[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - AnnotationPrincipalPermissionManager.py:1.1.2.3 AnnotationRolePermissionManager.py:1.1.2.3 PermissionRegistry.py:1.1.2.17 PrincipalPermissionView.py:1.1.2.5 PrincipalRegistry.py:1.1.2.15 PrincipalRoleView.py:1.1.2.6 RolePermissionView.py:1.1.2.11 Zope3RoleManagement.py:1.1.2.3 ZopeSecurityPolicy.py:1.1.2.27 metaConfigure.py:1.1.2.27 protectClass.py:1.1.2.15 security-meta.zcml:1.1.2.6 security.zcml:1.1.2.9 publicClass.py:NONE
Jim Fulton
jim@zope.com
Fri, 7 Jun 2002 10:41:48 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv12187/lib/python/Zope/App/Security
Modified Files:
Tag: Zope-3x-branch
AnnotationPrincipalPermissionManager.py
AnnotationRolePermissionManager.py PermissionRegistry.py
PrincipalPermissionView.py PrincipalRegistry.py
PrincipalRoleView.py RolePermissionView.py
Zope3RoleManagement.py ZopeSecurityPolicy.py metaConfigure.py
protectClass.py security-meta.zcml security.zcml
Removed Files:
Tag: Zope-3x-branch
publicClass.py
Log Message:
Merging in Zope3InWonderland-branch, which implemented the following
proposals (see
http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/OldProposals):
- RenameAllowToRequire
- GroupClassRelatedDirectivesInClassDirective
- ViewInterfaceAndSimplification
- ConsistentUseOfSpacesAsDelimitersInZCMLAttributes
- TwoArgumentViewConstructors
- ImplementsInZCML
- SimpleViewCreationInZCML
- RemoveGetView
- ReplaceProtectWithAllow
- ViewMethodsAsViews
- MergeProtectionAndComponentDefinitions
There were also various security fixes resulting of better integration
of security with components.
=== Zope3/lib/python/Zope/App/Security/AnnotationPrincipalPermissionManager.py 1.1.2.2 => 1.1.2.3 ===
""" Get the principal permission map stored in the context, optionally
creating one if necessary """
- annotations = getAdapter(self._context, IAnnotations)
+ # need to remove security proxies here, otherwise we enter
+ # an infinite loop, becuase checking security depends on
+ # getting PrincipalPermissions.
+ from Zope.Proxy.ProxyIntrospection import removeAllProxies
+ context = removeAllProxies(self._context)
+ annotations = getAdapter(context, IAnnotations)
try:
return annotations[annotation_key]
except KeyError:
=== Zope3/lib/python/Zope/App/Security/AnnotationRolePermissionManager.py 1.1.2.2 => 1.1.2.3 ===
"""Get the role permission map stored in the context, optionally
creating one if necessary"""
- annotations = getAdapter(self._context, IAnnotations)
+ # need to remove security proxies here, otherwise we enter
+ # an infinite loop, becuase checking security depends on
+ # getting RolePermissions.
+ from Zope.Proxy.ProxyIntrospection import removeAllProxies
+ context = removeAllProxies(self._context)
+ annotations = getAdapter(context, IAnnotations)
try:
return annotations[annotation_key]
except KeyError:
=== Zope3/lib/python/Zope/App/Security/PermissionRegistry.py 1.1.2.16 => 1.1.2.17 ===
"""Define a new permission object, register, and return it.
- name is the permission name, must be globally unique
+ permission is the permission name, must be globally unique
title is the permission title, human readable.
description (optional) is human readable
"""
+ if permission.startswith('.'):
+ raise ValueError("permissions must not start with a '.'")
return self.register(permission, title, description)
def definedPermission(self, permission_id):
=== Zope3/lib/python/Zope/App/Security/PrincipalPermissionView.py 1.1.2.4 => 1.1.2.5 ===
from Zope.App.PageTemplate import ViewPageTemplateFile
-from Zope.Publisher.Browser.AttributePublisher import AttributePublisher
+from Zope.Publisher.Browser.BrowserView import BrowserView
from Zope.ComponentArchitecture.ContextDependent import ContextDependent
from Zope.ComponentArchitecture import getService, getAdapter
from IPrincipalPermissionMap import IPrincipalPermissionMap
from IPrincipalPermissionManager import IPrincipalPermissionManager
from Settings import Allow, Deny, Unset
-class PrincipalPermissionView(AttributePublisher, ContextDependent):
+class PrincipalPermissionView(BrowserView):
index = ViewPageTemplateFile('pt/principal_permission_edit.pt')
def get_permission_service(self):
- return getService(self.getContext(), 'PermissionService')
+ return getService(self.context, 'PermissionService')
def get_principal(self, principal_id):
- return getService(self.getContext(),
+ return getService(self.context,
'AuthenticationService'
).getPrincipal(principal_id)
@@ -41,7 +41,7 @@
"""Form action unsetting a principals permissions"""
permission_service = self.get_permission_service()
principal = self.get_principal(principal_id)
- ppm = getAdapter(self.getContext(), IPrincipalPermissionManager)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
for perm_id in permission_ids:
permission = permission_service.getPermission(perm_id)
@@ -55,7 +55,7 @@
"""Form action granting a list of permissions to a principal"""
permission_service = self.get_permission_service()
principal = self.get_principal(principal_id)
- ppm = getAdapter(self.getContext(), IPrincipalPermissionManager)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
for perm_id in permission_ids:
permission = permission_service.getPermission(perm_id)
@@ -68,7 +68,7 @@
"""Form action denying a list of permissions for a principal"""
permission_service = self.get_permission_service()
principal = self.get_principal(principal_id)
- ppm = getAdapter(self.getContext(), IPrincipalPermissionManager)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
for perm_id in permission_ids:
permission = permission_service.getPermission(perm_id)
@@ -81,9 +81,9 @@
def getUnsetPermissionsForPrincipal(self, principal_id):
"""Returns all unset permissions for this principal"""
- ppmap = getAdapter(self.getContext(), IPrincipalPermissionMap)
+ ppmap = getAdapter(self.context, IPrincipalPermissionMap)
principal = self.get_principal(principal_id)
- perm_serv = getService(self.getContext(), 'PermissionService')
+ perm_serv = getService(self.context, 'PermissionService')
result = []
for perm in perm_serv.getPermissions():
if ppmap.getSetting(perm, principal) == Unset:
@@ -98,7 +98,7 @@
Return empty list if there are no permissions.
"""
- ppmap = getAdapter(self.getContext(), IPrincipalPermissionMap)
+ ppmap = getAdapter(self.context, IPrincipalPermissionMap)
principal = self.get_principal(principal_id)
permission_settings = ppmap.getPermissionsForPrincipal(principal)
=== Zope3/lib/python/Zope/App/Security/PrincipalRegistry.py 1.1.2.14 => 1.1.2.15 ===
from Zope.Exceptions import NotFoundError
from ILoginPassword import ILoginPassword
-from Zope.ComponentArchitecture import getAdapter
+from Zope.ComponentArchitecture import getAdapter, queryAdapter
class DuplicateLogin(Exception): pass
class DuplicateId(Exception): pass
@@ -33,7 +33,7 @@
# Methods implementing IAuthenticationService
def authenticate(self, request):
- a = getAdapter(request, ILoginPassword, None)
+ a = queryAdapter(request, ILoginPassword, None)
if a is not None:
login = a.getLogin()
if login is not None:
=== Zope3/lib/python/Zope/App/Security/PrincipalRoleView.py 1.1.2.5 => 1.1.2.6 ===
import time
from Zope.App.PageTemplate import ViewPageTemplateFile
-from Zope.Publisher.Browser.AttributePublisher import AttributePublisher
+from Zope.Publisher.Browser.BrowserView import BrowserView
from Zope.ComponentArchitecture.ContextDependent import ContextDependent
from Zope.ComponentArchitecture import getService, getAdapter
@@ -29,7 +29,7 @@
from Zope.App.Security.IPermission import IPermission
from Zope.App.Security.IRole import IRole
-class PrincipalRoleView(AttributePublisher, ContextDependent):
+class PrincipalRoleView(BrowserView):
index = ViewPageTemplateFile('pt/principal_role_association.pt')
@@ -39,7 +39,7 @@
if principals is None:
principals = self._principals = getService(
- self.getContext(), 'AuthenticationService'
+ self.context, 'AuthenticationService'
).getPrincipals()
return principals
@@ -49,8 +49,7 @@
roles = getattr(self, '_roles', None)
if roles is None:
- roles = self._roles = getService(
- self.getContext(), 'RoleService'
+ roles = self._roles = getService(self.context, 'RoleService'
).getRoles()
return roles
@@ -63,7 +62,7 @@
if not roles:
roles = self.getAllRoles()
- return PrincipalRoleGrid( principals, roles, self.getContext() )
+ return PrincipalRoleGrid( principals, roles, self.context )
def action(self, principals, roles, mapping, testing=None):
=== Zope3/lib/python/Zope/App/Security/RolePermissionView.py 1.1.2.10 => 1.1.2.11 ===
import os, time
from Zope.App.PageTemplate import ViewPageTemplateFile
-from Zope.Publisher.Browser.AttributePublisher import AttributePublisher
+from Zope.Publisher.Browser.BrowserView import BrowserView
from Zope.ComponentArchitecture.ContextDependent import ContextDependent
from Zope.ComponentArchitecture import getService, getAdapter
from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
@@ -26,7 +26,7 @@
from Zope.App.Security.IRole import IRole
from Zope.App.Security.Settings import Allow, Assign
-class RolePermissionView(AttributePublisher, ContextDependent):
+class RolePermissionView(BrowserView):
index = ViewPageTemplateFile('pt/manage_access.pt')
manage_permissionForm = ViewPageTemplateFile('pt/manage_permissionForm.pt')
@@ -36,7 +36,7 @@
roles = getattr(self, '_roles', None)
if roles is None:
roles = self._roles = getService(
- self.getContext(), 'RoleService'
+ self.context, 'RoleService'
).getRoles()
return roles
@@ -44,26 +44,26 @@
permissions = getattr(self, '_permissions', None)
if permissions is None:
permissions = self._permissions = getService(
- self.getContext(), 'PermissionService'
+ self.context, 'PermissionService'
).getPermissions()
return permissions
def permissionRoles(self):
- context = self.getContext()
+ context = self.context
roles = self.roles()
return [PermissionRoles(permission, context, roles)
for permission in self.permissions()]
def permissionForID(self, pid):
- context = self.getContext()
+ context = self.context
roles = self.roles()
perm = getService(context, 'PermissionService'
).getPermission(pid)
return PermissionRoles(perm, context, roles)
def roleForID(self, rid):
- context = self.getContext()
+ context = self.context
permissions = self.permissions()
role = getService(context, 'RoleService'
).getRole(rid)
@@ -73,7 +73,7 @@
def action(self, REQUEST, testing=None):
roles = [r.getId() for r in self.roles()]
permissions = [p.getId() for p in self.permissions()]
- prm = getAdapter(self.getContext(), IRolePermissionManager)
+ prm = getAdapter(self.context, IRolePermissionManager)
for ip in range(len(permissions)):
rperm = REQUEST.get("p%s" % ip)
if rperm not in permissions: continue
@@ -92,7 +92,7 @@
def update_permission(self, REQUEST, permission_id,
roles=(), testing=None):
- prm = getAdapter(self.getContext(), IRolePermissionManager)
+ prm = getAdapter(self.context, IRolePermissionManager)
for ir in [r.getId() for r in self.roles()]:
if ir in roles:
@@ -107,7 +107,7 @@
def update_role(self, REQUEST, role_id,
permissions=(), testing=None):
- prm = getAdapter(self.getContext(), IRolePermissionManager)
+ prm = getAdapter(self.context, IRolePermissionManager)
for ip in [p.getId() for p in self.permissions()]:
if ip in permissions:
=== Zope3/lib/python/Zope/App/Security/Zope3RoleManagement.py 1.1.2.2 => 1.1.2.3 ===
"""
- __implements__ = ( IRoleManagement, )
+ __implements__ = (IRoleManagement, )
- def __init__( self, context ):
- self._context = context
+ def __init__(self, context):
+ self.context = context
-
- def getContext( self ):
- return self._context
def _getContextBindings( self ):
"""
Find or create the permission-role bindings for our context.
"""
- bindings = getattr( self._context, SPECIAL_ATTRIBUTE_NAME, None )
+ bindings = getattr( self.context, SPECIAL_ATTRIBUTE_NAME, None )
if bindings is None:
bindings = _PermissionRoleBindings()
- setattr( self._context, SPECIAL_ATTRIBUTE_NAME, bindings )
+ setattr( self.context, SPECIAL_ATTRIBUTE_NAME, bindings )
return bindings
=== Zope3/lib/python/Zope/App/Security/ZopeSecurityPolicy.py 1.1.2.26 => 1.1.2.27 ===
__version__='$Revision$'[11:-2]
-from Zope.ComponentArchitecture import getAdapter
+from Zope.ComponentArchitecture import queryAdapter
from Zope.Proxy.ContextWrapper import ContainmentIterator
from Zope.Exceptions import Unauthorized, Forbidden
from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
@@ -83,7 +83,7 @@
# Check the placeful principal permissions and aggregate the
# Roles in this context
for c in ContainmentIterator(object):
- ppm = getAdapter(c, IPrincipalPermissionManager, None, globalContext)
+ ppm = queryAdapter(c, IPrincipalPermissionManager, None, globalContext)
if ppm is not None:
for principal in principals.keys():
setting = ppm.getSetting(permission, principal)
@@ -92,7 +92,7 @@
elif setting is Allow:
return 1 # Explicit allow on principal
- prm = getAdapter(c, IPrincipalRoleManager, None, globalContext)
+ prm = queryAdapter(c, IPrincipalRoleManager, None, globalContext)
if prm is not None:
for principal in principals.keys():
for role, setting in prm.getRolesForPrincipal(principal):
@@ -121,7 +121,7 @@
# Check the placeful role permissions, checking anonymous first
for c in ContainmentIterator(object):
- rpm = getAdapter(c, IRolePermissionManager, None, globalContext)
+ rpm = queryAdapter(c, IRolePermissionManager, None, globalContext)
if rpm is not None:
for role in ['Anonymous'] + assigned_roles.keys():
setting = rpm.getSetting(permission, role)
=== Zope3/lib/python/Zope/App/Security/metaConfigure.py 1.1.2.26 => 1.1.2.27 ===
$Id$
"""
-
-
-from protectClass import protectClass
-from publicClass import publicClass
from PermissionRegistry import permissionRegistry as perm_reg
from RoleRegistry import roleRegistry as role_reg
from Zope.Security.SecurityManager import setSecurityPolicy
@@ -41,68 +37,68 @@
)
]
-def definePermission(_context, permission_id, title, description=''):
+def definePermission(_context, id, title, description=''):
return [
Action(
- discriminator = ('definePermission', permission_id),
+ discriminator = ('definePermission', id),
callable = perm_reg.definePermission,
- args = (permission_id, title, description),
+ args = (id, title, description),
)
]
-def defineRole(_context, role_id, title, description=''):
+def defineRole(_context, id, title, description=''):
return [
Action(
- discriminator = ('defineRole', role_id),
+ discriminator = ('defineRole', id),
callable = role_reg.defineRole,
- args = (role_id, title, description),
+ args = (id, title, description),
)
]
-def principal(_context, principal_id, title, login, password, description=''):
+def principal(_context, id, title, login, password, description=''):
return [
Action(
- discriminator = ('principal', principal_id),
+ discriminator = ('principal', id),
callable = principalRegistry.definePrincipal,
- args = (principal_id, title, description, login, password),
+ args = (id, title, description, login, password),
)
]
-def defaultPrincipal(_context, principal_id, title, description=''):
+def defaultPrincipal(_context, id, title, description=''):
return [
Action(
discriminator = 'defaultPrincipal',
callable = principalRegistry.defineDefaultPrincipal,
- args = (principal_id, title, description),
+ args = (id, title, description),
)
]
-def grantPermissionToRole(_context, permission_id, role_id):
+def grantPermissionToRole(_context, permission, role):
return [
Action(
- discriminator = ('grantPermissionToRole', permission_id, role_id),
+ discriminator = ('grantPermissionToRole', permission, role),
callable = role_perm_mgr.grantPermissionToRole,
- args = (permission_id, role_id),
+ args = (permission, role),
)
]
-def grantPermissionToPrincipal(_context, permission_id, principal_id):
+def grantPermissionToPrincipal(_context, permission, principal):
return [
Action(
discriminator = ('grantPermissionToPrincipal',
- permission_id,
- principal_id),
+ permission,
+ principal),
callable = principal_perm_mgr.grantPermissionToPrincipal,
- args = (permission_id, principal_id),
+ args = (permission, principal),
)
]
-def assignRoleToPrincipal(_context, role_id, principal_id):
+def assignRoleToPrincipal(_context, role, principal):
return [
Action(
- discriminator = ('assignRoleToPrincipal', role_id, principal_id),
+ discriminator = ('assignRoleToPrincipal', role, principal),
callable = principal_role_mgr.assignRoleToPrincipal,
- args = (role_id, principal_id),
+ args = (role, principal),
)
]
=== Zope3/lib/python/Zope/App/Security/protectClass.py 1.1.2.14 => 1.1.2.15 ===
"""
-from Interface.Method import Method
from Exceptions import UndefinedPermissionError
from PermissionRegistry import permissionRegistry
-from Zope.Configuration.ConfigurationDirectiveInterfaces \
- import INonEmptyDirective
-from Zope.Configuration.Action import Action
-
from Zope.Security.Checker import defineChecker, getCheckerForInstancesOf
from Zope.Security.Checker import Checker, CheckerPublic
-class ProtectionDeclarationException(Exception):
- """Security-protection-specific exceptions."""
- pass
-
-
-class protectClass:
-
- __class_implements__ = INonEmptyDirective
-
- def __init__(self, _context, class_, permission_id=None, interface=None,
- names=None, like_unto=None):
- self.__class = _context.resolve(class_)
- self.__name = class_
- self.__permission_id = permission_id
- self.__like_unto = like_unto
- self.__context = _context
- self.__r = self.protect(_context, permission_id, interface, names,
- like_unto)
-
- # ._getPermission() is handy for subclassing with different permission
- # policy, eg publicClass.
- def _getPermission(self, permission_id=None):
- """Return the permission to use.
-
- Consider optional permission argument and permission specified on
- class init."""
- if permission_id is None:
- permission_id = self.__permission_id
- if permission_id is None:
- raise ProtectionDeclarationException("No permission specified")
- else:
- return permission_id
-
- def protect(self, _context, permission_id=None, interface=None,
- names=None, like_unto=None):
- "Protect a specific aspect"
-
- r = []
-
- if like_unto:
- self.__protectLikeUnto(like_unto, r)
-
- if not (interface or names):
- return r
-
- permission_id = self._getPermission(permission_id)
-
-
- if interface:
- self.__protectByInterface(interface, permission_id, r)
- if names:
- self.__protectNames(names, permission_id, r)
-
- return r
-
- def __protectName(self, name, permission_id, r):
- "Set a permission on a particular name."
- r.append((
- ('protectName', self.__class, name),
- protectName, (self.__class, name, permission_id)))
-
- def __protectNames(self, names, permission_id, r):
- "Set a permission on a bunch of names."
- for name in names.split(","):
- self.__protectName(name.strip(), permission_id, r)
-
- def __protectByInterface(self, interface, permission_id, r):
- "Set a permission on names in an interface."
- interface = self.__context.resolve(interface)
- for n, d in interface.namesAndDescriptions(1):
- self.__protectName(n, permission_id, r)
-
- def __protectLikeUnto(self, like_unto, r):
- "Set a permission on names in an interface."
- like_unto = self.__context.resolve(like_unto)
- r.append(
- Action(discriminator=('protectLikeUnto', self.__class, object()),
- callable=protectLikeUnto,
- args=(self.__class, like_unto),
- )
- )
-
- def __call__(self):
- "Handle empty/simple declaration."
- return self.__r
-
-def _checkPermission(permission_id):
+def checkPermission(permission):
"""Check to make sure that the permission is valid.
"""
-
- if not permissionRegistry.definedPermission(permission_id):
- raise UndefinedPermissionError(permission_id)
+ if not permissionRegistry.definedPermission(permission):
+ raise UndefinedPermissionError(permission)
-def protectName(class_, name, permission_id):
+def protectName(class_, name, permission):
"Set a permission on a particular name."
+
+ checkPermission(permission)
+
checker = getCheckerForInstancesOf(class_)
if checker is None:
checker = Checker({}.get)
defineChecker(class_, checker)
- if permission_id == 'Zope.Public':
+ if permission == 'Zope.Public':
# Translate public permission to CheckerPublic
- permission_id = CheckerPublic
+ permission = CheckerPublic
# OK, so it's a hack.
protections = checker.getPermission_func().__self__
- protections[name] = permission_id
+ protections[name] = permission
def protectLikeUnto(class_, like_unto):
"""Use the protections from like_unto for class_
=== Zope3/lib/python/Zope/App/Security/security-meta.zcml 1.1.2.5 => 1.1.2.6 ===
<directives namespace="http://namespaces.zope.org/security">
<directive name="permission"
- attributes="permission_id, title, description"
+ attributes="id title description"
handler="Zope.App.Security.metaConfigure.definePermission" />
<directive name="role"
- attributes="role_id, title, description"
+ attributes="id title description"
handler="Zope.App.Security.metaConfigure.defineRole" />
- <directive name="protectClass"
- attributes="class, permission_id, interface, names"
- handler="Zope.App.Security.protectClass.">
- <subdirective name="protect"
- attributes="permission_id, interface, names" />
- </directive>
- <directive name="publicClass" attributes="class, interface, names"
- handler="Zope.App.Security.publicClass." />
<directive name="defaultPolicy" attributes="name"
handler="Zope.App.Security.metaConfigure.defaultPolicy" />
- <directive name="principal" attributes="principal_id, title, description"
+ <directive name="principal" attributes="id title description"
handler="Zope.App.Security.metaConfigure.principal" />
<directive name="defaultPrincipal"
- attributes="principal_id, title, description"
+ attributes="principal title description"
handler="Zope.App.Security.metaConfigure.defaultPrincipal" />
- <directive name="grantPermissionToRole" attributes="permission_id, role_id"
+ <directive name="grantPermissionToRole" attributes="permission role"
handler="Zope.App.Security.metaConfigure.grantPermissionToRole" />
<directive
name="grantPermissionToPrincipal"
- attributes="permission_id, principal_id"
+ attributes="permission principal"
handler="Zope.App.Security.metaConfigure.grantPermissionToPrincipal" />
- <directive name="assignRoleToPrincipal" attributes="role_id, principal_id"
+ <directive name="assignRoleToPrincipal" attributes="role principal"
handler="Zope.App.Security.metaConfigure.assignRoleToPrincipal" />
</directives>
=== Zope3/lib/python/Zope/App/Security/security.zcml 1.1.2.8 => 1.1.2.9 ===
>
<serviceType
- name="RoleService"
+ id="RoleService"
interface="Zope.App.Security.IRoleService." />
<service
- name="RoleService"
+ serviceType="RoleService"
component="Zope.App.Security.RoleRegistry.roleRegistry" />
<serviceType
- name="PermissionService"
+ id="PermissionService"
interface="Zope.App.Security.IPermissionService." />
<service
- name="PermissionService"
+ serviceType="PermissionService"
component="Zope.App.Security.PermissionRegistry.permissionRegistry" />
<serviceType
- name="AuthenticationService"
+ id="AuthenticationService"
interface="Zope.App.Security.IAuthenticationService." />
<service
- name="AuthenticationService"
+ serviceType="AuthenticationService"
component="Zope.App.Security.PrincipalRegistry.principalRegistry" />
-<security:defaultPolicy
- name="Zope.App.Security.ZopeSecurityPolicy.zopeSecurityPolicy" />
+ <security:defaultPolicy
+ name="Zope.App.Security.ZopeSecurityPolicy.zopeSecurityPolicy" />
-
-<adapter factory="Zope.App.Security.BasicAuthAdapter."
- provides="Zope.App.Security.ILoginPassword."
- for="Zope.Publisher.HTTP.IHTTPCredentials." />
-
-<adapter factory="Zope.App.Security.BasicVFSAuthAdapter."
- provides="Zope.App.Security.ILoginPassword."
- for="Zope.Publisher.VFS.IVFSCredentials." />
-
-<adapter factory="Zope.App.Security.BasicVFSAuthAdapter."
- provides="Zope.App.Security.ILoginPassword."
- for="Zope.Publisher.VFS.IVFSCredentials." />
+ <adapter factory="Zope.App.Security.BasicAuthAdapter."
+ provides="Zope.App.Security.ILoginPassword."
+ for="Zope.Publisher.HTTP.IHTTPCredentials." />
+
+ <adapter factory="Zope.App.Security.BasicVFSAuthAdapter."
+ provides="Zope.App.Security.ILoginPassword."
+ for="Zope.Publisher.VFS.IVFSCredentials." />
+
+ <adapter factory="Zope.App.Security.BasicVFSAuthAdapter."
+ provides="Zope.App.Security.ILoginPassword."
+ for="Zope.Publisher.VFS.IVFSCredentials." />
<!-- Role-Permission management view -->
+
+ <content class=".RolePermissionView.PermissionRoles.">
+ <security:require
+ permission="Zope.Security"
+ attributes="roles rolesInfo"
+ interface="Zope.App.Security.IRegisteredObject." />
+ </content>
-<security:protectClass class="Zope.App.Security.RolePermissionView."
- permission_id="Zope.Security"
- names="index, roles, permissions, permissionRoles, action,
- manage_permissionForm, update_permission,
- manage_roleForm, update_role, permissionForID" />
-
-<security:protectClass
- class="Zope.App.Security.RolePermissionView.PermissionRoles."
- permission_id="Zope.Security"
- names="roles, rolesInfo"
- interface="Zope.App.Security.IRegisteredObject." />
-
-
-<browser:view name="RolePermissionsManagement"
- for="Zope.App.OFS.Annotation.IAnnotatable."
- factory="Zope.App.Security.RolePermissionView." />
-
-<adapter factory=".AnnotationRolePermissionManager."
- provides=".IRolePermissionManager."
- for="Zope.App.OFS.Annotation.IAnnotatable." />
+ <browser:view for="Zope.App.OFS.Annotation.IAnnotatable."
+ permission="Zope.Security"
+ factory="Zope.App.Security.RolePermissionView.">
+
+ <browser:page name="AllRolePermissions.html"
+ attribute="index" />
+ <browser:page name="ChangeAllRolePermissions.html"
+ attribute="action" />
+ <browser:page name="RolePermissions.html"
+ attribute="manage_RoleForm" />
+ <browser:page name="ChangeRolePermissions.html"
+ attribute="update_role" />
+ <browser:page name="RolesWithPermission.html"
+ attribute="manage_permissionForm" />
+ <browser:page name="ChangeRolesWithPermission.html"
+ attribute="update_permission" />
+ </browser:view>
+
+ <adapter factory=".AnnotationRolePermissionManager."
+ provides=".IRolePermissionManager."
+ for="Zope.App.OFS.Annotation.IAnnotatable." />
<!-- Principal-Permission management view -->
-
-<security:protectClass class="Zope.App.Security.PrincipalPermissionView."
- permission_id="Zope.Security"
- names="index, get_principal, unsetPermissions, denyPermissions,
- grantPermissions, getUnsetPermissionsForPrincipal,
- getPermissionsForPrincipal" />
-
-
-<browser:view name="PrincipalPermissionsManagement"
- for="Zope.App.OFS.Annotation.IAnnotatable."
- factory="Zope.App.Security.PrincipalPermissionView." />
-
-<adapter factory=".AnnotationPrincipalPermissionManager."
- provides=".IPrincipalPermissionManager."
- for="Zope.App.OFS.Annotation.IAnnotatable." />
-
-
-<!-- protect Roles and Permissions -->
-<security:protectClass class="Zope.App.Security.RoleRegistry.Role"
- interface="Zope.App.Security.IRegisteredObject."
- permission_id="Zope.Public"/>
+ <content class=".PrincipalPermissionView.">
+ <security:require
+ permission="Zope.Security"
+ attributes="index get_principal unsetPermissions denyPermissions
+ grantPermissions getUnsetPermissionsForPrincipal
+ getPermissionsForPrincipal" />
+ </content>
+
+ <browser:view
+ name="PrincipalPermissionsManagement"
+ for="Zope.App.OFS.Annotation.IAnnotatable."
+ factory=".PrincipalPermissionView." />
+
+ <adapter factory=".AnnotationPrincipalPermissionManager."
+ provides=".IPrincipalPermissionManager."
+ for="Zope.App.OFS.Annotation.IAnnotatable." />
+
+
+ <!-- protect Roles and Permissions -->
+ <content class=".RoleRegistry.Role">
+ <security:allow
+ interface="Zope.App.Security.IRegisteredObject." />
+ </content>
+
</zopeConfigure>
=== Removed File Zope3/lib/python/Zope/App/Security/publicClass.py ===