[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/ZMI - ZMIViewService.py:1.1.2.10.6.1 metaConfigure.py:1.1.2.10.4.1 zmi.zcml:1.1.2.6.4.1
Jim Fulton
jim@zope.com
Fri, 26 Apr 2002 14:23:18 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/App/ZMI
In directory cvs.zope.org:/tmp/cvs-serv26237/lib/python/Zope/App/ZMI
Modified Files:
Tag: SecurityProxy-branch
ZMIViewService.py metaConfigure.py zmi.zcml
Log Message:
Changed security code to use security proxies and name-based
security. This has pretty far-reaching implications:
- You now protect names/operations, *not* values. This means it's as
easy yo protect data attributes that have simple values as it is to
protect methods.
- There is no longer a __permissions__ attribute. :)
- There is no longer a validate method in either security managers or
policies.
- No more need to have a special compiler for restricted code.
In exchange, lots of objects are proxies and code sometimes needs to
be prepared to remove proxies.
In addition:
- Basic objects (None, strings, numbers, etc.) are not wrapped in
context wrappers.
- There is a test that fails unless Python 2.3 is used.
=== Zope3/lib/python/Zope/App/ZMI/ZMIViewService.py 1.1.2.10 => 1.1.2.10.6.1 ===
-from Zope.ContextWrapper import getinnercontext
+from Zope.Proxy.ContextWrapper import getWrapperContainer
from Zope.ComponentArchitecture import getAdapter
from Zope.App.Traversing.ITraverser import ITraverser
from Zope.App.Security.SecurityManagement import getSecurityManager
@@ -60,12 +60,6 @@
if view_value in res:
continue
- ## XXX security check
- ## XXX This is now much tricker, since we will need
- # to traverse views
- #try: adapter.restrictedTraverse(v.action)
- #except:
- # continue
## check filter, short circuit if default
if not v.filter_string == 'python: 1':
@@ -84,7 +78,7 @@
data = {
'context': object,
- 'view': getinnercontext(object),
+ 'view': getWrapperContainer(object),
'nothing': None,
# 'request': getattr( object, 'REQUEST', None ),
'user': getSecurityManager().getPrincipal(),
=== Zope3/lib/python/Zope/App/ZMI/metaConfigure.py 1.1.2.10 => 1.1.2.10.4.1 ===
import Addable
from IGenericCreatorMarker import IGenericCreatorMarker
+from Zope.Security.Checker import NamesChecker, CheckerPublic, ProxyFactory
class ClassFactory:
__implements__ = IFactory
- def __init__(self, _class, permission):
- self.__permission__ = permission
+ def __init__(self, _class):
self._class = _class
def __call__(self, *args, **kwargs):
return self._class(*args, **kwargs)
-
def provideClass(registry, qualified_name, _class, permission,
title, description='', marker_interface=None):
"""Provide simple class setup
@@ -46,9 +45,12 @@
- set component permission
"""
- factory = ClassFactory(_class, permission)
+ factory = ClassFactory(_class)
+ if permission and (permission != 'Zope.Public'):
+ factory = ProxyFactory(factory, NamesChecker(__call__=permission))
provideFactory(qualified_name, factory)
- registry.provideAddable(qualified_name, title, description, marker_interface)
+ registry.provideAddable(qualified_name, title, description,
+ marker_interface)
def ServiceClassDir(_context, name, class_, permission_id, title,
=== Zope3/lib/python/Zope/App/ZMI/zmi.zcml 1.1.2.6 => 1.1.2.6.4.1 ===
<security:protectClass name=".Addable."
permission_id="Zope.Public"
- methods="id, title, description, icon" />
+ names="id, title, description, icon" />
<security:protectClass name=".ZMIViewUtility."
permission_id="Zope.View"
- methods="getZMIViews"/>
+ names="getZMIViews"/>
<security:protectClass
name=".IGenericCreatorMarker."