[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - AnnotationPrincipalPermissionManager.py:1.2 AnnotationPrincipalRoleManager.py:1.2 AnnotationRolePermissionManager.py:1.2 BasicAuthAdapter.py:1.2 BasicVFSAuthAdapter.py:1.2 Exceptions.py:1.2 IAuthenticationService.py:1.2 ILoginPassword.py:1.2 IPermission.py:1.2 IPermissionGroup.py:1.2 IPermissionGroupService.py:1.2 IPermissionService.py:1.2 IPrincipal.py:1.2 IPrincipalPermissionManager.py:1.2 IPrincipalPermissionMap.py:1.2 IPrincipalRoleManager.py:1.2 IPrincipalRoleMap.py:1.2 IRegisteredObject.py:1.2 IRole.py:1.2 IRolePermissionManager.py:1.2 IRolePermissionMap.py:1.2 IRoleService.py:1.2 LocalSecurityMap.py:1.2 LoginPassword.py:1.2 PermissionRegistry.py:1.2 PrincipalPermissionManager.py:1.2 PrincipalPermissionView.py:1.2 PrincipalRegistry.py:1.2 PrincipalRoleManager.py:1.2 PrincipalRoleView.py:1.2 RegisteredObject.py:1.2 Registry.py:1.2 RolePermissionManager.py:1.2 RolePermissionView.py:1.2 RoleRegistry.py:1.2 SecurityMap.py:!
1.2 Settings.py:1.2 Zope3RoleManagement.py:1.2 ZopeSecurityPolicy.py:1.2 __init__.py:1.2 _protections.py:1.2 metaConfigure.py:1.2 protectClass.py:1.2 security-meta.zcml:1.2 security.zcml:1.2
Jim Fulton
jim@zope.com
Mon, 10 Jun 2002 19:28:51 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv17445/lib/python/Zope/App/Security
Added Files:
AnnotationPrincipalPermissionManager.py
AnnotationPrincipalRoleManager.py
AnnotationRolePermissionManager.py BasicAuthAdapter.py
BasicVFSAuthAdapter.py Exceptions.py IAuthenticationService.py
ILoginPassword.py IPermission.py IPermissionGroup.py
IPermissionGroupService.py IPermissionService.py IPrincipal.py
IPrincipalPermissionManager.py IPrincipalPermissionMap.py
IPrincipalRoleManager.py IPrincipalRoleMap.py
IRegisteredObject.py IRole.py IRolePermissionManager.py
IRolePermissionMap.py IRoleService.py LocalSecurityMap.py
LoginPassword.py PermissionRegistry.py
PrincipalPermissionManager.py PrincipalPermissionView.py
PrincipalRegistry.py PrincipalRoleManager.py
PrincipalRoleView.py RegisteredObject.py Registry.py
RolePermissionManager.py RolePermissionView.py RoleRegistry.py
SecurityMap.py Settings.py Zope3RoleManagement.py
ZopeSecurityPolicy.py __init__.py _protections.py
metaConfigure.py protectClass.py security-meta.zcml
security.zcml
Log Message:
Merged Zope-3x-branch into newly forked Zope3 CVS Tree.
=== Zope3/lib/python/Zope/App/Security/AnnotationPrincipalPermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Mappings between principals and permissions, stored in an object locally."""
+
+from Zope.ComponentArchitecture import getAdapter
+from Zope.App.OFS.Annotation.IAnnotations import IAnnotations
+from Zope.App.Security.IPrincipalPermissionManager \
+ import IPrincipalPermissionManager
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny, Unset
+
+annotation_key = 'Zope.App.Security.AnnotationPrincipalPermissionManager'
+
+class AnnotationPrincipalPermissionManager:
+ """Mappings between principals and permissions."""
+
+ __implements__ = IPrincipalPermissionManager
+
+ def __init__(self, context):
+ self._context = context
+
+ def grantPermissionToPrincipal(self, permission_id, principal_id):
+ ''' See the interface IPrincipalPermissionManager '''
+ pp = self._getPrincipalPermissions(create=1)
+ pp.addCell(permission_id, principal_id, Allow)
+ self._context._p_changed = 1
+
+ def denyPermissionToPrincipal(self, permission_id, principal_id):
+ ''' See the interface IPrincipalPermissionManager '''
+ pp = self._getPrincipalPermissions(create=1)
+ pp.addCell(permission_id, principal_id, Deny)
+ self._context._p_changed = 1
+
+ def unsetPermissionForPrincipal(self, permission_id, principal_id):
+ ''' See the interface IPrincipalPermissionManager '''
+ pp = self._getPrincipalPermissions()
+ # Only unset if there is a security map, otherwise, we're done
+ if pp:
+ pp.delCell(permission_id, principal_id)
+ self._context._p_changed = 1
+
+ def getPrincipalsForPermission(self, permission_id):
+ ''' See the interface IPrincipalPermissionManager '''
+ pp = self._getPrincipalPermissions()
+ if pp:
+ return pp.getRow(permission_id)
+ return []
+
+ def getPermissionsForPrincipal(self, principal_id):
+ ''' See the interface IPrincipalPermissionManager '''
+ pp = self._getPrincipalPermissions()
+ if pp:
+ return pp.getCol(principal_id)
+ return []
+
+ def getSetting(self, permission_id, principal_id):
+ ''' See the interface IPrincipalPermissionManager '''
+ pp = self._getPrincipalPermissions()
+ if pp:
+ return pp.getCell(permission_id, principal_id, default=Unset)
+ return []
+
+ def getPrincipalsAndPermissions(self):
+ ''' See the interface IPrincipalPermissionManager '''
+ pp = self._getPrincipalPermissions()
+ if pp:
+ return pp.getAllCells()
+ return []
+
+ # Implementation helpers
+
+ def _getPrincipalPermissions(self, create=0):
+ """ Get the principal permission map stored in the context, optionally
+ creating one if necessary """
+ # need to remove security proxies here, otherwise we enter
+ # an infinite loop, becuase checking security depends on
+ # getting PrincipalPermissions.
+ from Zope.Proxy.ProxyIntrospection import removeAllProxies
+ context = removeAllProxies(self._context)
+ annotations = getAdapter(context, IAnnotations)
+ try:
+ return annotations[annotation_key]
+ except KeyError:
+ if create:
+ rp = annotations[annotation_key] = LocalSecurityMap()
+ return rp
+ return None
=== Zope3/lib/python/Zope/App/Security/AnnotationPrincipalRoleManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Mappings between principals and roles, stored in an object locally."""
+
+from Zope.ComponentArchitecture import getAdapter
+from Zope.App.OFS.Annotation.IAnnotations import IAnnotations
+from Zope.App.Security.IPrincipalRoleManager \
+ import IPrincipalRoleManager
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Assign, Remove, Unset
+
+annotation_key = 'Zope.App.Security.AnnotationPrincipalRoleManager'
+
+class AnnotationPrincipalRoleManager:
+ """Mappings between principals and roles."""
+
+ __implements__ = IPrincipalRoleManager
+
+ def __init__(self, context):
+ self._context = context
+
+ def assignRoleToPrincipal(self, role_id, principal_id):
+ ''' See the interface IPrincipalRoleManager '''
+ pp = self._getPrincipalRoles(create=1)
+ pp.addCell(role_id, principal_id, Assign)
+ self._context._p_changed = 1
+
+ def removeRoleFromPrincipal(self, role_id, principal_id):
+ ''' See the interface IPrincipalRoleManager '''
+ pp = self._getPrincipalRoles(create=1)
+ pp.addCell(role_id, principal_id, Remove)
+ self._context._p_changed = 1
+
+ def unsetRoleForPrincipal(self, role_id, principal_id):
+ ''' See the interface IPrincipalRoleManager '''
+ pp = self._getPrincipalRoles()
+ # Only unset if there is a security map, otherwise, we're done
+ if pp:
+ pp.delCell(role_id, principal_id)
+ self._context._p_changed = 1
+
+ def getPrincipalsForRole(self, role_id):
+ ''' See the interface IPrincipalRoleManager '''
+ pp = self._getPrincipalRoles()
+ if pp:
+ return pp.getRow(role_id)
+ return []
+
+ def getRolesForPrincipal(self, principal_id):
+ ''' See the interface IPrincipalRoleManager '''
+ pp = self._getPrincipalRoles()
+ if pp:
+ return pp.getCol(principal_id)
+ return []
+
+ def getSetting(self, role_id, principal_id):
+ ''' See the interface IPrincipalRoleManager '''
+ pp = self._getPrincipalRoles()
+ if pp:
+ return pp.getCell(role_id, principal_id, default=Unset)
+ return Unset
+
+ def getPrincipalsAndRoles(self):
+ ''' See the interface IPrincipalRoleManager '''
+ pp = self._getPrincipalRoles()
+ if pp:
+ return pp.getAllCells()
+ return []
+
+ # Implementation helpers
+
+ def _getPrincipalRoles(self, create=0):
+ """ Get the principal role map stored in the context, optionally
+ creating one if necessary """
+ annotations = getAdapter(self._context, IAnnotations)
+ try:
+ return annotations[annotation_key]
+ except KeyError:
+ if create:
+ rp = annotations[annotation_key] = LocalSecurityMap()
+ return rp
+ return None
=== Zope3/lib/python/Zope/App/Security/AnnotationRolePermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+from Zope.ComponentArchitecture import getAdapter
+from Zope.App.OFS.Annotation.IAnnotations import IAnnotations
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny, Unset
+
+annotation_key = 'Zope.App.Security.AnnotationRolePermissionManager'
+
+class AnnotationRolePermissionManager:
+ """
+ provide adapter that manages role permission data in an object attribute
+ """
+
+ __implements__ = IRolePermissionManager
+
+ def __init__(self, context):
+ self._context = context
+
+ def grantPermissionToRole(self, permission_id, role_id):
+ ''' See the interface IRolePermissionManager '''
+ rp = self._getRolePermissions(create=1)
+ rp.addCell(permission_id, role_id, Allow)
+ # probably not needed, as annotations should manage
+ # their own persistence
+ #self._context._p_changed = 1
+
+ def denyPermissionToRole(self, permission_id, role_id):
+ ''' See the interface IRolePermissionManager '''
+ rp = self._getRolePermissions(create=1)
+ rp.addCell(permission_id, role_id, Deny)
+ # probably not needed, as annotations should manage
+ # their own persistence
+ #self._context._p_changed = 1
+
+ def unsetPermissionFromRole(self, permission_id, role_id):
+ ''' See the interface IRolePermissionManager '''
+ rp = self._getRolePermissions()
+ # Only unset if there is a security map, otherwise, we're done
+ if rp:
+ rp.delCell(permission_id, role_id)
+ # probably not needed, as annotations should manage
+ # their own persistence
+ #self._context._p_changed = 1
+
+ def getRolesForPermission(self, permission_id):
+ '''See interface IRolePermissionMap'''
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getRow(permission_id)
+ else:
+ return []
+
+ def getPermissionsForRole(self, role_id):
+ '''See interface IRolePermissionMap'''
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getCol(role_id)
+ else:
+ return []
+
+ def getRolesAndPermissions(self):
+ '''See interface IRolePermissionMap'''
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getAllCells(role_id)
+ else:
+ return []
+
+ def getSetting(self, permission_id, role_id):
+ '''See interface IRolePermissionMap'''
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getCell(permission_id, role_id)
+ else:
+ return Unset
+
+ def _getRolePermissions(self, create=0):
+ """Get the role permission map stored in the context, optionally
+ creating one if necessary"""
+ # need to remove security proxies here, otherwise we enter
+ # an infinite loop, becuase checking security depends on
+ # getting RolePermissions.
+ from Zope.Proxy.ProxyIntrospection import removeAllProxies
+ context = removeAllProxies(self._context)
+ annotations = getAdapter(context, IAnnotations)
+ try:
+ return annotations[annotation_key]
+ except KeyError:
+ if create:
+ rp = annotations[annotation_key] = LocalSecurityMap()
+ return rp
+ return None
+
=== Zope3/lib/python/Zope/App/Security/BasicAuthAdapter.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+# HTTP Basic Authentication adapter
+
+from Zope.Publisher.HTTP.IHTTPCredentials import IHTTPCredentials
+from LoginPassword import LoginPassword
+
+class BasicAuthAdapter(LoginPassword):
+
+ __used_for__ = IHTTPCredentials
+
+ __request = None
+
+ def __init__(self, request):
+ self.__request = request
+ # XXX base64 decoding should be done here, not in request
+ lpw = request._authUserPW()
+ if lpw is None:
+ login, password = None, None
+ else:
+ login, password = lpw
+ LoginPassword.__init__(self, login, password)
+
+ def needLogin(self, realm):
+ self.__request.unauthorized("basic realm=%s" % realm)
=== Zope3/lib/python/Zope/App/Security/BasicVFSAuthAdapter.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+# HTTP Basic Authentication adapter
+
+from Zope.Publisher.VFS.IVFSCredentials import IVFSCredentials
+from LoginPassword import LoginPassword
+
+class BasicVFSAuthAdapter(LoginPassword):
+
+ __used_for__ = IVFSCredentials
+
+ __request = None
+
+ def __init__(self, request):
+ self.__request = request
+ # XXX base64 decoding should be done here, not in request
+ lpw = request._authUserPW()
+ if lpw is None:
+ login, password = None, None
+ else:
+ login, password = lpw
+ LoginPassword.__init__(self, login, password)
+
+ def needLogin(self, realm):
+ self.__request.unauthorized("Did not work")
=== Zope3/lib/python/Zope/App/Security/Exceptions.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+Revision information:
+$Id$
+"""
+
+class UndefinedPermissionError(Exception):
+ """Somebody tried to use a permission before it was defined.
+ """
=== Zope3/lib/python/Zope/App/Security/IAuthenticationService.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+from Interface import Interface
+
+class IAuthenticationService(Interface):
+ """
+ Provide support for establishing principals for requests and for
+ performing protocol-specific actions, such as issuing challenges
+ or providing login interfaces.
+
+ IAuthenticationService objects are used to implement
+ authentication services. Because they implement services, they are
+ expected to collaborate with services in other contexts. Client
+ code doesn't sarch a context and call multiple services. Instead,
+ client code will call the most specific service in a place and
+ rely on the service to delegate to other services as necessary.
+
+ The interface doesn't include methods for data
+ management. Services may use external data and not allow
+ management in Zope. Simularly, the data to be managed may vary
+ with different implementations of a service.
+ """
+
+ def authenticate(request):
+ """
+
+ Indentify a principal for a request
+
+ If a principal can be identified, then return the
+ principal id. Otherwise, return None.
+
+ The request object is fairly opaque. We may decide
+ that it implements some generic request interface.
+
+ Implementation note
+
+ It is likely that the component will dispatch
+ to another component based on the actual
+ request interface. This will allow different
+ kinds of requests to be handled correctly.
+
+ For example, a component that authenticates
+ based on user names and passwords might request
+ an adapter for the request as in::
+
+ getpw=getAdapter(request,
+ ILoginPassword, place=self)
+
+ The place keyword argument is used to control
+ where the ILoginPassword component is
+ searched for. This is necessary because
+ requests are placeless.
+ """
+
+ def defaultPrincipal():
+ """
+ Return the id of the default principal, if one is defined;
+ return None if no default principal is defined.
+ """
+
+ def unauthorized(id, request):
+ """
+ Signal an authorization failure
+
+ This method is called when an auhorization problem
+ occurs. It can perform a variety of actions, such
+ as issuing an HTTP authentication challenge or
+ displaying a login interface.
+
+ Note that the authentication service nearest to the
+ requested resource is called. It is up to
+ authentication service implementations to
+ colaborate with services higher in the object
+ hierarchy.
+
+ If no principal has been identified, id will be
+ None.
+ """
+
+ def getPrincipal(id):
+ """
+ Get principal meta-data
+
+ Returns an object of type IPrincipal for the given principal
+ id. A NotFoundErrorx is raised if the principal cannot be
+ found.
+
+ Note that the authentication service nearest to the requested
+ resource is called. It is up to authentication service
+ implementations to colaborate with services higher in the
+ object hierarchy.
+ """
+
+ def getPrincipals(name):
+ """
+ Get principals with matching names.
+
+ Get a iterable object with the principals with names that are
+ similar to (e.g. contain) the given name.
+ """
+
=== Zope3/lib/python/Zope/App/Security/ILoginPassword.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+from Interface import Interface
+
+class ILoginPassword(Interface):
+
+ def getLogin():
+ """Return login name, or None if no login name found."""
+
+ def getPassword():
+ """Return password, or None if no login name found.
+ If there's a login but no password, return empty string."""
+
+ def needLogin(realm):
+ """Indicate that a login is needed. The realm argument
+ is the name of the principal registry."""
=== Zope3/lib/python/Zope/App/Security/IPermission.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+from Zope.App.Security.IRegisteredObject import IRegisteredObject
+
+class IPermission(IRegisteredObject):
+ """A permission object."""
=== Zope3/lib/python/Zope/App/Security/IPermissionGroup.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Permission Group Object Interface """
+
+from Zope.App.Security.IRegisteredObject import IRegisteredObject
+
+class IPermissionGroup(IRegisteredObject):
+ """ A class for grouping permissions for managment """
+
+ def getPermissions():
+ """ Return a sequence of IPermissions in this group """
+
=== Zope3/lib/python/Zope/App/Security/IPermissionGroupService.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Permission grouping service for security managment"""
+
+from Interface import Interface
+
+class IPermissionGroupService(Interface):
+ """Permission grouping service used to organize permissions in security
+ managment
+ """
+
+ def getGroupsForPermission(permission):
+ """Return a seq of IPermissionGroup objects that contain the
+ specified permission, which must be an IPermission.
+ An empty seq is returned if there are no groups containing that
+ permission.
+ """
+
+ def getGroups():
+ """Return a seq of all IPermissionGroups, or an empty seq if there are
+ none"""
+
+ def getGroup(gid):
+ """Return the IPermissionGroup with the id gid. Raise NotFoundError
+ if no such group exists"""
+
+
=== Zope3/lib/python/Zope/App/Security/IPermissionService.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+from Interface import Interface
+
+class IPermissionService(Interface):
+
+ """
+ 'IPermissionService' objects are used to implement
+ permission-definition services. Because they implement services,
+ they are expected to collaborate with services in other
+ contexts. Client code doesn't search a context and call multiple
+ services. Instead, client code will call the most specific
+ service in a place and rely on the service to delegate to other
+ services as necessary.
+
+ The interface doesn't include methods for data
+ management. Services may use external data and not allow
+ management in Zope. Similarly, the data to be managed may vary
+ with different implementations of a service.
+ """
+
+ def getPermission(permission_id):
+ """Return an 'IPermission' object for the
+ given permission id. Return None if there is no permission defined"""
+
+ def getPermissions():
+ """Return a sequence of the permissions
+ (IPermission objects) defined in the place containing the
+ service."""
=== Zope3/lib/python/Zope/App/Security/IPrincipal.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+from Interface import Interface
+
+class IPrincipal(Interface):
+ """Provide information about principals.
+
+ It is likely that IPrincipal objects will have associated
+ views used to list principals in management
+ interfaces. For example, a system in which other meta-data are
+ provided for principals might extend IPrincipal and register a
+ view for the extended interface that displays the extended
+ information. We'll probably want to define a standard view
+ name (e.g. "inline_summary") for this purpose.
+ """
+
+ def getId():
+ """Return a unique id string for the principal.
+ """
+
+ def getTitle():
+ """Return a label for the principal
+
+ The label will be used in interfaces to allow users to make
+ security assertions (e.g. role or permission
+ assignments) about principals.
+ """
+ def getDescription():
+ """Return a description of the principal."""
=== Zope3/lib/python/Zope/App/Security/IPrincipalPermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Management interface for mappings between principals and permissions."""
+
+from Zope.App.Security.IPrincipalPermissionMap import IPrincipalPermissionMap
+
+
+class IPrincipalPermissionManager(IPrincipalPermissionMap):
+ """Management interface for mappings between principals and permissions."""
+
+ def grantPermissionToPrincipal(permission_id, principal_id):
+ """Assert that the permission is allowed for the principal.
+ """
+
+ def denyPermissionToPrincipal(permission_id, principal_id):
+ """Assert that the permission is denied to the principal.
+ """
+
+ def unsetPermissionForPrincipal(permission_id, principal_id):
+ """Remove the permission (either denied or allowed) from the
+ principal.
+ """
=== Zope3/lib/python/Zope/App/Security/IPrincipalPermissionMap.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Query interface for mappings between principals and permissions."""
+
+
+from Interface import Interface
+
+class IPrincipalPermissionMap(Interface):
+ """Mappings between principals and permissions."""
+
+ def getPrincipalsForPermission(permission_id):
+ """Return the list of (principal_id, setting) tuples that describe
+ security assertions for this permission.
+
+ If no principals have been set for this permission, then the empty
+ list is returned.
+ """
+
+ def getPermissionsForPrincipal(principal_id):
+ """Return the list of (permission, setting) tuples that describe
+ security assertions for this principal.
+
+ If no permissions have been set for this principal, then the empty
+ list is returned.
+ """
+
+ def getSetting(permission_id, principal_id):
+ """Get the setting (Allow/Deny/Unset) for a given permission and
+ principal.
+ """
+
+ def getPrincipalsAndPermissions():
+ """Get the principal security assertions here in the form
+ of a list of three tuple containing
+ (permission id, principal id, setting)
+ """
=== Zope3/lib/python/Zope/App/Security/IPrincipalRoleManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Management interface for mappings between principals and roles."""
+
+from Zope.App.Security.IPrincipalRoleMap import IPrincipalRoleMap
+
+
+class IPrincipalRoleManager(IPrincipalRoleMap):
+ """Management interface for mappings between principals and roles."""
+
+ def assignRoleToPrincipal(role_id, principal_id):
+ """Assign the role to the principal.
+ """
+
+ def removeRoleFromPrincipal(role_id, principal_id):
+ """ remove a role from the principal """
+
+ def unsetRoleForPrincipal(role_id, principal_id):
+ """ unset the role for the principal
+ """
=== Zope3/lib/python/Zope/App/Security/IPrincipalRoleMap.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Query interface for mappings between principals and roles."""
+
+
+from Interface import Interface
+
+class IPrincipalRoleMap(Interface):
+ """Mappings between principals and roles."""
+
+ def getPrincipalsForRole(role_id):
+ """Return the list of (principal, setting) who have been assigned or
+ removed from a role.
+
+ If no principals have been assigned this role,
+ then the empty list is returned.
+ """
+
+ def getRolesForPrincipal(principal_id):
+ """Return the list of (role, setting) assigned or removed from
+ this principal.
+
+ If no roles have been assigned to
+ this principal, then the empty list is returned.
+ """
+
+ def getSetting(role_id, principal_id):
+ """Return the setting for this principal, role combination
+ """
+
+ def getPrincipalsAndRoles():
+ """Return all the principal/role combinations along with the
+ setting for each combination.
+ """
+
=== Zope3/lib/python/Zope/App/Security/IRegisteredObject.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Things that can be registered in a Registry."""
+
+from Interface import Interface
+
+class IRegisteredObject(Interface):
+ def getId():
+ """Get the id of the registered object."""
+
+ def getTitle():
+ """Get the human readable title of the registered object.
+ Must be a string, but it may be empty.
+ """
+
+ def getDescription():
+ """Get the human readable description of the registered object.
+ Must be a string, but it may be empty.
+ """
=== Zope3/lib/python/Zope/App/Security/IRole.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+from Zope.App.Security.IRegisteredObject import IRegisteredObject
+
+class IRole(IRegisteredObject):
+ """A role object."""
=== Zope3/lib/python/Zope/App/Security/IRolePermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Management interface for mappings between roles and permissions."""
+
+from Zope.App.Security.IRolePermissionMap import IRolePermissionMap
+
+
+class IRolePermissionManager(IRolePermissionMap):
+ """Management interface for mappings between roles and permissions."""
+
+ def grantPermissionToRole(permission_id, role_id):
+ """Bind the permission to the role.
+ """
+
+ def denyPermissionToRole(permission_id, role_id):
+ """Deny the permission to the role
+ """
+
+ def unsetPermissionFromRole(permission_id, role_id):
+ """Clear the setting of the permission to the role.
+ """
=== Zope3/lib/python/Zope/App/Security/IRolePermissionMap.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Query interface for mappings between roles and permissions."""
+
+
+from Interface import Interface
+
+
+class IRolePermissionMap(Interface):
+ """Mappings between roles and permissions."""
+
+ def getPermissionsForRole(role_id):
+ """Return a sequence of (permission id, setting) tuples for the given
+ role.
+
+ If no permissions have been granted to this
+ role, then the empty list is returned.
+ """
+
+ def getRolesForPermission(permission_id):
+ """Return a sequence of (role id, setting) tuples for the given
+ permission.
+
+ If no roles have been granted this permission, then the empty list is
+ returned.
+ """
+
+ def getSetting(permission_id, role_id):
+ """Return the setting for the given permission id and role id
+
+ If there is no setting, Unset is returned
+ """
+
+ def getPrincipalsAndRoles():
+ """Return a sequence of (principal_id, role_id, setting) here.
+
+ If no principal/role assertions have been made here, then the empty
+ list is returned.
+ """
=== Zope3/lib/python/Zope/App/Security/IRoleService.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+from Interface import Interface
+
+class IRoleService(Interface):
+ """Define roles
+
+ 'IRoleService' objects are used to implement role-definition
+ services. Because they implement services, they are expected to
+ collaborate with services in other contexts. Client code doesn't
+ sarch a context and call multiple services. Instead, client code
+ will call the most specific service in a place and rely on the
+ service to delegate to other services as necessary.
+
+ The interface doesn't include methods for data
+ management. Services may use external data and not allow
+ management in Zope. Simularly, the data to be managed may vary
+ with different implementations of a service.
+ """
+
+ def getRole(rid):
+ """Return an 'IRole' object for the given role id."""
+
+
+ def getRoles():
+ """Return a sequence of the roles (IRole objects)
+ defined in the place containing the service."""
+
+
=== Zope3/lib/python/Zope/App/Security/LocalSecurityMap.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Generic three dimensional array type """
+
+
+class LocalSecurityMap(object):
+
+ def __init__(self):
+ self._clear()
+
+ def _clear(self):
+ self._byrow = {}
+ self._bycol = {}
+
+ def addCell(self, rowentry, colentry, value):
+ row = self._byrow.setdefault(rowentry, {})
+ row[colentry] = value
+
+ col = self._bycol.setdefault(colentry, {})
+ col[rowentry] = value
+
+ def delCell(self, rowentry, colentry):
+ row = self._byrow.get(rowentry)
+ if row and (colentry in row):
+ del self._byrow[rowentry][colentry]
+ del self._bycol[colentry][rowentry]
+
+ def getCell(self, rowentry, colentry, default=None):
+ " return the value of a cell by row, entry "
+ row = self._byrow.get(rowentry)
+ if row: return row.get(colentry, default)
+ else: return default
+
+ def getRow(self, rowentry):
+ " return a list of (colentry, value) tuples from a row "
+ row = self._byrow.get(rowentry)
+ if row:
+ return row.items()
+ else: return []
+
+ def getCol(self, colentry):
+ " return a list of (rowentry, value) tuples from a col "
+ col = self._bycol.get(colentry)
+ if col:
+ return col.items()
+ else: return []
+
+ def getAllCells(self):
+ " return a list of (rowentry, colentry, value) "
+ res = []
+ for r in self._byrow.keys():
+ for c in self._byrow[r].items():
+ res.append((r,) + c)
+ return res
=== Zope3/lib/python/Zope/App/Security/LoginPassword.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+from ILoginPassword import ILoginPassword
+
+class LoginPassword:
+
+ __implements__ = ILoginPassword
+
+ def __init__(self, login, password):
+ self.__login = login
+ if login is None:
+ self.__password = None
+ else:
+ self.__password = password or ""
+
+ def getLogin(self):
+ return self.__login
+
+ def getPassword(self):
+ return self.__password
+
+ def needLogin(self, realm):
+ pass
=== Zope3/lib/python/Zope/App/Security/PermissionRegistry.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Global permission registry."""
+
+PREFIX = 'Global Permission'
+SUFFIX = 'Zope.Public'
+DESCRIP = 'Anybody can do this'
+
+from Zope.App.Security.RegisteredObject import RegisteredObject
+from Zope.App.Security.Registry import Registry
+from IPermission import IPermission
+from IPermissionService import IPermissionService
+
+
+class Permission(RegisteredObject):
+ __implements__ = IPermission
+
+
+class PermissionRegistry(Registry):
+ __implements__ = IPermissionService
+
+ def __init__(self, prefix=PREFIX):
+ Registry.__init__(self, Permission)
+ self._prefix = prefix
+
+ def definePermission(self, permission, title, description=''):
+ """Define a new permission object, register, and return it.
+
+ permission is the permission name, must be globally unique
+
+ title is the permission title, human readable.
+
+ description (optional) is human readable
+ """
+ if permission.startswith('.'):
+ raise ValueError("permissions must not start with a '.'")
+ return self.register(permission, title, description)
+
+ def definedPermission(self, permission_id):
+ """Return true if named permission is registered, otherwise return
+ false
+ """
+ return self.is_registered(permission_id)
+
+ def getPermission(self, permission_id):
+ """Return permission object registered as permission_id.
+
+ If no named permission is registered KeyError is raised.
+
+ """
+ return self.getRegisteredObject(permission_id)
+
+ def getPermissions(self):
+ """Return all registered permission objects.
+ """
+ return self.getRegisteredObjects()
+
+ def _clear(self):
+ Registry._clear(self)
+ self.definePermission(
+ 'Zope.Public', 'Public',
+ """Special permission used for resources that are always public
+
+ The public permission is effectively an optimization, sine
+ it allows security computation to be bypassed.
+ """
+ )
+
+permissionRegistry = PermissionRegistry()
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(permissionRegistry._clear)
+del addCleanUp
=== Zope3/lib/python/Zope/App/Security/PrincipalPermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Mappings between principals and permissions."""
+
+from Zope.App.Security.IPrincipalPermissionManager \
+ import IPrincipalPermissionManager
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny, Unset
+
+
+class PrincipalPermissionManager(LocalSecurityMap):
+ """Mappings between principals and permissions."""
+
+ __implements__ = IPrincipalPermissionManager
+
+ def grantPermissionToPrincipal( self, permission_id, principal_id ):
+ ''' See the interface IPrincipalPermissionManager '''
+ self.addCell( permission_id, principal_id, Allow )
+
+ def denyPermissionToPrincipal( self, permission_id, principal_id ):
+ ''' See the interface IPrincipalPermissionManager '''
+ self.addCell( permission_id, principal_id, Deny )
+
+ def unsetPermissionForPrincipal( self, permission_id, principal_id ):
+ ''' See the interface IPrincipalPermissionManager '''
+ self.delCell( permission_id, principal_id )
+
+ def getPrincipalsForPermission( self, permission_id ):
+ ''' See the interface IPrincipalPermissionManager '''
+ return self.getRow( permission_id )
+
+ def getPermissionsForPrincipal( self, principal_id ):
+ ''' See the interface IPrincipalPermissionManager '''
+ return self.getCol( principal_id )
+
+ def getSetting( self, permission_id, principal_id ):
+ ''' See the interface IPrincipalPermissionManager '''
+ return self.getCell( permission_id, principal_id, default=Unset )
+
+ def getPrincipalsAndPermissions( self ):
+ ''' See the interface IPrincipalPermissionManager '''
+ return self.getAllCells()
+
+
+# Permissions are our rows, and principals are our columns
+principalPermissionManager = PrincipalPermissionManager()
+
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(principalPermissionManager._clear)
+del addCleanUp
=== Zope3/lib/python/Zope/App/Security/PrincipalPermissionView.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+import time
+
+from Zope.App.PageTemplate import ViewPageTemplateFile
+from Zope.Publisher.Browser.BrowserView import BrowserView
+from Zope.ComponentArchitecture.ContextDependent import ContextDependent
+from Zope.ComponentArchitecture import getService, getAdapter
+from IPrincipalPermissionMap import IPrincipalPermissionMap
+from IPrincipalPermissionManager import IPrincipalPermissionManager
+from Settings import Allow, Deny, Unset
+
+class PrincipalPermissionView(BrowserView):
+
+ index = ViewPageTemplateFile('pt/principal_permission_edit.pt')
+
+ def get_permission_service(self):
+ return getService(self.context, 'PermissionService')
+
+ def get_principal(self, principal_id):
+ return getService(self.context,
+ 'AuthenticationService'
+ ).getPrincipal(principal_id)
+
+ def unsetPermissions(self, principal_id, permission_ids, REQUEST=None):
+ """Form action unsetting a principals permissions"""
+ permission_service = self.get_permission_service()
+ principal = self.get_principal(principal_id)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+ for perm_id in permission_ids:
+ permission = permission_service.getPermission(perm_id)
+ ppm.unsetPermissionForPrincipal(permission , principal)
+
+ if REQUEST is not None:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time()))
+
+ def grantPermissions(self, principal_id, permission_ids, REQUEST=None):
+ """Form action granting a list of permissions to a principal"""
+ permission_service = self.get_permission_service()
+ principal = self.get_principal(principal_id)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+ for perm_id in permission_ids:
+ permission = permission_service.getPermission(perm_id)
+ ppm.grantPermissionToPrincipal(permission , principal)
+ if REQUEST is not None:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time()))
+
+ def denyPermissions(self, principal_id, permission_ids, REQUEST=None):
+ """Form action denying a list of permissions for a principal"""
+ permission_service = self.get_permission_service()
+ principal = self.get_principal(principal_id)
+ ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+ for perm_id in permission_ids:
+ permission = permission_service.getPermission(perm_id)
+ ppm.denyPermissionToPrincipal(permission , principal)
+ if REQUEST is not None:
+ return self.index(message="Settings changed at %s"
+ % time.ctime(time.time()))
+
+ # Methods only called from the zpt view
+ def getUnsetPermissionsForPrincipal(self, principal_id):
+ """Returns all unset permissions for this principal"""
+
+ ppmap = getAdapter(self.context, IPrincipalPermissionMap)
+ principal = self.get_principal(principal_id)
+ perm_serv = getService(self.context, 'PermissionService')
+ result = []
+ for perm in perm_serv.getPermissions():
+ if ppmap.getSetting(perm, principal) == Unset:
+ result.append(perm)
+
+ return result
+
+ def getPermissionsForPrincipal(self, principal_id, setting_name):
+ """Return a list of permissions with the given setting_name
+ string for the principal.
+
+ Return empty list if there are no permissions.
+ """
+
+ ppmap = getAdapter(self.context, IPrincipalPermissionMap)
+ principal = self.get_principal(principal_id)
+
+ permission_settings = ppmap.getPermissionsForPrincipal(principal)
+ setting_map = {'Deny': Deny, 'Allow':Allow}
+ asked_setting = setting_map[setting_name]
+
+ result = []
+ for permission, setting in permission_settings:
+ if asked_setting == setting:
+ result.append(permission)
+
+ return result
=== Zope3/lib/python/Zope/App/Security/PrincipalRegistry.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+from IAuthenticationService import IAuthenticationService
+from IPrincipal import IPrincipal
+from Zope.Exceptions import NotFoundError
+from ILoginPassword import ILoginPassword
+from Zope.ComponentArchitecture import getAdapter, queryAdapter
+
+class DuplicateLogin(Exception): pass
+class DuplicateId(Exception): pass
+
+# XXX why isn't this subclassing 'Registry' ? ? ?
+class PrincipalRegistry:
+
+ __implements__ = IAuthenticationService
+
+ # Methods implementing IAuthenticationService
+
+ def authenticate(self, request):
+ a = queryAdapter(request, ILoginPassword, None)
+ if a is not None:
+ login = a.getLogin()
+ if login is not None:
+ p = self.__principalsByLogin.get(login, None)
+ if p is not None:
+ password = a.getPassword()
+ if p.validate(password):
+ return p.getId()
+ return None
+
+ __defaultid = None
+ __defaultObject = None
+
+ def defineDefaultPrincipal(self, principal, title, description=''):
+ id = principal
+ if id in self.__principalsById:
+ raise DuplicateId(id)
+ self.__defaultid = id
+ p = Principal(principal, title, description, '', '')
+ self.__defaultObject = p
+ return p
+
+ def defaultPrincipal(self):
+ return self.__defaultid
+
+ def unauthorized(self, id, request):
+ # XXX This is a mess. request has no place here!
+ if id is None or id is self.__defaultid:
+ a = getAdapter(request, ILoginPassword)
+ a.needLogin(realm="zope")
+
+ def getPrincipal(self, id):
+ r = self.__principalsById.get(id)
+ if r is None:
+ if id == self.__defaultid:
+ return self.__defaultObject
+ raise NotFoundError(id)
+ return r
+
+ def getPrincipalByLogin(self, login):
+ r = self.__principalsByLogin.get(login)
+ if r is None: raise NotFoundError(login)
+ return r
+
+ def getPrincipals(self, name):
+ name = name.lower()
+ return [p for p in self.__principalsById.itervalues()
+ if p.getTitle().lower().startswith(name) or
+ p.getLogin().lower().startswith(name)]
+
+ # Management methods
+
+ def __init__(self):
+ self.__principalsById={}
+ self.__principalsByLogin = {}
+
+ def definePrincipal(self, principal, title, description='',
+ login='', password=''):
+ id=principal
+ if login in self.__principalsByLogin:
+ raise DuplicateLogin(login)
+
+ if id in self.__principalsById or id == self.__defaultid:
+ raise DuplicateId(id)
+
+ p = Principal(id, title, description, login, password)
+
+ self.__principalsByLogin[login]=p
+ self.__principalsById[id]=p
+
+ return p
+
+ def _clear(self):
+ self.__init__()
+
+principalRegistry=PrincipalRegistry()
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(principalRegistry._clear)
+del addCleanUp
+
+class Principal:
+
+ __implements__ = IPrincipal
+
+ def __init__(self, id, title, description, login, pw):
+ self.__id = id
+ self.__title = title
+ self.__description = description
+ self.__login = login
+ self.__pw = pw
+
+ def getId(self):
+ return self.__id
+
+ def getTitle(self):
+ return self.__title
+
+ def getDescription(self):
+ return self.__description
+
+ def getLogin(self):
+ return self.__login
+
+ def validate(self, pw):
+ return pw == self.__pw
=== Zope3/lib/python/Zope/App/Security/PrincipalRoleManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Mappings between principals and roles."""
+
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Assign, Remove, Unset
+from Zope.App.Security.IPrincipalRoleManager import IPrincipalRoleManager
+from Zope.App.Security.IPrincipalRoleMap import IPrincipalRoleMap
+
+
+
+class PrincipalRoleManager(LocalSecurityMap):
+ """Mappings between principals and roles."""
+
+ __implements__ = ( IPrincipalRoleManager, IPrincipalRoleMap )
+
+ def assignRoleToPrincipal( self, role_id, principal_id ):
+ ''' See the interface IPrincipalRoleManager '''
+ self.addCell( role_id, principal_id, Assign )
+
+ def removeRoleFromPrincipal( self, role_id, principal_id ):
+ ''' See the interface IPrincipalRoleManager '''
+ self.addCell( role_id, principal_id, Remove )
+
+ def unsetRoleForPrincipal( self, role_id, principal_id ):
+ ''' See the interface IPrincipalRoleManager '''
+ self.delCell( role_id, principal_id )
+
+ def getPrincipalsForRole( self, role_id ):
+ ''' See the interface IPrincipalRoleMap '''
+ return self.getRow( role_id )
+
+ def getRolesForPrincipal( self, principal_id ):
+ ''' See the interface IPrincipalRoleMap '''
+ return self.getCol( principal_id )
+
+ def getSetting( self, role_id, principal_id ):
+ ''' See the interface IPrincipalRoleMap '''
+ return self.getCell( role_id, principal_id, default=Unset )
+
+ def getPrincipalsAndRoles( self ):
+ ''' See the interface IPrincipalRoleMap '''
+ return self.getAllCells()
+
+# Roles are our rows, and principals are our columns
+principalRoleManager = PrincipalRoleManager()
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(principalRoleManager._clear)
+del addCleanUp
=== Zope3/lib/python/Zope/App/Security/PrincipalRoleView.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Management view component for principal-role management (Zope2's
+ "local roles").
+
+$Id$
+"""
+
+import time
+from Zope.App.PageTemplate import ViewPageTemplateFile
+from Zope.Publisher.Browser.BrowserView import BrowserView
+from Zope.ComponentArchitecture.ContextDependent import ContextDependent
+from Zope.ComponentArchitecture import getService, getAdapter
+
+from Zope.App.Security.IPrincipalRoleManager import IPrincipalRoleManager
+from Zope.App.Security.IPrincipalRoleMap import IPrincipalRoleMap
+
+from Zope.App.Security.IPermission import IPermission
+from Zope.App.Security.IRole import IRole
+
+class PrincipalRoleView(BrowserView):
+
+ index = ViewPageTemplateFile('pt/principal_role_association.pt')
+
+ def getAllPrincipals(self):
+
+ principals = getattr(self, '_principals', None)
+
+ if principals is None:
+ principals = self._principals = getService(
+ self.context, 'AuthenticationService'
+ ).getPrincipals()
+
+ return principals
+
+ def getAllRoles(self):
+
+ roles = getattr(self, '_roles', None)
+
+ if roles is None:
+ roles = self._roles = getService(self.context, 'RoleService'
+ ).getRoles()
+
+ return roles
+
+ def createGrid( self, principals=None, roles=None ):
+
+ if not principals:
+ principals = self.getAllPrincipals()
+
+ if not roles:
+ roles = self.getAllRoles()
+
+ return PrincipalRoleGrid( principals, roles, self.context )
+
+ def action(self, principals, roles, mapping, testing=None):
+
+ for row in mapping:
+ pid = row.permission_id
+ roles = row.role_ids
+
+ if not testing:
+ return self.index(
+ message="Settings changed at %s" % time.ctime(time.time())
+ )
+
+
+class PrincipalRoleGrid:
+
+ def __init__( self, principals, roles, context ):
+
+ self._principals = principals
+ self._roles = roles
+ self._grid = {}
+
+ map = getAdapter( context, IPrincipalRoleMap )
+
+ for role in roles:
+ for principal in principals:
+ setting = map.getSetting( role, principal )
+ self._grid[ ( role, principal ) ] = setting
+
+ def principals( self ):
+ return self._principals
+
+ def roles( self ):
+ return self._roles
+
+ def getValue( self, role, principal ):
+ return self._grid[ ( role, principal ) ]
+
+ def listAvailableValues( self ):
+ return ( 'Unset', 'Assigned', 'Removed' )
+
=== Zope3/lib/python/Zope/App/Security/RegisteredObject.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""An implementation of things that can be registered in a Registry."""
+
+from Zope.App.Security.IRegisteredObject import IRegisteredObject
+
+class RegisteredObject(object):
+ __implements__ = IRegisteredObject
+
+ def __init__(self, id, title, description):
+ self._id = id
+ self._title = title
+ self._description = description
+
+ def getId(self):
+ return self._id
+
+ def getTitle(self):
+ return self._title
+
+ def getDescription(self):
+ return self._description
=== Zope3/lib/python/Zope/App/Security/Registry.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Generic registry of ids to objects."""
+
+from Interface.Verify import verifyClass
+from Zope.App.Security.IRegisteredObject import IRegisteredObject
+from Zope.Exceptions import ZopeError
+
+
+class AlreadyRegisteredError(ZopeError, ValueError):
+ """An attempt was made to register an object with an already registered id.
+ """
+
+
+class Registry:
+ def __init__(self, class_):
+ """Instantiate a generic registry.
+
+ class_ is the class of the thing that we're going to instantiate.
+ """
+ assert verifyClass(IRegisteredObject, class_)
+ self._class = class_
+ self._clear()
+
+ def register(self, id, title='', description=''):
+ """Create a registered object with the given id, title, and description
+
+ Register and return the object. The empty string will be used if
+ either the optional title or description is omitted. The id must be
+ unique.
+
+ If the id is already registered, an AlreadyRegisteredError is raised.
+ """
+ if id in self._byid:
+ raise AlreadyRegisteredError('Id is not unique: %s' % id)
+ obj = self._class(id, title, description)
+ self._byid[id] = obj
+ return obj
+
+ def is_registered(self, id):
+ """Return true if an object is registered with the given id.
+ Otherwise false is returned.
+ """
+ return id in self._byid
+
+ def getRegisteredObject(self, id):
+ """Return the object registered under the given id.
+ """
+ return self._byid.get(id)
+
+ def getRegisteredObjects(self):
+ """Return all registered objects.
+ """
+ return self._byid.values()
+
+ def _clear(self):
+ # Map ids to instantiated objects
+ self._byid = {}
=== Zope3/lib/python/Zope/App/Security/RolePermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Mappings between roles and permissions."""
+
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+
+
+class RolePermissionManager(LocalSecurityMap):
+ """Mappings between roles and permissions."""
+
+ __implements__ = IRolePermissionManager
+
+ # Implementation methods for interface
+ # Zope.App.Security.IRolePermissionManager
+
+ def grantPermissionToRole( self, permission_id, role_id ):
+ '''See interface IRolePermissionMap'''
+ self.addCell( permission_id, role_id, Allow )
+
+ def denyPermissionToRole( self, permission_id, role_id ):
+ '''See interface IRolePermissionMap'''
+ self.addCell( permission_id, role_id, Deny )
+
+ def unsetPermissionFromRole( self, permission_id, role_id ):
+ '''See interface IRolePermissionMap'''
+ self.delCell( permission_id, role_id )
+
+ def getRolesForPermission( self, permission_id ):
+ '''See interface IRolePermissionMap'''
+ return self.getRow( permission_id )
+
+ def getPermissionsForRole( self, role_id ):
+ '''See interface IRolePermissionMap'''
+ return self.getCol( role_id )
+
+ def getSetting( self, permission_id, role_id ):
+ '''See interface IRolePermissionMap'''
+ return self.getCell( permission_id, role_id )
+
+ def getRolesAndPermissions( self ):
+ '''See interface IRolePermissionMap'''
+ return self.getAllCells()
+
+# Permissions are our rows, and roles are our columns
+rolePermissionManager = RolePermissionManager()
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(rolePermissionManager._clear)
+del addCleanUp
=== Zope3/lib/python/Zope/App/Security/RolePermissionView.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+import os, time
+from Zope.App.PageTemplate import ViewPageTemplateFile
+from Zope.Publisher.Browser.BrowserView import BrowserView
+from Zope.ComponentArchitecture.ContextDependent import ContextDependent
+from Zope.ComponentArchitecture import getService, getAdapter
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+from Zope.App.Security.IPermission import IPermission
+from Zope.App.Security.IRole import IRole
+from Zope.App.Security.Settings import Allow, Assign
+
+class RolePermissionView(BrowserView):
+
+ index = ViewPageTemplateFile('pt/manage_access.pt')
+ manage_permissionForm = ViewPageTemplateFile('pt/manage_permissionForm.pt')
+ manage_roleForm = ViewPageTemplateFile('pt/manage_roleForm.pt')
+
+ def roles(self):
+ roles = getattr(self, '_roles', None)
+ if roles is None:
+ roles = self._roles = getService(
+ self.context, 'RoleService'
+ ).getRoles()
+ return roles
+
+ def permissions(self):
+ permissions = getattr(self, '_permissions', None)
+ if permissions is None:
+ permissions = self._permissions = getService(
+ self.context, 'PermissionService'
+ ).getPermissions()
+ return permissions
+
+
+ def permissionRoles(self):
+ context = self.context
+ roles = self.roles()
+ return [PermissionRoles(permission, context, roles)
+ for permission in self.permissions()]
+
+ def permissionForID(self, pid):
+ context = self.context
+ roles = self.roles()
+ perm = getService(context, 'PermissionService'
+ ).getPermission(pid)
+ return PermissionRoles(perm, context, roles)
+
+ def roleForID(self, rid):
+ context = self.context
+ permissions = self.permissions()
+ role = getService(context, 'RoleService'
+ ).getRole(rid)
+ return RolePermissions(role, context, permissions)
+
+
+ def action(self, REQUEST, testing=None):
+ roles = [r.getId() for r in self.roles()]
+ permissions = [p.getId() for p in self.permissions()]
+ prm = getAdapter(self.context, IRolePermissionManager)
+ for ip in range(len(permissions)):
+ rperm = REQUEST.get("p%s" % ip)
+ if rperm not in permissions: continue
+ for ir in range(len(roles)):
+ rrole = REQUEST.get("r%s" % ir)
+ if rrole not in roles: continue
+ if ("p%sr%s" % (ip, ir)) in REQUEST:
+ prm.grantPermissionToRole(rperm, rrole)
+ else:
+ prm.unsetPermissionFromRole(rperm, rrole)
+
+ if not testing:
+ return self.index( REQUEST,
+ message="Settings changed at %s" % time.ctime(time.time())
+ )
+
+ def update_permission(self, REQUEST, permission_id,
+ roles=(), testing=None):
+ prm = getAdapter(self.context, IRolePermissionManager)
+
+ for ir in [r.getId() for r in self.roles()]:
+ if ir in roles:
+ prm.grantPermissionToRole(permission_id, ir)
+ else:
+ prm.unsetPermissionFromRole(permission_id, ir)
+ if not testing:
+ return self.index(REQUEST,
+ message="Settings changed at %s"
+ % time.ctime(time.time())
+ )
+
+ def update_role(self, REQUEST, role_id,
+ permissions=(), testing=None):
+ prm = getAdapter(self.context, IRolePermissionManager)
+
+ for ip in [p.getId() for p in self.permissions()]:
+ if ip in permissions:
+ prm.grantPermissionToRole(ip, role_id)
+ else:
+ prm.unsetPermissionFromRole(ip, role_id)
+ if not testing:
+ return self.index(REQUEST,
+ message="Settings changed at %s"
+ % time.ctime(time.time())
+ )
+
+class PermissionRoles:
+
+ __implements__ = IPermission
+
+ def __init__(self, permission, context, roles):
+ self._permission = permission
+ self._context = context
+ self._roles = roles
+
+ def getId(self):
+ return self._permission.getId()
+
+ def getTitle(self):
+ return self._permission.getTitle()
+
+ def getDescription(self):
+ return self._permission.getDescription()
+
+ def roles(self):
+ prm = getAdapter(self._context, IRolePermissionManager)
+ proles = prm.getRolesForPermission(self._permission.getId())
+ proles = [role for role,setting in proles if setting==Allow]
+ return [((role.getId() in proles) and '1' or None)
+ for role in self._roles]
+
+ def rolesInfo(self):
+ prm = getAdapter(self._context, IRolePermissionManager)
+ proles = prm.getRolesForPermission(self._permission.getId())
+ proles = [role for role,setting in proles if setting==Allow]
+ return [{'id': role.getId(),
+ 'title': role.getTitle(),
+ 'checked': ((role.getId() in proles) and '1' or None)}
+ for role in self._roles]
+
+class RolePermissions:
+
+ __implements__ = IRole
+
+ def __init__(self, role, context, permissions):
+ self._role = role
+ self._context = context
+ self._permissions = permissions
+
+ def getId(self):
+ return self._role.getId()
+
+ def getTitle(self):
+ return self._role.getTitle()
+
+ def getDescription(self):
+ return self._role.getDescription()
+
+ def permissionsInfo(self):
+ prm = getAdapter(self._context, IRolePermissionManager)
+ rperms = prm.getPermissionsForRole(self._role.getId())
+ rperms = [permission
+ for permission,setting in rperms
+ if setting==Allow]
+ return [{'id': permission.getId(),
+ 'title': permission.getTitle(),
+ 'checked': ((permission.getId() in rperms) and '1' or None)}
+ for permission in self._permissions]
+
+
=== Zope3/lib/python/Zope/App/Security/RoleRegistry.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Global role registry."""
+
+PREFIX = 'Global Role'
+
+from Zope.App.Security.RegisteredObject import RegisteredObject
+from Zope.App.Security.Registry import Registry
+from IRole import IRole
+from IRoleService import IRoleService
+
+class Role(RegisteredObject):
+ __implements__ = IRole
+
+
+class RoleRegistry(Registry):
+ __implements__ = IRoleService
+
+ def __init__(self, prefix=PREFIX):
+ Registry.__init__(self, Role)
+ self._prefix = prefix
+
+ def _make_global_id(self, suffix):
+ return self._prefix + '.' + suffix
+
+ def defineRole(self, role, title, description=None):
+ """Define a new role object, register, and return it.
+
+ role is the role name.
+
+ title is the role title, human readable.
+
+ description (optional) is human readable
+ """
+ if description is None:
+ description = ''
+ id = role
+ return self.register(id, title, description)
+
+ def definedRole(self, id):
+ """Return true if named role is registered, otherwise return false
+ """
+ return self.is_registered(id)
+
+ def getRole(self, id):
+ """Return role object registered as name.
+
+ If no named role is registered KeyError is raised.
+ """
+ return self.getRegisteredObject(id)
+
+ def getRoles(self):
+ """Return all registered role objects.
+ """
+ return self.getRegisteredObjects()
+
+ def _clear(self):
+ # Standard roles
+ Registry._clear(self)
+ self.register("Anonymous", "Everybody",
+ "All users have this role implicitly")
+
+roleRegistry = RoleRegistry()
+
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(roleRegistry._clear)
+del addCleanUp
=== Zope3/lib/python/Zope/App/Security/SecurityMap.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Generic symmetric one-to-many id map."""
+
+
+class SecurityMap:
+ def __init__(self):
+ self._clear()
+
+ def delCell(self, rowentry, colentry):
+ row = self._byrow.get(rowentry, ())
+ if colentry in row:
+ row.remove(colentry)
+
+ col = self._bycol.get(colentry, ())
+ if rowentry in col:
+ col.remove(rowentry)
+
+ def addCell(self, rowentry, colentry):
+ """Add a cell to the table."""
+ row = self._byrow.get(rowentry)
+ if row is None:
+ self._byrow[rowentry] = [colentry]
+ else:
+ if colentry not in row:
+ row.append(colentry)
+
+ col = self._bycol.get(colentry)
+ if col is None:
+ self._bycol[colentry] = [rowentry]
+ else:
+ if rowentry not in col:
+ col.append(rowentry)
+
+ def getColumnsForRow(self, rowentry):
+ """Return a list of column entries for a given row entry.
+
+ If the row entry is not in the table, return an empty list.
+ """
+ return self._byrow.get(rowentry, [])
+
+ def getRowsForColumn(self, colentry):
+ """Return a list of row entries for a given column entry.
+
+ If the column entry is not in the table, return an empty list.
+ """
+ return self._bycol.get(colentry, [])
+
+ def _clear(self):
+ self._byrow = {}
+ self._bycol = {}
=== Zope3/lib/python/Zope/App/Security/Settings.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Security setting constants """
+
+
+class PermissionSetting(object):
+ """PermissionSettings should be considered as immutable.
+ They can be compared by identity. They are identified by
+ their name.
+ """
+
+ def __new__(cls, name, description=None):
+ """Keep a dict of PermissionSetting instances, indexed by
+ name. If the name already exists in the dict, return that
+ instance rather than creating a new one.
+ """
+ instances = cls.__dict__.get('__instances__')
+ if instances is None:
+ cls.__instances__ = instances = {}
+ it = instances.get(name)
+ if it is None:
+ instances[name] = it = object.__new__(cls)
+ it._init(name, description)
+ return it
+
+ def _init(self, name, description):
+ self.__name = name
+ self.__description = description
+
+ def getDescription(self):
+ return self.__description
+
+ def getName(self):
+ return self.__name
+
+ def __str__(self):
+ return "PermissionSetting: %s" % self.__name
+
+# register PermissionSettings to be symbolic constants by identity,
+# even when pickled and unpickled.
+import copy_reg
+copy_reg.constructor(PermissionSetting)
+copy_reg.pickle(PermissionSetting,
+ PermissionSetting.getName,
+ PermissionSetting)
+
+
+
+Allow = PermissionSetting('Allow',
+ 'Explicit allow setting for permissions')
+
+Deny = PermissionSetting('Deny',
+ 'Explicit deny setting for permissions')
+
+Unset = PermissionSetting('Unset',
+ 'Unset constant that denotes no setting for permission and role')
+
+Assign = PermissionSetting('Assign',
+ 'Explicit assign setting for roles')
+
+Remove = PermissionSetting('Remove',
+ 'Explicit remove setting for roles')
=== Zope3/lib/python/Zope/App/Security/Zope3RoleManagement.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+from IRoleManagement import IRoleManagement
+from IZope3RoleManageable import IZope3RoleManageable
+from IZope3RoleManageable import SPECIAL_ATTRIBUTE_NAME
+
+class _PermissionRoleBindings:
+ def __init__( self ):
+ self._permissions = {}
+ self._roles = {}
+
+class Zope3RoleManagement:
+ """
+ Implement IRoleManagement for new-style objects.
+ """
+
+ __implements__ = (IRoleManagement, )
+
+ def __init__(self, context):
+ self.context = context
+
+
+ def _getContextBindings( self ):
+ """
+ Find or create the permission-role bindings for our context.
+ """
+ bindings = getattr( self.context, SPECIAL_ATTRIBUTE_NAME, None )
+
+ if bindings is None:
+ bindings = _PermissionRoleBindings()
+ setattr( self.context, SPECIAL_ATTRIBUTE_NAME, bindings )
+
+ return bindings
+
+ #
+ # IRoleManagement implementation
+ #
+ def listAvailableRoles( self ):
+ """
+ What roles are available at our context?
+ """
+ roles = self._getContextBindings()._roles
+ return tuple( roles.keys() )
+
+ def addRole( self, role_name ):
+ """
+ Create a new, empty role.
+ """
+ roles = self._getContextBindings()._roles
+
+ if role_name in roles:
+ raise KeyError, 'Role %s already defined.' % role_name
+
+ roles[ role_name ] = ()
+
+ def removeRole( self, role_name ):
+ """
+ Remove a role, and any associated permission bindings.
+ """
+ roles = self._getContextBindings()._roles
+
+ if not (role_name in roles):
+ raise KeyError, 'Role %s not defined.' % role_name
+
+ self.clearPermissionsOfRole( role_name )
+ del roles[ role_name ]
+
+ def listPermissionsOfRole( self, role_name ):
+ """
+ What permissions does the 'role_name' have?
+ """
+
+ def clearPermissionsOfRole( self, role_name ):
+ """
+ Remove all permissions from 'role_name'.
+ """
+
+ def addPermissionToRole( self, role_name, permission ):
+ """
+ Add 'permission' to 'role_name'.
+ """
+
+ def listRolesWithPermission( self, permission ):
+ """
+ Which roles have 'permission' in our context?
+ """
=== Zope3/lib/python/Zope/App/Security/ZopeSecurityPolicy.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Define Zope\'s default security policy
+
+$Id$
+"""
+__version__='$Revision$'[11:-2]
+
+from Zope.ComponentArchitecture import queryAdapter
+from Zope.Proxy.ContextWrapper import ContainmentIterator
+from Zope.Exceptions import Unauthorized, Forbidden
+from Zope.Security.ISecurityPolicy import ISecurityPolicy
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+from Zope.App.Security.IPrincipalPermissionManager \
+ import IPrincipalPermissionManager
+from Zope.App.Security.IPrincipalRoleManager \
+ import IPrincipalRoleManager
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+from Zope.App.Security.PermissionRegistry import permissionRegistry
+from Zope.App.Security.PrincipalRegistry import principalRegistry
+from Zope.App.Security.RoleRegistry import roleRegistry
+from Zope.App.Security.PrincipalPermissionManager \
+ import principalPermissionManager
+from Zope.App.Security.RolePermissionManager import rolePermissionManager
+from Zope.App.Security.PrincipalRoleManager import principalRoleManager
+from Zope.App.Security.Settings import Allow, Deny, Assign, Remove, Unset
+
+from types import StringType, StringTypes, TupleType, ListType, IntType, MethodType, NoneType
+
+getPermissionsForPrincipal = \
+ principalPermissionManager.getPermissionsForPrincipal
+getPermissionsForRole = rolePermissionManager.getPermissionsForRole
+getRolesForPrincipal = principalRoleManager.getRolesForPrincipal
+
+globalContext=object()
+
+class ZopeSecurityPolicy:
+
+ __implements__ = ISecurityPolicy
+
+ def __init__(self, ownerous=1, authenticated=1):
+ """
+ Two optional keyword arguments may be provided:
+
+ ownerous -- Untrusted users can create code
+ (e.g. Python scripts or templates),
+ so check that code owners can access resources.
+ The argument must have a truth value.
+ The default is true.
+
+ authenticated -- Allow access to resources based on the
+ privaledges of the authenticated user.
+ The argument must have a truth value.
+ The default is true.
+
+ This (somewhat experimental) option can be set
+ to false on sites that allow only public
+ (unauthenticated) access. An anticipated
+ scenario is a ZEO configuration in which some
+ clients allow only public access and other
+ clients allow full management.
+ """
+
+ self._ownerous=ownerous
+ self._authenticated=authenticated
+
+ def checkPermission(self, permission, object, context):
+ # XXX We aren't really handling multiple principals yet
+
+ principals = { context.user : 1 }
+ assigned_roles = {}
+ roles = {}
+ seen_allow = 0
+
+ # Check the placeful principal permissions and aggregate the
+ # Roles in this context
+ for c in ContainmentIterator(object):
+ ppm = queryAdapter(c, IPrincipalPermissionManager, None, globalContext)
+ if ppm is not None:
+ for principal in principals.keys():
+ setting = ppm.getSetting(permission, principal)
+ if setting is Deny:
+ return 0 # Explicit deny on principal
+ elif setting is Allow:
+ return 1 # Explicit allow on principal
+
+ prm = queryAdapter(c, IPrincipalRoleManager, None, globalContext)
+ if prm is not None:
+ for principal in principals.keys():
+ for role, setting in prm.getRolesForPrincipal(principal):
+ if not (role in roles):
+ roles[role] = 1
+ if setting is Assign:
+ assigned_roles[role] = 1
+
+ # now check the global principal permissions
+ getSetting = principalPermissionManager.getSetting
+ for principal in principals.keys():
+ setting = getSetting(permission, principal)
+ if setting is Allow:
+ return 1 # Explicit allow on global principal
+ elif setting is Deny:
+ return 0 # Explicit deny on global principal
+
+ # aggregate global roles
+ global_roles = principalRoleManager.getRolesForPrincipal(principal)
+ for principal in principals.keys():
+ for role, setting in global_roles:
+ if not (role in roles):
+ roles[role] = 1
+ if setting is Assign:
+ assigned_roles[role] = 1
+
+ # Check the placeful role permissions, checking anonymous first
+ for c in ContainmentIterator(object):
+ rpm = queryAdapter(c, IRolePermissionManager, None, globalContext)
+ if rpm is not None:
+ for role in ['Anonymous'] + assigned_roles.keys():
+ setting = rpm.getSetting(permission, role)
+ if setting is Allow:
+ seen_allow = 1 # Flag allow, but continue processing
+ elif setting is Deny:
+ return 0 # Deny on placeful role permission
+ if seen_allow:
+ return 1 # Allow on placeful role permission
+
+ # Last, check if there are any global role settings
+ getSetting = rolePermissionManager.getSetting
+ for principal in principals.keys():
+ for role, role_setting in [('Anonymous', Assign)] + global_roles:
+ if role_setting is Assign:
+ setting = getSetting(permission, role)
+ if setting == Allow:
+ seen_allow = 1 # Flag allow and continue
+ elif setting == Deny:
+ return 0 # Deny on global role
+ if seen_allow:
+ return 1 # Allow on global role
+
+ return 0 # Deny by default
+
+zopeSecurityPolicy=ZopeSecurityPolicy()
+
=== Zope3/lib/python/Zope/App/Security/__init__.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Zope Security Architecture """
+
+# Register some standard types
+import _protections
+_protections.protect()
+del _protections
=== Zope3/lib/python/Zope/App/Security/_protections.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+"""Register protection information for some standard low-level types
+
+Revision information:
+$Id$
+"""
+
+def protect():
+ from Zope.Security.Checker import \
+ defineChecker, getCheckerForInstancesOf, NamesChecker
+ import Persistence.BTrees
+
+
+ def _protect(which):
+ __import__('Persistence.BTrees.%sBTree' % which)
+ module = getattr(Persistence.BTrees, "%sBTree" % which)
+
+ defineChecker(getattr(module, '%sBTree' % which),
+ getCheckerForInstancesOf(dict))
+ defineChecker(getattr(module, '%sBucket' % which),
+ getCheckerForInstancesOf(dict))
+ defineChecker(getattr(module, '%sSet' % which),
+ NamesChecker(['__getitem__', '__len__', 'has_key',
+ '__repr__', '__str__', "__contains__",
+ 'keys', 'maxKey', 'minKey']
+ )
+ )
+ defineChecker(getattr(module, '%sTreeSet' % which),
+ NamesChecker(['__len__', 'has_key', "__contains__",
+ '__repr__', '__str__',
+ 'keys', 'maxKey', 'minKey']
+ )
+ )
+ items = getattr(module, '%sBTree' % which)().keys()
+ defineChecker(type(items),
+ getCheckerForInstancesOf(tuple))
+
+
+ for which in 'OO', 'II', 'OI', 'IO':
+ _protect(which)
+
+
+
=== Zope3/lib/python/Zope/App/Security/metaConfigure.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Register security related configuration directives.
+
+$Id$
+"""
+from PermissionRegistry import permissionRegistry as perm_reg
+from RoleRegistry import roleRegistry as role_reg
+from Zope.Security.SecurityManager import setSecurityPolicy
+from PrincipalRegistry import principalRegistry
+from RolePermissionManager import rolePermissionManager as role_perm_mgr
+from PrincipalPermissionManager import principalPermissionManager \
+ as principal_perm_mgr
+from PrincipalRoleManager import principalRoleManager as principal_role_mgr
+from Zope.Configuration.Action import Action
+
+def defaultPolicy(_context, name):
+ policy = _context.resolve(name)
+ if callable(policy):
+ policy = policy()
+ return [
+ Action(
+ discriminator = 'defaultPolicy',
+ callable = setSecurityPolicy,
+ args = (policy,),
+ )
+ ]
+
+def definePermission(_context, id, title, description=''):
+ return [
+ Action(
+ discriminator = ('definePermission', id),
+ callable = perm_reg.definePermission,
+ args = (id, title, description),
+ )
+ ]
+
+def defineRole(_context, id, title, description=''):
+ return [
+ Action(
+ discriminator = ('defineRole', id),
+ callable = role_reg.defineRole,
+ args = (id, title, description),
+ )
+ ]
+
+def principal(_context, id, title, login, password, description=''):
+ return [
+ Action(
+ discriminator = ('principal', id),
+ callable = principalRegistry.definePrincipal,
+ args = (id, title, description, login, password),
+ )
+ ]
+
+def defaultPrincipal(_context, id, title, description=''):
+ return [
+ Action(
+ discriminator = 'defaultPrincipal',
+ callable = principalRegistry.defineDefaultPrincipal,
+ args = (id, title, description),
+ )
+ ]
+
+def grantPermissionToRole(_context, permission, role):
+ return [
+ Action(
+ discriminator = ('grantPermissionToRole', permission, role),
+ callable = role_perm_mgr.grantPermissionToRole,
+ args = (permission, role),
+ )
+ ]
+
+def grantPermissionToPrincipal(_context, permission, principal):
+ return [
+ Action(
+ discriminator = ('grantPermissionToPrincipal',
+ permission,
+ principal),
+ callable = principal_perm_mgr.grantPermissionToPrincipal,
+ args = (permission, principal),
+ )
+ ]
+
+def assignRoleToPrincipal(_context, role, principal):
+ return [
+ Action(
+ discriminator = ('assignRoleToPrincipal', role, principal),
+ callable = principal_role_mgr.assignRoleToPrincipal,
+ args = (role, principal),
+ )
+ ]
+
+
=== Zope3/lib/python/Zope/App/Security/protectClass.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Make assertions about permissions needed to access class instances attributes
+"""
+
+from Exceptions import UndefinedPermissionError
+from PermissionRegistry import permissionRegistry
+
+from Zope.Security.Checker import defineChecker, getCheckerForInstancesOf
+from Zope.Security.Checker import Checker, CheckerPublic
+
+def checkPermission(permission):
+ """Check to make sure that the permission is valid.
+ """
+ if not permissionRegistry.definedPermission(permission):
+ raise UndefinedPermissionError(permission)
+
+def protectName(class_, name, permission):
+ "Set a permission on a particular name."
+
+ checkPermission(permission)
+
+ checker = getCheckerForInstancesOf(class_)
+ if checker is None:
+ checker = Checker({}.get)
+ defineChecker(class_, checker)
+
+ if permission == 'Zope.Public':
+ # Translate public permission to CheckerPublic
+ permission = CheckerPublic
+
+ # OK, so it's a hack.
+ protections = checker.getPermission_func().__self__
+ protections[name] = permission
+
+def protectLikeUnto(class_, like_unto):
+ """Use the protections from like_unto for class_
+ """
+
+ unto_checker = getCheckerForInstancesOf(like_unto)
+ if unto_checker is None:
+ return
+
+ # OK, so it's a hack.
+ unto_protections = unto_checker.getPermission_func().__self__
+
+ checker = getCheckerForInstancesOf(class_)
+ if checker is None:
+ checker = Checker({}.get)
+ defineChecker(class_, checker)
+
+ # OK, so it's a hack.
+ protections = checker.getPermission_func().__self__
+ for name in unto_protections:
+ protections[name] = unto_protections[name]
=== Zope3/lib/python/Zope/App/Security/security-meta.zcml 1.1 => 1.2 ===
+
+ <!-- Zope.App.Security -->
+ <directives namespace="http://namespaces.zope.org/security">
+ <directive name="permission"
+ attributes="id title description"
+ handler="Zope.App.Security.metaConfigure.definePermission" />
+ <directive name="role"
+ attributes="id title description"
+ handler="Zope.App.Security.metaConfigure.defineRole" />
+ <directive name="defaultPolicy" attributes="name"
+ handler="Zope.App.Security.metaConfigure.defaultPolicy" />
+ <directive name="principal" attributes="id title description"
+ handler="Zope.App.Security.metaConfigure.principal" />
+ <directive name="defaultPrincipal"
+ attributes="principal title description"
+ handler="Zope.App.Security.metaConfigure.defaultPrincipal" />
+ <directive name="grantPermissionToRole" attributes="permission role"
+ handler="Zope.App.Security.metaConfigure.grantPermissionToRole" />
+ <directive
+ name="grantPermissionToPrincipal"
+ attributes="permission principal"
+ handler="Zope.App.Security.metaConfigure.grantPermissionToPrincipal" />
+ <directive name="assignRoleToPrincipal" attributes="role principal"
+ handler="Zope.App.Security.metaConfigure.assignRoleToPrincipal" />
+ </directives>
+
+</zopeConfigure>
=== Zope3/lib/python/Zope/App/Security/security.zcml 1.1 => 1.2 ===
+ xmlns='http://namespaces.zope.org/zope'
+ xmlns:security='http://namespaces.zope.org/security'
+ xmlns:zmi='http://namespaces.zope.org/zmi'
+ xmlns:browser='http://namespaces.zope.org/browser'
+>
+ <serviceType
+ id="RoleService"
+ interface="Zope.App.Security.IRoleService." />
+ <service
+ serviceType="RoleService"
+ component="Zope.App.Security.RoleRegistry.roleRegistry" />
+
+ <serviceType
+ id="PermissionService"
+ interface="Zope.App.Security.IPermissionService." />
+ <service
+ serviceType="PermissionService"
+ component="Zope.App.Security.PermissionRegistry.permissionRegistry" />
+
+ <serviceType
+ id="AuthenticationService"
+ interface="Zope.App.Security.IAuthenticationService." />
+ <service
+ serviceType="AuthenticationService"
+ component="Zope.App.Security.PrincipalRegistry.principalRegistry" />
+
+ <security:defaultPolicy
+ name="Zope.App.Security.ZopeSecurityPolicy.zopeSecurityPolicy" />
+
+ <adapter factory="Zope.App.Security.BasicAuthAdapter."
+ provides="Zope.App.Security.ILoginPassword."
+ for="Zope.Publisher.HTTP.IHTTPCredentials." />
+
+ <adapter factory="Zope.App.Security.BasicVFSAuthAdapter."
+ provides="Zope.App.Security.ILoginPassword."
+ for="Zope.Publisher.VFS.IVFSCredentials." />
+
+ <adapter factory="Zope.App.Security.BasicVFSAuthAdapter."
+ provides="Zope.App.Security.ILoginPassword."
+ for="Zope.Publisher.VFS.IVFSCredentials." />
+
+
+<!-- Role-Permission management view -->
+
+ <content class=".RolePermissionView.PermissionRoles.">
+ <security:require
+ permission="Zope.Security"
+ attributes="roles rolesInfo"
+ interface="Zope.App.Security.IRegisteredObject." />
+ </content>
+
+ <browser:view for="Zope.App.OFS.Annotation.IAnnotatable."
+ permission="Zope.Security"
+ factory="Zope.App.Security.RolePermissionView.">
+
+ <browser:page name="AllRolePermissions.html"
+ attribute="index" />
+ <browser:page name="ChangeAllRolePermissions.html"
+ attribute="action" />
+ <browser:page name="RolePermissions.html"
+ attribute="manage_RoleForm" />
+ <browser:page name="ChangeRolePermissions.html"
+ attribute="update_role" />
+ <browser:page name="RolesWithPermission.html"
+ attribute="manage_permissionForm" />
+ <browser:page name="ChangeRolesWithPermission.html"
+ attribute="update_permission" />
+ </browser:view>
+
+ <adapter factory=".AnnotationRolePermissionManager."
+ provides=".IRolePermissionManager."
+ for="Zope.App.OFS.Annotation.IAnnotatable." />
+
+
+<!-- Principal-Permission management view -->
+
+ <content class=".PrincipalPermissionView.">
+ <security:require
+ permission="Zope.Security"
+ attributes="index get_principal unsetPermissions denyPermissions
+ grantPermissions getUnsetPermissionsForPrincipal
+ getPermissionsForPrincipal" />
+ </content>
+
+ <browser:view
+ name="PrincipalPermissionsManagement"
+ for="Zope.App.OFS.Annotation.IAnnotatable."
+ factory=".PrincipalPermissionView." />
+
+ <adapter factory=".AnnotationPrincipalPermissionManager."
+ provides=".IPrincipalPermissionManager."
+ for="Zope.App.OFS.Annotation.IAnnotatable." />
+
+
+ <!-- protect Roles and Permissions -->
+ <content class=".RoleRegistry.Role">
+ <security:allow
+ interface="Zope.App.Security.IRegisteredObject." />
+ </content>
+
+</zopeConfigure>
+