[Zope-Checkins] CVS: Zope/lib/python/AccessControl - SecurityManager.py:1.6.18.3 ZopeSecurityPolicy.py:1.12.30.6 cAccessControl.c:1.10.12.8

Matthew T. Kromer matt@zope.com
Fri, 26 Oct 2001 11:13:51 -0400 

Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv23565

Modified Files:
      Tag: cAccessControl-review-branch
	SecurityManager.py ZopeSecurityPolicy.py cAccessControl.c 
Log Message:
Updated with ownerous fixes.  Setting ZSP_OWNEROUS_SKIP will force owner
logic to be skipped.


=== Zope/lib/python/AccessControl/SecurityManager.py 1.6.18.2 => 1.6.18.3 ===
 except: max_stack_size=100
 
-_defaultPolicy=ZopeSecurityPolicy.ZopeSecurityPolicy()
+if os.environ.has_key("ZSP_OWNEROUS_SKIP"):
+    ownerous=0
+else:
+    ownerous=1
+_defaultPolicy=ZopeSecurityPolicy.ZopeSecurityPolicy(ownerous=ownerous)
 def setSecurityPolicy(aSecurityPolicy):
     """Set the system default security policy. 
 


=== Zope/lib/python/AccessControl/ZopeSecurityPolicy.py 1.12.30.5 => 1.12.30.6 ===
             
             self._ownerous=ownerous
-            self._public=pulic
+            self._authenticated=authenticated
 
         def validate(self, accessed, container, name, value, context,
                      roles=_noroles, None=None, type=type, IntType=type(0),
@@ -233,6 +233,10 @@
                     " during validation of '%s' is not a sequence." % (
                     `roles`, name))
                 raise
+
+            # Would this be the place for _authenticated to be checked?
+            # I bet this will gum up proxy roles (MTK)
+            #if not self._authenticated: raise Unauthorized(name, value)
 
             # Check executable security
             stack=context.stack


=== Zope/lib/python/AccessControl/cAccessControl.c 1.10.12.7 => 1.10.12.8 ===
 
 #include <stdio.h>
+#include <stdlib.h>
 
 #include "ExtensionClass.h"
 #include "Acquisition.h"
@@ -656,6 +657,7 @@
 static PyObject *checkPermission_str = NULL;
 static PyObject *getSecurityManager = NULL;
 static PyObject *aq_validate = NULL;
+static int ownerous = 1;
 
 /* --------------------------------------------------------------
 ** ZopeSecurityPolicy Methods
@@ -694,6 +696,10 @@
                 PyString_FromString(
                 "__allow_access_to_unprotected_subobjects__"))
           return -1;
+
+	if (getenv("ZSP_OWNEROUS_SKIP") != NULL) ownerous = 0;
+
+
 	return 0;
 }
 
@@ -1008,6 +1014,8 @@
 		eo = PySequence_GetItem(stack, -1);
 		if (eo == NULL) goto err;
 
+		if (ownerous) {	/* Tabbing not adjusted for diff reasons*/
+
                 owner = PyObject_GetAttr(eo, getOwner_str);
                 if (owner) ASSIGN(owner, PyObject_CallObject(owner, NULL));
                 if (owner ==NULL) 
@@ -1038,6 +1046,8 @@
                     }
 		}
 		Py_DECREF(owner);
+
+		} /* End of if ownerous */
 
 	/*|    # Proxy roles, which are a lot safer now
 	**|    proxy_roles = getattr(eo, "_proxy_roles", None)