[Zope-Checkins] CVS: Zope/lib/python/AccessControl - Owned.py:1.18.6.2 ZopeSecurityPolicy.py:1.20.4.5

Tres Seaver tseaver at zope.com
Mon Jan 26 13:16:13 EST 2004 

Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv31220/lib/python/AccessControl

Modified Files:
      Tag: Zope-2_6-branch
	Owned.py ZopeSecurityPolicy.py 
Log Message:


Fix breakage in tests 

  - AccessControl/Owned.py:

    o Expand API to include explicit methods for retrieving the
      "owner tuple" and the "wrapped owner".
      
    o Deprecate the 'getOwner(1)' wart.

    o Add tests.

  - AccessControl/ZopeSecurityPolicy.py:

    o For the Python version of validate, use the new 'getWrappedOwner'
      API, rather than painfully reconstructing it ourselves.  Also, skip
      tests for acquisition trickery if the container is not a wrapper
      (should repair breakage in DCWorkflow scripts w/ proxy roles).

    o XXX:  Note that cAccessControl needs to follow suit!

  - App/special_dtml.py, Products/PageTemplates/PageTemplateFile.py:

    o Implement the new Owned API.


=== Zope/lib/python/AccessControl/Owned.py 1.18.6.1 => 1.18.6.2 ===
--- Zope/lib/python/AccessControl/Owned.py:1.18.6.1	Wed Nov 19 07:23:23 2003
+++ Zope/lib/python/AccessControl/Owned.py	Mon Jan 26 13:15:41 2004
@@ -10,21 +10,18 @@
 # FOR A PARTICULAR PURPOSE
 #
 ##############################################################################
-__doc__='''Support for owned objects
+"""Support for owned objects
 
-
-$Id$'''
-__version__='$Revision$'[11:-2]
+$Id$
+"""
 
 import Globals, urlparse, SpecialUsers, ExtensionClass
 from AccessControl import getSecurityManager, Unauthorized
 from Acquisition import aq_get, aq_parent, aq_base
 
 UnownableOwner=[]
-def ownableFilter(self,
-                  aq_get=aq_get,
-                  UnownableOwner=UnownableOwner):
-    _owner=aq_get(self, '_owner', None, 1)
+def ownableFilter(self):
+    _owner = aq_get(self, '_owner', None, 1)
     return _owner is not UnownableOwner
 
 # Marker to use as a getattr default.
@@ -52,8 +49,11 @@
     def owner_info(self):
         """Get ownership info for display
         """
-        owner=self.getOwner(1)
-        if owner is None or owner is UnownableOwner: return owner
+        owner=self.getOwnerTuple()
+
+        if owner is None or owner is UnownableOwner:
+            return owner
+
         d={'path': '/'.join(owner[0]), 'id': owner[1],
            'explicit': hasattr(self, '_owner'),
            'userCanChangeOwnershipType':
@@ -62,43 +62,71 @@
         return d
 
     getOwner__roles__=()
-    def getOwner(self, info=0,
-                 aq_get=aq_get,
-                 UnownableOwner=UnownableOwner,
-                 getSecurityManager=getSecurityManager,
-                 ):
+    def getOwner(self, info=0):
         """Get the owner
 
         If a true argument is provided, then only the owner path and id are
         returned. Otherwise, the owner object is returned.
         """
-        owner=aq_get(self, '_owner', None, 1)
-        if info or (owner is None): return owner
+        if info:
+            import warnings
+            warnings.warn('Owned.getOwner(1) is deprecated; '
+                          'please use getOwnerTuple() instead.',
+                          DeprecationWarning)
+
+            return self.getOwnerTuple()
+
+        return aq_base(self.getWrappedOwner()) # ugh, backward compat.
+
+    getOwnerTuple__roles__=()
+    def getOwnerTuple(self):
+        """Return a tuple, (userdb_path, user_id) for the owner.
+
+        o Ownership can be acquired, but only from the containment path.
+
+        o If unowned, return None.
+        """
+        return aq_get(self, '_owner', None, 1)
 
-        if owner is UnownableOwner: return None
+    getWrappedOwner__roles__=()
+    def getWrappedOwner(self):
+        """Get the owner, modestly wrapped in the user folder.
 
-        udb, oid = owner
+        o If the object is not owned, return None.
+
+        o If the owner's user database doesn't exist, return Nobody.
+
+        o If the owner ID does not exist in the user database, return Nobody.
+        """
+        owner = self.getOwnerTuple()
+
+        if owner is None:
+            return None
+
+        udb_path, oid = owner
+
+        root = self.getPhysicalRoot()
+        udb = root.unrestrictedTraverse(udb_path, None)
 
-        root=self.getPhysicalRoot()
-        udb=root.unrestrictedTraverse(udb, None)
         if udb is None:
-            user = SpecialUsers.nobody
-        else:
-            user = udb.getUserById(oid, None)
-            if user is None: user = SpecialUsers.nobody
-        return user
+            return SpecialUsers.nobody
+
+        user = udb.getUserById(oid, None)
+
+        if user is None:
+            return SpecialUsers.nobody
+
+        return user.__of__(udb)
 
     changeOwnership__roles__=()
-    def changeOwnership(self, user, recursive=0,
-                        aq_get=aq_get,
-                        ):
+    def changeOwnership(self, user, recursive=0):
         """Change the ownership to the given user.  If 'recursive' is
         true then also take ownership of all sub-objects, otherwise
         sub-objects retain their ownership information."""
 
         new=ownerInfo(user)
         if new is None: return # Special user!
-        old=aq_get(self, '_owner', None, 1)
+        old = self.getOwnerTuple()
         if old==new: return
         if old is UnownableOwner: return
 
@@ -117,7 +145,7 @@
         user=security.getUser()
         info=ownerInfo(user)
         if info is None: return 0
-        owner=self.getOwner(1)
+        owner=self.getOwnerTuple()
         if owner == info: return 0
         return security.checkPermission('Take ownership', self)
 
@@ -147,7 +175,7 @@
         old=getattr(self, '_owner', None)
         if explicit:
             if old is not None: return
-            owner=aq_get(self, '_owner', None, 1)
+            owner = self.getOwnerTuple()
             if owner is not None and owner is not UnownableOwner:
                 self._owner=owner
         else:


=== Zope/lib/python/AccessControl/ZopeSecurityPolicy.py 1.20.4.4 => 1.20.4.5 ===
--- Zope/lib/python/AccessControl/ZopeSecurityPolicy.py:1.20.4.4	Mon Jan 12 16:29:50 2004
+++ Zope/lib/python/AccessControl/ZopeSecurityPolicy.py	Mon Jan 26 13:15:41 2004
@@ -198,18 +198,15 @@
                     # in the context of the accessed item; users in subfolders
                     # should not be able to use proxy roles to access items 
                     # above their subfolder!
-                    owner = eo.getOwner()
-                    # Sigh; the default userfolder doesn't return users wrapped
-                    if owner and not hasattr(owner, 'aq_parent'):
-                        udb=eo.getOwner(1)[0]
-                        root=container.getPhysicalRoot()
-                        udb=root.unrestrictedTraverse(udb)
-                        owner=owner.__of__(udb)
+                    owner = eo.getWrappedOwner()
                         
                     if owner is not None:
-                        if not owner._check_context(container):
-                            # container is higher up than the owner, deny access
-                            raise Unauthorized(name, value)
+                        if container is not containerbase:
+                            # Unwrapped objects don't need checking
+                            if not owner._check_context(container):
+                                # container is higher up than the owner,
+                                # deny access
+                                raise Unauthorized(name, value)
 
                     for r in proxy_roles:
                         if r in roles: return 1

More information about the Zope-Checkins mailing list