[Zope-Checkins] SVN: Zope/branches/Zope-2_8-branch/ Merged r40279 from 2.9 branch:

Florent Guillaume fg at nuxeo.com
Sun Nov 20 19:08:01 EST 2005 

Log message for revision 40281:
  Merged r40279 from 2.9 branch:
  
  Warn when an attempt is made to have a security declaration on a
  nonexistent method. Removed one such method.
  
  Fixed unclear security declarations. When bug 761 was fixed,
  declareProtected(perm) was made illegal, at least one method name was
  required. This checkin does the same for declarePrivate() and
  declarePublic().
  
  Also there was a bug in that a class having:
    security = ClassSecurityInfo()
    __ac_permissions__ = ((perm, ()),)
  was not equivalent to a class having:
    __ac_permissions__ = ((perm, ()),)
  This first form had as a buggy side effect have the behavior of
    __ac_permissions__ = ((perm, ('')),)
  which is equivalent to
    __roles__ = PermissonRole(perm)
  Not it will simply make the permission available from this object
  (with default roles).
  
  

Changed:
  U   Zope/branches/Zope-2_8-branch/doc/CHANGES.txt
  U   Zope/branches/Zope-2_8-branch/lib/python/AccessControl/SecurityInfo.py
  U   Zope/branches/Zope-2_8-branch/lib/python/App/class_init.py
  U   Zope/branches/Zope-2_8-branch/lib/python/OFS/ZDOM.py
  U   Zope/branches/Zope-2_8-branch/lib/python/webdav/Lockable.py

-=-
Modified: Zope/branches/Zope-2_8-branch/doc/CHANGES.txt
===================================================================
--- Zope/branches/Zope-2_8-branch/doc/CHANGES.txt	2005-11-20 23:54:39 UTC (rev 40280)
+++ Zope/branches/Zope-2_8-branch/doc/CHANGES.txt	2005-11-21 00:08:00 UTC (rev 40281)
@@ -26,6 +26,9 @@
 
     Bugs Fixed
 
+      - Fixed unclear security declarations. Warn when an attempt is
+        made to have a security declaration on a nonexistent method.
+
       - OFS Application: While deprecated since years, old-style product
         metadata in the __init__.py did not show deprecation warnings. Added
         warnings and converted ZGadflyDA/__init__.py and

Modified: Zope/branches/Zope-2_8-branch/lib/python/AccessControl/SecurityInfo.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/AccessControl/SecurityInfo.py	2005-11-20 23:54:39 UTC (rev 40280)
+++ Zope/branches/Zope-2_8-branch/lib/python/AccessControl/SecurityInfo.py	2005-11-21 00:08:00 UTC (rev 40281)
@@ -67,9 +67,6 @@
         self.roles = {}
 
     def _setaccess(self, names, access):
-        # Empty names list sets access to the class itself, named ''
-        if not len(names):
-            names = ('',)
         for name in names:
             if self.names.get(name, access) != access:
                 LOG('SecurityInfo', WARNING, 'Conflicting security '
@@ -78,14 +75,14 @@
             self.names[name] = access
 
     declarePublic__roles__=ACCESS_PRIVATE
-    def declarePublic(self, *names):
+    def declarePublic(self, name, *names):
         """Declare names to be publicly accessible."""
-        self._setaccess(names, ACCESS_PUBLIC)
+        self._setaccess((name,) + names, ACCESS_PUBLIC)
 
     declarePrivate__roles__=ACCESS_PRIVATE
-    def declarePrivate(self, *names):
+    def declarePrivate(self, name, *names):
         """Declare names to be inaccessible to restricted code."""
-        self._setaccess(names, ACCESS_PRIVATE)
+        self._setaccess((name,) + names, ACCESS_PRIVATE)
 
     declareProtected__roles__=ACCESS_PRIVATE
     def declareProtected(self, permission_name, name, *names):
@@ -95,17 +92,17 @@
     declareObjectPublic__roles__=ACCESS_PRIVATE
     def declareObjectPublic(self):
         """Declare the object to be publicly accessible."""
-        self._setaccess((), ACCESS_PUBLIC)
+        self._setaccess(('',), ACCESS_PUBLIC)
 
     declareObjectPrivate__roles__=ACCESS_PRIVATE
     def declareObjectPrivate(self):
         """Declare the object to be inaccessible to restricted code."""
-        self._setaccess((), ACCESS_PRIVATE)
+        self._setaccess(('',), ACCESS_PRIVATE)
 
     declareObjectProtected__roles__=ACCESS_PRIVATE
     def declareObjectProtected(self, permission_name):
         """Declare the object to be associated with a permission."""
-        self._setaccess((), permission_name)
+        self._setaccess(('',), permission_name)
 
     setPermissionDefault__roles__=ACCESS_PRIVATE
     def setPermissionDefault(self, permission_name, roles):

Modified: Zope/branches/Zope-2_8-branch/lib/python/App/class_init.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/App/class_init.py	2005-11-20 23:54:39 UTC (rev 40280)
+++ Zope/branches/Zope-2_8-branch/lib/python/App/class_init.py	2005-11-21 00:08:00 UTC (rev 40281)
@@ -11,6 +11,7 @@
 #
 ##############################################################################
 
+import logging
 from AccessControl.PermissionRole import PermissionRole
 import AccessControl.Permission
 
@@ -36,7 +37,6 @@
                     try: classname = '%s.%s' % (
                         self.__module__, self.__name__)
                     except AttributeError: classname = `self`
-                    import logging
                     logging.getLogger("Init").warning(
                         'Ambiguous name for method of %s: %r != %r',
                         classname, d['__name__'], name)
@@ -76,3 +76,8 @@
                 pr=PermissionRole(pname)
             for mname in mnames:
                 setattr(self, mname+'__roles__', pr)
+                if mname and not hasattr(self, mname):
+                    logging.getLogger("Init").warning(
+                        "Class %s.%s has a security declaration for "
+                        "nonexistent method %r", self.__module__,
+                        self.__name__, mname)

Modified: Zope/branches/Zope-2_8-branch/lib/python/OFS/ZDOM.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/OFS/ZDOM.py	2005-11-20 23:54:39 UTC (rev 40280)
+++ Zope/branches/Zope-2_8-branch/lib/python/OFS/ZDOM.py	2005-11-21 00:08:00 UTC (rev 40281)
@@ -234,7 +234,7 @@
 
     __ac_permissions__=(
         ('Access contents information',
-            ('hasFeature'),
+            ('hasFeature',),
         ),
     )
 

Modified: Zope/branches/Zope-2_8-branch/lib/python/webdav/Lockable.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/webdav/Lockable.py	2005-11-20 23:54:39 UTC (rev 40280)
+++ Zope/branches/Zope-2_8-branch/lib/python/webdav/Lockable.py	2005-11-21 00:08:00 UTC (rev 40281)
@@ -42,8 +42,7 @@
     security.declarePrivate('wl_lockmapping')
     security.declarePublic('wl_isLocked', 'wl_getLock', 'wl_isLockedByUser',
                            'wl_lockItems', 'wl_lockValues', 'wl_lockTokens',)
-    security.declareProtected('WebDAV Lock items',
-                              'wl_grantLockToUser', 'wl_setLock')
+    security.declareProtected('WebDAV Lock items', 'wl_setLock')
     security.declareProtected('WebDAV Unlock items', 'wl_delLock')
     security.declareProtected('Manage WebDAV Locks', 'wl_clearLocks')

More information about the Zope-Checkins mailing list