[Checkins] SVN: AccessControl/trunk/ merge the davisagli-permission-directive branch
David Glick
davidglick at onenw.org
Tue Aug 24 22:04:30 EDT 2010
Log message for revision 115932:
merge the davisagli-permission-directive branch
Changed:
U AccessControl/trunk/CHANGES.txt
U AccessControl/trunk/src/AccessControl/meta.zcml
U AccessControl/trunk/src/AccessControl/permissions.zcml
U AccessControl/trunk/src/AccessControl/security.py
U AccessControl/trunk/src/AccessControl/tests/testZCML.py
-=-
Modified: AccessControl/trunk/CHANGES.txt
===================================================================
--- AccessControl/trunk/CHANGES.txt 2010-08-25 01:55:10 UTC (rev 115931)
+++ AccessControl/trunk/CHANGES.txt 2010-08-25 02:04:30 UTC (rev 115932)
@@ -4,6 +4,9 @@
2.13.3 (unreleased)
-------------------
+- Added a ``role`` subdirective for the ``permission`` ZCML directive. If any
+ roles are specified, they will override the default set of default roles
+ (Manager).
2.13.2 (2010-07-16)
-------------------
Modified: AccessControl/trunk/src/AccessControl/meta.zcml
===================================================================
--- AccessControl/trunk/src/AccessControl/meta.zcml 2010-08-25 01:55:10 UTC (rev 115931)
+++ AccessControl/trunk/src/AccessControl/meta.zcml 2010-08-25 02:04:30 UTC (rev 115932)
@@ -36,6 +36,17 @@
handler="zope.security.zcml.securityPolicy"
/>
+ <meta:groupingDirective
+ name="permission"
+ schema="zope.security.zcml.IPermissionDirective"
+ handler=".security.PermissionDirective"/>
+
+ <meta:directive
+ name="role"
+ usedIn="zope.security.zcml.IPermissionDirective"
+ schema=".security.IRoleDirective"
+ handler=".security.RoleDirective"/>
+
</meta:directives>
</configure>
Modified: AccessControl/trunk/src/AccessControl/permissions.zcml
===================================================================
--- AccessControl/trunk/src/AccessControl/permissions.zcml 2010-08-25 01:55:10 UTC (rev 115931)
+++ AccessControl/trunk/src/AccessControl/permissions.zcml 2010-08-25 02:04:30 UTC (rev 115932)
@@ -1,13 +1,6 @@
<configure xmlns="http://namespaces.zope.org/zope"
i18n_domain="Zope2">
- <!-- Create permissions declared in ZCML if they don't exist already -->
- <subscriber
- for="zope.security.interfaces.IPermission
- zope.component.interfaces.IRegistered"
- handler=".security.create_permission_from_permission_directive"
- />
-
<permission
id="zope2.Public"
title="Public, everyone can access"
Modified: AccessControl/trunk/src/AccessControl/security.py
===================================================================
--- AccessControl/trunk/src/AccessControl/security.py 2010-08-25 01:55:10 UTC (rev 115931)
+++ AccessControl/trunk/src/AccessControl/security.py 2010-08-25 02:04:30 UTC (rev 115932)
@@ -16,14 +16,21 @@
from zope.component import getUtility
from zope.component import queryUtility
+from zope.component.zcml import utility
+from zope.configuration.config import GroupingContextDecorator
+from zope.configuration.interfaces import IConfigurationContext
from zope.interface import classProvides
from zope.interface import implements
+from zope.interface import Interface
+from zope.schema import ASCIILine
from zope.security.checker import CheckerPublic
from zope.security.interfaces import IInteraction
from zope.security.interfaces import ISecurityPolicy
from zope.security.interfaces import IPermission
from zope.security.management import thread_local
+from zope.security.permission import Permission
from zope.security.simplepolicies import ParanoidSecurityPolicy
+from zope.security.zcml import IPermissionDirective
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.SecurityManagement import getSecurityManager
@@ -160,11 +167,29 @@
perm = str(permission.title)
security.declareObjectProtected(perm)
+class PermissionDirective(GroupingContextDecorator):
+ implements(IConfigurationContext, IPermissionDirective)
+
+ def __init__(self, context, id, title, description=''):
+ self.context = context
+ self.id, self.title, self.description = id, title, description
+ self.roles = []
+
+ def after(self):
+ permission = Permission(self.id, self.title, self.description)
+ utility(self.context, IPermission, permission, name=self.id)
+
+ zope2_permission = str(self.title)
+ if self.roles:
+ addPermission(zope2_permission, default_roles=tuple(self.roles))
+ else:
+ addPermission(zope2_permission)
-def create_permission_from_permission_directive(permission, event):
- """When a new IPermission utility is registered (via the <permission />
- directive), create the equivalent Zope2 style permission.
- """
- # Zope 2 uses string, not unicode yet
- zope2_permission = str(permission.title)
- addPermission(zope2_permission)
+class IRoleDirective(Interface):
+
+ name = ASCIILine()
+
+def RoleDirective(context, name):
+ permission_directive = context.context
+ if name not in permission_directive.roles:
+ permission_directive.roles.append(name)
Modified: AccessControl/trunk/src/AccessControl/tests/testZCML.py
===================================================================
--- AccessControl/trunk/src/AccessControl/tests/testZCML.py 2010-08-25 01:55:10 UTC (rev 115931)
+++ AccessControl/trunk/src/AccessControl/tests/testZCML.py 2010-08-25 02:04:30 UTC (rev 115932)
@@ -393,6 +393,51 @@
>>> tearDown()
"""
+def test_register_permission_with_non_default_roles():
+ """This test demonstrates that the <permission /> directive can be used
+ as a grouping directive with <role/> subdirectives that specify the default
+ roles for the permission.
+
+ >>> from zope.component.testing import setUp, tearDown
+ >>> setUp()
+
+ First, we need to configure the relevant parts of AccessControl:
+
+ >>> import AccessControl
+ >>> from zope.configuration.xmlconfig import XMLConfig
+ >>> XMLConfig('meta.zcml', AccessControl)()
+ >>> XMLConfig('permissions.zcml', AccessControl)()
+
+ We can now register a permission in ZCML:
+
+ >>> from StringIO import StringIO
+ >>> configure_zcml = StringIO('''
+ ... <configure xmlns="http://namespaces.zope.org/zope"
+ ... i18n_domain="test">
+ ...
+ ... <permission
+ ... id="AccessControl.tests.DummyPermission2"
+ ... title="AccessControl: Dummy permission 2">
+ ... <role name="Anonymous"/>
+ ... </permission>
+ ...
+ ... </configure>
+ ... ''')
+ >>> from zope.configuration.xmlconfig import xmlconfig
+ >>> xmlconfig(configure_zcml)
+
+ The permission will be made available globally, with the specified role set
+ of ('Anonymous',).
+
+ >>> from AccessControl.Permission import getPermissions
+ >>> permissions = getPermissions()
+ >>> [p[2] for p in permissions
+ ... if p[0] == 'AccessControl: Dummy permission 2']
+ [('Anonymous',)]
+
+ >>> tearDown()
+ """
+
def test_suite():
import doctest
return doctest.DocTestSuite(optionflags=doctest.ELLIPSIS)
More information about the checkins
mailing list