[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - ISecurityManager.py:1.1.2.2 ISecurityPolicy.py:1.1.2.2

Tres Seaver tseaver@zope.com
Fri, 30 Nov 2001 16:48:52 -0500 

Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv20317

Modified Files:
      Tag: Zope-3x-branch
	ISecurityManager.py ISecurityPolicy.py 
Log Message:
 - Clean up interface.

=== Zope3/lib/python/Zope/App/Security/ISecurityManager.py 1.1.2.1 => 1.1.2.2 ===
         executable context and policies.
     """
-    def validate( accessed, container, name, value, roles ):
+    def validate( name, value ):
         """
-            Validate access.
+            Validate access, raising Unauthorized if not allowed..
 
             Arguments:
 
-            accessed -- the object that was being accessed
-
-            container -- the object the value was found in
-
             name -- The attribute name used to access the value
 
             value -- The value retrieved though the access.
-
-            roles -- an (optional) list of roles to use when authorizing
-                     access
-        
-            The arguments may be provided as keyword arguments. Some of
-            these arguments may be ommitted, however, the policy may
-            reject access in some cases when arguments are ommitted.
-            It is best to provide all the values possible.
-
-            A boolean value is returned indicating whether the value is
-            accessible. An Unauthorized exception may be raised in some
-            cases.
         """
 
-    def validateValue(value, roles):
+    def validateValue( value, roles ):
         """
             Validate access. This is a shortcut for the common case of
             validating a value without providing access information.


=== Zope3/lib/python/Zope/App/Security/ISecurityPolicy.py 1.1.2.1 => 1.1.2.2 ===
 from Interface import Interface
 
-_DONT_CHECK_ROLES = []
-
 class ISecurityPolicy( Interface ):
         
-    def validate( accessed
-                , container
-                , name
+    def validate( name
                 , value
                 , context
-                , roles=_DONT_CHECK_ROLES
                 ):
         """
-            Validate access.
+            Validate access, raising Unauthorized if not allowed.
 
             Arguments:
 
-            accessed -- the object that was being accessed
-
-            container -- the object the value was found in
-
             name -- The name used to access the value
 
             value -- The value returned by the access
 
             context -- must implement ISecurityContext; access to information
                        such as the context stack and AUTHENTICATED_USER.
-
-            roles -- an (optional) list of roles used to authorize access
-                    against the value.  This list overrides the roles gathered
-                    by the security policy if used.
         """
 
     def checkPermission( permission
@@ -47,7 +34,7 @@
                        ):
         """
             Check whether the security context allows the given permission on
-            the given object.
+            the given object, returning a boolean value.
 
             Arguments: