[Zope-Checkins] CVS: Zope3/lib/python/Zope/Security - Checker.py:1.1.2.9

Jim Fulton jim@zope.com
Fri, 26 Apr 2002 14:22:54 -0400


Update of /cvs-repository/Zope3/lib/python/Zope/Security
In directory cvs.zope.org:/tmp/cvs-serv26237/lib/python/Zope/Security

Modified Files:
      Tag: SecurityProxy-branch
	Checker.py 
Log Message:
Changed security code to use security proxies and name-based
security. This has pretty far-reaching implications:

- You now protect names/operations, *not* values. This means it's as
  easy yo protect data attributes that have simple values as it is to
  protect methods.

- There is no longer a __permissions__ attribute. :)

- There is no longer a validate method in either security managers or
  policies. 

- No more need to have a special compiler for restricted code.
  In exchange, lots of objects are proxies and code sometimes needs to
  be prepared to remove proxies.

In addition:

- Basic objects (None, strings, numbers, etc.) are not wrapped in
  context wrappers.

- There is a test that fails unless Python 2.3 is used.



=== Zope3/lib/python/Zope/Security/Checker.py 1.1.2.8 => 1.1.2.9 ===
 
 
+    def getPermission_func(self):
+        return self.__permission_func
+
     def permission_id(self, name):
         """Return the result of calling the permission func
         """
@@ -97,7 +100,7 @@
     #
     ############################################################
 
-def NamesChecker(names, permission_id=CheckerPublic, **__kw__):
+def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__):
     """Return a checker that grants access to a set of names.
 
     A sequence of names is given as the first argument. If a second
@@ -177,12 +180,17 @@
             return None
     
     return checker
+
+def getCheckerForInstancesOf(class_):
+    return _checkers.get(class_)
+    
     
 
 def defineChecker(type_, checker):
     """Define a checker for a given type of object
 
-    The checker can be a Checker, or 
+    The checker can be a Checker, or a function that, when called with
+    an object, returns a Checker.
     """
     if type_ in _checkers:
         raise DuplicationError(type_)
@@ -230,15 +238,11 @@
                      '__class__', '__implements__',
                      ]
 
-_callableChecker = NamesChecker(['__str__', '__repr__', '__call__'])
-_typeChecker = NamesChecker(['__str__', '__repr__'])
+_callableChecker = NamesChecker(['__str__', '__repr__', '__name__',
+                                 '__call__'])
+_typeChecker = NamesChecker(['__str__', '__repr__', '__name__', '__module__'])
 
-_default_checkers = {
-    dict: NamesChecker(['__getitem__', 'get', 'has_key', '__len__',
-                         'keys', 'values', 'items']),
-    list: NamesChecker(['__getitem__', 'index', 'count', '__len__']),
-    # YAGNI: () a rock
-    tuple: NamesChecker(['__getitem__', '__len__']),
+BasicTypes = {
     int: NoProxy,
     float: NoProxy,
     long: NoProxy,
@@ -246,6 +250,15 @@
     type(None): NoProxy,
     str: NoProxy,
     unicode: NoProxy,
+    type(not 1): NoProxy, # Boolean, if available :)
+}
+
+_default_checkers = {
+    dict: NamesChecker(['__getitem__', 'get', 'has_key', '__len__',
+                         'keys', 'values', 'items']),
+    list: NamesChecker(['__getitem__', 'index', 'count', '__len__']),
+    # YAGNI: () a rock
+    tuple: NamesChecker(['__getitem__', '__len__']),
     InstanceType: _instanceChecker,
     Proxy: NoProxy,
     ClassType: _classChecker,
@@ -253,13 +266,13 @@
     MethodType: _callableChecker,
     type: _typeChecker,
     ModuleType: _moduleChecker,
-    # XXX bool
     }
 
 
 def _clear():
     _checkers.clear()
     _checkers.update(_default_checkers)
+    _checkers.update(BasicTypes)
 
 _clear()