[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - ZopeSecurityPolicy.py:1.1.2.18.2.1 protectClass.py:1.1.2.7.2.1 security.zcml:1.1.2.1.2.2

Stephan Richter srichter@cbu.edu
Mon, 4 Mar 2002 01:19:09 -0500 

Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv32648/lib/python/Zope/App/Security

Modified Files:
      Tag: srichter-OFS_Formulator-branch
	ZopeSecurityPolicy.py protectClass.py security.zcml 
Log Message:
- Simple setup (ZCML) changes of files.

- Various other little things


=== Zope3/lib/python/Zope/App/Security/ZopeSecurityPolicy.py 1.1.2.18 => 1.1.2.18.2.1 ===
 from Zope.App.Security.Settings import Allow, Deny, Assign, Remove, Unset
 
-from types import StringTypes, ListType
+from types import StringTypes, ListType, IntType, MethodType, NoneType
 
 getPermissionsForPrincipal = \
                 principalPermissionManager.getPermissionsForPrincipal
@@ -85,7 +85,22 @@
         except AttributeError:
             # XXX: allow some simple types to get ZMI working
             #      is this the right thing to do?
-            if isinstance(value, (ListType, StringTypes)):
+            #      Also, respect the attribute
+            #      __allow_access_to_unprotected_subobjects__
+            #      as used in TALES iterators and other places
+            #      Also, respect __aatus__ for accessing methods of objects
+            #      (un)protected by it.
+            #      This is still a hack, and still incomplete, and just here
+            #      to get the ZMI working.
+            
+            if (isinstance(value, (ListType, StringTypes, IntType, NoneType))
+                or 
+                getattr(value,'__allow_access_to_unprotected_subobjects__',0)):
+                permission = 'Zope.Public'
+            elif (isinstance(value, MethodType) and 
+                  getattr(value.im_self,
+                          '__allow_access_to_unprotected_subobjects__',
+                          0)):
                 permission = 'Zope.Public'
             else:
                 raise Forbidden(name, value, 'No permission set')


=== Zope3/lib/python/Zope/App/Security/protectClass.py 1.1.2.7 => 1.1.2.7.2.1 ===
     def __init__(self, name, permission_id=None, interface=None,
                  method=None, methods=None):
+
         self.__class = resolve(name)
         self.__name = name
         self.__permission_id = permission_id


=== Zope3/lib/python/Zope/App/Security/security.zcml 1.1.2.1.2.1 => 1.1.2.1.2.2 ===
    methods="index, roles, permissions, permissionRoles, action,
    manage_permissionForm, update_permission,
-   manage_roleForm, update_role" />
+   manage_roleForm, update_role, permissionForID" />
 
 <security:protectClass
    name="Zope.App.Security.RolePermissionView.PermissionRoles."
    permission_id="Zope.Security"
-   methods="roles" 
-   interface="Zope.App.Security.IPermission." />
+   methods="roles, rolesInfo"
+   interface="Zope.App.Security.IRegisteredObject." />
 
 <browser:view name="RolePermissionsManagement"
               for="Zope.App.Security.IAttributeRolePermissionManageable."
@@ -75,6 +75,12 @@
          provides="Zope.App.Security.IPrincipalRoleManager."
          />
          
+
+<!-- protect Roles and Permissions -->
+<security:protectClass name="Zope.App.Security.RoleRegistry.Role"
+                       interface="Zope.App.Security.IRegisteredObject."
+                       permission_id="Zope.Public"/>
+
 
 
 </zopeConfigure>