[Checkins] SVN: AccessControl/branches/davisagli-permission-directive/ implement role subdirective of the permission directive
David Glick
davidglick at onenw.org
Thu Aug 19 14:16:07 EDT 2010
Log message for revision 115807:
implement role subdirective of the permission directive
Changed:
U AccessControl/branches/davisagli-permission-directive/CHANGES.txt
U AccessControl/branches/davisagli-permission-directive/src/AccessControl/meta.zcml
U AccessControl/branches/davisagli-permission-directive/src/AccessControl/permissions.zcml
U AccessControl/branches/davisagli-permission-directive/src/AccessControl/security.py
U AccessControl/branches/davisagli-permission-directive/src/AccessControl/tests/testZCML.py
-=-
Modified: AccessControl/branches/davisagli-permission-directive/CHANGES.txt
===================================================================
--- AccessControl/branches/davisagli-permission-directive/CHANGES.txt 2010-08-19 18:12:28 UTC (rev 115806)
+++ AccessControl/branches/davisagli-permission-directive/CHANGES.txt 2010-08-19 18:16:07 UTC (rev 115807)
@@ -4,6 +4,9 @@
2.13.3 (unreleased)
-------------------
+- Added a ``role`` subdirective for the ``permission`` ZCML directive. If any
+ roles are specified, they will override the default set of default roles
+ (Manager).
2.13.2 (2010-07-16)
-------------------
Modified: AccessControl/branches/davisagli-permission-directive/src/AccessControl/meta.zcml
===================================================================
--- AccessControl/branches/davisagli-permission-directive/src/AccessControl/meta.zcml 2010-08-19 18:12:28 UTC (rev 115806)
+++ AccessControl/branches/davisagli-permission-directive/src/AccessControl/meta.zcml 2010-08-19 18:16:07 UTC (rev 115807)
@@ -36,6 +36,17 @@
handler="zope.security.zcml.securityPolicy"
/>
+ <meta:groupingDirective
+ name="permission"
+ schema="zope.security.zcml.IPermissionDirective"
+ handler=".security.PermissionDirective"/>
+
+ <meta:directive
+ name="role"
+ usedIn="zope.security.zcml.IPermissionDirective"
+ schema="zope.interface.Interface"
+ handler=".security.RoleDirective"/>
+
</meta:directives>
</configure>
Modified: AccessControl/branches/davisagli-permission-directive/src/AccessControl/permissions.zcml
===================================================================
--- AccessControl/branches/davisagli-permission-directive/src/AccessControl/permissions.zcml 2010-08-19 18:12:28 UTC (rev 115806)
+++ AccessControl/branches/davisagli-permission-directive/src/AccessControl/permissions.zcml 2010-08-19 18:16:07 UTC (rev 115807)
@@ -1,13 +1,6 @@
<configure xmlns="http://namespaces.zope.org/zope"
i18n_domain="Zope2">
- <!-- Create permissions declared in ZCML if they don't exist already -->
- <subscriber
- for="zope.security.interfaces.IPermission
- zope.component.interfaces.IRegistered"
- handler=".security.create_permission_from_permission_directive"
- />
-
<permission
id="zope2.Public"
title="Public, everyone can access"
Modified: AccessControl/branches/davisagli-permission-directive/src/AccessControl/security.py
===================================================================
--- AccessControl/branches/davisagli-permission-directive/src/AccessControl/security.py 2010-08-19 18:12:28 UTC (rev 115806)
+++ AccessControl/branches/davisagli-permission-directive/src/AccessControl/security.py 2010-08-19 18:16:07 UTC (rev 115807)
@@ -16,6 +16,9 @@
from zope.component import getUtility
from zope.component import queryUtility
+from zope.component.zcml import utility
+from zope.configuration.config import GroupingContextDecorator
+from zope.configuration.interfaces import IConfigurationContext
from zope.interface import classProvides
from zope.interface import implements
from zope.security.checker import CheckerPublic
@@ -23,7 +26,9 @@
from zope.security.interfaces import ISecurityPolicy
from zope.security.interfaces import IPermission
from zope.security.management import thread_local
+from zope.security.permission import Permission
from zope.security.simplepolicies import ParanoidSecurityPolicy
+from zope.security.zcml import IPermissionDirective
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.SecurityManagement import getSecurityManager
@@ -160,7 +165,7 @@
perm = str(permission.title)
security.declareObjectProtected(perm)
-
+# XXX what to do with this?
def create_permission_from_permission_directive(permission, event):
"""When a new IPermission utility is registered (via the <permission />
directive), create the equivalent Zope2 style permission.
@@ -168,3 +173,27 @@
# Zope 2 uses string, not unicode yet
zope2_permission = str(permission.title)
addPermission(zope2_permission)
+
+class PermissionDirective(GroupingContextDecorator):
+ implements(IConfigurationContext, IPermissionDirective)
+
+ def __init__(self, context, id, title, description=''):
+ self.context = context
+ self.id, self.title, self.description = id, title, description
+ self.roles = []
+
+ def after(self):
+ permission = Permission(self.id, self.title, self.description)
+ utility(self.context, IPermission, permission, name=self.id)
+
+ zope2_permission = str(self.title)
+ if self.roles:
+ addPermission(zope2_permission, default_roles=tuple(self.roles))
+ else:
+ addPermission(zope2_permission)
+
+def RoleDirective(context):
+ role_name = str(context.info.text.strip())
+ permission_directive = context.context
+ if role_name not in permission_directive.roles:
+ permission_directive.roles.append(role_name)
Modified: AccessControl/branches/davisagli-permission-directive/src/AccessControl/tests/testZCML.py
===================================================================
--- AccessControl/branches/davisagli-permission-directive/src/AccessControl/tests/testZCML.py 2010-08-19 18:12:28 UTC (rev 115806)
+++ AccessControl/branches/davisagli-permission-directive/src/AccessControl/tests/testZCML.py 2010-08-19 18:16:07 UTC (rev 115807)
@@ -393,6 +393,51 @@
>>> tearDown()
"""
+def test_register_permission_with_non_default_roles():
+ """This test demonstrates that the <permission /> directive can be used
+ as a grouping directive with <role/> subdirectives that specify the default
+ roles for the permission.
+
+ >>> from zope.component.testing import setUp, tearDown
+ >>> setUp()
+
+ First, we need to configure the relevant parts of AccessControl:
+
+ >>> import AccessControl
+ >>> from zope.configuration.xmlconfig import XMLConfig
+ >>> XMLConfig('meta.zcml', AccessControl)()
+ >>> XMLConfig('permissions.zcml', AccessControl)()
+
+ We can now register a permission in ZCML:
+
+ >>> from StringIO import StringIO
+ >>> configure_zcml = StringIO('''
+ ... <configure xmlns="http://namespaces.zope.org/zope"
+ ... i18n_domain="test">
+ ...
+ ... <permission
+ ... id="AccessControl.tests.DummyPermission2"
+ ... title="AccessControl: Dummy permission 2">
+ ... <role>Anonymous</role>
+ ... </permission>
+ ...
+ ... </configure>
+ ... ''')
+ >>> from zope.configuration.xmlconfig import xmlconfig
+ >>> xmlconfig(configure_zcml)
+
+ The permission will be made available globally, with the specified role set
+ of ('Anonymous',).
+
+ >>> from AccessControl.Permission import getPermissions
+ >>> permissions = getPermissions()
+ >>> [p[2] for p in permissions
+ ... if p[0] == 'AccessControl: Dummy permission 2']
+ [('Anonymous',)]
+
+ >>> tearDown()
+ """
+
def test_suite():
import doctest
return doctest.DocTestSuite(optionflags=doctest.ELLIPSIS)
More information about the checkins
mailing list