[Zope-Checkins] CVS: Zope/lib/python/AccessControl - ImplPython.py:1.1.2.3 cAccessControl.c:1.20.2.8

Brian Lloyd brian at zope.com
Tue Jan 27 12:10:34 EST 2004


Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv32490

Modified Files:
      Tag: Zope-2_7-branch
	ImplPython.py cAccessControl.c 
Log Message:
policy fixes


=== Zope/lib/python/AccessControl/ImplPython.py 1.1.2.2 => 1.1.2.3 ===
--- Zope/lib/python/AccessControl/ImplPython.py:1.1.2.2	Fri Jan 16 16:04:50 2004
+++ Zope/lib/python/AccessControl/ImplPython.py	Tue Jan 27 12:10:33 2004
@@ -204,6 +204,13 @@
             if name.startswith('aq_') and name not in valid_aq_:
                 raise Unauthorized(name, value)
 
+        containerbase = aq_base(container)
+        accessedbase = aq_base(accessed)
+        if accessedbase is accessed:
+            # accessed is not a wrapper, so assume that the
+            # value could not have been acquired.
+            accessedbase = container
+
         ############################################################
         # If roles weren't passed in, we'll try to get them from the object
 
@@ -228,14 +235,16 @@
 
             roles = getattr(container, '__roles__', roles)
             if roles is _noroles:
-                # Try to acquire __roles__.  If __roles__ can't be
-                # acquired, the value is unprotected and roles is
-                # left set to _noroles.
-                if aq_base(container) is not container:
-                    try:
-                        roles = container.aq_acquire('__roles__')
+                if containerbase is container:
+                    # Container is not wrapped.
+                    if containerbase is not accessedbase:
+                        raise Unauthorized(name, value)
+                else:
+                    # Try to acquire roles
+                    try: roles = container.aq_acquire('__roles__')
                     except AttributeError:
-                        pass
+                        if containerbase is not accessedbase:
+                            raise Unauthorized(name, value)
 
             # We need to make sure that we are allowed to
             # get unprotected attributes from the container. We are
@@ -300,18 +309,15 @@
                 # in the context of the accessed item; users in subfolders
                 # should not be able to use proxy roles to access items
                 # above their subfolder!
-                owner = eo.getOwner()
-                # Sigh; the default userfolder doesn't return users wrapped
-                if owner and not hasattr(owner, 'aq_parent'):
-                    udb = eo.getOwner(1)[0]
-                    root = container.getPhysicalRoot()
-                    udb = root.unrestrictedTraverse(udb)
-                    owner = owner.__of__(udb)
+                owner = eo.getWrappedOwner()
 
                 if owner is not None:
-                    if not owner._check_context(container):
-                        # container is higher up than the owner, deny access
-                        raise Unauthorized(name, value)
+                    if container is not containerbase:
+                        # Unwrapped objects don't need checking
+                        if not owner._check_context(container):
+                            # container is higher up than the owner,
+                            # deny access
+                            raise Unauthorized(name, value)
 
                 for r in proxy_roles:
                     if r in roles:


=== Zope/lib/python/AccessControl/cAccessControl.c 1.20.2.7 => 1.20.2.8 ===
--- Zope/lib/python/AccessControl/cAccessControl.c:1.20.2.7	Fri Jan 16 16:04:50 2004
+++ Zope/lib/python/AccessControl/cAccessControl.c	Tue Jan 27 12:10:33 2004
@@ -674,6 +674,7 @@
 static PyObject *aq_validate = NULL;
 static PyObject *aq_parent_str = NULL;
 static PyObject *_check_context_str = NULL;
+static PyObject *getWrappedOwner_str = NULL;
 
 static int ownerous = 1;
 static int authenticated = 1;
@@ -709,6 +710,8 @@
           return -1;
 	UNLESS (allowed_str = PyString_FromString("allowed")) return -1;
 	UNLESS (getOwner_str = PyString_FromString("getOwner")) return -1;
+	UNLESS (getWrappedOwner_str = PyString_FromString("getWrappedOwner")) 
+	  return -1;
 	UNLESS (getPhysicalRoot_str = PyString_FromString("getPhysicalRoot")) 
 	  return -1;
 	UNLESS (aq_parent_str = PyString_FromString("aq_parent")) return -1;
@@ -759,17 +762,15 @@
         /* Import from SimpleObject Policy._noroles */
         /* Note that _noroles means missing roles, spelled with a NULL in C.
            Jim. */
+	PyObject *containerbase = NULL;
+	PyObject *accessedbase = NULL;
 	PyObject *p = NULL;
 	PyObject *rval = NULL;
 	PyObject *stack = NULL;
 	PyObject *user = NULL;
 
-
 	PyObject *method = NULL;
 	PyObject *tmp = NULL;
-	PyObject *udb = NULL;
-	PyObject *root = NULL;
-	PyObject *item = NULL;
 
 	char *sname;
 
@@ -807,6 +808,24 @@
 
 	Py_XINCREF(roles);	/* Convert the borrowed ref to a real one */
 
+	/*| containerbase = aq_base(container)
+	**| accessedbase = aq_base(accessed)
+	**| if accessedbase is accessed:
+        **|     # accessed is not a wrapper, so assume that the
+        **|     # value could not have been acquired.
+	**|     accessedbase = container
+	*/
+
+	containerbase = aq_base(container);
+	if (containerbase == NULL) goto err;
+	
+	if (aq_isWrapper(accessed))
+		accessedbase = aq_base(accessed);
+	else {
+		Py_INCREF(container);
+		accessedbase = container;
+	}
+
 	/*| # If roles weren't passed in, we'll try to get them from
 	**| # the object
 	**|
@@ -841,29 +860,46 @@
 		}
 
 		/*| roles = getattr(container, "__roles__", _noroles)
-                **| if roles is _noroles:
-                **|     if aq_base(container) is not container:
-                **|         try:
-                **|             roles = container.aq_acquire('__roles__')
-                **|         except AttributeError:
-                **|             pass
+		**| if roles is _noroles:
+		**|    if containerbase is container:
+                **|       # Container is not wrapped.
+		**|       if containerbase is not accessedbase:
+                **|           raise Unauthorized(name, value)
+		**|    else:
+		**|       # Try to acquire roles
+		**|      try: roles = container.aq_aquire('__roles__')
+		**|      except AttributeError:
+		**|         if containerbase is not accessedbase:
+                **|             raise Unauthorized(name, value)
 		*/
+
                 roles = PyObject_GetAttr(container, __roles__);
 		if (roles == NULL) {
 			PyErr_Clear();
 
-			if (aq_isWrapper(container)) {
+			if (!aq_isWrapper(container)) {
+				if (containerbase != accessedbase)  {
+				  unauthErr(name, value);
+				  goto err;
+				}
+			} 
+                        else {
 				roles = aq_acquire(container, __roles__);
 				if (roles == NULL) {
                                   if (PyErr_ExceptionMatches(
                                       PyExc_AttributeError))
                                     {
                                         PyErr_Clear();
+				        if (containerbase != accessedbase) {
+					  unauthErr(name, value);
+					  goto err;
+					}
                                     }
                                   else
                                     goto err;
 				}
 			}
+
 		}
 
 		/*| # We need to make sure that we are allowed to get
@@ -1018,8 +1054,7 @@
 	**|    if (owner is not None) and not owner.allowed(value, roles)
 	**| 	  # We don't want someone to acquire if they can't 
 	**|	  # get an unacquired!
-	**|       raise Unauthorized, ('You are not authorized to'
-	**|	      'access <em>%s</em>.' % cleanupName(name, value))
+	**|       raise Unauthorized(name, value)
 	*/
 
 		eo = PySequence_GetItem(stack, -1);
@@ -1064,25 +1099,20 @@
 	**|        # in the context of the accessed item; users in subfolders
 	**|        # should not be able to use proxy roles to access items 
 	**|        # above their subfolder!
-	**|        owner = eo.getOwner()
-	**|        # Sigh; the default userfolder doesn't return users wrapped
-	**|        if owner and not hasattr(owner, 'aq_parent'):
-	**|            udb=eo.getOwner(1)[0]
-	**|            root=container.getPhysicalRoot()
-	**|            udb=root.unrestrictedTraverse(udb)
-	**|            owner=owner.__of__(udb)
+	**|        owner = eo.getWrappedOwner()
 	**|                        
 	**|        if owner is not None:
-	**|            if not owner._check_context(container):
-	**|                # container is higher up than the owner, deny
-	**|                # access
-	**|                raise Unauthorized(name, value)
+        **|            if container is not containerbase:
+	**|                if not owner._check_context(container):
+	**|                    # container is higher up than the owner, 
+	**|                    # deny access
+	**|                    raise Unauthorized(name, value)
 	**|
 	**|        for r in proxy_roles:
-	**|          if r in roles: return 1
+	**|            if r in roles:
+        **|                return 1
 	**|
-	**|        raise Unauthorized, ('You are not authorized to access'
-	**|	     '<em>%s</em>.' % cleanupName(name, value))
+	**|        raise Unauthorized(name, value)
 	*/
 		proxy_roles = PyObject_GetAttr(eo, _proxy_roles_str);
 
@@ -1094,9 +1124,7 @@
                 else if (PyObject_IsTrue(proxy_roles)) 
                   {
 
-		    /* patch!! --------------------------------  */
-
-		    method = PyObject_GetAttr(eo, getOwner_str);
+		    method = PyObject_GetAttr(eo, getWrappedOwner_str);
 		    if (method == NULL) {
 		      Py_DECREF(eo);
 		      Py_DECREF(proxy_roles);
@@ -1111,100 +1139,33 @@
 		      goto err;
 		    }
 
-		    if (PyObject_IsTrue(owner)) {
-		      if (!PyObject_HasAttr(owner, aq_parent_str)) {
-			item = PyInt_FromLong(1);
-			if (item == NULL) {
-			  Py_DECREF(eo);
-			  Py_DECREF(proxy_roles);
-			  Py_DECREF(owner);
-			  goto err;
-			}
-
-		        tmp = callmethod1(eo, getOwner_str, item);
-			Py_DECREF(item);
-			if (tmp == NULL) {
-			  Py_DECREF(eo);
-			  Py_DECREF(proxy_roles);
-			  Py_DECREF(owner);
-			  goto err;
-			}
+		    Py_DECREF(eo);
 
-			udb = PySequence_GetItem(tmp, 0);
-			Py_DECREF(tmp);
-			if (udb == NULL) {
-			  Py_DECREF(eo);
-		          Py_DECREF(proxy_roles);
-			  Py_DECREF(owner);
-			  goto err;
-			}
+		    if (owner != Py_None) {
 
-			method = PyObject_GetAttr(container, 
-						  getPhysicalRoot_str);
-			if (method == NULL) {
-			  Py_DECREF(eo);
-		          Py_DECREF(proxy_roles);
-			  Py_DECREF(owner);
-			  Py_DECREF(udb);
-			  goto err;
-			}
+		      if (containerbase != container) {
 
-			root = PyObject_CallObject(method, NULL);
-			Py_DECREF(method);
-			if (root == NULL) {
-			  Py_DECREF(eo);
-		          Py_DECREF(proxy_roles);
+			tmp = callmethod1(owner,_check_context_str,
+					  container
+					  );
+			if (tmp == NULL) {
+			  Py_DECREF(proxy_roles);
 			  Py_DECREF(owner);
-			  Py_DECREF(udb);
 			  goto err;
 			}
 
-			ASSIGN(udb, callmethod1(root, unrestrictedTraverse_str,
-						udb)); 
-			Py_DECREF(root);
-			if (udb == NULL) {
-			  Py_DECREF(eo);
-		          Py_DECREF(proxy_roles);
+			if (!PyObject_IsTrue(tmp)) {
+			  Py_DECREF(proxy_roles);
 			  Py_DECREF(owner);
+			  Py_DECREF(tmp);
+			  unauthErr(name, value);
 			  goto err;
 			}
-
-			ASSIGN(owner, callmethod1(owner, __of__, udb));
-			Py_DECREF(udb);
-			if (owner == NULL) {
-			  Py_DECREF(eo);
-		          Py_DECREF(proxy_roles);
-			  goto err;
-			}
-
-		      }
-		    }
-
-		    Py_DECREF(eo);
-
-		    if (owner != Py_None) {
-		      tmp = callmethod1(owner,_check_context_str,
-					container
-					);
-		      if (tmp == NULL) {
-		        Py_DECREF(proxy_roles);
-			Py_DECREF(owner);
-			goto err;
-		      }
-
-		      if (!PyObject_IsTrue(tmp)) {
-	                Py_DECREF(proxy_roles);
-			Py_DECREF(owner);
 			Py_DECREF(tmp);
-			unauthErr(name, value);
-			goto err;
 		      }
+
 		      Py_DECREF(owner);
-		      Py_DECREF(tmp);
 		    }
-		    		    
-		    /* ------------------------------------------- */
-
 
 
                     contains = 0;
@@ -1276,13 +1237,13 @@
           }
         } /* End of authentiction skip for public only access */
 
-	/*| raise Unauthorizied, ("You are not authorized to access"
-	**|	 "<em>%s</em>." % cleanupName(name, value))
+	/*| raise Unauthorized(name, value)
 	*/
 
         unauthErr(name, value);
   err:
-
+	Py_XDECREF(containerbase);
+	Py_XDECREF(accessedbase);
 	Py_XDECREF(stack);
 	Py_XDECREF(roles);
 




More information about the Zope-Checkins mailing list