[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - _protections.py:1.1.2.1 __init__.py:1.1.2.4.6.1 metaConfigure.py:1.1.2.25.6.1 protectClass.py:1.1.2.12.6.2 security-meta.zcml:1.1.2.2.14.1 ISecurityContext.py:NONE ISecurityManagement.py:NONE ISecurityManager.py:NONE ISecurityPolicy.py:NONE SecurityContext.py:NONE SecurityManagement.py:NONE SecurityManager.py:NONE SimpleSecurityPolicies.py:NONE
Jim Fulton
jim@zope.com
Sat, 27 Apr 2002 12:59:21 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv26931/lib/python/Zope/App/Security
Modified Files:
Tag: SecurityProxy-branch
__init__.py metaConfigure.py protectClass.py
security-meta.zcml
Added Files:
Tag: SecurityProxy-branch
_protections.py
Removed Files:
Tag: SecurityProxy-branch
ISecurityContext.py ISecurityManagement.py ISecurityManager.py
ISecurityPolicy.py SecurityContext.py SecurityManagement.py
SecurityManager.py SimpleSecurityPolicies.py
Log Message:
Moved security management modules to Zope.Security.
Added like_unto attribute to protect class so you can say that a class
has the same protections as another class::
<security:protectClass name=".RootFolder." like_unto=".Folder." />
Added some additional calls to removeAllProxies in some component
lookup code while debugging integration of new security model.
Added protections for BTree types.
=== Added File Zope3/lib/python/Zope/App/Security/_protections.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Register protection information for some standard low-level types
Revision information:
$Id: _protections.py,v 1.1.2.1 2002/04/27 16:58:50 jim Exp $
"""
def protect():
from Zope.Security.Checker import \
defineChecker, getCheckerForInstancesOf, NamesChecker
import Persistence.BTrees
def _protect(which):
__import__('Persistence.BTrees.%sBTree' % which)
module = getattr(Persistence.BTrees, "%sBTree" % which)
defineChecker(getattr(module, '%sBTree' % which),
getCheckerForInstancesOf(dict))
defineChecker(getattr(module, '%sBucket' % which),
getCheckerForInstancesOf(dict))
defineChecker(getattr(module, '%sSet' % which),
NamesChecker(['__getitem__', '__len__', 'has_key',
'__repr__', '__str__',
'keys', 'maxKey', 'minKey']
)
)
defineChecker(getattr(module, '%sTreeSet' % which),
NamesChecker(['__len__', 'has_key',
'__repr__', '__str__',
'keys', 'maxKey', 'minKey']
)
)
items = getattr(module, '%sBTree' % which)().keys()
defineChecker(type(items),
getCheckerForInstancesOf(tuple))
for which in 'OO', 'II', 'OI', 'IO':
_protect(which)
=== Zope3/lib/python/Zope/App/Security/__init__.py 1.1.2.4 => 1.1.2.4.6.1 ===
##############################################################################
""" Zope Security Architecture """
+
+# Register some standard types
+import _protections
+_protections.protect()
+del _protections
=== Zope3/lib/python/Zope/App/Security/metaConfigure.py 1.1.2.25 => 1.1.2.25.6.1 ===
from PermissionRegistry import permissionRegistry as perm_reg
from RoleRegistry import roleRegistry as role_reg
-from SecurityManager import setSecurityPolicy
+from Zope.Security.SecurityManager import setSecurityPolicy
from PrincipalRegistry import principalRegistry
from RolePermissionManager import rolePermissionManager as role_perm_mgr
from PrincipalPermissionManager import principalPermissionManager \
=== Zope3/lib/python/Zope/App/Security/protectClass.py 1.1.2.12.6.1 => 1.1.2.12.6.2 ===
from Zope.Configuration.ConfigurationDirectiveInterfaces \
import INonEmptyDirective
+from Zope.Configuration.Action import Action
from Zope.Security.Checker import defineChecker, getCheckerForInstancesOf
from Zope.Security.Checker import Checker, CheckerPublic
@@ -34,12 +35,14 @@
__class_implements__ = INonEmptyDirective
def __init__(self, _context, name, permission_id=None, interface=None,
- names=None):
+ names=None, like_unto=None):
self.__class = _context.resolve(name)
self.__name = name
self.__permission_id = permission_id
+ self.__like_unto = like_unto
self.__context = _context
- self.__r = self.protect(_context, permission_id, interface, names)
+ self.__r = self.protect(_context, permission_id, interface, names,
+ like_unto)
# ._getPermission() is handy for subclassing with different permission
# policy, eg publicClass.
@@ -56,16 +59,19 @@
return permission_id
def protect(self, _context, permission_id=None, interface=None,
- names=None):
+ names=None, like_unto=None):
"Protect a specific aspect"
- self.__empty = 0
+ r = []
+
+ if like_unto:
+ self.__protectLikeUnto(like_unto, r)
if not (interface or names):
- return []
+ return r
+
permission_id = self._getPermission(permission_id)
- r = []
if interface:
self.__protectByInterface(interface, permission_id, r)
@@ -91,6 +97,16 @@
for n, d in interface.namesAndDescriptions(1):
self.__protectName(n, permission_id, r)
+ def __protectLikeUnto(self, like_unto, r):
+ "Set a permission on names in an interface."
+ like_unto = self.__context.resolve(like_unto)
+ r.append(
+ Action(discriminator=('protectLikeUnto', self.__class, object()),
+ callable=protectLikeUnto,
+ args=(self.__class, like_unto),
+ )
+ )
+
def __call__(self):
"Handle empty/simple declaration."
return self.__r
@@ -109,10 +125,31 @@
checker = Checker({}.get)
defineChecker(class_, checker)
- # OK, so it's a hack.
- names = checker.getPermission_func().__self__
if permission_id == 'Zope.Public':
# Translate public permission to CheckerPublic
permission_id = CheckerPublic
+
+ # OK, so it's a hack.
+ protections = checker.getPermission_func().__self__
+ protections[name] = permission_id
+
+def protectLikeUnto(class_, like_unto):
+ """Use the protections from like_unto for class_
+ """
- names[name] = permission_id
+ unto_checker = getCheckerForInstancesOf(like_unto)
+ if unto_checker is None:
+ return
+
+ # OK, so it's a hack.
+ unto_protections = unto_checker.getPermission_func().__self__
+
+ checker = getCheckerForInstancesOf(class_)
+ if checker is None:
+ checker = Checker({}.get)
+ defineChecker(class_, checker)
+
+ # OK, so it's a hack.
+ protections = checker.getPermission_func().__self__
+ for name in unto_protections:
+ protections[name] = unto_protections[name]
=== Zope3/lib/python/Zope/App/Security/security-meta.zcml 1.1.2.2 => 1.1.2.2.14.1 ===
<subdirective name="protect"
attributes="permission_id, interface, methods" />
- <subdirective name="instances" attributes="permission_id" />
</directive>
<directive name="publicClass" attributes="name, interface, methods"
handler="Zope.App.Security.publicClass." />
=== Removed File Zope3/lib/python/Zope/App/Security/ISecurityContext.py ===
=== Removed File Zope3/lib/python/Zope/App/Security/ISecurityManagement.py ===
=== Removed File Zope3/lib/python/Zope/App/Security/ISecurityManager.py ===
=== Removed File Zope3/lib/python/Zope/App/Security/ISecurityPolicy.py ===
=== Removed File Zope3/lib/python/Zope/App/Security/SecurityContext.py ===
=== Removed File Zope3/lib/python/Zope/App/Security/SecurityManagement.py ===
=== Removed File Zope3/lib/python/Zope/App/Security/SecurityManager.py ===
=== Removed File Zope3/lib/python/Zope/App/Security/SimpleSecurityPolicies.py ===