[Zope-Checkins] CVS: Zope/lib/python/AccessControl - DTML.py:1.8 PermissionRole.py:1.13 SecurityManagement.py:1.5 SecurityManager.py:1.8 ZopeGuards.py:1.8 ZopeSecurityPolicy.py:1.15 cAccessControl.c:1.12
Matthew T. Kromer
matt@zope.com
Fri, 26 Oct 2001 12:07:51 -0400
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv2260/lib/python/AccessControl
Modified Files:
DTML.py PermissionRole.py SecurityManagement.py
SecurityManager.py ZopeGuards.py ZopeSecurityPolicy.py
cAccessControl.c
Log Message:
Document Template accelerations and additonal C Security Manager accelerations
from cAccessControl-review-branch.
=== Zope/lib/python/AccessControl/DTML.py 1.7 => 1.8 ===
import DocumentTemplate.sequence
-from ZopeGuards import guarded_getattr, guarded_getitem, _marker
+from ZopeGuards import guarded_getattr, guarded_getitem
class RestrictedDTML:
'''
A mix-in for derivatives of DT_String.String that adds Zope security.
'''
- def guarded_getattr(self, ob, name, default=_marker):
- return guarded_getattr(ob, name, default)
+ def guarded_getattr(self, *args): # ob, name [, default]
+ return guarded_getattr(*args)
def guarded_getitem(self, ob, index):
return guarded_getitem(ob, index)
+
+try:
+ #raise ImportError
+ import os
+ if os.environ.get("ZOPE_SECURITY_POLICY", None) == "PYTHON":
+ raise ImportError # :)
+ from cAccessControl import RestrictedDTMLMixin
+except ImportError:
+ pass
+else:
+
+ class RestrictedDTML(RestrictedDTMLMixin, RestrictedDTML):
+ '''
+ A mix-in for derivatives of DT_String.String that adds Zope security.
+ '''
+
# Allow access to unprotected attributes
DT_Util.TemplateDict.__allow_access_to_unprotected_subobjects__=1
=== Zope/lib/python/AccessControl/PermissionRole.py 1.12 => 1.13 ===
=== Zope/lib/python/AccessControl/SecurityManagement.py 1.4 => 1.5 ===
__version__='$Revision$'[11:-2]
+def getSecurityManager():
+ """Get a security manager, for the current thread.
+ """
+ thread_id=get_ident()
+ manager=_managers.get(thread_id, None)
+ if manager is None:
+ manager=SecurityManager(
+ thread_id,
+ SecurityContext(SpecialUsers.nobody))
+ _managers[thread_id]=manager
+
+ return manager
+
import SpecialUsers
from SecurityManager import SecurityManager
try: import thread
@@ -109,19 +122,6 @@
try: del _managers[get_ident()]
except: pass
-
-def getSecurityManager():
- """Get a security manager, for the current thread.
- """
- thread_id=get_ident()
- manager=_managers.get(thread_id, None)
- if manager is None:
- manager=SecurityManager(
- thread_id,
- SecurityContext(SpecialUsers.nobody))
- _managers[thread_id]=manager
-
- return manager
def setSecurityPolicy(aSecurityPolicy):
"""Set the system default security policy.
=== Zope/lib/python/AccessControl/SecurityManager.py 1.7 => 1.8 ===
except: max_stack_size=100
-_defaultPolicy=ZopeSecurityPolicy.ZopeSecurityPolicy()
+if os.environ.has_key("ZSP_OWNEROUS_SKIP"): ownerous=0
+else: ownerous=1
+if os.environ.has_key("ZSP_AUTHENTICATION_SKIP"): authenticated=0
+else: authenticated=1
+_defaultPolicy=ZopeSecurityPolicy.ZopeSecurityPolicy(ownerous=ownerous,
+ authenticated=authenticated)
def setSecurityPolicy(aSecurityPolicy):
"""Set the system default security policy.
@@ -107,6 +112,7 @@
_defaultPolicy=aSecurityPolicy
return last
+
class SecurityManager:
"""A security manager provides methods for checking access and managing
executable context and policies
@@ -116,35 +122,34 @@
'validate': 1, 'validateValue': 1, 'checkPermission': 1,
'getUser': 1, 'calledByExecutable': 1
}
-
+
def __init__(self, thread_id, context):
self._thread_id=thread_id
self._context=context
- self._policy=None
+ self._policy=_defaultPolicy
def validate(self, accessed=None, container=None, name=None, value=None,
roles=_noroles):
"""Validate access.
Arguments:
-
+
accessed -- the object that was being accessed
-
+
container -- the object the value was found in
-
+
name -- The name used to access the value
-
+
value -- The value retrieved though the access.
roles -- The roles of the object if already known.
-
+
The arguments may be provided as keyword arguments. Some of these
arguments may be ommitted, however, the policy may reject access
in some cases when arguments are ommitted. It is best to provide
all the values possible.
"""
policy=self._policy
- if policy is None: policy=_defaultPolicy
if roles is _noroles:
return policy.validate(accessed, container, name, value,
self._context)
@@ -153,19 +158,19 @@
self._context, roles)
def DTMLValidate(self, accessed=None, container=None, name=None,
- value=None,md=None):
+ value=None, md=None):
"""Validate access.
* THIS EXISTS FOR DTML COMPATIBILITY *
Arguments:
-
+
accessed -- the object that was being accessed
-
+
container -- the object the value was found in
-
+
name -- The name used to access the value
-
+
value -- The value retrieved though the access.
md -- multidict for DTML (ignored)
@@ -177,7 +182,6 @@
"""
policy=self._policy
- if policy is None: policy=_defaultPolicy
return policy.validate(accessed, container, name, value,
self._context)
@@ -185,7 +189,6 @@
"""Convenience for common case of simple value validation.
"""
policy=self._policy
- if policy is None: policy=_defaultPolicy
if roles is _noroles:
return policy.validate(None, None, None, value,
self._context)
@@ -198,13 +201,12 @@
the given object.
Arguments:
-
+
permission -- A permission name
-
+
object -- The object being accessed according to the permission
"""
policy=self._policy
- if policy is None: policy=_defaultPolicy
return policy.checkPermission(permission, object,
self._context)
@@ -218,7 +220,10 @@
raise SystemError, 'Excessive recursion'
stack.append(anExecutableObject)
p=getattr(anExecutableObject, '_customSecurityPolicy', None)
- if p is not None: p=p()
+ if p is not None:
+ p=p()
+ else:
+ p=_defaultPolicy
self._policy=p
def removeContext(self, anExecutableObject,
@@ -245,10 +250,13 @@
if stack:
top=stack[-1]
p=getattr(top, '_customSecurityPolicy', None)
- if p is not None: p=p()
+ if p is not None:
+ p=p()
+ else:
+ p=_defaultPolicy
self._policy=p
else:
- self._policy=None
+ self._policy=_defaultPolicy
def getUser(self):
"""Get the current authenticated user"""
@@ -260,3 +268,17 @@
return len(self._context.stack)
+try:
+ #raise ImportError
+ import os
+ if os.environ.get("ZOPE_SECURITY_POLICY", None) == "PYTHON":
+ raise ImportError # :)
+ from cAccessControl import SecurityManager as cSecurityManager
+except ImportError:
+ pass
+else:
+
+ class SecurityManager(cSecurityManager, SecurityManager):
+ """A security manager provides methods for checking access and managing
+ executable context and policies
+ """
=== Zope/lib/python/AccessControl/ZopeGuards.py 1.7 => 1.8 ===
safe_builtins.update(utility_builtins)
-def aq_validate(inst, obj, name, v, validate):
- return validate(inst, obj, name, v)
+try:
+
+ #raise ImportError
+ import os
+ if os.environ.get("ZOPE_SECURITY_POLICY", None) == "PYTHON":
+ raise ImportError # :)
+ from cAccessControl import aq_validate, guarded_getattr
+
+except ImportError:
+
+ def aq_validate(inst, obj, name, v, validate):
+ return validate(inst, obj, name, v)
+
+
+ def guarded_getattr(inst, name, default=_marker):
+ if name[:1] != '_':
+ # Try to get the attribute normally so that unusual
+ # exceptions are caught early.
+ try: v = getattr(inst, name)
+ except AttributeError:
+ if default is not _marker:
+ return default
+ raise
+ if Containers(type(inst)):
+ # Simple type. Short circuit.
+ return v
+ validate = getSecurityManager().validate
+ # Filter out the objects we can't access.
+ if hasattr(inst, 'aq_acquire'):
+ return inst.aq_acquire(name, aq_validate, validate)
+ # Or just try to get the attribute directly.
+ if validate(inst, inst, name, v):
+ return v
+ raise Unauthorized, name
-def guarded_getattr(inst, name, default=_marker):
- if name[:1] != '_':
- # Try to get the attribute normally so that unusual
- # exceptions are caught early.
- try: v = getattr(inst, name)
- except AttributeError:
- if default is not _marker:
- return default
- raise
- if Containers(type(inst)):
- # Simple type. Short circuit.
- return v
- validate = getSecurityManager().validate
- # Filter out the objects we can't access.
- if hasattr(inst, 'aq_acquire'):
- return inst.aq_acquire(name, aq_validate, validate)
- # Or just try to get the attribute directly.
- if validate(inst, inst, name, v):
- return v
- raise Unauthorized, name
safe_builtins['getattr'] = guarded_getattr
def guarded_hasattr(object, name):
=== Zope/lib/python/AccessControl/ZopeSecurityPolicy.py 1.14 => 1.15 ===
class ZopeSecurityPolicy:
- def __init__(self, ownerous=1):
+ def __init__(self, ownerous=1, authenticated=1):
+ """Create a Zope security policy.
+
+ Two optional keyword arguments may be provided:
+
+ ownerous -- Untrusted users can create code
+ (e.g. Python scripts or templates),
+ so check that code owners can access resources.
+ The argument must have a truth value.
+ The default is true.
+
+ authenticated -- Allow access to resources based on the
+ privaledges of the authenticated user.
+ The argument must have a truth value.
+ The default is true.
+
+ This (somewhat experimental) option can be set
+ to false on sites that allow only public
+ (unauthenticated) access. An anticipated
+ scenario is a ZEO configuration in which some
+ clients allow only public access and other
+ clients allow full management.
+ """
+
self._ownerous=ownerous
+ self._authenticated=authenticated
def validate(self, accessed, container, name, value, context,
roles=_noroles, None=None, type=type, IntType=type(0),
@@ -239,7 +263,8 @@
try:
- if context.user.allowed(value, roles): return 1
+ if self._authenticated and context.user.allowed(value, roles):
+ return 1
except AttributeError: pass
# We don't want someone to acquire if they can't get an unacquired!
@@ -254,4 +279,3 @@
if type(roles) is StringType:
roles=[roles]
return context.user.allowed(object, roles)
-
=== Zope/lib/python/AccessControl/cAccessControl.c 1.11 => 1.12 === (809/909 lines abridged)
#include <stdio.h>
+#include <stdlib.h>
#include "ExtensionClass.h"
#include "Acquisition.h"
@@ -66,18 +67,24 @@
#define OBJECT(o) ((PyObject *) (o))
static PyObject *
-callmethod1(PyObject *self, PyObject *name, PyObject *arg)
+callfunction1(PyObject *function, PyObject *arg)
{
- UNLESS(self = PyObject_GetAttr(self,name)) return NULL;
- name = PyTuple_New(1);
- if (name == NULL) {
- Py_DECREF(self);
+ PyObject *t, *r;
+ t = PyTuple_New(1);
+ if (t == NULL)
return NULL;
- }
Py_INCREF(arg);
- PyTuple_SET_ITEM(name, 0, arg);
- ASSIGN(self, PyObject_CallObject(self, name));
- Py_DECREF(name);
+ PyTuple_SET_ITEM(t, 0, arg);
+ r = PyObject_CallObject(function, t);
+ Py_DECREF(t);
+ return r;
+}
+
+static PyObject *
+callmethod1(PyObject *self, PyObject *name, PyObject *arg)
+{
+ UNLESS(self = PyObject_GetAttr(self,name)) return NULL;
+ ASSIGN(self, callfunction1(self, arg));
return self;
}
@@ -97,6 +104,198 @@
return r;
}
+static PyObject *
+callfunction3(PyObject *function,
+ PyObject *arg0, PyObject *arg1,
+ PyObject *arg2
+ )
+{
[-=- -=- -=- 809 lines omitted -=- -=- -=-]
- OBJECT(&PermissionRoleType));
-
- imPermissionRoleType.ob_type = &PyType_Type;
- PyDict_SetItemString(dict, "imPermissionRoleType",
- OBJECT(&imPermissionRoleType));
-
PyDict_SetItemString(dict, "__version__",
PyString_FromStringAndSize(rev+11,strlen(rev+11)-2));
PyDict_SetItemString(dict, "_what_not_even_god_should_do",
_what_not_even_god_should_do);
+ PyExtensionClass_Export(dict, "RestrictedDTMLMixin",
+ RestrictedDTMLMixinType);
+
PyExtensionClass_Export(dict, "ZopeSecurityPolicy",
ZopeSecurityPolicyType);
+ PyExtensionClass_Export(dict,"SecurityManager",
+ SecurityManagerType);
+
PyExtensionClass_Export(dict, "PermissionRole",
PermissionRoleType);
PyExtensionClass_Export(dict, "imPermissionRole",
imPermissionRoleType);
- imPermissionRoleObj = PyDict_GetItemString(dict, "imPermissionRole");
+ imPermissionRoleObj = PyMapping_GetItemString(dict,
+ "imPermissionRole");
+
+ aq_validate = PyMapping_GetItemString(dict, "aq_validate");
/*| from SimpleObjectPolicies import Containers
*/
@@ -1504,6 +2142,14 @@
IMPORT(module, "AccessControl.unauthorized");
GETATTR(module, Unauthorized);
+ Py_DECREF(module);
+ module = NULL;
+
+ /*| from AccessControl.SecurityManagement import getSecurityManager
+ */
+
+ IMPORT(module, "AccessControl.SecurityManagement");
+ GETATTR(module, getSecurityManager);
Py_DECREF(module);
module = NULL;