[Zope-Checkins] CVS: Zope/lib/python/AccessControl - ZopeSecurityPolicy.py:1.25

Jim Fulton cvs-admin at zope.org
Fri Nov 28 11:44:37 EST 2003 

Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv3621/lib/python/AccessControl

Modified Files:
	ZopeSecurityPolicy.py 
Log Message:
Changed the mechanism for getting object roles, based on a suggestion
by Dieter Maurer.  This was to allow storing class-defined permission
requirements for class-defined attributes in classes totally
independently from the values being protected.


=== Zope/lib/python/AccessControl/ZopeSecurityPolicy.py 1.24 => 1.25 ===
--- Zope/lib/python/AccessControl/ZopeSecurityPolicy.py:1.24	Thu Oct 23 21:21:48 2003
+++ Zope/lib/python/AccessControl/ZopeSecurityPolicy.py	Fri Nov 28 11:44:06 2003
@@ -31,7 +31,7 @@
         _use_python_impl = 1
 
 
-if _use_python_impl:
+if 1 or _use_python_impl:
 
     from types import StringType, UnicodeType
 
@@ -44,6 +44,32 @@
     from PermissionRole import _what_not_even_god_should_do, \
          rolesForPermissionOn
 
+    tuple_or_list = tuple, list
+    def getRoles(container, name, value, default):
+        roles = getattr(value, '__roles__', _noroles)
+        if roles is _noroles:
+            if not name or not isinstance(name, basestring):
+                return default
+
+            cls = getattr(container, '__class__', None)
+            if cls is None:
+                return default
+            
+            roles = getattr(cls, name+'__roles__', _noroles)
+            if roles is _noroles:
+                return default
+
+            value = container
+
+        if roles is None or isinstance(roles, tuple_or_list):
+            return roles
+        
+        rolesForPermissionOn = getattr(roles, 'rolesForPermissionOn', None)
+        if rolesForPermissionOn is not None:
+            roles = rolesForPermissionOn(value)
+
+        return roles
+            
 
     class ZopeSecurityPolicy:
 
@@ -93,7 +119,7 @@
             # If roles weren't passed in, we'll try to get them from the object
 
             if roles is _noroles:
-                roles=getattr(value, '__roles__', _noroles)
+                roles = getRoles(container, name, value, _noroles)
 
             ############################################################
             # We still might not have any roles

More information about the Zope-Checkins mailing list