[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/ZopePublication/Browser - Publication.py:1.1.2.7.6.1

Jim Fulton jim@zope.com
Fri, 26 Apr 2002 14:23:21 -0400 

Update of /cvs-repository/Zope3/lib/python/Zope/App/ZopePublication/Browser
In directory cvs.zope.org:/tmp/cvs-serv26237/lib/python/Zope/App/ZopePublication/Browser

Modified Files:
      Tag: SecurityProxy-branch
	Publication.py 
Log Message:
Changed security code to use security proxies and name-based
security. This has pretty far-reaching implications:

- You now protect names/operations, *not* values. This means it's as
  easy yo protect data attributes that have simple values as it is to
  protect methods.

- There is no longer a __permissions__ attribute. :)

- There is no longer a validate method in either security managers or
  policies. 

- No more need to have a special compiler for restricted code.
  In exchange, lots of objects are proxies and code sometimes needs to
  be prepared to remove proxies.

In addition:

- Basic objects (None, strings, numbers, etc.) are not wrapped in
  context wrappers.

- There is a test that fails unless Python 2.3 is used.



=== Zope3/lib/python/Zope/App/ZopePublication/Browser/Publication.py 1.1.2.7 => 1.1.2.7.6.1 ===
 from Zope.Publisher.Browser.IBrowserPublisher import IBrowserPublisher
 from Zope.ComponentArchitecture import getRequestView
-from Zope.ContextWrapper import Wrapper
+from Zope.Proxy.ContextWrapper import ContextWrapper
 from Zope.App.Security.SecurityManagement import getSecurityManager
-
+from Zope.Proxy.ProxyIntrospection import removeAllProxies
 
 class BrowserPublication(ZopeHTTPPublication):
     """Web browser publication handling."""
@@ -31,7 +31,7 @@
 
         r = ()
 
-        if IBrowserPublisher.isImplementedBy(ob):
+        if IBrowserPublisher.isImplementedBy(removeAllProxies(ob)):
             r = ob.browserDefault(request)
         else:
             adapter = getRequestView(ob, '_traverse', request , None)
@@ -42,8 +42,8 @@
 
         if r[0] is ob: return r
         
-        wrapped = Wrapper(r[0], ob, name=None)
-        getSecurityManager().validate(None, wrapped)
+        wrapped = ContextWrapper(r[0], ob, name=None)
+        #XXX getSecurityManager().validate(None, wrapped)
         return (wrapped, r[1])
 
 # For now, have a factory that returns a singleton