[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - ZopeSecurityPolicy.py:1.1.2.13.2.3

Casey Duncan casey_duncan@yahoo.com
Mon, 11 Feb 2002 15:16:00 -0500 

Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv31035

Modified Files:
      Tag: Zope-3x-security_defactor-branch
	ZopeSecurityPolicy.py 
Log Message:
ZSP Now passes tests. Behavior is still not 100% correct with regard to placeless principal and placeful role permissions. The latter can win out over the former. This will be fixed next.


=== Zope3/lib/python/Zope/App/Security/ZopeSecurityPolicy.py 1.1.2.13.2.2 => 1.1.2.13.2.3 ===
     def checkPermission( self, permission, object, context ):
 
-        print 'checking permission:', permission, object
-
         principals = { context.user : 1 }
         roles      = {}
         seen_allowed = 0
@@ -97,10 +95,8 @@
 
         # XXX We aren't really handling multiple principals below
         for c in ContainmentIterator(object):
-            print c
             ppm = getAdapter(c, IPrincipalPermissionManager, None)
             if ppm is not None: 
-                print 'got playul principal permission adapter'
                 for principal in principals.keys():
                     setting = ppm.getSetting(permission, principal)
                     if setting is Allow:
@@ -109,10 +105,8 @@
                         return 0 # Explicit deny on principal
                 if seen_allowed:
                     return 1 # If I'm allowed here... forget the rest.
-
             rpm = getAdapter(c, IRolePermissionManager, None)
             if rpm is not None:
-                print 'got playul role permission adapter'
                 for role in all_roles:
                     setting = rpm.getSetting(permission, role)
                     if setting == Allow:
@@ -121,8 +115,6 @@
                         return 0 # Explicit Deny on role.
                 if seen_allowed:
                     return 1 # I'm allowed by a role on the principal
-            else:
-                print 'No playful role permission adapter'
 
         # now check the dour interfaces - maybe they've got settings
         ppm = principalPermissionManager
@@ -151,7 +143,6 @@
             if seen_allowed:
                 return 1 # I'm allowed by a role on the principal
 
-        print 'DENY: fell through'
 
         return 0 # Deny by default
 
@@ -217,15 +208,14 @@
                                     prm.getRolesForPrincipal(principal):
                             if not roles.has_key(role):
                                 roles[role] = setting
-        else:
-            # non-playful (dour) roles
-            prm = principalRoleManager
-            if prm is not None:
-                for principal in principals:
-                    for role, setting in \
-                                prm.getRolesForPrincipal(principal):
-                        if not roles.has_key(role):
-                            roles[role] = setting
+        # non-playful (dour) roles
+        prm = principalRoleManager
+        if prm is not None:
+            for principal in principals:
+                for role, setting in \
+                            prm.getRolesForPrincipal(principal):
+                    if not roles.has_key(role):
+                        roles[role] = setting
 
         result = [('Anonymous',Assign)] # Always check anonymous
         for role, setting in roles.items():