[Zope-Checkins] CVS: Zope3/lib/python/Zope/Security - IChecker.py:1.1.2.4

Jim Fulton jim@zope.com
Thu, 18 Apr 2002 10:59:06 -0400 

Update of /cvs-repository/Zope3/lib/python/Zope/Security
In directory cvs.zope.org:/tmp/cvs-serv16102

Modified Files:
      Tag: SecurityProxy-branch
	IChecker.py 
Log Message:
Changed rythm to experimentally not check return values.


=== Zope3/lib/python/Zope/Security/IChecker.py 1.1.2.3 => 1.1.2.4 ===
     """Security-proxy plugin objects that implement low-level checks
 
-    The checker is responsible for checking and creating proxies for
-    operation return values, via the checkValue method.
+    The checker is responsible for creating proxies for
+    operation return values, via the proxy method.
 
     There are individual check_* methods for checking individual
     operations.
 
+    The check_* methods may raise errors.  They return values that
+    most be passed to the proxy methods.
+
+           checked = checker.check_getitem(ob, key)
+           return checker.proxy(ob[key], checked)
+        
     Note that two different naming conventions are used to separate
     the individual operation checkers from other methods.
     """
 
     def check_getattr(ob, name):
         """Check whether attribute access is allowed
-
-        If access is not allowed, then an exception is raised.
-        if access is (possibly) allowed, then a boolean value is
-        returned. The value is true if accessed was allowed based on
-        the name, or false if access depends on the value. This
-        boolean value should be passed to checkValue:
-
-           allowed = checker.check_getattr(ob, name)
-           v = getattr(ob, name)
-           return checkValue(v, allowed)
-
         """
 
     def check_getitem(ob, key):
         """Check whether an item access is allowed
-
-        An exception is raised if access is not allowed, otherwise,
-        nothing is returned. After checking the operation, the return
-        value should be passed to checkValue.
-
-           checker.check_getitem(ob, key)
-           return checkValue(ob[key])
-        
         """
 
-    def checkValue(value, allowed_by_default=1):
-        """Check access to a value
+    def check_call(ob):
+        """Check whether the object can be called.
+        """
+        
 
-        The value must have a __permission__ attribute unless
-        allowed_by_default is true. If the value has a __permission__
-        attribute, then the permission is checked on the object.
-
-        If access is unallowed, then an exception is raised. This may
-        be an Unauthorized exception, if the current security context
-        doesn't have the necessary permission. A Forbidden exception
-        is raised if there is no __permission__ attribute and not
-        allowed_by_default.
+    def proxy(value, checked):
+        """Return a security proxy for the value
 
-        If access is allowed, then the value is returned, wrapped in a
-        security proxy, if necessary.
+        The second argument passed is the return value from a checker.
         """
         
-
+