[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - IDTMLSecurityAPI.py:1.1.2.1 IExecutableObject.py:1.1.2.1 ISecurityContext.py:1.1.2.1 ISecurityManagement.py:1.1.2.1 ISecurityManager.py:1.1.2.1 ISecurityPolicy.py:1.1.2.1

Tres Seaver tseaver@zope.com
Tue, 27 Nov 2001 18:07:18 -0500


Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv29760/lib/python/Zope/App/Security

Added Files:
      Tag: Zope-3x-branch
	IDTMLSecurityAPI.py IExecutableObject.py ISecurityContext.py 
	ISecurityManagement.py ISecurityManager.py ISecurityPolicy.py 
Log Message:
 - Add interfaces for security framework.

=== Added File Zope3/lib/python/Zope/App/Security/IDTMLSecurityAPI.py ===
# Copyright (c) 2001 Zope Corporation and Contributors.  All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.

from Interface import Interface

class IDTMLSecurityAPI( Interface ):
    """
        The DTML Security API is implemented by the DTML namespace (aka _) 
        and provides tools for checking access to objects.
    """

    def SecurityValidate( accessed, container, name, value ):
        """
            Validate access.

            Arguments:
            
            accessed -- the object that was being accessed
            
            container -- the object the value was found in
            
            name -- The name used to access the value
            
            value -- The value retrieved though the access.
            
            The arguments may be provided as keyword arguments. Some of
            these arguments may be omitted;  however, the policy may reject
            access in some cases when arguments are omitted.  It is best to
            provide all the values possible.
        """

    def SecurityValidateValue( value ):
        """
            Convenience for common case of simple value validation.
        """

    def SecurityCheckPermission( permission, object ):
        """
            Check whether the security context allows the given permission
            on the given object.

            Arguments:
            
            permission -- A permission name
            
            object -- The object being accessed according to the permission
        """

    def SecurityGetUser():
        """
            Get the current authenticated user.
        """

    def SecurityCalledByExecutable():
        """
            Return a boolean value indicating if this context was called
            by an executable.
        """


=== Added File Zope3/lib/python/Zope/App/Security/IExecutableObject.py ===
# Copyright (c) 2001 Zope Corporation and Contributors.  All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.

from Interface import Interface

class IExecutableObject( Interface ):
    """
        An executable object is an object that executes logic provided
        through the web (TTW).  Examples of executable objects include
        DTML methods and documents, SQL methods, Wiki pages, and,
        someday, TTW Python methods.

        It is likely that SecurityPolicy objects will expect executable
        objects to provide certain interfaces. These interfaces
        may, in fact, turn out to be policy dependent.

        An executable object may provide it's own security policy by
        defining the method:
    """

class IExecutableObjectWithCustomSecurityPolicy( IExecutableObject ):

    def _customSecurityPolicy():
        """
            Return a custom SecurityPolicy.

            This should rearely, if ever be needed.
        """



=== Added File Zope3/lib/python/Zope/App/Security/ISecurityContext.py ===
# Copyright (c) 2001 Zope Corporation and Contributors.  All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.

from Interface import Interface, Attribute

class ISecurityContext( Interface ):
    """
        Capture transient request-specific security information.
    """
    Attribute( 'stack'
             , 'A stack of elements, each either be an ExecutableObject'
               'or a tuple consisting of an ExecutableObject and a'
               'custom SecurityPolicy.'
             )

    Attribute( 'user'
             , 'The AUTHENTICATED_USER for the request.'
             )



=== Added File Zope3/lib/python/Zope/App/Security/ISecurityManagement.py ===
# Copyright (c) 2001 Zope Corporation and Contributors.  All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.

from Interface import Interface

class ISecurityManagementSetup( Interface ):
    """
        Infrastructure (including tests, etc.) calls these things to
        tweak the security manager.
    """
    def newSecurityManager( user ):
        """
            Install a new SecurityManager, using user.  Return the
            old SecurityManager, if any, or None.
        """

    def replaceSecurityManager( old_manager ):
        """
            Replace the SecurityManager with 'old_manager', which
            must implement ISecurityManager.
        """

    def noSecurityManager():
        """
            Clear any existing SecurityManager.
        """

class ISecurityManagement( Interface ):
    """
        "Public" SM API.
    """
    def getSecurityManager():
        """
            Get a SecurityManager (create if needed).
        """

    def setSecurityPolicy( aSecurityPolicy ):
        """
            Set the system default security policy. 

            This method should only be caused by system startup code.
            It should never, for example, be called during a web request.
        """


=== Added File Zope3/lib/python/Zope/App/Security/ISecurityManager.py ===
# Copyright (c) 2001 Zope Corporation and Contributors.  All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.

from Interface import Interface

class ISecurityManager( Interface ):
    """
        A security manager provides methods for checking access and managing
        executable context and policies.
    """
    def validate( accessed, container, name, value, roles ):
        """
            Validate access.

            Arguments:

            accessed -- the object that was being accessed

            container -- the object the value was found in

            name -- The attribute name used to access the value

            value -- The value retrieved though the access.

            roles -- an (optional) list of roles to use when authorizing
                     access
        
            The arguments may be provided as keyword arguments. Some of
            these arguments may be ommitted, however, the policy may
            reject access in some cases when arguments are ommitted.
            It is best to provide all the values possible.

            A boolean value is returned indicating whether the value is
            accessible. An Unauthorized exception may be raised in some
            cases.
        """

    def validateValue(value, roles):
        """
            Validate access. This is a shortcut for the common case of
            validating a value without providing access information.

            A boolean value is returned indicating whether the value is
            accessible. An Unauthorized exception may be raised in some
            cases.
        """

    def checkPermission( permission, object ):
        """
            Check whether the security context allows the given
            permission on the given object. Return a boolean value.

            Arguments:

            permission -- A permission name

            object -- The object being accessed according to the permission
        """

    def addContext( anExecutableObject ):
        """
            Add an ExecutableObject to the current security
            context.

            There is no return.
        """

    def removeContext( anExecutableObject ):
        """
            Remove an ExecutableObject.

            There is no return.
        """

    def getUser():
        """
            Return the authenticated user. 

            This is equivalent to something like::

            REQUEST['AUTHENTICATED_USER']

            but is a bit cleaner, especially if 'REQUEST' isn't handy.
        """

    def calledByExecutable():
        """
            Determine if called through an ExecutableObject.

            A true value is returned if any ExecutableObjects 
            have (directly or indirectly) called the current method and
            a true value otherwise.

            This can be used to determine if an object was called 
            (more or less) directly from a URL, or if it was called by
            through-the-web provided code.

            (The value returned by the initial implementation
            is actually size of the context stack, which is the depth
            of the through-the-web call stack.  Is this information
            valuable enough to promise in the interface?)     
        """


=== Added File Zope3/lib/python/Zope/App/Security/ISecurityPolicy.py ===
# Copyright (c) 2001 Zope Corporation and Contributors.  All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 1.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.

from Interface import Interface

_DONT_CHECK_ROLES = []

class ISecurityPolicy( Interface ):
        
    def validate( accessed
                , container
                , name
                , value
                , context
                , roles=_DONT_CHECK_ROLES
                ):
        """
            Validate access.

            Arguments:

            accessed -- the object that was being accessed

            container -- the object the value was found in

            name -- The name used to access the value

            value -- The value returned by the access

            context -- must implement ISecurityContext; access to information
                       such as the context stack and AUTHENTICATED_USER.

            roles -- an (optional) list of roles used to authorize access
                    against the value.  This list overrides the roles gathered
                    by the security policy if used.
        """

    def checkPermission( permission
                       , object
                       , context
                       ):
        """
            Check whether the security context allows the given permission on
            the given object.

            Arguments:

            permission -- A permission name

            object -- The object being accessed according to the permission

            context -- A SecurityContext, which provides access to information
            shuch as the context stack and AUTHENTICATED_USER.
        """