[Zope-Checkins] CVS: Zope3/lib/python/Zope/Security - Checker.py:1.1.2.9
Jim Fulton
jim@zope.com
Fri, 26 Apr 2002 14:22:54 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/Security
In directory cvs.zope.org:/tmp/cvs-serv26237/lib/python/Zope/Security
Modified Files:
Tag: SecurityProxy-branch
Checker.py
Log Message:
Changed security code to use security proxies and name-based
security. This has pretty far-reaching implications:
- You now protect names/operations, *not* values. This means it's as
easy yo protect data attributes that have simple values as it is to
protect methods.
- There is no longer a __permissions__ attribute. :)
- There is no longer a validate method in either security managers or
policies.
- No more need to have a special compiler for restricted code.
In exchange, lots of objects are proxies and code sometimes needs to
be prepared to remove proxies.
In addition:
- Basic objects (None, strings, numbers, etc.) are not wrapped in
context wrappers.
- There is a test that fails unless Python 2.3 is used.
=== Zope3/lib/python/Zope/Security/Checker.py 1.1.2.8 => 1.1.2.9 ===
+ def getPermission_func(self):
+ return self.__permission_func
+
def permission_id(self, name):
"""Return the result of calling the permission func
"""
@@ -97,7 +100,7 @@
#
############################################################
-def NamesChecker(names, permission_id=CheckerPublic, **__kw__):
+def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__):
"""Return a checker that grants access to a set of names.
A sequence of names is given as the first argument. If a second
@@ -177,12 +180,17 @@
return None
return checker
+
+def getCheckerForInstancesOf(class_):
+ return _checkers.get(class_)
+
def defineChecker(type_, checker):
"""Define a checker for a given type of object
- The checker can be a Checker, or
+ The checker can be a Checker, or a function that, when called with
+ an object, returns a Checker.
"""
if type_ in _checkers:
raise DuplicationError(type_)
@@ -230,15 +238,11 @@
'__class__', '__implements__',
]
-_callableChecker = NamesChecker(['__str__', '__repr__', '__call__'])
-_typeChecker = NamesChecker(['__str__', '__repr__'])
+_callableChecker = NamesChecker(['__str__', '__repr__', '__name__',
+ '__call__'])
+_typeChecker = NamesChecker(['__str__', '__repr__', '__name__', '__module__'])
-_default_checkers = {
- dict: NamesChecker(['__getitem__', 'get', 'has_key', '__len__',
- 'keys', 'values', 'items']),
- list: NamesChecker(['__getitem__', 'index', 'count', '__len__']),
- # YAGNI: () a rock
- tuple: NamesChecker(['__getitem__', '__len__']),
+BasicTypes = {
int: NoProxy,
float: NoProxy,
long: NoProxy,
@@ -246,6 +250,15 @@
type(None): NoProxy,
str: NoProxy,
unicode: NoProxy,
+ type(not 1): NoProxy, # Boolean, if available :)
+}
+
+_default_checkers = {
+ dict: NamesChecker(['__getitem__', 'get', 'has_key', '__len__',
+ 'keys', 'values', 'items']),
+ list: NamesChecker(['__getitem__', 'index', 'count', '__len__']),
+ # YAGNI: () a rock
+ tuple: NamesChecker(['__getitem__', '__len__']),
InstanceType: _instanceChecker,
Proxy: NoProxy,
ClassType: _classChecker,
@@ -253,13 +266,13 @@
MethodType: _callableChecker,
type: _typeChecker,
ModuleType: _moduleChecker,
- # XXX bool
}
def _clear():
_checkers.clear()
_checkers.update(_default_checkers)
+ _checkers.update(BasicTypes)
_clear()