[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/ZMI - ZMIViewService.py:1.1.2.10.6.1 metaConfigure.py:1.1.2.10.4.1 zmi.zcml:1.1.2.6.4.1

Jim Fulton jim@zope.com
Fri, 26 Apr 2002 14:23:18 -0400


Update of /cvs-repository/Zope3/lib/python/Zope/App/ZMI
In directory cvs.zope.org:/tmp/cvs-serv26237/lib/python/Zope/App/ZMI

Modified Files:
      Tag: SecurityProxy-branch
	ZMIViewService.py metaConfigure.py zmi.zcml 
Log Message:
Changed security code to use security proxies and name-based
security. This has pretty far-reaching implications:

- You now protect names/operations, *not* values. This means it's as
  easy yo protect data attributes that have simple values as it is to
  protect methods.

- There is no longer a __permissions__ attribute. :)

- There is no longer a validate method in either security managers or
  policies. 

- No more need to have a special compiler for restricted code.
  In exchange, lots of objects are proxies and code sometimes needs to
  be prepared to remove proxies.

In addition:

- Basic objects (None, strings, numbers, etc.) are not wrapped in
  context wrappers.

- There is a test that fails unless Python 2.3 is used.



=== Zope3/lib/python/Zope/App/ZMI/ZMIViewService.py 1.1.2.10 => 1.1.2.10.6.1 ===
 
 
-from Zope.ContextWrapper import getinnercontext
+from Zope.Proxy.ContextWrapper import getWrapperContainer
 from Zope.ComponentArchitecture import getAdapter
 from Zope.App.Traversing.ITraverser import ITraverser
 from Zope.App.Security.SecurityManagement import getSecurityManager
@@ -60,12 +60,6 @@
                 if view_value in res:
                     continue
                 
-                ## XXX security check
-                ## XXX This is now much tricker, since we will need
-                #      to traverse views 
-                #try: adapter.restrictedTraverse(v.action)
-                #except:
-                #    continue
 
                 ## check filter, short circuit if default
                 if not v.filter_string == 'python: 1':
@@ -84,7 +78,7 @@
 
         data = {
             'context': object,
-            'view': getinnercontext(object),
+            'view': getWrapperContainer(object),
             'nothing': None,
         #    'request': getattr( object, 'REQUEST', None ),
             'user': getSecurityManager().getPrincipal(),


=== Zope3/lib/python/Zope/App/ZMI/metaConfigure.py 1.1.2.10 => 1.1.2.10.4.1 ===
 import Addable
 from IGenericCreatorMarker import IGenericCreatorMarker
+from Zope.Security.Checker import NamesChecker, CheckerPublic, ProxyFactory
 
 class ClassFactory:
     __implements__ = IFactory
 
-    def __init__(self, _class, permission):
-        self.__permission__ = permission
+    def __init__(self, _class):
         self._class = _class
 
     def __call__(self, *args, **kwargs):
         return self._class(*args, **kwargs)
 
-
 def provideClass(registry, qualified_name, _class, permission,
                  title, description='', marker_interface=None):
     """Provide simple class setup
@@ -46,9 +45,12 @@
 
     - set component permission
     """
-    factory = ClassFactory(_class, permission)
+    factory = ClassFactory(_class)
+    if permission and (permission != 'Zope.Public'):
+        factory = ProxyFactory(factory, NamesChecker(__call__=permission))
     provideFactory(qualified_name, factory)
-    registry.provideAddable(qualified_name, title, description, marker_interface)
+    registry.provideAddable(qualified_name, title, description,
+                            marker_interface)
 
 
 def ServiceClassDir(_context, name, class_, permission_id, title,


=== Zope3/lib/python/Zope/App/ZMI/zmi.zcml 1.1.2.6 => 1.1.2.6.4.1 ===
   <security:protectClass name=".Addable."
                          permission_id="Zope.Public"
-  		         methods="id, title, description, icon" />
+  		         names="id, title, description, icon" />
 
   <security:protectClass name=".ZMIViewUtility."
                          permission_id="Zope.View"
-                         methods="getZMIViews"/>
+                         names="getZMIViews"/>
 
   <security:protectClass 
     name=".IGenericCreatorMarker."