[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/Grants - AnnotationPrincipalPermissionManager.py:1.1 AnnotationPrincipalRoleManager.py:1.1 AnnotationRolePermissionManager.py:1.1 LocalSecurityMap.py:1.1 PermissionRoles.py:1.1 RolePermissions.py:1.1 __init__.py:1.1 configure.zcml:1.1
Jim Fulton
jim@zope.com
Thu, 20 Jun 2002 11:55:01 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/Grants
In directory cvs.zope.org:/tmp/cvs-serv15462/lib/python/Zope/App/Security/Grants
Added Files:
AnnotationPrincipalPermissionManager.py
AnnotationPrincipalRoleManager.py
AnnotationRolePermissionManager.py LocalSecurityMap.py
PermissionRoles.py RolePermissions.py __init__.py
configure.zcml
Log Message:
implemented:
http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/MergeSecurityIntoZopeNamespace
While I was at it, I couldn't resist implementing a variation of:
http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/SecurityPackageReorg
which was a lot more work.
=== Added File Zope3/lib/python/Zope/App/Security/Grants/AnnotationPrincipalPermissionManager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Mappings between principals and permissions, stored in an object locally."""
from Zope.ComponentArchitecture import getAdapter
from Zope.App.OFS.Annotation.IAnnotations import IAnnotations
from Zope.App.Security.IPrincipalPermissionManager \
import IPrincipalPermissionManager
from Zope.App.Security.Grants.LocalSecurityMap import LocalSecurityMap
from Zope.App.Security.Settings import Allow, Deny, Unset
annotation_key = 'Zope.App.Security.AnnotationPrincipalPermissionManager'
class AnnotationPrincipalPermissionManager:
"""Mappings between principals and permissions."""
__implements__ = IPrincipalPermissionManager
def __init__(self, context):
self._context = context
def grantPermissionToPrincipal(self, permission_id, principal_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions(create=1)
pp.addCell(permission_id, principal_id, Allow)
self._context._p_changed = 1
def denyPermissionToPrincipal(self, permission_id, principal_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions(create=1)
pp.addCell(permission_id, principal_id, Deny)
self._context._p_changed = 1
def unsetPermissionForPrincipal(self, permission_id, principal_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
# Only unset if there is a security map, otherwise, we're done
if pp:
pp.delCell(permission_id, principal_id)
self._context._p_changed = 1
def getPrincipalsForPermission(self, permission_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getRow(permission_id)
return []
def getPermissionsForPrincipal(self, principal_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getCol(principal_id)
return []
def getSetting(self, permission_id, principal_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getCell(permission_id, principal_id, default=Unset)
return []
def getPrincipalsAndPermissions(self):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getAllCells()
return []
# Implementation helpers
def _getPrincipalPermissions(self, create=0):
""" Get the principal permission map stored in the context, optionally
creating one if necessary """
# need to remove security proxies here, otherwise we enter
# an infinite loop, becuase checking security depends on
# getting PrincipalPermissions.
from Zope.Proxy.ProxyIntrospection import removeAllProxies
context = removeAllProxies(self._context)
annotations = getAdapter(context, IAnnotations)
try:
return annotations[annotation_key]
except KeyError:
if create:
rp = annotations[annotation_key] = LocalSecurityMap()
return rp
return None
=== Added File Zope3/lib/python/Zope/App/Security/Grants/AnnotationPrincipalRoleManager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Mappings between principals and roles, stored in an object locally."""
from Zope.ComponentArchitecture import getAdapter
from Zope.App.OFS.Annotation.IAnnotations import IAnnotations
from Zope.App.Security.IPrincipalRoleManager \
import IPrincipalRoleManager
from Zope.App.Security.Grants.LocalSecurityMap import LocalSecurityMap
from Zope.App.Security.Settings import Assign, Remove, Unset
annotation_key = 'Zope.App.Security.AnnotationPrincipalRoleManager'
class AnnotationPrincipalRoleManager:
"""Mappings between principals and roles."""
__implements__ = IPrincipalRoleManager
def __init__(self, context):
self._context = context
def assignRoleToPrincipal(self, role_id, principal_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles(create=1)
pp.addCell(role_id, principal_id, Assign)
self._context._p_changed = 1
def removeRoleFromPrincipal(self, role_id, principal_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles(create=1)
pp.addCell(role_id, principal_id, Remove)
self._context._p_changed = 1
def unsetRoleForPrincipal(self, role_id, principal_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles()
# Only unset if there is a security map, otherwise, we're done
if pp:
pp.delCell(role_id, principal_id)
self._context._p_changed = 1
def getPrincipalsForRole(self, role_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles()
if pp:
return pp.getRow(role_id)
return []
def getRolesForPrincipal(self, principal_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles()
if pp:
return pp.getCol(principal_id)
return []
def getSetting(self, role_id, principal_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles()
if pp:
return pp.getCell(role_id, principal_id, default=Unset)
return Unset
def getPrincipalsAndRoles(self):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles()
if pp:
return pp.getAllCells()
return []
# Implementation helpers
def _getPrincipalRoles(self, create=0):
""" Get the principal role map stored in the context, optionally
creating one if necessary """
annotations = getAdapter(self._context, IAnnotations)
try:
return annotations[annotation_key]
except KeyError:
if create:
rp = annotations[annotation_key] = LocalSecurityMap()
return rp
return None
=== Added File Zope3/lib/python/Zope/App/Security/Grants/AnnotationRolePermissionManager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
$Id: AnnotationRolePermissionManager.py,v 1.1 2002/06/20 15:54:59 jim Exp $
"""
from Zope.ComponentArchitecture import getAdapter
from Zope.App.OFS.Annotation.IAnnotations import IAnnotations
from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
from Zope.App.Security.Grants.LocalSecurityMap import LocalSecurityMap
from Zope.App.Security.Settings import Allow, Deny, Unset
annotation_key = 'Zope.App.Security.AnnotationRolePermissionManager'
class AnnotationRolePermissionManager:
"""
provide adapter that manages role permission data in an object attribute
"""
__implements__ = IRolePermissionManager
def __init__(self, context):
self._context = context
def grantPermissionToRole(self, permission_id, role_id):
''' See the interface IRolePermissionManager '''
rp = self._getRolePermissions(create=1)
rp.addCell(permission_id, role_id, Allow)
# probably not needed, as annotations should manage
# their own persistence
#self._context._p_changed = 1
def denyPermissionToRole(self, permission_id, role_id):
''' See the interface IRolePermissionManager '''
rp = self._getRolePermissions(create=1)
rp.addCell(permission_id, role_id, Deny)
# probably not needed, as annotations should manage
# their own persistence
#self._context._p_changed = 1
def unsetPermissionFromRole(self, permission_id, role_id):
''' See the interface IRolePermissionManager '''
rp = self._getRolePermissions()
# Only unset if there is a security map, otherwise, we're done
if rp:
rp.delCell(permission_id, role_id)
# probably not needed, as annotations should manage
# their own persistence
#self._context._p_changed = 1
def getRolesForPermission(self, permission_id):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getRow(permission_id)
else:
return []
def getPermissionsForRole(self, role_id):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getCol(role_id)
else:
return []
def getRolesAndPermissions(self):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getAllCells(role_id)
else:
return []
def getSetting(self, permission_id, role_id):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getCell(permission_id, role_id)
else:
return Unset
def _getRolePermissions(self, create=0):
"""Get the role permission map stored in the context, optionally
creating one if necessary"""
# need to remove security proxies here, otherwise we enter
# an infinite loop, becuase checking security depends on
# getting RolePermissions.
from Zope.Proxy.ProxyIntrospection import removeAllProxies
context = removeAllProxies(self._context)
annotations = getAdapter(context, IAnnotations)
try:
return annotations[annotation_key]
except KeyError:
if create:
rp = annotations[annotation_key] = LocalSecurityMap()
return rp
return None
=== Added File Zope3/lib/python/Zope/App/Security/Grants/LocalSecurityMap.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
""" Generic three dimensional array type """
class LocalSecurityMap(object):
def __init__(self):
self._clear()
def _clear(self):
self._byrow = {}
self._bycol = {}
def addCell(self, rowentry, colentry, value):
row = self._byrow.setdefault(rowentry, {})
row[colentry] = value
col = self._bycol.setdefault(colentry, {})
col[rowentry] = value
def delCell(self, rowentry, colentry):
row = self._byrow.get(rowentry)
if row and (colentry in row):
del self._byrow[rowentry][colentry]
del self._bycol[colentry][rowentry]
def getCell(self, rowentry, colentry, default=None):
" return the value of a cell by row, entry "
row = self._byrow.get(rowentry)
if row: return row.get(colentry, default)
else: return default
def getRow(self, rowentry):
" return a list of (colentry, value) tuples from a row "
row = self._byrow.get(rowentry)
if row:
return row.items()
else: return []
def getCol(self, colentry):
" return a list of (rowentry, value) tuples from a col "
col = self._bycol.get(colentry)
if col:
return col.items()
else: return []
def getAllCells(self):
" return a list of (rowentry, colentry, value) "
res = []
for r in self._byrow.keys():
for c in self._byrow[r].items():
res.append((r,) + c)
return res
=== Added File Zope3/lib/python/Zope/App/Security/Grants/PermissionRoles.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
$Id: PermissionRoles.py,v 1.1 2002/06/20 15:54:59 jim Exp $
"""
from Zope.ComponentArchitecture import getAdapter
from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
from Zope.App.Security.IPermission import IPermission
from Zope.App.Security.Settings import Allow
class PermissionRoles:
__implements__ = IPermission
def __init__(self, permission, context, roles):
self._permission = permission
self._context = context
self._roles = roles
def getId(self):
return self._permission.getId()
def getTitle(self):
return self._permission.getTitle()
def getDescription(self):
return self._permission.getDescription()
def roles(self):
prm = getAdapter(self._context, IRolePermissionManager)
proles = prm.getRolesForPermission(self._permission.getId())
proles = [role for role,setting in proles if setting==Allow]
return [((role.getId() in proles) and '1' or None)
for role in self._roles]
def rolesInfo(self):
prm = getAdapter(self._context, IRolePermissionManager)
proles = prm.getRolesForPermission(self._permission.getId())
proles = [role for role,setting in proles if setting==Allow]
return [{'id': role.getId(),
'title': role.getTitle(),
'checked': ((role.getId() in proles) and '1' or None)}
for role in self._roles]
=== Added File Zope3/lib/python/Zope/App/Security/Grants/RolePermissions.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
$Id: RolePermissions.py,v 1.1 2002/06/20 15:54:59 jim Exp $
"""
from Zope.ComponentArchitecture import getAdapter
from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
from Zope.App.Security.IRole import IRole
from Zope.App.Security.Settings import Allow
class RolePermissions:
__implements__ = IRole
def __init__(self, role, context, permissions):
self._role = role
self._context = context
self._permissions = permissions
def getId(self):
return self._role.getId()
def getTitle(self):
return self._role.getTitle()
def getDescription(self):
return self._role.getDescription()
def permissionsInfo(self):
prm = getAdapter(self._context, IRolePermissionManager)
rperms = prm.getPermissionsForRole(self._role.getId())
rperms = [permission
for permission,setting in rperms
if setting==Allow]
return [{'id': permission.getId(),
'title': permission.getTitle(),
'checked': ((permission.getId() in rperms) and '1' or None)}
for permission in self._permissions]
=== Added File Zope3/lib/python/Zope/App/Security/Grants/__init__.py ===
##############################################################################
#
# Copyright (c) 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""XXX short summary goes here.
XXX longer description goes here.
$Id: __init__.py,v 1.1 2002/06/20 15:54:59 jim Exp $
"""
=== Added File Zope3/lib/python/Zope/App/Security/Grants/configure.zcml ===
<zopeConfigure
xmlns='http://namespaces.zope.org/zope'
xmlns:zmi='http://namespaces.zope.org/zmi'
xmlns:browser='http://namespaces.zope.org/browser'
package="Zope.App.Security"
>
<include package=".Grants.Views" />
<content class=".Grants.PermissionRoles.">
<require
permission="Zope.Security"
attributes="roles rolesInfo"
interface="Zope.App.Security.IRegisteredObject." />
</content>
<content class=".Grants.RolePermissions.">
<require
permission="Zope.Security"
attributes="permissions permissionsInfo"
interface="Zope.App.Security.IRegisteredObject." />
</content>
<adapter factory=".Grants.AnnotationRolePermissionManager."
provides=".IRolePermissionManager."
for="Zope.App.OFS.Annotation.IAnnotatable." />
<adapter factory=".Grants.AnnotationPrincipalPermissionManager."
provides=".IPrincipalPermissionManager."
for="Zope.App.OFS.Annotation.IAnnotatable." />
</zopeConfigure>