[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - metaConfigure.py:1.1.2.20 protectClass.py:1.1.2.5 publicClass.py:1.1.2.4
Jim Fulton
jim@zope.com
Thu, 3 Jan 2002 14:29:54 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv16747/App/Security
Modified Files:
Tag: Zope-3x-branch
metaConfigure.py protectClass.py publicClass.py
Log Message:
Refactored configuration framework:
- Configuration directives must be written to a
a different framework. See
ConfigurationDirectiveInterfaces.
- Configuration directives now don't take actions immediately.
Instead, they return a sequence of discriminators and callables
objects with arguments. This allows configuration to be defered to
allow overriding and conflct detection.
- Can now detect conflicting directives
- Can override directives. Directives in including configuration files
override directives in included files. Conflicting directives are
decided based on discriminators.
- Added new directives for defining directives. All directives, except
for a few bootstrap irectives, are now configurable in the
configuration file. This makes directives a little more discoverable
and facilitates extension of directives.
=== Zope3/lib/python/Zope/App/Security/metaConfigure.py 1.1.2.19 => 1.1.2.20 ===
""" Register security related configuration directives """
-from Zope.Configuration import namespace
-from Zope.Configuration.meta import register
from Zope.Configuration.name import resolve
from protectClass import protectClass
from publicClass import publicClass
@@ -24,46 +22,55 @@
from PrincipalPermissionManager import principalPermissionManager as principal_perm_mgr
from PrincipalRoleManager import principalRoleManager as principal_role_mgr
-def setSecurityPolicy_directive( name ):
- """
- """
+def defaultPolicy(name):
policy = resolve( name )
if callable( policy ):
policy = policy()
- setSecurityPolicy( policy )
+ return [('defaultPolicy', setSecurityPolicy, (policy,))]
-# We need a wrapper to throw away the return value, otherwise the machinery
-# requres that the returned things is a callable.
-def throw_away_return_value(func):
- def callfunc(func=func, **kw):
- func(**kw)
- return callfunc
-
-def metaConfigure():
- register(namespace('security'),
- 'definePermission',
- throw_away_return_value(perm_reg.definePermission))
- register(namespace('security'),
- 'defineRole',
- throw_away_return_value(role_reg.defineRole))
- register(namespace('security'), 'protectClass', protectClass)
- register(namespace('security'), 'publicClass', publicClass)
- register(namespace('security'), 'defaultPolicy',
- setSecurityPolicy_directive)
-
- register(namespace('security'), 'principal',
- principalRegistry.definePrincipal)
-
- register(namespace('security'), 'defaultPrincipal',
- principalRegistry.defineDefaultPrincipal)
-
- register(namespace('security'), 'grantPermissionToRole',
- role_perm_mgr.grantPermissionToRole)
-
- register(namespace('security'), 'grantPermissionToPrincipal',
- principal_perm_mgr.grantPermissionToPrincipal)
-
- register(namespace('security'), 'assignRoleToPrincipal',
- principal_role_mgr.assignRoleToPrincipal)
+def definePermission(permission, title, description=''):
+ action = (('definePermission', permission),
+ perm_reg.definePermission, (permission, title, description))
+ return (action,)
+
+def defineRole(role, title, description=''):
+ action = (('defineRole', role),
+ role_reg.defineRole, (role, title, description))
+ return (action,)
+
+def principal(principal, title, login, password, description=''):
+ return [(
+ ('principal', principal),
+ principalRegistry.definePrincipal,
+ (principal, title, description, login, password)
+ )]
+
+def defaultPrincipal(principal, title, description=''):
+ return [(
+ 'defaultPrincipal',
+ principalRegistry.defineDefaultPrincipal,
+ (principal, title, description)
+ )]
+
+def grantPermissionToRole(permission, role):
+ return [(
+ ('grantPermissionToRole', permission, role),
+ role_perm_mgr.grantPermissionToRole,
+ (permission, role)
+ )]
+
+def grantPermissionToPrincipal(permission, principal):
+ return [(
+ ('grantPermissionToPrincipal', permission, principal),
+ principal_perm_mgr.grantPermissionToPrincipal,
+ (permission, principal)
+ )]
+
+def assignRoleToPrincipal(role, principal):
+ return [(
+ ('assignRoleToPrincipal', role, principal),
+ principal_role_mgr.assignRoleToPrincipal,
+ (role, principal)
+ )]
=== Zope3/lib/python/Zope/App/Security/protectClass.py 1.1.2.4 => 1.1.2.5 ===
from Interface.Method import Method
+from Zope.Configuration.ConfigurationDirectiveInterfaces \
+ import INonEmptyDirective
+
class ProtectionDeclarationException(Exception):
"""Security-protection-specific exceptions."""
pass
class protectClass:
+
+ __class_implements__ = INonEmptyDirective
+
def __init__(self, name, permission=None, interface=None,
method=None, methods=None):
self.__class = resolve(name)
- self.__name=name
- self.__permission=permission
- self.protect(permission, interface, method, methods)
+ self.__name = name
+ self.__permission = permission
+ self.__r = self.protect(permission, interface, method, methods)
# So subsequent simple-declaration-style self() calls process instances
self.__empty = 1
@@ -62,24 +68,46 @@
self.__empty = 0
if not (interface or method or methods):
- return
+ return []
permission = self._getPermission(permission)
+ r = []
+
if interface:
- self.__protectByInterface(interface, permission)
+ self.__protectByInterface(interface, permission, r)
if method:
- self.__protectMethod(method, permission)
+ self.__protectMethod(method, permission, r)
if methods:
- self.__protectMethods(methods, permission)
+ self.__protectMethods(methods, permission, r)
+
+ return r
def instances(self, permission=None):
"Protect instances of the class, as opposed to methods"
self.__empty = 0
permission = self._getPermission(permission)
+ r=[]
+ self.__instances(permission, r)
+ return r
+
+ def __inst(self, permission):
self.__class.__permission__ = permission
- def __protectMethod(self, method, permission):
+ def __instances(self, permission, r):
+ "Protect instances of the class, as opposed to methods"
+ permission = self._getPermission(permission)
+ r.append((
+ ('protectInstances', self.__class),
+ self.__inst, (permission,)))
+
+ def __protectMethod(self, method, permission, r):
+ "Set a permission on a particular method."
+ r.append((
+ ('protectMethod', self.__class, method),
+ self.__method, (method, permission)))
+
+ def __method(self, method, permission):
"Set a permission on a particular method."
m = getattr(self.__class, method)
try:
@@ -92,20 +120,22 @@
"Couldn't assign permission to method %s of class %s"
% (m, self.__class.__name__))
- def __protectMethods(self, methods, permission):
+ def __protectMethods(self, methods, permission, r):
"Set a permission on a bunch of methods."
for method in methods.split(","):
- self.__protectMethod(method.strip(), permission)
+ self.__protectMethod(method.strip(), permission, r)
- def __protectByInterface(self, interface, permission):
+ def __protectByInterface(self, interface, permission, r):
"Set a permission on methods in an interface."
interface = resolve(interface)
for n, d in interface.namesAndDescriptions():
if isinstance(d, Method):
- self.__protectMethod(n, permission)
+ self.__protectMethod(n, permission, r)
def __call__(self):
"Handle empty/simple declaration."
+ r = self.__r
if self.__empty:
- self.instances(self.__permission)
+ self.__instances(self.__permission, r)
+ return r
=== Zope3/lib/python/Zope/App/Security/publicClass.py 1.1.2.3 => 1.1.2.4 ===
from protectClass import protectClass
+from Zope.Configuration.ConfigurationDirectiveInterfaces \
+ import INonEmptyDirective
+
class PublicDeclarationException(Exception):
"""Security-protection-specific exception."""
pass
@@ -42,4 +45,4 @@
def __call__(self):
- protectClass.__call__(self)
+ return protectClass.__call__(self)