceType
    security.declareProtected(ManagePortal, 'setGroupWorkspaceType')
    def setGroupWorkspaceType(self, type):
        """Set the Type (as in TypesTool) to make the GroupWorkspace."""
        self.groupWorkspaceType = type
    security.declareProtected(ManagePortal, 'getGroupWorkspaceContainerType')
    def getGroupWorkspaceContainerType(self):
        """Return the Type (as in TypesTool) to make the GroupWorkspace."""
        return self.groupWorkspaceContainerType
    security.declareProtected(ManagePortal, 'setGroupWorkspaceContainerType')
    def setGroupWorkspaceContainerType(self, type):
        """Set the Type (as in TypesTool) to make the GroupWorkspace."""
        self.groupWorkspaceContainerType = type
    def getGroupareaFolder(self, id=None, verifyPermission=0):
        """Returns the object of the group's work area."""
        if id is None:
            group = self.getAuthenticatedMember()
            if not hasattr(member, 'getGroupId'):
                return None
            id = group.getGroupId()
        workspaces = self.getGroupWorkspacesFolder()
        if workspaces:
                folder = workspaces[id]
                if verifyPermission and not _checkPermission('View', folder):
                    # Don't return the folder if the user can't get to it.
                    return None
                return folder
            except KeyError: pass
        return None
    def getGroupareaURL(self, id=None, verifyPermission=0):
        """Returns the full URL to the group's work area."""
        ga = self.getGroupareaFolder(id, verifyPermission)
        if ga is not None:
            return ga.absolute_url()
            return None
    def wrapGroup(self, g, wrap_anon=0):
        ''' Sets up the correct acquisition wrappers for a group
        object and provides an opportunity for a portal_memberdata
        tool to retrieve and store member data independently of
        the user object.
        b = getattr(g, 'aq_base', None)
        if b is None:
            # u isn't wrapped at all.  Wrap it in self.acl_users.
            b = g
            g = g.__of__(self.acl_users)
        if (b is nobody and not wrap_anon) or hasattr(b, 'getMemberId'):
            # This user is either not recognized by acl_users or it is
            # already registered with something that implements the
            # member data tool at least partially.
            return g
        parent = self.aq_inner.aq_parent
        base = getattr(parent, 'aq_base', None)
        if hasattr(base, 'portal_groupdata'):
            # Get portal_groupdata to do the wrapping.
            Log(LOG_DEBUG, "parent", parent)
            gd = getToolByName(parent, 'portal_groupdata')
            Log(LOG_DEBUG, "group data", gd)
                #log("wrapping group %s" % g)
                portal_group = gd.wrapGroup(g)
                return portal_group
            except ConflictError:
                import logging
                logger = logging.getLogger('GroupUserFolder.GroupsTool')
                logger.exception('Error during wrapGroup')
        # Failed.
        return g