[Checkins] SVN: z3ext.security/trunk/ Added 'z3ext:role' and 'z3ext:permission' directives
Nikolay Kim
fafhrd91 at gmail.com
Fri May 29 08:36:56 EDT 2009
Log message for revision 100532:
Added 'z3ext:role' and 'z3ext:permission' directives
Changed:
U z3ext.security/trunk/CHANGES.txt
U z3ext.security/trunk/src/z3ext/security/configure.zcml
U z3ext.security/trunk/src/z3ext/security/interfaces.py
A z3ext.security/trunk/src/z3ext/security/meta.zcml
U z3ext.security/trunk/src/z3ext/security/tests.py
U z3ext.security/trunk/src/z3ext/security/utils.py
A z3ext.security/trunk/src/z3ext/security/vocabulary.py
A z3ext.security/trunk/src/z3ext/security/zcml.py
A z3ext.security/trunk/src/z3ext/security/zcml.txt
-=-
Modified: z3ext.security/trunk/CHANGES.txt
===================================================================
--- z3ext.security/trunk/CHANGES.txt 2009-05-29 12:28:12 UTC (rev 100531)
+++ z3ext.security/trunk/CHANGES.txt 2009-05-29 12:36:55 UTC (rev 100532)
@@ -2,6 +2,12 @@
CHANGES
=======
+1.3.0 (2009-05-29)
+------------------
+
+- Added 'z3ext:role' and 'z3ext:permission' directives
+
+
1.2.6 (2009-03-25)
------------------
Modified: z3ext.security/trunk/src/z3ext/security/configure.zcml
===================================================================
--- z3ext.security/trunk/src/z3ext/security/configure.zcml 2009-05-29 12:28:12 UTC (rev 100531)
+++ z3ext.security/trunk/src/z3ext/security/configure.zcml 2009-05-29 12:36:55 UTC (rev 100532)
@@ -20,6 +20,15 @@
interface="zope.security.interfaces.IPrincipal" />
</class>
+ <!-- Public Roles/Permissions vocabulary -->
+ <utility
+ name="z3ext.roles"
+ factory=".vocabulary.RolesVocabulary" />
+
+ <utility
+ name="z3ext.permissions"
+ factory=".vocabulary.PermissionsVocabulary" />
+
<!-- Registering documentation with API doc -->
<configure
xmlns:apidoc="http://namespaces.zope.org/apidoc"
Modified: z3ext.security/trunk/src/z3ext/security/interfaces.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/interfaces.py 2009-05-29 12:28:12 UTC (rev 100531)
+++ z3ext.security/trunk/src/z3ext/security/interfaces.py 2009-05-29 12:36:55 UTC (rev 100532)
@@ -45,3 +45,23 @@
def getPrincipalsForPermission(permission):
""" Get principals for permission """
+
+
+class IPublicRole(interface.Interface):
+ """ public role """
+
+
+class IManagerRole(interface.Interface):
+ """ marker interface for manager role """
+
+
+class IPublicPermission(interface.Interface):
+ """ marker interface for allowed permissins """
+
+
+class IPermissionCategory(interface.Interface):
+ """ permissions category """
+
+
+class IPermissionCategoryType(interface.interfaces.IInterface):
+ """Permission category type"""
Added: z3ext.security/trunk/src/z3ext/security/meta.zcml
===================================================================
--- z3ext.security/trunk/src/z3ext/security/meta.zcml (rev 0)
+++ z3ext.security/trunk/src/z3ext/security/meta.zcml 2009-05-29 12:36:55 UTC (rev 100532)
@@ -0,0 +1,25 @@
+<configure
+ xmlns="http://namespaces.zope.org/zope"
+ xmlns:meta="http://namespaces.zope.org/meta">
+
+ <meta:directives namespace="http://namespaces.zope.org/z3ext">
+
+ <meta:directive
+ name="role"
+ schema=".zcml.IPublicRoleDirective"
+ handler=".zcml.publicRoleHandler" />
+
+ <meta:directive
+ name="permission"
+ schema=".zcml.IPublicPermissionDirective"
+ handler=".zcml.publicPermissionHandler" />
+
+ <!-- deprecated -->
+ <meta:directive
+ name="publicrole"
+ schema=".zcml.IPublicRoleDirective"
+ handler=".zcml.publicRoleHandler" />
+
+ </meta:directives>
+
+</configure>
Modified: z3ext.security/trunk/src/z3ext/security/tests.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/tests.py 2009-05-29 12:28:12 UTC (rev 100531)
+++ z3ext.security/trunk/src/z3ext/security/tests.py 2009-05-29 12:36:55 UTC (rev 100532)
@@ -28,7 +28,8 @@
def setUp(test):
test_zopepolicy.setUp(test)
- ztapi.provideAdapter(interface.Interface, IExtendedGrantInfo, ExtendedGrantInfo)
+ ztapi.provideAdapter(
+ interface.Interface, IExtendedGrantInfo, ExtendedGrantInfo)
def tearDown(test):
setup.placelessTearDown()
@@ -37,7 +38,14 @@
def test_suite():
return unittest.TestSuite((
doctest.DocFileSuite(
- 'grantinfo.txt',setUp=setUp, tearDown=tearDown),
+ 'grantinfo.txt', setUp=setUp, tearDown=tearDown),
doctest.DocFileSuite(
'securitypolicy.txt',setUp=setUp, tearDown=tearDown),
+ doctest.DocFileSuite(
+ 'zcml.txt', setUp=setUp, tearDown=tearDown,
+ optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
+ doctest.DocTestSuite(
+ 'z3ext.security.vocabulary',
+ setUp=setup.placelessSetUp, tearDown=setup.placelessTearDown,
+ optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
))
Modified: z3ext.security/trunk/src/z3ext/security/utils.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/utils.py 2009-05-29 12:28:12 UTC (rev 100531)
+++ z3ext.security/trunk/src/z3ext/security/utils.py 2009-05-29 12:36:55 UTC (rev 100532)
@@ -39,6 +39,18 @@
return None
+def getPrincipals(ids):
+ auth = getUtility(IAuthentication)
+
+ for pid in ids:
+ try:
+ principal = auth.getPrincipal(pid)
+ except PrincipalLookupError:
+ continue
+
+ yield principal
+
+
def checkPermissionForPrincipal(principal, permission, object):
interaction = queryInteraction()
Added: z3ext.security/trunk/src/z3ext/security/vocabulary.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/vocabulary.py (rev 0)
+++ z3ext.security/trunk/src/z3ext/security/vocabulary.py 2009-05-29 12:36:55 UTC (rev 100532)
@@ -0,0 +1,99 @@
+##############################################################################
+#
+# Copyright (c) 2009 Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+from zope import interface
+from zope.component import getUtilitiesFor
+from zope.schema.interfaces import IVocabularyFactory
+from zope.schema.vocabulary import SimpleTerm, SimpleVocabulary
+
+from interfaces import IPublicRole, IPublicPermission
+
+
+class Vocabulary(SimpleVocabulary):
+
+ def getTerm(self, value):
+ try:
+ return self.by_value[value]
+ except KeyError:
+ return self.by_value[self.by_value.keys()[0]]
+
+
+class RolesVocabulary(object):
+ """
+ >>> from zope import interface, component
+ >>> from z3ext.security.vocabulary import RolesVocabulary
+ >>> factory = RolesVocabulary()
+
+ >>> list(factory(None))
+ []
+
+ >>> from z3ext.security.interfaces import IPublicRole
+ >>> class Role(object):
+ ... interface.implements(IPublicRole)
+ >>> r = Role()
+ >>> r.id = 'portal.Member'
+ >>> r.title = 'Portal member'
+
+ >>> component.provideUtility(r, name='portla.Member')
+
+ >>> for term in factory(None):
+ ... print term.value, term.title
+ portal.Member Portal member
+
+ """
+ interface.implements(IVocabularyFactory)
+
+ def __call__(self, context, **kw):
+ roles = []
+ for name, role in getUtilitiesFor(IPublicRole):
+ term = SimpleTerm(role.id, role.id, role.title)
+ term.description = getattr(role, 'description', u'')
+ roles.append((role.title, term))
+ roles.sort()
+ return Vocabulary([term for title, term in roles])
+
+
+class PermissionsVocabulary(object):
+ """
+ >>> from zope import interface, component
+
+ >>> factory = PermissionsVocabulary()
+ >>> list(factory(None))
+ []
+
+ >>> from z3ext.security.interfaces import IPublicPermission
+ >>> class Permission(object):
+ ... interface.implements(IPublicPermission)
+ >>> r = Permission()
+ >>> r.id = 'permission1'
+ >>> r.title = 'Permission1'
+
+ >>> component.provideUtility(r, name='permission1')
+
+ >>> for term in factory(None):
+ ... print term.value, term.title
+ permission1 Permission1
+
+ """
+ interface.implements(IVocabularyFactory)
+
+ def __call__(self, context, **kw):
+ perms = []
+ for name, perm in getUtilitiesFor(IPublicPermission):
+ perms.append((perm.title, SimpleTerm(perm.id, perm.id, perm.title)))
+ perms.sort()
+ return Vocabulary([term for title, term in perms])
Property changes on: z3ext.security/trunk/src/z3ext/security/vocabulary.py
___________________________________________________________________
Added: svn:keywords
+ Id
Added: z3ext.security/trunk/src/z3ext/security/zcml.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/zcml.py (rev 0)
+++ z3ext.security/trunk/src/z3ext/security/zcml.py 2009-05-29 12:36:55 UTC (rev 100532)
@@ -0,0 +1,93 @@
+##############################################################################
+#
+# Copyright (c) 2009 Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+from zope import schema, interface, component
+from zope.security.zcml import Permission
+from zope.security.interfaces import IPermission
+from zope.securitypolicy.interfaces import IRole
+from zope.configuration.fields import GlobalInterface
+
+from interfaces import IPublicRole, IManagerRole, IPublicPermission
+
+
+class IPublicRoleDirective(interface.Interface):
+
+ role = schema.Id(
+ title=u"Role",
+ description=u"Specifies the Role to be manageable.",
+ required=True)
+
+ manager = schema.Bool(
+ title=u"Manager",
+ description=u"Specifies the manager roles.",
+ default=False,
+ required=False)
+
+
+class IPublicPermissionDirective(interface.Interface):
+
+ permission = Permission(
+ title = u'Permission',
+ required = True)
+
+ category = GlobalInterface(
+ title = u'Category',
+ description = u'Permission category',
+ required = False)
+
+
+def publicRoleHandler(_context, role, manager=False):
+ _context.action(
+ discriminator = ('z3ext:role', role),
+ callable = publicRole,
+ args = (role, manager))
+
+
+def publicRole(roleId, manager):
+ sm = component.getSiteManager()
+
+ role = sm.getUtility(IRole, roleId)
+
+ if not manager:
+ interface.directlyProvides(role, IPublicRole)
+ else:
+ interface.directlyProvides(role, IPublicRole, IManagerRole)
+
+ sm.registerUtility(role, IPublicRole, roleId)
+
+
+def publicPermissionHandler(_context, permission, category=None):
+ if permission == 'zope.Public':
+ raise TypeError('zope.Public permission is not allowed.')
+
+ _context.action(
+ discriminator = ('z3ext:permission', permission),
+ callable = publicPermission,
+ args = (permission, category))
+
+
+def publicPermission(name, category):
+ sm = component.getSiteManager()
+
+ permission = sm.getUtility(IPermission, name)
+
+ interface.alsoProvides(permission, IPublicPermission)
+
+ if category is not None:
+ interface.alsoProvides(permission, category)
+
+ sm.registerUtility(permission, IPublicPermission, name)
Property changes on: z3ext.security/trunk/src/z3ext/security/zcml.py
___________________________________________________________________
Added: svn:keywords
+ Id
Added: z3ext.security/trunk/src/z3ext/security/zcml.txt
===================================================================
--- z3ext.security/trunk/src/z3ext/security/zcml.txt (rev 0)
+++ z3ext.security/trunk/src/z3ext/security/zcml.txt 2009-05-29 12:36:55 UTC (rev 100532)
@@ -0,0 +1,87 @@
+====================
+z3ext:role directive
+====================
+
+PublicRole - Ñто роль ÐºÐ¾Ñ‚Ð¾Ñ€Ð°Ñ Ð´Ð¾Ñтупна Ð´Ð»Ñ UI
+
+ >>> from zope import component
+
+ >>> sm = component.getSiteManager()
+
+Let's create role
+
+ >>> from zope.securitypolicy.role import Role
+ >>> from zope.securitypolicy.interfaces import IRole
+
+ >>> role = Role('zope.Member', 'Member')
+ >>> sm.registerUtility(role, name='zope.Member')
+
+ >>> manager = Role('zope.Manager', 'Manager')
+ >>> sm.registerUtility(manager, name='zope.Manager')
+
+Now load zcml directive and set portal.Member as public role
+
+ >>> from zope.configuration import xmlconfig
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns:z3ext="http://namespaces.zope.org/z3ext">
+ ... <include package="z3ext.security" file="meta.zcml" />
+ ...
+ ... <z3ext:role role="zope.Member" />
+ ... <z3ext:role role="zope.Manager" manager="true" />
+ ... </configure>""")
+
+ >>> from z3ext.security.interfaces import IPublicRole, IManagerRole
+
+ >>> prole = sm.getUtility(IPublicRole, name='zope.Member')
+ >>> prole.id == 'zope.Member'
+ True
+ >>> IPublicRole.providedBy(prole)
+ True
+ >>> role is prole
+ True
+
+ >>> prole = sm.getUtility(IPublicRole, name='zope.Manager')
+ >>> IManagerRole.providedBy(prole)
+ True
+ >>> manager is prole
+ True
+
+
+==========================
+z3ext:permission directive
+==========================
+
+Let's create permission
+
+ >>> from zope.security.permission import Permission
+ >>> from zope.security.interfaces import IPermission
+
+ >>> permission = Permission('portal.Permission', 'Permission')
+ >>> sm.registerUtility(permission, name='portal.Permission')
+
+Now load zcml directive and set portal.Member as public pemrission
+
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns:z3ext="http://namespaces.zope.org/z3ext">
+ ... <z3ext:permission permission="zope.Public" />
+ ... </configure>""", context)
+ Traceback (most recent call last):
+ ...
+ ZopeXMLConfigurationError:...
+
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns:z3ext="http://namespaces.zope.org/z3ext">
+ ... <z3ext:permission
+ ... permission="portal.Permission"
+ ... category="z3ext.security.interfaces.IPermissionCategory" />
+ ... </configure>""", context)
+
+ >>> from z3ext.security.interfaces import IPublicPermission
+
+ >>> p = sm.getUtility(IPublicPermission, name='portal.Permission')
+ >>> p.id == 'portal.Permission'
+ True
+ >>> IPublicPermission.providedBy(p)
+ True
+ >>> permission is p
+ True
More information about the Checkins
mailing list