[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/ZopePublication - PublicationTraverse.py:1.1.2.14.2.1 Traversers.py:1.1.2.16.6.1 ZopePublication.py:1.1.2.35.2.1
Jim Fulton
jim@zope.com
Fri, 26 Apr 2002 14:23:19 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/App/ZopePublication
In directory cvs.zope.org:/tmp/cvs-serv26237/lib/python/Zope/App/ZopePublication
Modified Files:
Tag: SecurityProxy-branch
PublicationTraverse.py Traversers.py ZopePublication.py
Log Message:
Changed security code to use security proxies and name-based
security. This has pretty far-reaching implications:
- You now protect names/operations, *not* values. This means it's as
easy yo protect data attributes that have simple values as it is to
protect methods.
- There is no longer a __permissions__ attribute. :)
- There is no longer a validate method in either security managers or
policies.
- No more need to have a special compiler for restricted code.
In exchange, lots of objects are proxies and code sometimes needs to
be prepared to remove proxies.
In addition:
- Basic objects (None, strings, numbers, etc.) are not wrapped in
context wrappers.
- There is a test that fails unless Python 2.3 is used.
=== Zope3/lib/python/Zope/App/ZopePublication/PublicationTraverse.py 1.1.2.14 => 1.1.2.14.2.1 ===
from Zope.Publisher.Exceptions import NotFound
from types import StringTypes
-from Zope.ContextWrapper import Wrapper, getcontext
+from Zope.Proxy.ContextWrapper import ContextWrapper, getWrapperContext
from Zope.App.ZMI.Addable import ContentAddables
from Zope.App.OFS.Container.IContainer import IWriteContainer
from Zope.App.OFS.ApplicationControl.ApplicationControl \
import ApplicationController
+from Zope.Proxy.ProxyIntrospection import removeAllProxies
class DuplicateNamespaces(Exception):
"""More than one namespave was specified in a request"""
@@ -43,7 +44,7 @@
nm = name # the name to look up the object with
- if name.find(';'):
+ if name.find(';') >= 0:
# Process URI segment parameters. It makes sense to centralize
# this here. Later it may be abstracted and distributed again,
# but, if so it will be distributed to various path
@@ -92,7 +93,7 @@
if nm == '.':
return ob
- if request.getViewType().isImplementedBy(ob):
+ if request.getViewType().isImplementedBy(removeAllProxies(ob)):
ob2 = ob.publishTraverse(request, nm)
else:
adapter = getRequestView(ob, '_traverse', request, self # marker
@@ -106,8 +107,8 @@
return self._wrap(ob2, ob, name, nm)
def _wrap(self, ob, parent, name, nm):
- wrapped = Wrapper(ob, parent, name=name)
- getSecurityManager().validate(nm, wrapped)
+ wrapped = ContextWrapper(ob, parent, name=name)
+ #XXX getSecurityManager().validate(nm, wrapped)
return wrapped
def _traverseview(self, request, ob, name):
@@ -175,7 +176,7 @@
return self._wrap(ob2, origOb, name, name)
except NotFound:
- ob = getcontext(ob)
+ ob = getWrapperContext(ob)
if ob is None:
raise NotFound(origOb, name, request)
raise ExcessiveWrapping(origOb, name, request)
=== Zope3/lib/python/Zope/App/ZopePublication/Traversers.py 1.1.2.16 => 1.1.2.16.6.1 ===
if name.endswith(';view'):
return getRequestView( ob, name[:-5], request)
- if hasattr(ob, name):
- subob = getattr(ob, name)
- else:
+
+ subob = getattr(ob, name, self) # self is marker here
+ if subob is self:
+ # no attribute
try:
subob = ob[name]
except (KeyError, IndexError,
=== Zope3/lib/python/Zope/App/ZopePublication/ZopePublication.py 1.1.2.35 => 1.1.2.35.2.1 ===
from ZODB.POSException import ConflictError
from Zope.App.OFS.Folder.RootFolder import RootFolder
-from Zope.ContextWrapper import wrapper
from PublicationTraverse import PublicationTraverse
+from Zope.Security.Checker import ProxyFactory
+
class RequestContainer:
# TODO: add security assertion declaring access to REQUEST
@@ -102,7 +103,7 @@
if app is None:
raise SystemError, "Zope Application Not Found"
- return app
+ return ProxyFactory(app)
def callTraversalHooks(self, request, ob):
# Call __before_publishing_traverse__ hooks