[Zope-Checkins] CVS: Zope/lib/python/AccessControl -
DTML.py:1.10.84.2 PermissionRole.py:1.18.16.1
SecurityManager.py:1.13.84.1 ZopeSecurityPolicy.py:1.23.16.1
__init__.py:1.15.84.1
Jim Fulton
cvs-admin at zope.org
Sat Nov 22 12:16:25 EST 2003
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv17116/lib/python/AccessControl
Modified Files:
Tag: zodb33-devel-branch
DTML.py PermissionRole.py SecurityManager.py
ZopeSecurityPolicy.py __init__.py
Log Message:
Implemented a new mechanism for computing roles, based on a suggestion
by Dieter Maurer.
=== Zope/lib/python/AccessControl/DTML.py 1.10.84.1 => 1.10.84.2 ===
--- Zope/lib/python/AccessControl/DTML.py:1.10.84.1 Sat Nov 15 07:10:55 2003
+++ Zope/lib/python/AccessControl/DTML.py Sat Nov 22 12:15:54 2003
@@ -86,14 +86,6 @@
.validate(inst, parent, name, value)
)
- def SecurityValidateValue(md, value):
- """Convenience for common case of simple value validation.
- """
- return (SecurityManagement
- .getSecurityManager()
- .validateValue(value)
- )
-
def SecurityCheckPermission(md, permission, object):
"""Check whether the security context allows the given permission on
the given object.
=== Zope/lib/python/AccessControl/PermissionRole.py 1.18 => 1.18.16.1 ===
--- Zope/lib/python/AccessControl/PermissionRole.py:1.18 Tue Jun 10 11:39:04 2003
+++ Zope/lib/python/AccessControl/PermissionRole.py Sat Nov 22 12:15:54 2003
@@ -30,7 +30,7 @@
_use_python_impl = 1
-if _use_python_impl:
+if 1 or _use_python_impl:
import sys
@@ -38,18 +38,59 @@
import string
- name_trans=filter(lambda c, an=string.letters+string.digits+'_': c not in an,
+ name_trans=filter((lambda c, an=string.letters+string.digits+'_':
+ c not in an
+ ),
map(chr,range(256)))
name_trans=string.maketrans(''.join(name_trans), '_'*len(name_trans))
- def rolesForPermissionOn(perm, object, default=('Manager',)):
+ def rolesForPermissionOn(perm, obj, default=('Manager',), n=None):
"""Return the roles that have the given permission on the given object
"""
- im=imPermissionRole()
- im._p='_'+string.translate(perm, name_trans)+"_Permission"
- im._d=default
- return im.__of__(object)
+ n = n or '_'+string.translate(perm, name_trans)+"_Permission"
+ r = None
+
+ while 1:
+ if hasattr(obj, n):
+ roles = getattr(obj, n)
+ if roles is None:
+ return 'Anonymous',
+
+ t = type(roles)
+ if t is tuple:
+ # If we get a tuple, then we don't acquire
+ if r is None:
+ return roles
+ return r+list(roles)
+
+ if t is str:
+ # We found roles set to a name. Start over
+ # with the new permission name. If the permission
+ # name is '', then treat as private!
+ if roles:
+ if roles != n:
+ n = roles
+ # If we find a name that is the same as the
+ # current name, we just ignore it.
+ roles = None
+ else:
+ return _what_not_even_god_should_do
+
+ elif roles:
+ if r is None:
+ r = list(roles)
+ else: r = r + list(roles)
+
+ obj = getattr(obj, 'aq_inner', None)
+ if obj is None:
+ break
+ obj = obj.aq_parent
+
+ if r is None:
+ return default
+
+ return r
class PermissionRole(Base):
"""Implement permission-based roles.
@@ -77,6 +118,8 @@
else:
return r
+ def rolesForPermissionOn(self, value):
+ return rolesForPermissionOn(None, value, self._d, self._p)
# This is used when a permission maps explicitly to no permission.
_what_not_even_god_should_do=[]
@@ -85,50 +128,13 @@
"""Implement permission-based roles
"""
- def __of__(self, parent,tt=type(()),st=type(''),getattr=getattr):
- obj=parent
- n=self._p
- r=None
- while 1:
- if hasattr(obj,n):
- roles=getattr(obj, n)
-
- if roles is None: return 'Anonymous',
-
- t=type(roles)
-
- if t is tt:
- # If we get a tuple, then we don't acquire
- if r is None: return roles
- return r+list(roles)
-
- if t is st:
- # We found roles set to a name. Start over
- # with the new permission name. If the permission
- # name is '', then treat as private!
- if roles:
- if roles != n:
- n=roles
- # If we find a name that is the same as the
- # current name, we just ignore it.
- roles=None
- else:
- return _what_not_even_god_should_do
-
- elif roles:
- if r is None: r=list(roles)
- else: r=r+list(roles)
-
- obj=getattr(obj, 'aq_inner', None)
- if obj is None: break
- obj=obj.aq_parent
-
- if r is None: r=self._d
-
- return r
-
- # The following methods are needed in the unlikely case that an unwrapped
- # object is accessed:
+ def __of__(self, value):
+ return rolesForPermissionOn(None, value, self._d, self._p)
+ rolesForPermissionOn = __of__
+
+ # The following methods are needed in the unlikely case that
+ # an unwrapped object is accessed:
+
def __getitem__(self, i):
try:
v=self._v
=== Zope/lib/python/AccessControl/SecurityManager.py 1.13 => 1.13.84.1 ===
--- Zope/lib/python/AccessControl/SecurityManager.py:1.13 Wed Aug 14 17:29:07 2002
+++ Zope/lib/python/AccessControl/SecurityManager.py Sat Nov 22 12:15:54 2003
@@ -47,7 +47,7 @@
"""
__allow_access_to_unprotected_subobjects__ = {
- 'validate': 1, 'validateValue': 1, 'checkPermission': 1,
+ 'validate': 1, 'checkPermission': 1,
'getUser': 1, 'calledByExecutable': 1
}
@@ -112,17 +112,6 @@
policy=self._policy
return policy.validate(accessed, container, name, value,
self._context)
-
- def validateValue(self, value, roles=_noroles):
- """Convenience for common case of simple value validation.
- """
- policy=self._policy
- if roles is _noroles:
- return policy.validate(None, None, None, value,
- self._context)
- else:
- return policy.validate(None, None, None, value,
- self._context, roles)
def checkPermission(self, permission, object):
"""Check whether the security context allows the given permission on
=== Zope/lib/python/AccessControl/ZopeSecurityPolicy.py 1.23 => 1.23.16.1 ===
--- Zope/lib/python/AccessControl/ZopeSecurityPolicy.py:1.23 Tue Jun 10 11:39:04 2003
+++ Zope/lib/python/AccessControl/ZopeSecurityPolicy.py Sat Nov 22 12:15:54 2003
@@ -31,7 +31,7 @@
_use_python_impl = 1
-if _use_python_impl:
+if 1 or _use_python_impl:
from types import StringType
@@ -44,6 +44,32 @@
from PermissionRole import _what_not_even_god_should_do, \
rolesForPermissionOn
+ tuple_or_list = tuple, list
+ def getRoles(container, name, value, default):
+ roles = getattr(value, '__roles__', _noroles)
+ if roles is _noroles:
+ if not name or not isinstance(name, basestring):
+ return default
+
+ cls = getattr(container, '__class__', None)
+ if cls is None:
+ return default
+
+ roles = getattr(cls, name+'__roles__', _noroles)
+ if roles is _noroles:
+ return default
+
+ value = container
+
+ if roles is None or isinstance(roles, tuple_or_list):
+ return roles
+
+ rolesForPermissionOn = getattr(roles, 'rolesForPermissionOn', None)
+ if rolesForPermissionOn is not None:
+ roles = rolesForPermissionOn(value)
+
+ return roles
+
class ZopeSecurityPolicy:
@@ -93,7 +119,7 @@
# If roles weren't passed in, we'll try to get them from the object
if roles is _noroles:
- roles=getattr(value, '__roles__', _noroles)
+ roles = getRoles(container, name, value, _noroles)
############################################################
# We still might not have any roles
=== Zope/lib/python/AccessControl/__init__.py 1.15 => 1.15.84.1 ===
--- Zope/lib/python/AccessControl/__init__.py:1.15 Wed Aug 14 17:29:07 2002
+++ Zope/lib/python/AccessControl/__init__.py Sat Nov 22 12:15:54 2003
@@ -13,9 +13,6 @@
from unauthorized import Unauthorized
-import DTML
-del DTML
-
from SecurityManagement import getSecurityManager, setSecurityPolicy
from SecurityInfo import ClassSecurityInfo, ModuleSecurityInfo
from SecurityInfo import ACCESS_PRIVATE
@@ -26,3 +23,6 @@
from ZopeGuards import full_read_guard, full_write_guard, safe_builtins
ModuleSecurityInfo('AccessControl').declarePublic('getSecurityManager')
+
+import DTML
+del DTML
More information about the Zope-Checkins
mailing list