[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - AttributeRolePermissionManager.py:1.1.2.3 IRolePermissionManager.py:1.1.2.4 IRolePermissionMap.py:1.1.2.5 RolePermissionManager.py:1.1.2.6
Anthony Baxter
anthony@interlink.com.au
Sat, 9 Feb 2002 17:10:00 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv5429
Modified Files:
Tag: Zope-3x-branch
AttributeRolePermissionManager.py IRolePermissionManager.py
IRolePermissionMap.py RolePermissionManager.py
Log Message:
Updated RolePermission interfaces, code and testsuites to new standard,
as with PrincipalPermission and PrincipalRole. All test cases pass, but
this is largely because the testZSP script isn't very thorough ;)
This code allows Permissions to be explicitly denied to a Role.
=== Zope3/lib/python/Zope/App/Security/AttributeRolePermissionManager.py 1.1.2.2 => 1.1.2.3 ===
from Zope.ComponentArchitecture import getService
-from IRolePermissionManager import IRolePermissionManager
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny, Unset
class AttributeRolePermissionManager:
"""
@@ -29,73 +31,51 @@
def __init__(self, context):
self._context = context
- # Implementation methods for interface
- # Zope.App.Security.IRolePermissionManager
-
- def getPermissionsForRole(self, role):
- '''See interface IRolePermissionMap'''
- try:
- rp = self._context.__role_permissions__
- except AttributeError:
- return ()
- return rp.get(role, ())
+ def grantPermissionToRole( self, permission, role ):
+ ''' See the interface IRolePermissionManager '''
+ pp = self._getRolePermissions(create=1)
+ pp.addCell( permission, role, Allow )
+ self._context._p_changed = 1
+
+ def denyPermissionToRole( self, permission, role ):
+ ''' See the interface IRolePermissionManager '''
+ pp = self._getRolePermissions(create=1)
+ pp.addCell( permission, role, Deny )
+ self._context._p_changed = 1
+
+ def unsetPermissionForRole( self, permission, role ):
+ ''' See the interface IRolePermissionManager '''
+ pp = self._getRolePermissions()
+ # Only unset if there is a security map, otherwise, we're done
+ if pp:
+ pp.delCell( permission, role )
+ self._context._p_changed = 1
- def getRolesForPermission(self, permission):
+ def getRolesForPermission( self, permission ):
'''See interface IRolePermissionMap'''
- try:
- rp = self._context.__role_permissions__
- except AttributeError:
- return ()
-
- r = []
- for role, permissions in rp.items():
- if permission in permissions:
- r.append(role)
-
- return r
+ pp = self._getRolePermissions()
+ if pp:
+ return pp.getRow( permission )
+ else:
+ return []
- def getPermissionAcquired(self, permission):
+ def getPermissionsForRole( self, role ):
'''See interface IRolePermissionMap'''
- # punt for now
- return 1
+ pp = self._getRolePermissions()
+ if pp:
+ return pp.getCol( role )
+ else:
+ return []
- def retractPermissionFromRole(self, permission, role):
- '''See interface IRolePermissionMap'''
- rp = getattr(self._context, '__role_permissions__', None)
- if rp:
- permissions = rp.get(role, ())
- if permission in permissions:
- permissions.remove(permission)
-
- def grantPermissionToRole(self, permission, role):
- '''See interface IRolePermissionMap'''
- permissionService = getService(self._context,
- 'PermissionService')
- p = permissionService.getPermission(permission)
- if p is None:
- raise ValueError('Invalid Permission')
-
- roleService = getService(self._context,
- 'RoleService')
- r = roleService.getRole(role)
- if r is None:
- raise ValueError('Invalid Role')
-
+ def _getRolePermissions(self, create=0):
+ """ Get the role permission map stored in the context, optionally
+ creating one if necessary """
try:
- rp = self._context.__role_permissions__
+ return self._context.__role_permissions__
except AttributeError:
- rp = self._context.__role_permissions__ = {}
+ if create:
+ pp = self._context.__role_permissions__ = \
+ LocalSecurityMap()
+ return pp
+ return None
- try:
- permissions = rp[role]
- except KeyError:
- rp[role] = [ permission ]
- self._context._p_changed = 1
- else:
- if permission not in permissions:
- permissions.append(permission)
- self._context._p_changed = 1
-
- def setPermissionAcquired(self, permission, flag):
- '''See interface IRolePermissionMap'''
- raise TypeError('Unimplemented')
=== Zope3/lib/python/Zope/App/Security/IRolePermissionManager.py 1.1.2.3 => 1.1.2.4 ===
"""Bind the permission to the role.
- permission must be a permission id
- role must be a role id
+ permission must be an IPermission
+ role must be an IRole
"""
- def retractPermissionFromRole(permission, role):
- """remove the binding of the permission to the role"""
+ def denyPermissionToRole(permission, role):
+ """Deny the permission to the role
- def setPermissionAcquired(permission, flag):
- """Set a flag indicating whether permission settings are acquired.
+ permission must be an IPermission
+ role must be an IRole
+ """
+
+ def unsetPermissionFromRole(permission, role):
+ """Clear the setting of the permission to the role.
- Permission settings are acquired by default.
+ permission must be an IPermission
+ role must be an IRole
"""
=== Zope3/lib/python/Zope/App/Security/IRolePermissionMap.py 1.1.2.4 => 1.1.2.5 ===
"""
- def getPermissionAcquired(permission):
- """Return a flag indicating whether permission settings are acquired.
+ def getSetting(permission, role):
+ """Return a sequence of roles for the given permission.
+
+ permission must be an IPermission. role must be an IRole.
+ If no roles have been granted this permission, then the empty
+ list is returned.
+ """
+
+ def getPrincipalsAndRoles():
+ """Return a sequence of (principals, role, setting) here.
+
+ If no principal/role assertions have been made here, then the empty
+ list is returned.
"""
=== Zope3/lib/python/Zope/App/Security/RolePermissionManager.py 1.1.2.5 => 1.1.2.6 ===
"""Mappings between roles and permissions."""
-from Zope.App.Security.SecurityMap import SecurityMap
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny
from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
-class RolePermissionManager(SecurityMap):
+class RolePermissionManager(LocalSecurityMap):
"""Mappings between roles and permissions."""
__implements__ = IRolePermissionManager
@@ -25,33 +26,23 @@
def grantPermissionToRole( self, permission, role ):
'''See interface IRolePermissionMap'''
- self.addCell( permission, role )
+ self.addCell( permission, role, Allow )
- def retractPermissionFromRole( self, permission, role ):
+ def denyPermissionToRole( self, permission, role ):
+ '''See interface IRolePermissionMap'''
+ self.addCell( permission, role, Deny )
+
+ def unsetPermissionForRole( self, permission, role ):
'''See interface IRolePermissionMap'''
self.delCell( permission, role )
def getRolesForPermission( self, permission ):
'''See interface IRolePermissionMap'''
- return self.getColumnsForRow( permission )
+ return self.getRow( permission )
def getPermissionsForRole( self, role ):
'''See interface IRolePermissionMap'''
- return self.getRowsForColumn( role )
-
- def setPermissionAcquired(self, permission, flag):
- '''See interface IRolePermissionMap'''
- self._nonacquiredperms[permission] = flag
-
- def getPermissionAcquired(self, permission):
- '''See interface IRolePermissionMap'''
- return self._nonacquiredperms.get(permission, 1)
-
- # Override _clear() so we can add the extra little acquired permission
- # mapping.
- def _clear(self):
- SecurityMap._clear(self)
- self._nonacquiredperms = {}
+ return self.getCol( role )
# Permissions are our rows, and roles are our columns
rolePermissionManager = RolePermissionManager()