[Zope-Checkins] CVS: Zope/lib/python/AccessControl - SecurityManager.py:1.6.18.3 ZopeSecurityPolicy.py:1.12.30.6 cAccessControl.c:1.10.12.8
Matthew T. Kromer
matt@zope.com
Fri, 26 Oct 2001 11:13:51 -0400
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv23565
Modified Files:
Tag: cAccessControl-review-branch
SecurityManager.py ZopeSecurityPolicy.py cAccessControl.c
Log Message:
Updated with ownerous fixes. Setting ZSP_OWNEROUS_SKIP will force owner
logic to be skipped.
=== Zope/lib/python/AccessControl/SecurityManager.py 1.6.18.2 => 1.6.18.3 ===
except: max_stack_size=100
-_defaultPolicy=ZopeSecurityPolicy.ZopeSecurityPolicy()
+if os.environ.has_key("ZSP_OWNEROUS_SKIP"):
+ ownerous=0
+else:
+ ownerous=1
+_defaultPolicy=ZopeSecurityPolicy.ZopeSecurityPolicy(ownerous=ownerous)
def setSecurityPolicy(aSecurityPolicy):
"""Set the system default security policy.
=== Zope/lib/python/AccessControl/ZopeSecurityPolicy.py 1.12.30.5 => 1.12.30.6 ===
self._ownerous=ownerous
- self._public=pulic
+ self._authenticated=authenticated
def validate(self, accessed, container, name, value, context,
roles=_noroles, None=None, type=type, IntType=type(0),
@@ -233,6 +233,10 @@
" during validation of '%s' is not a sequence." % (
`roles`, name))
raise
+
+ # Would this be the place for _authenticated to be checked?
+ # I bet this will gum up proxy roles (MTK)
+ #if not self._authenticated: raise Unauthorized(name, value)
# Check executable security
stack=context.stack
=== Zope/lib/python/AccessControl/cAccessControl.c 1.10.12.7 => 1.10.12.8 ===
#include <stdio.h>
+#include <stdlib.h>
#include "ExtensionClass.h"
#include "Acquisition.h"
@@ -656,6 +657,7 @@
static PyObject *checkPermission_str = NULL;
static PyObject *getSecurityManager = NULL;
static PyObject *aq_validate = NULL;
+static int ownerous = 1;
/* --------------------------------------------------------------
** ZopeSecurityPolicy Methods
@@ -694,6 +696,10 @@
PyString_FromString(
"__allow_access_to_unprotected_subobjects__"))
return -1;
+
+ if (getenv("ZSP_OWNEROUS_SKIP") != NULL) ownerous = 0;
+
+
return 0;
}
@@ -1008,6 +1014,8 @@
eo = PySequence_GetItem(stack, -1);
if (eo == NULL) goto err;
+ if (ownerous) { /* Tabbing not adjusted for diff reasons*/
+
owner = PyObject_GetAttr(eo, getOwner_str);
if (owner) ASSIGN(owner, PyObject_CallObject(owner, NULL));
if (owner ==NULL)
@@ -1038,6 +1046,8 @@
}
}
Py_DECREF(owner);
+
+ } /* End of if ownerous */
/*| # Proxy roles, which are a lot safer now
**| proxy_roles = getattr(eo, "_proxy_roles", None)