ChristianBoos: is_member_of

context-refactoring (experimental): introduce the .groups method on the PermissionCache.


Based on a discussion with Colin Guthrie about the Gringott's plugin.

diff -r 7928d8221b71 trac/perm.py
--- a/trac/perm.py      Fri Oct 26 18:31:02 2007 +0200
+++ b/trac/perm.py      Fri Oct 26 19:25:51 2007 +0200
@@ -73,6 +73,9 @@ class IPermissionStore(Interface):
         of the permission, and the value is either `True` for granted
         permissions or `False` for explicitly denied permissions."""
 
+    def get_user_groups(username):
+        """Return a set containing the groups to which the user belongs to."""
+
     def get_users_with_permissions(self, permissions):
         """Retrieve a list of users that have any of the specified permissions.
 
@@ -137,9 +140,8 @@ class DefaultPermissionStore(Component):
         the action column: such a record represents a group and not an actual
         permission, and declares that the user is part of that group.
         """
-        subjects = set([username])
-        for provider in self.group_providers:
-            subjects.update(provider.get_permission_groups(username))
+        subjects = self.get_user_groups(username)
+        subjects.update([username])
 
         actions = set([])
         db = self.env.get_db_cnx()
@@ -160,6 +162,12 @@ class DefaultPermissionStore(Component):
             if num_users == len(subjects) and num_actions == len(actions):
                 break
         return list(actions)
+
+    def get_user_groups(self, username):
+        groups = set()
+        for provider in self.group_providers:
+            groups.update(provider.get_permission_groups(username))
+        return groups
 
     def get_users_with_permissions(self, permissions):
         """Retrieve a list of users that have any of the specified permissions
@@ -432,14 +440,13 @@ class PermissionCache(object):
     permission is missing.
     """
 
-    def __init__(self, env, username=None, resource=None, cache=None):
+    def __init__(self, env, username=None, resource=None, cache=None,
+                 groups=None):
         self.env = env
         self.username = username or 'anonymous'
         self.resource = resource
-        if cache is None:
-            self._cache = {}
-        else:
-            self._cache = cache
+        self._cache = cache is not None and cache or {}
+        self._groups = groups is not None and groups or set([None])
 
     def _normalize_resource(self, realm_or_resource, id, version):
         if realm_or_resource:
@@ -457,7 +464,8 @@ class PermissionCache(object):
 
         """
         resource = Resource.from_spec(realm_or_resource, id, version)
-        return PermissionCache(self.env, self.username, resource, self._cache)
+        return PermissionCache(self.env, self.username, resource, self._cache,
+                               self._groups)
 
     def has_permission(self, action, realm_or_resource=None, id=None,
                        version=None):
@@ -474,7 +482,7 @@ class PermissionCache(object):
             perm = self
             if resource is not self.resource:
                 perm = PermissionCache(self.env, self.username, resource,
-                                       self._cache)
+                                       self._cache, self._groups)
             decision = PermissionSystem(self.env).check_permission(action, perm)
             self._cache[key] = decision
             return decision
@@ -493,3 +501,10 @@ class PermissionCache(object):
         perm = PermissionSystem(self.env)
         actions = perm.get_user_permissions(self.username)
         return [action for action in actions if action in self]
+
+    def groups(self):
+        """Return the set of groups to which the user belongs to."""
+        if None in self._groups:
+            store = PermissionSystem(self.env).store
+            self._groups.update(store.get_user_groups(self.username))
+        return self._groups