copyFrom            = context.siteA
copyTo              = context.siteB
changeOwner         = True      # True = also change owner to owner of copyFrom
revokeExistingRoles = True      # True = revoke all existing roles from copyTo

print 'copy access settings from %s to %s...' % (copyFrom.absolute_url_path(), copyTo.absolute_url_path())
# revoke roles from copyTo
mapping = copyTo.sec_get_or_create_groupsmapping()
if revokeExistingRoles:
    roles = copyTo.get_local_roles()
    if roles:
        for role in roles:
            if role[1][0]!='Owner':
                print 'revoked roles %s for user %s' % (' / '.join(role[1]), role[0])
                copyTo.sec_revoke(role[0], role[1])
    groups = mapping.getMappings().copy()
    for group in groups:
        if groups[group]:
            print 'revoked roles %s for group %s' % (' / '.join(groups[group]), group)
            mapping.revokeRolesFromGroup(group, groups[group])
# get roles from copyFrom
roles = copyFrom.get_local_roles()
groups = copyFrom.sec_get_groupsmapping()
if groups:
    groups = groups.getMappings().copy()
minimumRole = context.getMinimumRole(copyFrom)
# apply roles to copyTo
if roles:
    for role in roles:
        for r in role[1]:
            if changeOwner or r!='Owner':
                print 'assigned role %s to user %s' % (r, role[0])
                copyTo.sec_assign(role[0],r)
if groups:
    for group in groups:
        print 'assigned roles %s to group %s' % (' / '.join(groups[group]), group)
        mapping.assignRolesToGroup(group, groups[group])
context.setMinimumRole(copyTo, minimumRole)
print 'set restriction to role %s' % minimumRole

return printed