[Zope-Checkins] CVS: Zope/lib/python/AccessControl - SecurityManager.py:1.6.18.4 ZopeSecurityPolicy.py:1.12.30.7 cAccessControl.c:1.10.12.9

Matthew T. Kromer matt@zope.com
Fri, 26 Oct 2001 11:54:38 -0400 

Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv32249

Modified Files:
      Tag: cAccessControl-review-branch
	SecurityManager.py ZopeSecurityPolicy.py cAccessControl.c 
Log Message:
Add "authentication" skipping -- if ZSP_AUTHENTICATION_SKIP is set, causes
the the code to not check to see if the user has the necessary credentials,
for anonymous-only sites.


=== Zope/lib/python/AccessControl/SecurityManager.py 1.6.18.3 => 1.6.18.4 ===
 except: max_stack_size=100
 
-if os.environ.has_key("ZSP_OWNEROUS_SKIP"):
-    ownerous=0
-else:
-    ownerous=1
-_defaultPolicy=ZopeSecurityPolicy.ZopeSecurityPolicy(ownerous=ownerous)
+if os.environ.has_key("ZSP_OWNEROUS_SKIP"): ownerous=0
+else: ownerous=1
+if os.environ.has_key("ZSP_AUTHENTICATION_SKIP"): authenticated=0
+else: authenticated=1
+_defaultPolicy=ZopeSecurityPolicy.ZopeSecurityPolicy(ownerous=ownerous,
+    authenticated=authenticated)
 def setSecurityPolicy(aSecurityPolicy):
     """Set the system default security policy. 
 


=== Zope/lib/python/AccessControl/ZopeSecurityPolicy.py 1.12.30.6 => 1.12.30.7 ===
                 raise
 
-            # Would this be the place for _authenticated to be checked?
-            # I bet this will gum up proxy roles (MTK)
-            #if not self._authenticated: raise Unauthorized(name, value)
-
             # Check executable security
             stack=context.stack
             if stack:
@@ -267,7 +263,8 @@
 
 
             try:
-                if context.user.allowed(value, roles): return 1
+                if self._authenticated and context.user.allowed(value, roles):
+                    return 1
             except AttributeError: pass
 
             # We don't want someone to acquire if they can't get an unacquired!


=== Zope/lib/python/AccessControl/cAccessControl.c 1.10.12.8 => 1.10.12.9 ===
 static PyObject *aq_validate = NULL;
 static int ownerous = 1;
+static int authenticated = 1;
 
 /* --------------------------------------------------------------
 ** ZopeSecurityPolicy Methods
@@ -698,6 +699,7 @@
           return -1;
 
 	if (getenv("ZSP_OWNEROUS_SKIP") != NULL) ownerous = 0;
+	if (getenv("ZSP_AUTHENTICATED_SKIP") != NULL) authenticated = 0;
 
 
 	return 0;
@@ -1119,6 +1121,7 @@
 	**|    if context.user.allowed(value, roles): return 1
 	**| except AttributeError: pass
 	*/
+	if (authenticated) { /* Authentication skip for public only access */
 	user = PyObject_GetAttr(context, user_str);
         if (user) ASSIGN(user, PyObject_GetAttr(user, allowed_str));
         if (user == NULL)
@@ -1140,6 +1143,7 @@
               }
             Py_DECREF(user);
           }
+        } /* End of authentiction skip for public only access */
 
 	/*| # we don't want someone to acquire if they can't get an
 	**| # unacquired!