[Zope-Checkins] SVN: Zope/trunk/ Use new-style security declarations everywhere possible. This means

Florent Guillaume fg at nuxeo.com
Mon Nov 21 11:54:06 EST 2005


Log message for revision 40300:
  Use new-style security declarations everywhere possible. This means
  remove the use of __ac_permissions__, foo__roles__ and
  default__class_init__. A few corner cases can't be converted because of
  circular imports.
  
  

Changed:
  U   Zope/trunk/doc/CHANGES.txt
  U   Zope/trunk/lib/python/AccessControl/Owned.py
  U   Zope/trunk/lib/python/AccessControl/Role.py
  U   Zope/trunk/lib/python/AccessControl/User.py
  U   Zope/trunk/lib/python/App/ApplicationManager.py
  U   Zope/trunk/lib/python/App/CacheManager.py
  U   Zope/trunk/lib/python/App/DavLockManager.py
  U   Zope/trunk/lib/python/App/Factory.py
  U   Zope/trunk/lib/python/App/FactoryDispatcher.py
  U   Zope/trunk/lib/python/App/ImageFile.py
  U   Zope/trunk/lib/python/App/Management.py
  U   Zope/trunk/lib/python/App/Product.py
  U   Zope/trunk/lib/python/App/Undo.py
  U   Zope/trunk/lib/python/Globals/__init__.py
  U   Zope/trunk/lib/python/HelpSys/HelpSys.py
  U   Zope/trunk/lib/python/HelpSys/HelpTopic.py
  U   Zope/trunk/lib/python/HelpSys/ObjectRef.py
  U   Zope/trunk/lib/python/OFS/Application.py
  U   Zope/trunk/lib/python/OFS/Cache.py
  U   Zope/trunk/lib/python/OFS/CopySupport.py
  U   Zope/trunk/lib/python/OFS/DTMLDocument.py
  U   Zope/trunk/lib/python/OFS/DTMLMethod.py
  U   Zope/trunk/lib/python/OFS/FindSupport.py
  U   Zope/trunk/lib/python/OFS/Folder.py
  U   Zope/trunk/lib/python/OFS/History.py
  U   Zope/trunk/lib/python/OFS/Image.py
  U   Zope/trunk/lib/python/OFS/ObjectManager.py
  U   Zope/trunk/lib/python/OFS/PropertyManager.py
  U   Zope/trunk/lib/python/OFS/PropertySheets.py
  U   Zope/trunk/lib/python/OFS/SimpleItem.py
  U   Zope/trunk/lib/python/OFS/Traversable.py
  U   Zope/trunk/lib/python/OFS/ZDOM.py
  U   Zope/trunk/lib/python/OFS/misc_.py
  U   Zope/trunk/lib/python/Products/ExternalMethod/ExternalMethod.py
  U   Zope/trunk/lib/python/Products/OFSP/Draft.py
  U   Zope/trunk/lib/python/Products/OFSP/Version.py
  U   Zope/trunk/lib/python/Products/PluginIndexes/TextIndex/Vocabulary.py
  U   Zope/trunk/lib/python/Products/SiteAccess/VirtualHostMonster.py
  U   Zope/trunk/lib/python/Products/StandardCacheManagers/AcceleratedHTTPCacheManager.py
  U   Zope/trunk/lib/python/Products/StandardCacheManagers/RAMCacheManager.py
  U   Zope/trunk/lib/python/Products/ZCatalog/ZCatalog.py
  U   Zope/trunk/lib/python/Products/ZSQLMethods/SQL.py
  U   Zope/trunk/lib/python/Shared/DC/Scripts/Bindings.py
  U   Zope/trunk/lib/python/Shared/DC/Scripts/BindingsUI.py
  U   Zope/trunk/lib/python/Shared/DC/Scripts/Script.py
  U   Zope/trunk/lib/python/Shared/DC/ZRDB/Connection.py
  U   Zope/trunk/lib/python/Shared/DC/ZRDB/DA.py
  U   Zope/trunk/lib/python/Testing/ZopeTestCase/ZopeLite.py
  U   Zope/trunk/lib/python/ZClasses/Property.py
  U   Zope/trunk/lib/python/ZClasses/ZClass.py
  U   Zope/trunk/lib/python/ZClasses/ZClassOwner.py
  U   Zope/trunk/lib/python/webdav/Collection.py
  U   Zope/trunk/lib/python/webdav/NullResource.py
  U   Zope/trunk/lib/python/webdav/Resource.py

-=-
Modified: Zope/trunk/doc/CHANGES.txt
===================================================================
--- Zope/trunk/doc/CHANGES.txt	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/doc/CHANGES.txt	2005-11-21 16:54:03 UTC (rev 40300)
@@ -26,6 +26,11 @@
 
     Features added
 
+      - Use new-style security declarations everywhere possible. This
+        means remove the use of __ac_permissions__, foo__roles__ and
+        default__class_init__. A few corner cases can't be converted
+        because of circular imports.
+
       - Fixed unclear security declarations. Warn when an attempt is
         made to have a security declaration on a nonexistent method.
 

Modified: Zope/trunk/lib/python/AccessControl/Owned.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/Owned.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/AccessControl/Owned.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,7 +16,11 @@
 """
 
 import Globals, urlparse, SpecialUsers, ExtensionClass
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from AccessControl import getSecurityManager, Unauthorized
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import take_ownership
 from Acquisition import aq_get, aq_parent, aq_base
 from zope.interface import implements
 
@@ -35,13 +39,8 @@
 
     implements(IOwned)
 
-    __ac_permissions__=(
-        ('View management screens',
-         ('manage_owner', 'owner_info')),
-        ('Take ownership',
-         ('manage_takeOwnership','manage_changeOwnershipType'),
-         ("Owner",)),
-        )
+    security = ClassSecurityInfo()
+    security.setPermissionDefault(take_ownership, ('Owner',))
 
     manage_options=({'label':  'Ownership',
                      'action': 'manage_owner',
@@ -50,8 +49,10 @@
                      },
                    )
 
+    security.declareProtected(view_management_screens, 'manage_owner')
     manage_owner=Globals.DTMLFile('dtml/owner', globals())
 
+    security.declareProtected(view_management_screens, 'owner_info')
     def owner_info(self):
         """Get ownership info for display
         """
@@ -67,7 +68,7 @@
            }
         return d
 
-    getOwner__roles__=()
+    security.declarePrivate('getOwner')
     def getOwner(self, info=0,
                  aq_get=aq_get,
                  UnownableOwner=UnownableOwner,
@@ -101,7 +102,7 @@
             if user is None: user = SpecialUsers.nobody
         return user
 
-    getOwnerTuple__roles__=()
+    security.declarePrivate('getOwnerTuple')
     def getOwnerTuple(self):
         """Return a tuple, (userdb_path, user_id) for the owner.
 
@@ -111,7 +112,7 @@
         """
         return aq_get(self, '_owner', None, 1)
 
-    getWrappedOwner__roles__=()
+    security.declarePrivate('getWrappedOwner')
     def getWrappedOwner(self):
         """Get the owner, modestly wrapped in the user folder.
 
@@ -141,7 +142,7 @@
 
         return user.__of__(udb)
 
-    changeOwnership__roles__=()
+    security.declarePrivate('changeOwnership')
     def changeOwnership(self, user, recursive=0):
         """Change the ownership to the given user.
 
@@ -174,6 +175,7 @@
         if owner == info: return 0
         return security.checkPermission('Take ownership', self)
 
+    security.declareProtected(take_ownership, 'manage_takeOwnership')
     def manage_takeOwnership(self, REQUEST, RESPONSE, recursive=0):
         """Take ownership (responsibility) for an object.
 
@@ -193,6 +195,7 @@
 
         RESPONSE.redirect(REQUEST['HTTP_REFERER'])
 
+    security.declareProtected(take_ownership, 'manage_changeOwnershipType')
     def manage_changeOwnershipType(self, explicit=1,
                                    RESPONSE=None, REQUEST=None):
         """Change the type (implicit or explicit) of ownership.
@@ -269,7 +272,7 @@
             except: pass
             if s is None: object._p_deactivate()
 
-Globals.default__class_init__(Owned)
+InitializeClass(Owned)
 
 
 class EmergencyUserCannotOwn(Exception):

Modified: Zope/trunk/lib/python/AccessControl/Role.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/Role.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/AccessControl/Role.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,7 +18,10 @@
 
 from Globals import DTMLFile, MessageDialog, Dictionary
 from Acquisition import Implicit, Acquired, aq_get
-import Globals, ExtensionClass, PermissionMapping, Products
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import change_permissions
+import ExtensionClass, PermissionMapping, Products
 from App.Common import aq_base
 from zope.interface import implements
 
@@ -41,21 +44,7 @@
 
     implements(IRoleManager)
 
-    __ac_permissions__=(
-        ('Change permissions',
-         ('manage_access', 'permission_settings',
-          'ac_inherited_permissions',
-          'manage_roleForm', 'manage_role',
-          'manage_acquiredForm', 'manage_acquiredPermissions',
-          'manage_permissionForm', 'manage_permission',
-          'manage_changePermissions', 'permissionsOfRole',
-          'rolesOfPermission', 'acquiredRolesAreUsedBy',
-          'manage_defined_roles', 'userdefined_roles',
-          'manage_listLocalRoles', 'manage_editLocalRoles',
-          'manage_setLocalRoles', 'manage_addLocalRoles',
-          'manage_delLocalRoles'
-          )),
-        )
+    security = ClassSecurityInfo()
 
     manage_options=(
         {'label':'Security', 'action':'manage_access',
@@ -74,6 +63,7 @@
 
     #------------------------------------------------------------
 
+    security.declareProtected(change_permissions, 'ac_inherited_permissions')
     def ac_inherited_permissions(self, all=0):
         # Get all permissions not defined in ourself that are inherited
         # This will be a sequence of tuples with a name as the first item and
@@ -96,6 +86,7 @@
 
         return tuple(r)
 
+    security.declareProtected(change_permissions, 'permission_settings')
     def permission_settings(self, permission=None):
         """Return user-role permission settings.
 
@@ -130,11 +121,13 @@
             result.append(d)
         return result
 
+    security.declareProtected(change_permissions, 'manage_roleForm')
     manage_roleForm=DTMLFile('dtml/roleEdit', globals(),
                              management_view='Security',
                              help_topic='Security_Manage-Role.stx',
                              help_product='OFSP')
 
+    security.declareProtected(change_permissions, 'manage_role')
     def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
         """Change the permissions given to the given role.
         """
@@ -146,11 +139,13 @@
 
         if REQUEST is not None: return self.manage_access(REQUEST)
 
+    security.declareProtected(change_permissions, 'manage_acquiredForm')
     manage_acquiredForm=DTMLFile('dtml/acquiredEdit', globals(),
                                  management_view='Security',
                                  help_topic='Security_Manage-Acquisition.stx',
                                  help_product='OFSP')
 
+    security.declareProtected(change_permissions, 'manage_acquiredPermissions')
     def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
         """Change the permissions that acquire.
         """
@@ -165,11 +160,13 @@
 
         if REQUEST is not None: return self.manage_access(REQUEST)
 
+    security.declareProtected(change_permissions, 'manage_permissionForm')
     manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(),
                                    management_view='Security',
                                    help_topic='Security_Manage-Permission.stx',
                                    help_product='OFSP')
 
+    security.declareProtected(change_permissions, 'manage_permission')
     def manage_permission(self, permission_to_manage,
                           roles=[], acquire=0, REQUEST=None):
         """Change the settings for the given permission.
@@ -197,6 +194,7 @@
 
     _method_manage_access=DTMLFile('dtml/methodAccess', globals())
 
+    security.declareProtected(change_permissions, 'manage_access')
     def manage_access(self, REQUEST, **kw):
         """Return an interface for making permissions settings.
         """
@@ -206,6 +204,7 @@
         else:
             return apply(self._normal_manage_access,(), kw)
 
+    security.declareProtected(change_permissions, 'manage_changePermissions')
     def manage_changePermissions(self, REQUEST):
         """Change all permissions settings, called by management screen.
         """
@@ -237,6 +236,7 @@
             message='Your changes have been saved',
             action ='manage_access')
 
+    security.declareProtected(change_permissions, 'permissionsOfRole')
     def permissionsOfRole(self, role):
         """Used by management screen.
         """
@@ -250,6 +250,7 @@
                       })
         return r
 
+    security.declareProtected(change_permissions, 'rolesOfPermission')
     def rolesOfPermission(self, permission):
         """Used by management screen.
         """
@@ -269,6 +270,7 @@
         raise ValueError, (
             "The permission <em>%s</em> is invalid." % escape(permission))
 
+    security.declareProtected(change_permissions, 'acquiredRolesAreUsedBy')
     def acquiredRolesAreUsedBy(self, permission):
         """Used by management screen.
         """
@@ -293,11 +295,13 @@
 
     __ac_local_roles__=None
 
+    security.declareProtected(change_permissions, 'manage_listLocalRoles')
     manage_listLocalRoles=DTMLFile('dtml/listLocalRoles', globals(),
                                    management_view='Security',
                                    help_topic='Security_Local-Roles.stx',
                                    help_product='OFSP')
 
+    security.declareProtected(change_permissions, 'manage_editLocalRoles')
     manage_editLocalRoles=DTMLFile('dtml/editLocalRoles', globals(),
                                    management_view='Security',
                                    help_topic='Security_User-Local-Roles.stx',
@@ -353,6 +357,7 @@
         dict=self.__ac_local_roles__ or {}
         return tuple(dict.get(userid, []))
 
+    security.declareProtected(change_permissions, 'manage_addLocalRoles')
     def manage_addLocalRoles(self, userid, roles, REQUEST=None):
         """Set local roles for a user."""
         if not roles:
@@ -370,6 +375,7 @@
             stat='Your changes have been saved.'
             return self.manage_listLocalRoles(self, REQUEST, stat=stat)
 
+    security.declareProtected(change_permissions, 'manage_setLocalRoles')
     def manage_setLocalRoles(self, userid, roles, REQUEST=None):
         """Set local roles for a user."""
         if not roles:
@@ -383,6 +389,7 @@
             stat='Your changes have been saved.'
             return self.manage_listLocalRoles(self, REQUEST, stat=stat)
 
+    security.declareProtected(change_permissions, 'manage_delLocalRoles')
     def manage_delLocalRoles(self, userids, REQUEST=None):
         """Remove all local roles for a user."""
         dict=self.__ac_local_roles__
@@ -398,7 +405,7 @@
 
     #------------------------------------------------------------
 
-    access_debug_info__roles__=()
+    security.declarePrivate('access_debug_info')
     def access_debug_info(self):
         """Return debug info.
         """
@@ -450,6 +457,7 @@
                 return 0
         return 1
 
+    security.declareProtected(change_permissions, 'userdefined_roles')
     def userdefined_roles(self):
         """Return list of user-defined roles.
         """
@@ -459,6 +467,7 @@
             except: pass
         return tuple(roles)
 
+    security.declareProtected(change_permissions, 'manage_defined_roles')
     def manage_defined_roles(self, submit=None, REQUEST=None):
         """Called by management screen.
         """
@@ -534,7 +543,7 @@
 
         return d
 
-Globals.default__class_init__(RoleManager)
+InitializeClass(RoleManager)
 
 
 def reqattr(request, attr):

Modified: Zope/trunk/lib/python/AccessControl/User.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/User.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/AccessControl/User.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -20,10 +20,12 @@
 import socket
 from base64 import decodestring
 
-import Globals
 from Acquisition import Implicit
 from App.Management import Navigation, Tabs
 from Globals import DTMLFile, MessageDialog, Persistent, PersistentMapping
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import manage_users as ManageUsers
 from OFS.SimpleItem import Item
 from zExceptions import Unauthorized, BadRequest
 from zope.interface import implements
@@ -459,6 +461,8 @@
 
     encrypt_passwords = 1
 
+    security = ClassSecurityInfo()
+
     manage_options=(
         (
         {'label':'Contents', 'action':'manage_main',
@@ -470,32 +474,26 @@
         +Item.manage_options
         )
 
-    __ac_permissions__=(
-        ('Manage users',
-         ('manage_users','getUserNames', 'getUser', 'getUsers',
-          'getUserById', 'user_names', 'setDomainAuthenticationMode',
-          'userFolderAddUser', 'userFolderEditUser', 'userFolderDelUsers',
-          )
-         ),
-        )
-
-
     # ----------------------------------
     # Public UserFolder object interface
     # ----------------------------------
 
+    security.declareProtected(ManageUsers, 'getUserNames')
     def getUserNames(self):
         """Return a list of usernames"""
         raise NotImplementedError
 
+    security.declareProtected(ManageUsers, 'getUsers')
     def getUsers(self):
         """Return a list of user objects"""
         raise NotImplementedError
 
+    security.declareProtected(ManageUsers, 'getUser')
     def getUser(self, name):
         """Return the named user object or None"""
         raise NotImplementedError
 
+    security.declareProtected(ManageUsers, 'getUserById')
     def getUserById(self, id, default=None):
         """Return the user corresponding to the given id.
         """
@@ -534,6 +532,8 @@
     # Authors of custom user folders don't need to do anything special to
     # support these - they will just call the appropriate '_' methods that
     # user folder subclasses already implement.
+
+    security.declareProtected(ManageUsers, 'userFolderAddUser')
     def userFolderAddUser(self, name, password, roles, domains, **kw):
         """API method for creating a new user object. Note that not all
            user folder implementations support dynamic creation of user
@@ -542,6 +542,7 @@
             return self._doAddUser(name, password, roles, domains, **kw)
         raise NotImplementedError
 
+    security.declareProtected(ManageUsers, 'userFolderEditUser')
     def userFolderEditUser(self, name, password, roles, domains, **kw):
         """API method for changing user object attributes. Note that not
            all user folder implementations support changing of user object
@@ -550,6 +551,7 @@
             return self._doChangeUser(name, password, roles, domains, **kw)
         raise NotImplementedError
 
+    security.declareProtected(ManageUsers, 'userFolderDelUsers')
     def userFolderDelUsers(self, names):
         """API method for deleting one or more user objects. Note that not
            all user folder implementations support deletion of user objects."""
@@ -929,6 +931,7 @@
         self._doDelUsers(names)
         if REQUEST: return self._mainUser(self, REQUEST)
 
+    security.declareProtected(ManageUsers, 'manage_users')
     def manage_users(self,submit=None,REQUEST=None,RESPONSE=None):
         """This method handles operations on users for the web based forms
            of the ZMI. Application code (code that is outside of the forms
@@ -968,6 +971,7 @@
 
         return self._mainUser(self, REQUEST)
 
+    security.declareProtected(ManageUsers, 'user_names')
     def user_names(self):
         return self.getUserNames()
 
@@ -994,6 +998,7 @@
     # Domain authentication support. This is a good candidate to
     # become deprecated in future Zope versions.
 
+    security.declareProtected(ManageUsers, 'setDomainAuthenticationMode')
     def setDomainAuthenticationMode(self, domain_auth_mode):
         """Set the domain-based authentication mode. By default, this
            mode is off due to the high overhead of the operation that
@@ -1098,7 +1103,7 @@
                     pass
 
 
-Globals.default__class_init__(UserFolder)
+InitializeClass(UserFolder)
 
 
 def manage_addUserFolder(self,dtself=None,REQUEST=None,**ignored):

Modified: Zope/trunk/lib/python/App/ApplicationManager.py
===================================================================
--- Zope/trunk/lib/python/App/ApplicationManager.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/ApplicationManager.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,6 +15,7 @@
 __version__='$Revision: 1.94 $'[11:-2]
 
 import sys,os,time,Globals, Acquisition, os, Undo
+from Globals import InitializeClass
 from Globals import DTMLFile
 from OFS.ObjectManager import ObjectManager
 from OFS.Folder import Folder
@@ -69,8 +70,8 @@
     manage_cacheParameters=Globals.DTMLFile('dtml/cacheParameters', globals())
     manage_cacheGC=Globals.DTMLFile('dtml/cacheGC', globals())
 
+InitializeClass(DatabaseManager)
 
-Globals.default__class_init__(DatabaseManager)
 
 class FakeConnection:
     # Supports the methods of Connection that CacheManager needs
@@ -133,7 +134,7 @@
             res.append(m.__of__(self))
         return res
 
-Globals.InitializeClass(DatabaseChooser)
+InitializeClass(DatabaseChooser)
 
 
 class VersionManager(Fake, SimpleItem.Item, Acquisition.Implicit):
@@ -152,7 +153,7 @@
         )
         )
 
-Globals.default__class_init__(VersionManager)
+InitializeClass(VersionManager)
 
 
 
@@ -264,7 +265,7 @@
     def manage_getSysPath(self):
         return list(sys.path)
 
-Globals.default__class_init__(DebugManager)
+InitializeClass(DebugManager)
 
 
 

Modified: Zope/trunk/lib/python/App/CacheManager.py
===================================================================
--- Zope/trunk/lib/python/App/CacheManager.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/CacheManager.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -20,6 +20,7 @@
 import time
 
 import Globals
+from Globals import InitializeClass
 from DateTime import DateTime
 
 class CacheManager:
@@ -294,5 +295,4 @@
                }
         return res
 
-
-Globals.default__class_init__(CacheManager)
+InitializeClass(CacheManager)

Modified: Zope/trunk/lib/python/App/DavLockManager.py
===================================================================
--- Zope/trunk/lib/python/App/DavLockManager.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/DavLockManager.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -14,6 +14,7 @@
 __version__ = "$Revision: 1.8 $"[11:-2]
 
 import OFS, Acquisition, Globals
+from Globals import InitializeClass
 from AccessControl import getSecurityManager, ClassSecurityInfo
 from webdav.Lockable import wl_isLocked
 
@@ -104,5 +105,4 @@
 
         return result
 
-
-Globals.default__class_init__(DavLockManager)
+InitializeClass(DavLockManager)

Modified: Zope/trunk/lib/python/App/Factory.py
===================================================================
--- Zope/trunk/lib/python/App/Factory.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/Factory.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,6 +16,10 @@
 __version__='$Revision: 1.27 $'[11:-2]
 
 import OFS.SimpleItem, Acquisition, Globals, AccessControl.Role
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import edit_factories
+from AccessControl.Permissions import use_factories
 
 class Factory(
     AccessControl.Role.RoleManager,
@@ -25,15 +29,13 @@
     meta_type='Zope Factory'
     icon='p_/Factory_icon'
 
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(use_factories)
+
     permission='' # Waaaa
 
     _setObject=_getOb=Acquisition.Acquired
 
-    __ac_permissions__=(
-        ('Edit Factories', ('manage_edit','manage_main')),
-        ('Use Factories', ('index_html','')),
-        )
-
     manage_options=(
         (
         {'label':'Edit', 'action':'manage_main',
@@ -50,11 +52,12 @@
         self.initial=initial
         self.permission=permission
 
-    initializePermission__roles__ = ()
+    security.declarePrivate('initializePermission')
     def initializePermission(self):
-        self.manage_setPermissionMapping(('Use Factories',),
+        self.manage_setPermissionMapping((use_factories,),
                                          (self.permission,))
 
+    security.declareProtected(edit_factories, 'manage_edit')
     def manage_edit(self, title, object_type, initial, permission='',
                     REQUEST=None):
         "Modify factory properties."
@@ -63,7 +66,7 @@
         self.object_type=object_type
         self.initial=initial
         self.permission=permission
-        self.manage_setPermissionMapping(('Use Factories',), (permission,))
+        self.manage_setPermissionMapping((use_factories,), (permission,))
         self._register()
         if REQUEST is not None: return self.manage_main(self, REQUEST)
 
@@ -100,8 +103,10 @@
         product.aq_acquire('_manage_remove_product_meta_type')(
             product, self.id, self.object_type)
 
+    security.declareProtected(edit_factories, 'manage_main')
     manage_main=Globals.DTMLFile('dtml/editFactory',globals())
 
+    security.declareProtected(use_factories, 'index_html')
     def index_html(self, REQUEST):
         " "
         return getattr(self, self.initial)(self.aq_parent, REQUEST)
@@ -112,4 +117,7 @@
             self.aq_parent.objectIds()
             )
 
+InitializeClass(Factory)
+
+
 class ProductFactory(Factory): pass

Modified: Zope/trunk/lib/python/App/FactoryDispatcher.py
===================================================================
--- Zope/trunk/lib/python/App/FactoryDispatcher.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/FactoryDispatcher.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -14,6 +14,8 @@
 
 # Implement the manage_addProduct method of object managers
 import Acquisition, sys, Products
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from AccessControl.PermissionMapping import aqwrap
 from AccessControl.Owned import UnownableOwner
 
@@ -41,6 +43,8 @@
     """Provide a namespace for product "methods"
     """
 
+    security = ClassSecurityInfo()
+
     _owner=UnownableOwner
 
     def __init__(self, product, dest, REQUEST=None):
@@ -55,13 +59,15 @@
                 v=v[:v.rfind('/')]
                 self._u=v[:v.rfind('/')]
 
+    security.declarePublic('Destination')
     def Destination(self):
         "Return the destination for factory output"
         return self.__dict__['_d'] # we don't want to wrap the result!
+
+    security.declarePublic('this')
     this=Destination
-    this__roles__=Destination__roles__=None
 
-
+    security.declarePublic('DestinationURL')
     def DestinationURL(self):
         "Return the URL for the destination for factory output"
         url=getattr(self, '_u', None)
@@ -69,8 +75,6 @@
             url=self.Destination().absolute_url()
         return url
 
-    DestinationURL__roles__=None
-
     def __getattr__(self, name):
         p=self.__dict__['_product']
         d=p.__dict__
@@ -102,3 +106,4 @@
         d = update_menu and '/manage_main?update_menu=1' or '/manage_main'
         REQUEST['RESPONSE'].redirect(self.DestinationURL()+d)
 
+InitializeClass(FactoryDispatcher)

Modified: Zope/trunk/lib/python/App/ImageFile.py
===================================================================
--- Zope/trunk/lib/python/App/ImageFile.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/ImageFile.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -17,6 +17,8 @@
 import os
 import time
 
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from App.config import getConfiguration
 from OFS.content_types import guess_content_type
 from Globals import package_home
@@ -28,6 +30,8 @@
 class ImageFile(Acquisition.Explicit):
     """Image objects stored in external files."""
 
+    security = ClassSecurityInfo()
+
     def __init__(self,path,_prefix=None):
         if _prefix is None:
             _prefix=getConfiguration().softwarehome
@@ -84,7 +88,7 @@
 
         return open(self.path,'rb').read()
 
-    HEAD__roles__=None
+    security.declarePublic('HEAD')
     def HEAD(self, REQUEST, RESPONSE):
         """ """
         RESPONSE.setHeader('Content-Type', self.content_type)
@@ -97,3 +101,5 @@
 
     def __str__(self):
         return '<img src="%s" alt="" />' % self.__name__
+
+InitializeClass(ImageFile)

Modified: Zope/trunk/lib/python/App/Management.py
===================================================================
--- Zope/trunk/lib/python/App/Management.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/Management.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,10 +15,13 @@
 $Id$
 """
 
-import sys, Globals, ExtensionClass, urllib
+import sys, ExtensionClass, urllib
 from Globals import DTMLFile, HTMLFile
+from Globals import InitializeClass
 from zExceptions import Redirect
 from AccessControl import getSecurityManager, Unauthorized
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
 from cgi import escape
 from zope.interface import implements
 
@@ -28,13 +31,15 @@
 class Tabs(ExtensionClass.Base):
     """Mix-in provides management folder tab support."""
 
-    manage_tabs__roles__=('Anonymous',)
+    security = ClassSecurityInfo()
+
+    security.declarePublic('manage_tabs')
     manage_tabs=DTMLFile('dtml/manage_tabs', globals())
 
 
     manage_options  =()
 
-    filtered_manage_options__roles__=None
+    security.declarePublic('filtered_manage_options')
     def filtered_manage_options(self, REQUEST=None):
 
         validate=getSecurityManager().validate
@@ -131,7 +136,7 @@
         out.append(last)
         return '/'.join(out)
 
-    class_manage_path__roles__=None
+    security.declarePublic('class_manage_path')
     def class_manage_path(self):
         if self.__class__.__module__[:1] != '*':
             return
@@ -150,7 +155,7 @@
         if path:
             return '/Control_Panel/Products/%s/manage_workspace' % path
 
-Globals.default__class_init__(Tabs)
+InitializeClass(Tabs)
 
 
 class Navigation(ExtensionClass.Base):
@@ -158,36 +163,38 @@
 
     implements(INavigation)
 
-    __ac_permissions__=(
-        ('View management screens',
-         ('manage', 'manage_menu', 'manage_top_frame',
-          'manage_page_header',
-          'manage_page_footer',
-          )),
-        )
+    security = ClassSecurityInfo()
 
+    security.declareProtected(view_management_screens, 'manage')
     manage            =DTMLFile('dtml/manage', globals())
+
+    security.declareProtected(view_management_screens, 'manage_menu')
     manage_menu       =DTMLFile('dtml/menu', globals())
 
+    security.declareProtected(view_management_screens, 'manage_top_frame')
     manage_top_frame  =DTMLFile('dtml/manage_top_frame', globals())
+
+    security.declareProtected(view_management_screens, 'manage_page_header')
     manage_page_header=DTMLFile('dtml/manage_page_header', globals())
+
+    security.declareProtected(view_management_screens, 'manage_page_footer')
     manage_page_footer=DTMLFile('dtml/manage_page_footer', globals())
 
+    security.declarePublic('manage_form_title')
     manage_form_title =DTMLFile('dtml/manage_form_title', globals(),
                                 form_title='Add Form',
                                 help_product=None,
                                 help_topic=None)
     manage_form_title._setFuncSignature(
         varnames=('form_title', 'help_product', 'help_topic') )
-    manage_form_title__roles__ = None
 
+    security.declarePublic('zope_quick_start')
     zope_quick_start=DTMLFile('dtml/zope_quick_start', globals())
-    zope_quick_start__roles__=None
 
+    security.declarePublic('manage_copyright')
     manage_copyright=DTMLFile('dtml/copyright', globals())
-    manage_copyright__roles__ = None
 
-    manage_zmi_logout__roles__ = None
+    security.declarePublic('manage_zmi_logout')
     def manage_zmi_logout(self, REQUEST, RESPONSE):
         """Logout current user"""
         p = getattr(REQUEST, '_logout_path', None)
@@ -207,12 +214,14 @@
 </html>""")
         return
 
-
+    security.declarePublic('manage_zmi_prefs')
     manage_zmi_prefs=DTMLFile('dtml/manage_zmi_prefs', globals())
-    manage_zmi_prefs__roles__ = None
 
+# Navigation doesn't have an inherited __class_init__ so doesn't get
+# initialized automatically.
+
 file = DTMLFile('dtml/manage_page_style.css', globals())
+Navigation.security.declarePublic('manage_page_style.css')
 setattr(Navigation, 'manage_page_style.css', file)
-setattr(Navigation, 'manage_page_style.css__roles__', None)
 
-Globals.default__class_init__(Navigation)
+InitializeClass(Navigation)

Modified: Zope/trunk/lib/python/App/Product.py
===================================================================
--- Zope/trunk/lib/python/App/Product.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/Product.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -41,10 +41,12 @@
 import transaction
 
 import Globals, OFS.Folder, OFS.SimpleItem,  Acquisition, Products
+from Globals import InitializeClass
 import ZClasses, AccessControl.Owned
 from OFS.Folder import Folder
 from HelpSys.HelpSys import ProductHelp
 from AccessControl import Unauthorized
+from AccessControl import ClassSecurityInfo
 
 from Factory import Factory
 from Permission import PermissionManager
@@ -79,12 +81,15 @@
     def _canCopy(self, op=0):
         return 0
 
-Globals.InitializeClass(ProductFolder)
+InitializeClass(ProductFolder)
 
 
 class Product(Folder, PermissionManager):
     """Model a product that can be created through the web.
     """
+
+    security =  ClassSecurityInfo()
+
     meta_type='Product'
     icon='p_/Product_icon'
     version=''
@@ -171,15 +176,15 @@
         except:
             pass
 
+    security.declarePublic('Destination')
     def Destination(self):
         "Return the destination for factory output"
         return self
-    Destination__roles__=None
 
+    security.declarePublic('DestinationURL')
     def DestinationURL(self):
         "Return the URL for the destination for factory output"
         return self.REQUEST['BASE4']
-    DestinationURL__roles__=None
 
     def manage_distribute(self, version, RESPONSE, configurable_objects=[],
                           redistributable=0):
@@ -419,7 +424,7 @@
         if REQUEST is not None:
             return self.manage_refresh(REQUEST)
 
-Globals.InitializeClass(Product)
+InitializeClass(Product)
 
 
 class CompressedOutputFile:

Modified: Zope/trunk/lib/python/App/Undo.py
===================================================================
--- Zope/trunk/lib/python/App/Undo.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/Undo.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,7 +16,10 @@
 """
 
 from Acquisition import aq_base, aq_parent, aq_inner
+from Globals import InitializeClass
 from AccessControl import getSecurityManager
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import undo_changes
 from DateTime import DateTime
 import Globals, ExtensionClass
 from ZopeUndo.Prefix import Prefix
@@ -30,19 +33,14 @@
 
     implements(IUndoSupport)
 
-    __ac_permissions__=(
-        ('Undo changes', (
-            'manage_undo_transactions',
-            'undoable_transactions',
-            'manage_UndoForm',
-            )),
-        )
+    security = ClassSecurityInfo()
 
     manage_options=(
         {'label':'Undo', 'action':'manage_UndoForm',
          'help':('OFSP','Undo.stx')},
         )
 
+    security.declareProtected(undo_changes, 'manage_UndoForm')
     manage_UndoForm=Globals.DTMLFile(
         'dtml/undo',
         globals(),
@@ -64,6 +62,7 @@
             else: v=default
             return v
 
+    security.declareProtected(undo_changes, 'undoable_transactions')
     def undoable_transactions(self, first_transaction=None,
                               last_transaction=None,
                               PrincipiaUndoBatchSize=None):
@@ -123,6 +122,7 @@
 
         return r
 
+    security.declareProtected(undo_changes, 'manage_undo_transactions')
     def manage_undo_transactions(self, transaction_info=(), REQUEST=None):
         """
         """
@@ -139,7 +139,7 @@
         REQUEST['RESPONSE'].redirect("%s/manage_UndoForm" % REQUEST['URL1'])
         return ''
 
-Globals.default__class_init__(UndoSupport)
+InitializeClass(UndoSupport)
 
 ########################################################################
 # Blech, need this cause binascii.b2a_base64 is too pickly

Modified: Zope/trunk/lib/python/Globals/__init__.py
===================================================================
--- Zope/trunk/lib/python/Globals/__init__.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Globals/__init__.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -26,12 +26,12 @@
 from App.Common import package_home, attrget, Dictionary
 from App.config import getConfiguration as _getConfiguration
 from Persistence import Persistent, PersistentMapping
-from App.special_dtml import HTML, HTMLFile, DTMLFile
 from App.class_init import default__class_init__, ApplicationDefaultPermissions
 
 # Nicer alias for class initializer.
 InitializeClass = default__class_init__
 
+from App.special_dtml import HTML, HTMLFile, DTMLFile
 from App.Dialogs import MessageDialog
 from App.ImageFile import ImageFile
 

Modified: Zope/trunk/lib/python/HelpSys/HelpSys.py
===================================================================
--- Zope/trunk/lib/python/HelpSys/HelpSys.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/HelpSys/HelpSys.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,12 +15,16 @@
 from OFS.SimpleItem import Item
 from OFS.ObjectManager import ObjectManager
 from Globals import Persistent, DTMLFile, HTML
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import access_contents_information
+from AccessControl.Permissions import add_documents_images_and_files
+from AccessControl.Permissions import view as View
 from Products.ZCatalog.ZCatalog import ZCatalog
 from Products.ZCatalog.Lazy import LazyCat
 from cgi import escape
 import Products
 import HelpTopic
-import Globals
 
 class HelpSys(Acquisition.Implicit, ObjectManager, Item, Persistent):
     """
@@ -30,22 +34,18 @@
     """
     meta_type='Help System'
 
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(View)
+
     manage_options=(
         {'label' : 'Contents', 'action' : 'menu'},
         {'label' : 'Search', 'action' : 'search'},
     )
 
-    __ac_permissions__=(
-        ('View',
-         ('__call__', 'searchResults', 'HelpButton', '',
-          'index_html', 'menu', 'search', 'results', 'main',
-          'helpLink')),
-        ('Access contents information', ('helpValues',)),
-        )
-
     def __init__(self, id='HelpSys'):
         self.id=id
 
+    security.declareProtected(access_contents_information, 'helpValues')
     def helpValues(self, spec=None):
         "ProductHelp objects of all Products that have help"
         hv=[]
@@ -59,6 +59,8 @@
     # Seaching does an aggregated search of all ProductHelp
     # objects. Only Help Topics for which the user has permissions
     # are returned.
+
+    security.declareProtected(View, '__call__')
     def __call__(self, REQUEST=None, **kw):
         "Searchable interface"
         if REQUEST is not None:
@@ -73,18 +75,29 @@
             results.append(apply(getattr(ph, '__call__'), (REQUEST,) , kw))
         return LazyCat(results)
 
+    security.declareProtected(View, 'searchResults')
     searchResults=__call__
 
+    security.declareProtected(View, 'index_html')
     index_html=DTMLFile('dtml/frame', globals())
+
+    security.declareProtected(View, 'menu')
     menu=DTMLFile('dtml/menu', globals())
+
+    security.declareProtected(View, 'search')
     search=DTMLFile('dtml/search', globals())
+
+    security.declareProtected(View, 'results')
     results=DTMLFile('dtml/results', globals())
+
+    security.declareProtected(View, 'main')
     main=HTML("""<html></html>""")
     standard_html_header=DTMLFile('dtml/menu_header', globals())
     standard_html_footer=DTMLFile('dtml/menu_footer', globals())
 
     button=DTMLFile('dtml/button', globals())
 
+    security.declareProtected(View, 'HelpButton')
     def HelpButton(self, topic, product):
         """
         Insert a help button linked to a help topic.
@@ -93,6 +106,7 @@
 
     helpURL=DTMLFile('dtml/helpURL',globals())
 
+    security.declareProtected(View, 'helpLink')
     def helpLink(self, product='OFSP', topic='ObjectManager_Contents.stx'):
         # Generate an <a href...> tag linking to a help topic. This
         # is a little lighter weight than the help button approach.
@@ -133,7 +147,7 @@
             cols.append(TreeCollection(k,v,0))
         return cols
 
-Globals.default__class_init__(HelpSys)
+InitializeClass(HelpSys)
 
 
 class TreeCollection:
@@ -188,6 +202,8 @@
     meta_type='Product Help'
     icon='p_/ProductHelp_icon'
 
+    security = ClassSecurityInfo()
+
     lastRegistered=None
 
     meta_types=({'name':'Help Topic',
@@ -200,10 +216,6 @@
         Item.manage_options
         )
 
-    __ac_permissions__=(
-        ('Add Documents, Images, and Files', ('addTopicForm', 'addTopic')),
-        )
-
     def __init__(self, id='Help', title=''):
         self.id=id
         self.title=title
@@ -222,8 +234,10 @@
         c.addColumn('url')
         c.addColumn('id')
 
+    security.declareProtected(add_documents_images_and_files, 'addTopicForm')
     addTopicForm=DTMLFile('dtml/addTopic', globals())
 
+    security.declareProtected(add_documents_images_and_files, 'addTopic')
     def addTopic(self, id, title, REQUEST=None):
         "Add a Help Topic"
         topic=HelpTopic.DTMLDocumentTopic(
@@ -295,5 +309,4 @@
     standard_html_header=DTMLFile('dtml/topic_header', globals())
     standard_html_footer=DTMLFile('dtml/topic_footer', globals())
 
-
-Globals.default__class_init__(ProductHelp)
+InitializeClass(ProductHelp)

Modified: Zope/trunk/lib/python/HelpSys/HelpTopic.py
===================================================================
--- Zope/trunk/lib/python/HelpSys/HelpTopic.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/HelpSys/HelpTopic.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,6 +15,10 @@
 from ComputedAttribute import ComputedAttribute
 from OFS.SimpleItem import Item
 from Globals import Persistent, HTML, DTMLFile, ImageFile
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import access_contents_information
+from AccessControl.Permissions import view as View
 from OFS.DTMLDocument import DTMLDocument
 from OFS.PropertyManager import PropertyManager
 import os.path
@@ -115,16 +119,19 @@
     icon='p_/HelpTopic_icon'
     _v_last_read = 0
 
+    security = ClassSecurityInfo()
+
     manage_options=(
         {'label':'Properties', 'action':'manage_propertiesForm'},
         {'label':'View', 'action':'index_html'},
         )
 
-    __ac_permissions__=(
-        ('View', ('index_html', 'SearchableText', 'url')),
-        ('Access contents information', ('helpValues',)),
-        )
+    security.declareProtected(View, 'SearchableText')
 
+    security.declareProtected(View, 'url')
+
+    security.declareProtected(access_contents_information, 'helpValues')
+
     def _set_last_read(self, filepath):
         try:    mtime = os.stat(filepath)[8]
         except: mtime = 0
@@ -141,11 +148,14 @@
                 self._v_last_read=mtime
                 self.reindex_object()
 
+    security.declareProtected(View, 'index_html')
     def index_html(self, REQUEST, RESPONSE):
         "View the Help Topic"
         raise NotImplementedError
 
+InitializeClass(HelpTopic)
 
+
 class DTMLDocumentTopic(HelpTopicBase, DTMLDocument):
     """
     A user addable Help Topic based on DTML Document.

Modified: Zope/trunk/lib/python/HelpSys/ObjectRef.py
===================================================================
--- Zope/trunk/lib/python/HelpSys/ObjectRef.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/HelpSys/ObjectRef.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,6 +15,8 @@
 __version__='$Revision: 1.10 $'[11:-2]
 
 
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 import sys, os,  Globals, Acquisition
 from HelpUtil import HelpBase, classobject
 from HelpUtil import is_class, is_module
@@ -26,7 +28,8 @@
 
 class ObjectItem(HelpBase, classobject):
     """ """
-    __roles__=None
+    security = ClassSecurityInfo()
+    security.declareObjectPublic()
 
     hs_main=DTMLFile('dtml/objectitem', globals())
 
@@ -75,16 +78,19 @@
         del mdict
         return mlist
 
-    hs_objectvalues__roles__=None
+    security.declarePublic('hs_objectvalues')
     def hs_objectvalues(self):
         return []
 
+InitializeClass(ObjectItem)
 
 
 class ObjectRef(HelpBase):
     """ """
+    security = ClassSecurityInfo()
+    security.declareObjectPublic()
+
     __names__=None
-    __roles__=None
 
     hs_main=DTMLFile('dtml/objectref', globals())
 
@@ -129,7 +135,7 @@
                 dict=self.hs_search_mod(v, dict)
         return dict
 
-    hs_objectvalues__roles__=None
+    security.declarePublic('hs_objectvalues')
     def hs_objectvalues(self):
         if self.__names__ is None:
             self.hs_deferred__init__()
@@ -140,3 +146,5 @@
 
     def __getitem__(self, key):
         return self.__dict__[key].__of__(self)
+
+InitializeClass(ObjectRef)

Modified: Zope/trunk/lib/python/OFS/Application.py
===================================================================
--- Zope/trunk/lib/python/OFS/Application.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/Application.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -22,6 +22,8 @@
 
 import Globals, Products, App.Product, App.ProductRegistry
 import transaction
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from AccessControl.User import UserFolder
 from Acquisition import aq_base
 from App.ApplicationManager import ApplicationManager
@@ -51,8 +53,9 @@
 
     implements(IApplication)
 
+    security = ClassSecurityInfo()
+
     title ='Zope'
-    #__roles__=['Manager', 'Anonymous']
     __defined_roles__=('Manager','Anonymous','Owner')
     web__form__method='GET'
     isTopLevelPrincipiaApplicationObject=1
@@ -103,7 +106,7 @@
         return self.title
 
     def __class_init__(self):
-        Globals.default__class_init__(self)
+        InitializeClass(self)
 
     def PrincipiaRedirect(self, destination, URL1):
         """Utility function to allow user-controlled redirects"""
@@ -135,7 +138,7 @@
 
     ZopeTime = PrincipiaTime
 
-    ZopeAttributionButton__roles__=None
+    security.declarePublic('ZopeAttributionButton')
     def ZopeAttributionButton(self):
         """Returns an HTML fragment that displays the 'powered by zope'
         button along with a link to the Zope site."""
@@ -194,7 +197,7 @@
         # We're at the base of the path.
         return ('',)
 
-    fixupZClassDependencies__roles__=()
+    security.declarePrivate('fixupZClassDependencies')
     def fixupZClassDependencies(self, rebuild=0):
         # Note that callers should not catch exceptions from this method
         # to ensure that the transaction gets aborted if the registry
@@ -252,7 +255,7 @@
 
         return result
 
-    checkGlobalRegistry__roles__=()
+    security.declarePrivate('checkGlobalRegistry')
     def checkGlobalRegistry(self):
         """Check the global (zclass) registry for problems, which can
         be caused by things like disk-based products being deleted.
@@ -268,20 +271,22 @@
             return 1
         return 0
 
-    _setInitializerRegistry__roles__ = ()
+    security.declarePrivate('_setInitializerFlag')
     def _setInitializerFlag(self, flag):
         if self._initializer_registry is None:
             self._initializer_registry = {}
         self._initializer_registry[flag] = 1
 
-    _getInitializerRegistry__roles__ = ()
+    security.declarePrivate('_getInitializerFlag')
     def _getInitializerFlag(self, flag):
         reg = self._initializer_registry
         if reg is None:
             reg = {}
         return reg.get(flag)
 
+InitializeClass(Application)
 
+
 class Expired(Globals.Persistent):
 
     icon='p_/broken'
@@ -645,7 +650,7 @@
                         folder_permissions, raise_exc=debug_mode)
 
     Products.meta_types=Products.meta_types+tuple(meta_types)
-    Globals.default__class_init__(Folder.Folder)
+    InitializeClass(Folder.Folder)
 
 def get_products():
     """ Return a list of tuples in the form:
@@ -923,7 +928,7 @@
             break
 
     Products.meta_types=Products.meta_types+tuple(meta_types)
-    Globals.default__class_init__(Folder.Folder)
+    InitializeClass(Folder.Folder)
 
 
 def reimport_product(product_name):

Modified: Zope/trunk/lib/python/OFS/Cache.py
===================================================================
--- Zope/trunk/lib/python/OFS/Cache.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/Cache.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,16 +16,19 @@
 """
 import time, sys
 import Globals
+from Globals import InitializeClass
 from Globals import DTMLFile
 from Acquisition import aq_get, aq_acquire, aq_inner, aq_parent, aq_base
 from zLOG import LOG, WARNING
+from AccessControl import ClassSecurityInfo
 from AccessControl import getSecurityManager
 from AccessControl.Role import _isBeingUsedAsAMethod
 from AccessControl import Unauthorized
+from AccessControl.Permissions import view_management_screens
 
 ZCM_MANAGERS = '__ZCacheManager_ids__'
 
-ViewManagementScreensPermission = 'View management screens'
+ViewManagementScreensPermission = view_management_screens
 ChangeCacheSettingsPermission = 'Change cache settings'
 
 
@@ -86,21 +89,11 @@
         'help':('OFSP','Cacheable-properties.stx'),
         },)
 
-    __ac_permissions__ = (
-        (ViewManagementScreensPermission,
-         ('ZCacheable_manage',
-          'ZCacheable_invalidate',
-          'ZCacheable_enabled',
-          'ZCacheable_getManagerId',
-          'ZCacheable_getManagerIds',
-          'ZCacheable_configHTML',
-          )),
-        (ChangeCacheSettingsPermission,
-         ('ZCacheable_setManagerId',
-          'ZCacheable_setEnabled',
-          ), ('Manager',)),
-        )
+    security = ClassSecurityInfo()
+    security.setPermissionDefault(ChangeCacheSettingsPermission, ('Manager',))
 
+    security.declareProtected(ViewManagementScreensPermission,
+                              'ZCacheable_manage')
     ZCacheable_manage = DTMLFile('dtml/cacheable', globals())
 
     _v_ZCacheable_cache = None
@@ -109,7 +102,7 @@
     __enabled = 1
     _isCacheable = 1
 
-    ZCacheable_getManager__roles__ = ()
+    security.declarePrivate('ZCacheable_getManager')
     def ZCacheable_getManager(self):
         '''Returns the currently associated cache manager.'''
         manager_id = self.__manager_id
@@ -122,7 +115,7 @@
         except AttributeError:
             return None
 
-    ZCacheable_getCache__roles__ = ()
+    security.declarePrivate('ZCacheable_getCache')
     def ZCacheable_getCache(self):
         '''Gets the cache associated with this object.
         '''
@@ -143,7 +136,7 @@
         self._v_ZCacheable_manager_timestamp = manager_timestamp
         return c
 
-    ZCacheable_isCachingEnabled__roles__ = ()
+    security.declarePrivate('ZCacheable_isCachingEnabled')
     def ZCacheable_isCachingEnabled(self):
         '''
         Returns true only if associated with a cache manager and
@@ -158,7 +151,7 @@
         m = _isBeingUsedAsAMethod(self)
         return m
 
-    ZCacheable_getObAndView__roles__ = ()
+    security.declarePrivate('ZCacheable_getObAndView')
     def ZCacheable_getObAndView(self, view_name):
         """
         If this object is a method of a ZClass and we're working
@@ -178,7 +171,7 @@
                 ob = self
         return ob, view_name
 
-    ZCacheable_get__roles__ = ()
+    security.declarePrivate('ZCacheable_get')
     def ZCacheable_get(self, view_name='', keywords=None,
                        mtime_func=None, default=None):
         '''Retrieves the cached view for the object under the
@@ -198,7 +191,7 @@
                 return default
         return default
 
-    ZCacheable_set__roles__ = ()
+    security.declarePrivate('ZCacheable_set')
     def ZCacheable_set(self, data, view_name='', keywords=None,
                        mtime_func=None):
         '''Cacheable views should call this method after generating
@@ -214,6 +207,8 @@
                 LOG('Cache', WARNING, 'ZCache_set() exception',
                     error=sys.exc_info())
 
+    security.declareProtected(ViewManagementScreensPermission,
+                              'ZCacheable_invalidate')
     def ZCacheable_invalidate(self, view_name='', REQUEST=None):
         '''Called after a cacheable object is edited. Causes all
         cache entries that apply to the view_name to be removed.
@@ -243,7 +238,7 @@
         else:
             return message
 
-    ZCacheable_getModTime__roles__=()
+    security.declarePrivate('ZCacheable_getModTime')
     def ZCacheable_getModTime(self, mtime_func=None):
         '''Returns the highest of the last mod times.'''
         # Based on:
@@ -271,6 +266,8 @@
                 mtime = max(getattr(klass, '_p_mtime', mtime), mtime)
         return mtime
 
+    security.declareProtected(ViewManagementScreensPermission,
+                              'ZCacheable_getManagerId')
     def ZCacheable_getManagerId(self):
         '''Returns the id of the current ZCacheManager.'''
         return self.__manager_id
@@ -282,6 +279,8 @@
             return manager.absolute_url()
         return None
 
+    security.declareProtected(ViewManagementScreensPermission,
+                              'ZCacheable_getManagerIds')
     def ZCacheable_getManagerIds(self):
         '''Returns a list of mappings containing the id and title
         of the available ZCacheManagers.'''
@@ -303,6 +302,8 @@
             ob = aq_parent(aq_inner(ob))
         return tuple(rval)
 
+    security.declareProtected(ChangeCacheSettingsPermission,
+                              'ZCacheable_setManagerId')
     def ZCacheable_setManagerId(self, manager_id, REQUEST=None):
         '''Changes the manager_id for this object.'''
         self.ZCacheable_invalidate()
@@ -319,11 +320,15 @@
                 self, REQUEST, management_view='Cache',
                 manage_tabs_message='Cache settings changed.')
 
+    security.declareProtected(ViewManagementScreensPermission,
+                              'ZCacheable_enabled')
     def ZCacheable_enabled(self):
         '''Returns true if caching is enabled for this object
         or method.'''
         return self.__enabled
 
+    security.declareProtected(ChangeCacheSettingsPermission,
+                              'ZCacheable_setEnabled')
     def ZCacheable_setEnabled(self, enabled=0, REQUEST=None):
         '''Changes the enabled flag. Normally used only when
         setting up cacheable ZClass methods.'''
@@ -333,6 +338,8 @@
                 self, REQUEST, management_view='Cache',
                 manage_tabs_message='Cache settings changed.')
 
+    security.declareProtected(ViewManagementScreensPermission,
+                              'ZCacheable_configHTML')
     def ZCacheable_configHTML(self):
         '''Override to provide configuration of caching
         behavior that can only be specific to the cacheable object.
@@ -340,7 +347,7 @@
         return ''
 
 
-Globals.default__class_init__(Cacheable)
+InitializeClass(Cacheable)
 
 
 def findCacheables(ob, manager_id, require_assoc, subfolders,
@@ -432,19 +439,15 @@
     A base class for cache managers.  Implement ZCacheManager_getCache().
     '''
 
-    ZCacheManager_getCache__roles__ = ()
+    security = ClassSecurityInfo()
+    security.setPermissionDefault(ChangeCacheSettingsPermission, ('Manager',))
+
+    security.declarePrivate('ZCacheManager_getCache')
     def ZCacheManager_getCache(self):
         raise NotImplementedError
 
     _isCacheManager = 1
 
-    __ac_permissions__ = (
-        ('Change cache settings', ('ZCacheManager_locate',
-                                   'ZCacheManager_setAssociations',
-                                   'ZCacheManager_associate'),
-         ('Manager',)),
-        )
-
     manage_options = (
         {'label':'Associate',
          'action':'ZCacheManager_associate',
@@ -473,8 +476,12 @@
                 global manager_timestamp
                 manager_timestamp = time.time()
 
+    security.declareProtected(ChangeCacheSettingsPermission,
+                              'ZCacheManager_associate')
     ZCacheManager_associate = DTMLFile('dtml/cmassoc', globals())
 
+    security.declareProtected(ChangeCacheSettingsPermission,
+                              'ZCacheManager_locate')
     def ZCacheManager_locate(self, require_assoc, subfolders,
                              meta_types=[], REQUEST=None):
         '''Locates cacheable objects.
@@ -494,6 +501,8 @@
         else:
             return rval
 
+    security.declareProtected(ChangeCacheSettingsPermission,
+                              'ZCacheManager_setAssociations')
     def ZCacheManager_setAssociations(self, props=None, REQUEST=None):
         '''Associates and un-associates cacheable objects with this
         cache manager.
@@ -530,4 +539,4 @@
                 (addcount, remcount)
                 )
 
-Globals.default__class_init__(CacheManager)
+InitializeClass(CacheManager)

Modified: Zope/trunk/lib/python/OFS/CopySupport.py
===================================================================
--- Zope/trunk/lib/python/OFS/CopySupport.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/CopySupport.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -23,8 +23,12 @@
 
 import Globals, Moniker, ExtensionClass
 import transaction
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from AccessControl import getSecurityManager
-from AccessControl.Permissions import delete_objects as DeleteObjects
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import copy_or_move
+from AccessControl.Permissions import delete_objects
 from Acquisition import aq_base, aq_inner, aq_parent
 from App.Dialogs import MessageDialog
 from webdav.Lockable import ResourceLockedError
@@ -54,13 +58,7 @@
 
     implements(ICopyContainer)
 
-    __ac_permissions__=(
-        ('View management screens',
-         ('manage_copyObjects', 'manage_pasteObjects',
-          'manage_renameForm', 'manage_renameObject', 'manage_renameObjects',)),
-        ('Delete objects',
-         ('manage_cutObjects',)),
-        )
+    security = ClassSecurityInfo()
 
     # The following three methods should be overridden to store sub-objects
     # as non-attributes.
@@ -83,6 +81,7 @@
     def manage_CopyContainerAllItems(self, REQUEST):
         return map(lambda i, s=self: s._getOb(i), tuple(REQUEST['ids']))
 
+    security.declareProtected(delete_objects, 'manage_cutObjects')
     def manage_cutObjects(self, ids=None, REQUEST=None):
         """Put a reference to the objects named in ids in the clip board"""
         if ids is None and REQUEST is not None:
@@ -112,6 +111,7 @@
             return self.manage_main(self, REQUEST)
         return cp
 
+    security.declareProtected(view_management_screens, 'manage_copyObjects')
     def manage_copyObjects(self, ids=None, REQUEST=None, RESPONSE=None):
         """Put a reference to the objects named in ids in the clip board"""
         if ids is None and REQUEST is not None:
@@ -154,6 +154,7 @@
             id='copy%s_of_%s' % (n and n+1 or '', orig_id)
             n=n+1
 
+    security.declareProtected(view_management_screens, 'manage_pasteObjects')
     def manage_pasteObjects(self, cb_copy_data=None, REQUEST=None):
         """Paste previously copied objects into the current object.
 
@@ -287,8 +288,10 @@
 
         return result
 
+    security.declareProtected(view_management_screens, 'manage_renameForm')
     manage_renameForm=Globals.DTMLFile('dtml/renameForm', globals())
 
+    security.declareProtected(view_management_screens, 'manage_renameObjects')
     def manage_renameObjects(self, ids=[], new_ids=[], REQUEST=None):
         """Rename several sub-objects"""
         if len(ids) != len(new_ids):
@@ -300,6 +303,7 @@
             return self.manage_main(self, REQUEST, update_menu=1)
         return None
 
+    security.declareProtected(view_management_screens, 'manage_renameObject')
     def manage_renameObject(self, id, new_id, REQUEST=None):
         """Rename a particular sub-object.
         """
@@ -353,7 +357,8 @@
     # supposed to be public since it does its own auth ?
     #
     # Because it's still a "management" function.
-    manage_clone__roles__=None
+
+    security.declarePublic('manage_clone')
     def manage_clone(self, ob, id, REQUEST=None):
         """Clone an object, creating a new object with the given id.
         """
@@ -497,7 +502,7 @@
                     raise Unauthorized, absattr(object.id)
 
                 if validate_src == 2: # moving
-                    if not sm.checkPermission(DeleteObjects, parent):
+                    if not sm.checkPermission(delete_objects, parent):
                         raise Unauthorized, 'Delete not allowed.'
 
         else: # /if method_name
@@ -507,7 +512,7 @@
                              'operation.' % escape(absattr(object.id))),
                   action  = 'manage_main')
 
-Globals.default__class_init__(CopyContainer)
+InitializeClass(CopyContainer)
 
 
 class CopySource(ExtensionClass.Base):
@@ -518,9 +523,8 @@
 
     # declare a dummy permission for Copy or Move here that we check
     # in cb_isCopyable.
-    __ac_permissions__=(
-        ('Copy or Move', (), ('Anonymous', 'Manager',)),
-        )
+    security = ClassSecurityInfo()
+    security.setPermissionDefault(copy_or_move, ('Anonymous', 'Manager'))
 
     def _canCopy(self, op=0):
         """Called to make sure this object is copyable.
@@ -593,10 +597,10 @@
         return 1
 
     def cb_userHasCopyOrMovePermission(self):
-        if getSecurityManager().checkPermission('Copy or Move', self):
+        if getSecurityManager().checkPermission(copy_or_move, self):
             return 1
 
-Globals.default__class_init__(CopySource)
+InitializeClass(CopySource)
 
 
 def sanity_check(c, ob):

Modified: Zope/trunk/lib/python/OFS/DTMLDocument.py
===================================================================
--- Zope/trunk/lib/python/OFS/DTMLDocument.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/DTMLDocument.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -14,6 +14,7 @@
 
 $Id$
 """
+from Globals import InitializeClass
 from ZPublisher.Converters import type_converters
 from Globals import HTML, DTMLFile, MessageDialog
 from OFS.content_types import guess_content_type
@@ -24,8 +25,9 @@
 from webdav.WriteLockInterface import WriteLockInterface
 from sgmllib import SGMLParser
 from urllib import quote
-import Globals
 from AccessControl import getSecurityManager
+from AccessControl.Permissions import change_dtml_methods
+from AccessControl.Permissions import change_dtml_documents
 from zExceptions.TracebackSupplement import PathTracebackSupplement
 
 done='done'
@@ -45,12 +47,14 @@
         PropertyManager.manage_options +
         DTMLMethod.manage_options[2:]
         )
-    
-    ps = DTMLMethod.__ac_permissions__
-    __ac_permissions__=(
-        ps[0], ('Change DTML Documents', ps[1][1]), ps[2], ps[3], ps[4])
-    del ps
 
+    # Replace change_dtml_methods by change_dtml_documents
+    __ac_permissions__ = tuple([
+        (perms[0] == change_dtml_methods)
+            and (change_dtml_documents, perms[1])
+            or perms
+        for perms in DTMLMethod.__ac_permissions__])
+
     def manage_edit(self,data,title,SUBMIT='Change',dtpref_cols='100%',
                     dtpref_rows='20',REQUEST=None):
         """
@@ -146,7 +150,7 @@
         return result
 
 
-Globals.default__class_init__(DTMLDocument)
+InitializeClass(DTMLDocument)
 
 
 default_dd_html="""<dtml-var standard_html_header>

Modified: Zope/trunk/lib/python/OFS/DTMLMethod.py
===================================================================
--- Zope/trunk/lib/python/OFS/DTMLMethod.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/DTMLMethod.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,9 +16,11 @@
 """
 import History
 from Globals import HTML, DTMLFile, MessageDialog
+from Globals import InitializeClass
 from SimpleItem import Item_w__name__, pretty_tb
 from OFS.content_types import guess_content_type
 from PropertyManager import PropertyManager
+from AccessControl import ClassSecurityInfo
 from AccessControl.Role import RoleManager
 from webdav.common import rfc1123_date
 from webdav.Lockable import ResourceLockedError
@@ -28,6 +30,11 @@
 from urllib import quote
 import  Globals, sys, Acquisition
 from AccessControl import getSecurityManager
+from AccessControl.Permissions import change_dtml_methods
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import change_proxy_roles
+from AccessControl.Permissions import view as View
+from AccessControl.Permissions import ftp_access
 from AccessControl.DTML import RestrictedDTML
 from Cache import Cacheable
 from zExceptions import Forbidden
@@ -50,6 +57,9 @@
 
     __implements__ = (WriteLockInterface,)
 
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(View)
+
     # Documents masquerade as functions:
     class func_code: pass
     func_code=func_code()
@@ -74,28 +84,17 @@
         +Cacheable.manage_options
         )
 
-    # Careful in changes--used by DTMLDocument!
-    __ac_permissions__=(
-    ('View management screens',
-     ('document_src', 'PrincipiaSearchSource')),
-    ('Change DTML Methods',
-     ('manage_editForm', 'manage', 'manage_main',
-      'manage_edit', 'manage_upload', 'PUT',
-      'manage_historyCopy',
-      'manage_beforeHistoryCopy', 'manage_afterHistoryCopy',
-      'ZCacheable_configHTML', 'getCacheNamespaceKeys',
-      'setCacheNamespaceKeys',
-      )
-     ),
-    ('Change proxy roles', ('manage_proxyForm', 'manage_proxy')),
-    ('View', ('__call__', 'get_size', '')),
-    ('FTP access', ('manage_FTPstat','manage_FTPget','manage_FTPlist')),
-    )
+    # Careful in permissiong changes--used by DTMLDocument!
 
+    security.declareProtected(change_dtml_methods, 'manage_historyCopy')
+    security.declareProtected(change_dtml_methods, 'manage_beforeHistoryCopy')
+    security.declareProtected(change_dtml_methods, 'manage_afterHistoryCopy')
+
     # support a more reasonable default for content-type
     # for http HEAD requests.
     default_content_type='text/html'
 
+    security.declareProtected(View, '__call__')
     def __call__(self, client=None, REQUEST={}, RESPONSE=None, **kw):
         """Render the document given a client object, REQUEST mapping,
         Response, and key word arguments."""
@@ -190,14 +189,17 @@
                 kw[key] = val
             self.ZCacheable_set(result, keywords=kw)
 
+    security.declareProtected(change_dtml_methods, 'ZCacheable_configHTML')
     ZCacheable_configHTML = DTMLFile('dtml/cacheNamespaceKeys', globals())
 
+    security.declareProtected(change_dtml_methods, 'getCacheNamespaceKeys')
     def getCacheNamespaceKeys(self):
         '''
         Returns the cacheNamespaceKeys.
         '''
         return self._cache_namespace_keys
 
+    security.declareProtected(change_dtml_methods, 'setCacheNamespaceKeys')
     def setCacheNamespaceKeys(self, keys, REQUEST=None):
         '''
         Sets the list of names that should be looked up in the
@@ -212,19 +214,26 @@
         if REQUEST is not None:
             return self.ZCacheable_manage(self, REQUEST)
 
+    security.declareProtected(View, 'get_size')
     def get_size(self):
         return len(self.raw)
 
     # deprecated; use get_size!
     getSize=get_size
 
+    security.declareProtected(change_dtml_methods, 'manage')
+
+    security.declareProtected(change_dtml_methods, 'manage_editForm')
     manage_editForm=DTMLFile('dtml/documentEdit', globals())
     manage_editForm._setName('manage_editForm')
 
     # deprecated!
     manage_uploadForm=manage_editForm
 
+    security.declareProtected(change_dtml_methods, 'manage_main')
     manage=manage_main=manage_editDocument=manage_editForm
+
+    security.declareProtected(change_proxy_roles, 'manage_proxyForm')
     manage_proxyForm=DTMLFile('dtml/documentProxy', globals())
 
     _size_changes={
@@ -252,6 +261,7 @@
         return self.manage_main(self, REQUEST, title=title,
                                 __str__=self.quotedHTML(data))
 
+    security.declareProtected(change_dtml_methods, 'manage_edit')
     def manage_edit(self,data,title,SUBMIT='Change',dtpref_cols='100%',
                     dtpref_rows='20',REQUEST=None):
         """
@@ -277,6 +287,7 @@
             message="Saved changes."
             return self.manage_main(self,REQUEST,manage_tabs_message=message)
 
+    security.declareProtected(change_dtml_methods, 'manage_upload')
     def manage_upload(self,file='', REQUEST=None):
         """Replace the contents of the document with the text in file."""
         self._validateProxy(REQUEST)
@@ -315,6 +326,7 @@
             'do not have proxy roles.\n<!--%s, %s-->' % (self.__name__, u, roles))
 
 
+    security.declareProtected(change_proxy_roles, 'manage_proxy')
     def manage_proxy(self, roles=(), REQUEST=None):
         "Change Proxy Roles"
         self._validateProxy(REQUEST, roles)
@@ -325,10 +337,12 @@
             message="Saved changes."
             return self.manage_proxyForm(self,REQUEST,manage_tabs_message=message)
 
+    security.declareProtected(view_management_screens, 'PrincipiaSearchSource')
     def PrincipiaSearchSource(self):
         "Support for searching - the document's contents are searched."
         return self.read()
 
+    security.declareProtected(view_management_screens, 'document_src')
     def document_src(self, REQUEST=None, RESPONSE=None):
         """Return unprocessed document source."""
         if RESPONSE is not None:
@@ -337,6 +351,7 @@
 
     ## Protocol handlers
 
+    security.declareProtected(change_dtml_methods, 'PUT')
     def PUT(self, REQUEST, RESPONSE):
         """Handle HTTP PUT requests."""
         self.dav__init(REQUEST, RESPONSE)
@@ -348,6 +363,10 @@
         RESPONSE.setStatus(204)
         return RESPONSE
 
+    security.declareProtected(ftp_access, 'manage_FTPstat')
+    security.declareProtected(ftp_access, 'manage_FTPlist')
+
+    security.declareProtected(ftp_access, 'manage_FTPget')
     def manage_FTPget(self):
         "Get source for FTP download"
         return self.read()
@@ -361,6 +380,8 @@
                 rev1.read(), rev2.read()
                 ))
 
+InitializeClass(DTMLMethod)
+
 import re
 token = "[a-zA-Z0-9!#$%&'*+\-.\\\\^_`|~]+"
 hdr_start = re.compile(r'(%s):(.*)' % token).match

Modified: Zope/trunk/lib/python/OFS/FindSupport.py
===================================================================
--- Zope/trunk/lib/python/OFS/FindSupport.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/FindSupport.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -17,14 +17,16 @@
 
 from string import translate
 
-import Globals, ExtensionClass
+import ExtensionClass
 from AccessControl import ClassSecurityInfo
 from AccessControl.DTML import RestrictedDTML
 from AccessControl.Permission import name_trans
+from AccessControl.Permissions import view_management_screens
 from DateTime import DateTime
 from DocumentTemplate.DT_Util import Eval
 from DocumentTemplate.DT_Util import InstanceDict, TemplateDict
 from Globals import DTMLFile
+from Globals import InitializeClass
 from zope.interface import implements
 
 from interfaces import IFindSupport
@@ -36,31 +38,32 @@
 
     implements(IFindSupport)
 
-#findframe is deprecated
+    security = ClassSecurityInfo()
+
+    #findframe is deprecated
+    security.declareProtected(view_management_screens, 'manage_findFrame')
     manage_findFrame=DTMLFile('dtml/findFrame', globals())
+
+    security.declareProtected(view_management_screens, 'manage_findForm')
     manage_findForm=DTMLFile('dtml/findForm', globals(),
                              management_view='Find')
+
+    security.declareProtected(view_management_screens, 'manage_findAdv')
     manage_findAdv=DTMLFile('dtml/findAdv', globals(),
                             management_view='Find',
                             help_topic='Find_Advanced.stx',
                             help_product='OFSP')
+
+    security.declareProtected(view_management_screens, 'manage_findResult')
     manage_findResult=DTMLFile('dtml/findResult', globals(),
                                management_view='Find')
 
-    __ac_permissions__=(
-        ('View management screens',
-         ('manage_findFrame', 'manage_findForm', 'manage_findAdv',
-          'manage_findResult')),
-        )
-
     manage_options=(
         {'label':'Find', 'action':'manage_findForm',
          'help':('OFSP','Find.stx')},
         )
 
-    security = ClassSecurityInfo()
-
-    security.declareProtected('View management screens', 'ZopeFind')
+    security.declareProtected(view_management_screens, 'ZopeFind')
     def ZopeFind(self, obj, obj_ids=None, obj_metatypes=None,
                  obj_searchterm=None, obj_expr=None,
                  obj_mtime=None, obj_mspec=None,
@@ -164,10 +167,10 @@
 
 
 
-    security.declareProtected('View management screens', 'PrincipiaFind')
+    security.declareProtected(view_management_screens, 'PrincipiaFind')
     PrincipiaFind=ZopeFind
 
-    security.declareProtected('View management screens', 'ZopeFindAndApply')
+    security.declareProtected(view_management_screens, 'ZopeFindAndApply')
     def ZopeFindAndApply(self, obj, obj_ids=None, obj_metatypes=None,
                          obj_searchterm=None, obj_expr=None,
                          obj_mtime=None, obj_mspec=None,
@@ -259,7 +262,7 @@
 
         return result
 
-Globals.InitializeClass(FindSupport)
+InitializeClass(FindSupport)
 
 
 class td(RestrictedDTML, TemplateDict):

Modified: Zope/trunk/lib/python/OFS/Folder.py
===================================================================
--- Zope/trunk/lib/python/OFS/Folder.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/Folder.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,7 +18,7 @@
 """
 
 import AccessControl.Role, webdav.Collection
-import Globals
+from Globals import InitializeClass
 from AccessControl import getSecurityManager
 from AccessControl import Unauthorized
 from AccessControl.Permissions import add_page_templates
@@ -108,4 +108,4 @@
         if id is not None:
             self.id = str(id)
 
-Globals.default__class_init__(Folder)
+InitializeClass(Folder)

Modified: Zope/trunk/lib/python/OFS/History.py
===================================================================
--- Zope/trunk/lib/python/OFS/History.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/History.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,11 +15,14 @@
 $Id$
 """
 import Globals, ExtensionClass, difflib
+from Globals import InitializeClass
 from DateTime import DateTime
 from Acquisition import Implicit, aq_base
 from struct import pack, unpack
 from cgi import escape
 from zExceptions import Redirect
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_history
 
 class TemporalParadox(Exception): pass
 
@@ -84,26 +87,22 @@
     they don't have persistent sub-objects.
     """
 
+    security = ClassSecurityInfo()
+
     HistoricalRevisions=Historian()
 
-    __ac_permissions__=(
-        ('View History',
-         ('manage_change_history_page','manage_change_history',
-          'manage_historyCompare', 'manage_historicalComparison',
-          )
-         ),
-        )
-
     manage_options=({'label':'History', 'action':'manage_change_history_page',
                      'help':('OFSP','History.stx')
                      },
                    )
 
+    security.declareProtected(view_history, 'manage_change_history_page')
     manage_change_history_page=Globals.DTMLFile(
         'dtml/history', globals(),
         HistoryBatchSize=20,
         first_transaction=0, last_transaction=20)
 
+    security.declareProtected(view_history, 'manage_change_history')
     def manage_change_history(self):
         first=0
         last=20
@@ -161,6 +160,7 @@
 
     _manage_historyComparePage=Globals.DTMLFile(
         'dtml/historyCompare', globals(), management_view='History')
+    security.declareProtected(view_history, 'manage_historyCompare')
     def manage_historyCompare(self, rev1, rev2, REQUEST,
                               historyComparisonResults=''):
         dt1=DateTime(rev1._p_mtime)
@@ -170,6 +170,7 @@
             dt1=dt1, dt2=dt2,
             historyComparisonResults=historyComparisonResults)
 
+    security.declareProtected(view_history, 'manage_historicalComparison')
     def manage_historicalComparison(self, REQUEST, keys=[]):
         "Compare two selected revisions"
         if not keys:
@@ -192,8 +193,9 @@
 
         return self.manage_historyCompare(rev1, rev2, REQUEST)
 
-Globals.default__class_init__(Historical)
+InitializeClass(Historical)
 
+
 def dump(tag, x, lo, hi, r):
     r1=[]
     r2=[]

Modified: Zope/trunk/lib/python/OFS/Image.py
===================================================================
--- Zope/trunk/lib/python/OFS/Image.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/Image.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -14,11 +14,18 @@
 
 $Id$
 """
-import Globals, struct
+import struct
 from OFS.content_types import guess_content_type
 from Globals import DTMLFile
+from Globals import InitializeClass
 from PropertyManager import PropertyManager
+from AccessControl import ClassSecurityInfo
 from AccessControl.Role import RoleManager
+from AccessControl.Permissions import change_images_and_files
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import view as View
+from AccessControl.Permissions import ftp_access
+from AccessControl.Permissions import delete_objects
 from webdav.common import rfc1123_date
 from webdav.Lockable import ResourceLockedError
 from webdav.WriteLockInterface import WriteLockInterface
@@ -74,6 +81,8 @@
     __implements__ = (WriteLockInterface, HTTPRangeSupport.HTTPRangeInterface)
     meta_type='File'
 
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(View)
 
     precondition=''
     size=None
@@ -82,6 +91,9 @@
     manage_editForm  =DTMLFile('dtml/fileEdit',globals(),
                                Kind='File',kind='file')
     manage_editForm._setName('manage_editForm')
+
+    security.declareProtected(view_management_screens, 'manage')
+    security.declareProtected(view_management_screens, 'manage_main')
     manage=manage_main=manage_editForm
     manage_uploadForm=manage_editForm
 
@@ -98,22 +110,6 @@
         + Cacheable.manage_options
         )
 
-
-    __ac_permissions__=(
-        ('View management screens',
-         ('manage', 'manage_main',)),
-        ('Change Images and Files',
-         ('manage_edit','manage_upload','PUT')),
-        ('View',
-         ('index_html', 'view_image_or_file', 'get_size',
-          'getContentType', 'PrincipiaSearchSource', '')),
-        ('FTP access',
-         ('manage_FTPstat','manage_FTPget','manage_FTPlist')),
-        ('Delete objects',
-         ('DELETE',)),
-        )
-
-
     _properties=({'id':'title', 'type': 'string'},
                  {'id':'alt', 'type':'string'},
                  {'id':'content_type', 'type':'string'},
@@ -355,6 +351,7 @@
                     RESPONSE.write('\r\n--%s--\r\n' % boundary)
                     return True
 
+    security.declareProtected(View, 'index_html')
     def index_html(self, REQUEST, RESPONSE):
         """
         The default view of the contents of a File or Image.
@@ -414,12 +411,14 @@
 
         return ''
 
+    security.declareProtected(View, 'view_image_or_file')
     def view_image_or_file(self, URL1):
         """
         The default view of the contents of the File or Image.
         """
         raise Redirect, URL1
 
+    security.declareProtected(View, 'PrincipiaSearchSource')
     def PrincipiaSearchSource(self):
         """ Allow file objects to be searched.
         """
@@ -427,8 +426,7 @@
             return str(self.data)
         return ''
 
-    # private
-    update_data__roles__=()
+    security.declarePrivate('update_data')
     def update_data(self, data, content_type=None, size=None):
         if content_type is not None: self.content_type=content_type
         if size is None: size=len(data)
@@ -438,6 +436,7 @@
         self.ZCacheable_set(None)
         self.http__refreshEtag()
 
+    security.declareProtected(change_images_and_files, 'manage_edit')
     def manage_edit(self, title, content_type, precondition='',
                     filedata=None, REQUEST=None):
         """
@@ -458,6 +457,7 @@
             message="Saved changes."
             return self.manage_main(self,REQUEST,manage_tabs_message=message)
 
+    security.declareProtected(change_images_and_files, 'manage_upload')
     def manage_upload(self,file='',REQUEST=None):
         """
         Replaces the current contents of the File or Image object with file.
@@ -553,6 +553,9 @@
 
         return next, size
 
+    security.declareProtected(delete_objects, 'DELETE')
+
+    security.declareProtected(change_images_and_files, 'PUT')
     def PUT(self, REQUEST, RESPONSE):
         """Handle HTTP PUT requests"""
         self.dav__init(REQUEST, RESPONSE)
@@ -569,6 +572,7 @@
         RESPONSE.setStatus(204)
         return RESPONSE
 
+    security.declareProtected(View, 'get_size')
     def get_size(self):
         """Get the size of a file or image.
 
@@ -581,6 +585,7 @@
     # deprecated; use get_size!
     getSize=get_size
 
+    security.declareProtected(View, 'getContentType')
     def getContentType(self):
         """Get the content type of a file or image.
 
@@ -592,6 +597,10 @@
     def __str__(self): return str(self.data)
     def __len__(self): return 1
 
+    security.declareProtected(ftp_access, 'manage_FTPstat')
+    security.declareProtected(ftp_access, 'manage_FTPlist')
+
+    security.declareProtected(ftp_access, 'manage_FTPget')
     def manage_FTPget(self):
         """Return body for ftp."""
         RESPONSE = self.REQUEST.RESPONSE
@@ -719,23 +728,23 @@
     __implements__ = (WriteLockInterface,)
     meta_type='Image'
 
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(View)
 
     height=''
     width=''
 
-    __ac_permissions__=(
-        ('View management screens',
-         ('manage', 'manage_main',)),
-        ('Change Images and Files',
-         ('manage_edit','manage_upload','PUT')),
-        ('View',
-         ('index_html', 'tag', 'view_image_or_file', 'get_size',
-          'getContentType', '')),
-        ('FTP access',
-         ('manage_FTPstat','manage_FTPget','manage_FTPlist')),
-        ('Delete objects',
-         ('DELETE',)),
-        )
+    # FIXME: Redundant, already in base class
+    security.declareProtected(change_images_and_files, 'manage_edit')
+    security.declareProtected(change_images_and_files, 'manage_upload')
+    security.declareProtected(change_images_and_files, 'PUT')
+    security.declareProtected(View, 'index_html')
+    security.declareProtected(View, 'get_size')
+    security.declareProtected(View, 'getContentType')
+    security.declareProtected(ftp_access, 'manage_FTPstat')
+    security.declareProtected(ftp_access, 'manage_FTPlist')
+    security.declareProtected(ftp_access, 'manage_FTPget')
+    security.declareProtected(delete_objects, 'DELETE')
 
     _properties=({'id':'title', 'type': 'string'},
                  {'id':'content_type', 'type':'string','mode':'w'},
@@ -756,13 +765,17 @@
 
     manage_editForm  =DTMLFile('dtml/imageEdit',globals(),
                                Kind='Image',kind='image')
+    manage_editForm._setName('manage_editForm')
+
+    security.declareProtected(View, 'view_image_or_file')
     view_image_or_file =DTMLFile('dtml/imageView',globals())
-    manage_editForm._setName('manage_editForm')
+
+    security.declareProtected(view_management_screens, 'manage')
+    security.declareProtected(view_management_screens, 'manage_main')
     manage=manage_main=manage_editForm
     manage_uploadForm=manage_editForm
 
-    # private
-    update_data__roles__=()
+    security.declarePrivate('update_data')
     def update_data(self, data, content_type=None, size=None):
         if size is None: size=len(data)
 
@@ -785,6 +798,7 @@
     def __str__(self):
         return self.tag()
 
+    security.declareProtected(View, 'tag')
     def tag(self, height=None, width=None, alt=None,
             scale=0, xscale=0, yscale=0, css_class=None, title=None, **args):
         """

Modified: Zope/trunk/lib/python/OFS/ObjectManager.py
===================================================================
--- Zope/trunk/lib/python/OFS/ObjectManager.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/ObjectManager.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -24,13 +24,20 @@
 
 import App.Common
 import App.FactoryDispatcher, Products
-import App.Management, Acquisition, Globals, Products
+import App.Management, Acquisition
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import access_contents_information
+from AccessControl.Permissions import delete_objects
+from AccessControl.Permissions import ftp_access
+from AccessControl.Permissions import import_export_objects
 from AccessControl import getSecurityManager
 from AccessControl.ZopeSecurityPolicy import getRoles
 from Acquisition import aq_base
 from App.config import getConfiguration
+from Globals import InitializeClass
 from Globals import DTMLFile, Persistent
-from Globals import MessageDialog, default__class_init__
+from Globals import MessageDialog
 from Globals import REPLACEABLE, NOT_REPLACEABLE, UNIQUE
 from webdav.Collection import Collection
 from webdav.Lockable import ResourceLockedError
@@ -133,28 +140,20 @@
 
     implements(IObjectManager)
 
-    __ac_permissions__=(
-        ('View management screens', ('manage_main',)),
-        ('Access contents information',
-         ('objectIds', 'objectValues', 'objectItems',''),
-         ('Anonymous', 'Manager'),
-         ),
-        ('Delete objects',     ('manage_delObjects',)),
-        ('FTP access',         ('manage_FTPstat','manage_FTPlist')),
-        ('Import/Export objects',
-         ('manage_importObject','manage_importExportForm',
-          'manage_exportObject')
-         ),
-    )
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(access_contents_information)
+    security.setPermissionDefault(access_contents_information,
+                                  ('Anonymous', 'Manager'))
 
-
     meta_type = 'Object Manager'
 
     meta_types=() # Sub-object types that are specific to this object
 
     _objects = ()
 
+    security.declareProtected(view_management_screens, 'manage_main')
     manage_main=DTMLFile('dtml/main', globals())
+
     manage_index_main=DTMLFile('dtml/index_main', globals())
 
     manage_options=(
@@ -177,7 +176,7 @@
         mt.sort()
         self.meta_types=tuple(mt)
 
-        default__class_init__(self)
+        InitializeClass(self) # default__class_init__
 
     def all_meta_types(self, interfaces=None):
         # A list of products registered elsewhere
@@ -362,6 +361,7 @@
         if not suppress_events:
             notify(ObjectRemovedEvent(ob, self, id))
 
+    security.declareProtected(access_contents_information, 'objectIds')
     def objectIds(self, spec=None):
         # Returns a list of subobject ids of the current object.
         # If 'spec' is specified, returns objects whose meta_type
@@ -376,12 +376,14 @@
             return set
         return [ o['id']  for o in self._objects ]
 
+    security.declareProtected(access_contents_information, 'objectValues')
     def objectValues(self, spec=None):
         # Returns a list of actual subobjects of the current object.
         # If 'spec' is specified, returns only objects whose meta_type
         # match 'spec'.
         return [ self._getOb(id) for id in self.objectIds(spec) ]
 
+    security.declareProtected(access_contents_information, 'objectItems')
     def objectItems(self, spec=None):
         # Returns a list of (id, subobject) tuples of the current object.
         # If 'spec' is specified, returns only objects whose meta_type match
@@ -456,6 +458,7 @@
 
     manage_addProduct=App.FactoryDispatcher.ProductDispatcher()
 
+    security.declareProtected(delete_objects, 'manage_delObjects')
     def manage_delObjects(self, ids=[], REQUEST=None):
         """Delete a subordinate object
 
@@ -512,6 +515,7 @@
                     r.append(o)
         return r
 
+    security.declareProtected(import_export_objects, 'manage_exportObject')
     def manage_exportObject(self, id='', download=None, toxml=None,
                             RESPONSE=None,REQUEST=None):
         """Exports an object to a file and returns that file."""
@@ -548,8 +552,10 @@
                 title = 'Object exported')
 
 
+    security.declareProtected(import_export_objects, 'manage_importExportForm')
     manage_importExportForm=DTMLFile('dtml/importExport',globals())
 
+    security.declareProtected(import_export_objects, 'manage_importObject')
     def manage_importObject(self, file, REQUEST=None, set_owner=1):
         """Import an object from a file"""
         dirname, file=os.path.split(file)
@@ -608,6 +614,7 @@
 
     # FTP support methods
 
+    security.declareProtected(ftp_access, 'manage_FTPlist')
     def manage_FTPlist(self, REQUEST):
         """Directory listing for FTP.
         """
@@ -672,6 +679,7 @@
         if not REQUEST['id'] in self.objectIds():
             raise KeyError(REQUEST['id'])
 
+    security.declareProtected(ftp_access, 'manage_FTPstat')
     def manage_FTPstat(self,REQUEST):
         """Psuedo stat, used by FTP for directory listings.
         """
@@ -710,7 +718,10 @@
                 return NullResource(self, key, request).__of__(self)
         raise KeyError, key
 
+# Don't InitializeClass, there is a specific __class_init__ on ObjectManager
+# InitializeClass(ObjectManager)
 
+
 def findChildren(obj,dirname=''):
     """ recursive walk through the object hierarchy to
     find all children of an object (ajung)
@@ -738,5 +749,3 @@
                 except: pass    # Bleah generic pass is bad
 
         return ObjectManager.all_meta_types(self, interfaces)
-
-Globals.default__class_init__(ObjectManager)

Modified: Zope/trunk/lib/python/OFS/PropertyManager.py
===================================================================
--- Zope/trunk/lib/python/OFS/PropertyManager.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/PropertyManager.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,7 +18,11 @@
 from cgi import escape
 from types import ListType
 
-import ExtensionClass, Globals
+import ExtensionClass
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import access_contents_information
+from AccessControl.Permissions import manage_properties
 from Acquisition import aq_base
 from Globals import DTMLFile, MessageDialog
 from Globals import Persistent
@@ -97,35 +101,26 @@
 
     implements(IPropertyManager)
 
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(access_contents_information)
+    security.setPermissionDefault(access_contents_information,
+                                  ('Anonymous', 'Manager'))
+
     manage_options=(
         {'label':'Properties', 'action':'manage_propertiesForm',
          'help':('OFSP','Properties.stx')},
         )
 
+    security.declareProtected(manage_properties, 'manage_propertiesForm')
     manage_propertiesForm=DTMLFile('dtml/properties', globals(),
                                    property_extensible_schema__=1)
+    security.declareProtected(manage_properties, 'manage_propertyTypeForm')
     manage_propertyTypeForm=DTMLFile('dtml/propertyType', globals())
 
     title=''
     _properties=({'id':'title', 'type': 'string', 'mode':'wd'},)
     _reserved_names=()
 
-    __ac_permissions__=(
-        ('Manage properties', ('manage_addProperty',
-                               'manage_editProperties',
-                               'manage_delProperties',
-                               'manage_changeProperties',
-                               'manage_propertiesForm',
-                               'manage_propertyTypeForm',
-                               'manage_changePropertyTypes',
-                               )),
-        ('Access contents information',
-         ('hasProperty', 'propertyIds', 'propertyValues','propertyItems',
-          'getProperty', 'getPropertyType', 'propertyMap', ''),
-         ('Anonymous', 'Manager'),
-         ),
-        )
-
     __propsets__=()
     propertysheets=vps(DefaultPropertySheets)
 
@@ -135,6 +130,7 @@
             return 0
         return 1
 
+    security.declareProtected(access_contents_information, 'hasProperty')
     def hasProperty(self, id):
         """Return true if object has a property 'id'.
         """
@@ -143,6 +139,7 @@
                 return 1
         return 0
 
+    security.declareProtected(access_contents_information, 'getProperty')
     def getProperty(self, id, d=None):
         """Get the property 'id'.
 
@@ -153,6 +150,7 @@
             return getattr(self, id)
         return d
 
+    security.declareProtected(access_contents_information, 'getPropertyType')
     def getPropertyType(self, id):
         """Get the type of property 'id'.
 
@@ -220,16 +218,19 @@
         self._properties=tuple(filter(lambda i, n=id: i['id'] != n,
                                       self._properties))
 
+    security.declareProtected(access_contents_information, 'propertyIds')
     def propertyIds(self):
         """Return a list of property ids.
         """
         return map(lambda i: i['id'], self._properties)
 
+    security.declareProtected(access_contents_information, 'propertyValues')
     def propertyValues(self):
         """Return a list of actual property objects.
         """
         return map(lambda i,s=self: getattr(s,i['id']), self._properties)
 
+    security.declareProtected(access_contents_information, 'propertyItems')
     def propertyItems(self):
         """Return a list of (id,property) tuples.
         """
@@ -240,6 +241,7 @@
         """
         return self._properties
 
+    security.declareProtected(access_contents_information, 'propertyMap')
     def propertyMap(self):
         """Return a tuple of mappings, giving meta-data for properties.
 
@@ -264,6 +266,7 @@
 
     # Web interface
 
+    security.declareProtected(manage_properties, 'manage_addProperty')
     def manage_addProperty(self, id, value, type, REQUEST=None):
         """Add a new property via the web.
 
@@ -275,6 +278,7 @@
         if REQUEST is not None:
             return self.manage_propertiesForm(self, REQUEST)
 
+    security.declareProtected(manage_properties, 'manage_editProperties')
     def manage_editProperties(self, REQUEST):
         """Edit object properties via the web.
 
@@ -296,6 +300,7 @@
             return self.manage_propertiesForm(self,REQUEST,
                                               manage_tabs_message=message)
 
+    security.declareProtected(manage_properties, 'manage_changeProperties')
     def manage_changeProperties(self, REQUEST=None, **kw):
         """Change existing object properties.
 
@@ -321,6 +326,7 @@
 
     # Note - this is experimental, pending some community input.
 
+    security.declareProtected(manage_properties, 'manage_changePropertyTypes')
     def manage_changePropertyTypes(self, old_ids, props, REQUEST=None):
         """Replace one set of properties with another
 
@@ -340,6 +346,7 @@
             return self.manage_propertiesForm(self, REQUEST)
 
 
+    security.declareProtected(manage_properties, 'manage_delProperties')
     def manage_delProperties(self, ids=None, REQUEST=None):
         """Delete one or more properties specified by 'ids'."""
         if REQUEST:
@@ -367,4 +374,4 @@
         if REQUEST is not None:
             return self.manage_propertiesForm(self, REQUEST)
 
-Globals.default__class_init__(PropertyManager)
+InitializeClass(PropertyManager)

Modified: Zope/trunk/lib/python/OFS/PropertySheets.py
===================================================================
--- Zope/trunk/lib/python/OFS/PropertySheets.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/PropertySheets.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,6 +18,7 @@
 from webdav.interfaces import IWriteLock
 from webdav.WriteLockInterface import WriteLockInterface
 from ZPublisher.Converters import type_converters
+from Globals import InitializeClass
 from Globals import DTMLFile, MessageDialog
 from Acquisition import Implicit, Explicit
 from App.Common import rfc1123_date, iso8601_date
@@ -26,6 +27,10 @@
 from Globals import Persistent
 from Traversable import Traversable
 from Acquisition import aq_base
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import access_contents_information
+from AccessControl.Permissions import manage_properties
+from AccessControl.Permissions import view_management_screens
 from AccessControl import getSecurityManager
 from webdav.common import isDavCollection
 from zExceptions import BadRequest, Redirect
@@ -100,20 +105,10 @@
     _extensible=1
     icon='p_/Properties_icon'
 
-    __ac_permissions__=(
-        ('Manage properties', ('manage_addProperty',
-                               'manage_editProperties',
-                               'manage_delProperties',
-                               'manage_changeProperties',
-                               'manage_propertiesForm',
-                               )),
-        ('Access contents information',
-         ('xml_namespace', 'hasProperty', 'getProperty', 'getPropertyType',
-          'propertyIds', 'propertyValues','propertyItems', 'propertyInfo',
-          'propertyMap', ''),
-         ('Anonymous', 'Manager'),
-         ),
-        )
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(access_contents_information)
+    security.setPermissionDefault(access_contents_information,
+                                  ('Anonymous', 'Manager'))
 
     __reserved_ids= ('values','items')
 
@@ -139,6 +134,7 @@
     def getId(self):
         return self.id
 
+    security.declareProtected(access_contents_information, 'xml_namespace')
     def xml_namespace(self):
         # Return a namespace string usable as an xml namespace
         # for this property set.
@@ -156,6 +152,7 @@
             return 0
         return 1
 
+    security.declareProtected(access_contents_information, 'hasProperty')
     def hasProperty(self, id):
         # Return a true value if a property exists with the given id.
         for prop in self._propertyMap():
@@ -163,6 +160,7 @@
                 return 1
         return 0
 
+    security.declareProtected(access_contents_information, 'getProperty')
     def getProperty(self, id, default=None):
         # Return the property with the given id, returning the optional
         # second argument or None if no such property is found.
@@ -170,6 +168,7 @@
             return getattr(self.v_self(), id)
         return default
 
+    security.declareProtected(access_contents_information, 'getPropertyType')
     def getPropertyType(self, id):
         """Get the type of property 'id', returning None if no
            such property exists"""
@@ -263,20 +262,24 @@
         pself._properties=tuple(filter(lambda i, n=id: i['id'] != n,
                                        pself._properties))
 
+    security.declareProtected(access_contents_information, 'propertyIds')
     def propertyIds(self):
         # Return a list of property ids.
         return map(lambda i: i['id'], self._propertyMap())
 
+    security.declareProtected(access_contents_information, 'propertyValues')
     def propertyValues(self):
         # Return a list of property values.
         return map(lambda i, s=self: s.getProperty(i['id']),
                    self._propertyMap())
 
+    security.declareProtected(access_contents_information, 'propertyItems')
     def propertyItems(self):
         # Return a list of (id, property) tuples.
         return map(lambda i, s=self: (i['id'], s.getProperty(i['id'])),
                    self._propertyMap())
 
+    security.declareProtected(access_contents_information, 'propertyInfo')
     def propertyInfo(self, id):
         # Return a mapping containing property meta-data
         for p in self._propertyMap():
@@ -289,6 +292,7 @@
         # we have to fake it...
         return self.p_self()._properties
 
+    security.declareProtected(access_contents_information, 'propertyMap')
     def propertyMap(self):
         # Returns a secure copy of the property definitions.
         return tuple(map(lambda dict: dict.copy(), self._propertyMap()))
@@ -399,10 +403,13 @@
     # Web interface
 
     manage=DTMLFile('dtml/properties', globals())
+
+    security.declareProtected(manage_properties, 'manage_propertiesForm')
     def manage_propertiesForm(self, URL1):
         " "
         raise Redirect, URL1+'/manage'
 
+    security.declareProtected(manage_properties, 'manage_addProperty')
     def manage_addProperty(self, id, value, type, REQUEST=None):
         """Add a new property via the web. Sets a new property with
         the given id, type, and value."""
@@ -412,6 +419,7 @@
         if REQUEST is not None:
             return self.manage(self, REQUEST)
 
+    security.declareProtected(manage_properties, 'manage_editProperties')
     def manage_editProperties(self, REQUEST):
         """Edit object properties via the web."""
         for prop in self._propertyMap():
@@ -424,6 +432,7 @@
                message='Your changes have been saved',
                action ='manage')
 
+    security.declareProtected(manage_properties, 'manage_changeProperties')
     def manage_changeProperties(self, REQUEST=None, **kw):
         """Change existing object properties by passing either a mapping
            object of name:value pairs {'foo':6} or passing name=value
@@ -446,6 +455,7 @@
                 message='Your changes have been saved.',
                 action ='manage')
 
+    security.declareProtected(manage_properties, 'manage_delProperties')
     def manage_delProperties(self, ids=None, REQUEST=None):
         """Delete one or more properties specified by 'ids'."""
         if REQUEST:
@@ -462,7 +472,7 @@
         if REQUEST is not None:
             return self.manage(self, REQUEST)
 
-Globals.default__class_init__(PropertySheet)
+InitializeClass(PropertySheet)
 
 
 class Virtual:
@@ -483,7 +493,7 @@
     id='default'
     _md={'xmlns': 'http://www.zope.org/propsets/default'}
 
-Globals.default__class_init__(DefaultProperties)
+InitializeClass(DefaultProperties)
 
 
 class DAVProperties(Virtual, PropertySheet, View):
@@ -596,7 +606,7 @@
 
         return out
 
-Globals.default__class_init__(DAVProperties)
+InitializeClass(DAVProperties)
 
 
 class PropertySheets(Traversable, Implicit, App.Management.Tabs):
@@ -605,19 +615,11 @@
 
     id='propertysheets'
 
-    __ac_permissions__=(
-        ('Manage properties', ('manage_addPropertySheet',
-                               'addPropertySheet',
-                               'delPropertySheet'
-                               )),
-        ('Access contents information',
-         ('items', 'values', 'get', ''),
-         ('Anonymous', 'Manager'),
-         ),
-        ('View management screens', ('manage',)),
-        )
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(access_contents_information)
+    security.setPermissionDefault(access_contents_information,
+                                  ('Anonymous', 'Manager'))
 
-
     # optionally to be overridden by derived classes
     PropertySheetClass= PropertySheet
 
@@ -639,10 +641,12 @@
     def __getitem__(self, n):
         return self.__propsets__()[n].__of__(self)
 
+    security.declareProtected(access_contents_information, 'values')
     def values(self):
         propsets=self.__propsets__()
         return map(lambda n, s=self: n.__of__(s), propsets)
 
+    security.declareProtected(access_contents_information, 'items')
     def items(self):
         propsets=self.__propsets__()
         r=[]
@@ -653,6 +657,7 @@
 
         return r
 
+    security.declareProtected(access_contents_information, 'get')
     def get(self, name, default=None):
         for propset in self.__propsets__():
             if propset.id==name or (hasattr(propset, 'xml_namespace') and \
@@ -660,6 +665,7 @@
                 return propset.__of__(self)
         return default
 
+    security.declareProtected(manage_properties, 'manage_addPropertySheet')
     def manage_addPropertySheet(self, id, ns, REQUEST=None):
         """ """
         md={'xmlns':ns}
@@ -669,11 +675,13 @@
         ps= self.get(id)
         REQUEST.RESPONSE.redirect('%s/manage' % ps.absolute_url())
 
+    security.declareProtected(manage_properties, 'addPropertySheet')
     def addPropertySheet(self, propset):
         propsets=self.aq_parent.__propsets__
         propsets=propsets+(propset,)
         self.aq_parent.__propsets__=propsets
 
+    security.declareProtected(manage_properties, 'delPropertySheet')
     def delPropertySheet(self, name):
         result=[]
         for propset in self.aq_parent.__propsets__:
@@ -709,6 +717,7 @@
 
     # Management interface:
 
+    security.declareProtected(view_management_screens, 'manage')
     manage=Globals.DTMLFile('dtml/propertysheets', globals())
 
     def manage_options(self):
@@ -737,7 +746,7 @@
         return PropertySheets.inheritedAttribute('tabs_path_info')(
             self, script, path)
 
-Globals.default__class_init__(PropertySheets)
+InitializeClass(PropertySheets)
 
 
 class DefaultPropertySheets(PropertySheets):
@@ -749,7 +758,7 @@
     def _get_defaults(self):
         return (self.default, self.webdav)
 
-Globals.default__class_init__(DefaultPropertySheets)
+InitializeClass(DefaultPropertySheets)
 
 
 class FixedSchema(PropertySheet):
@@ -786,7 +795,7 @@
         return 0
         return self._base._extensible
 
-Globals.default__class_init__(FixedSchema)
+InitializeClass(FixedSchema)
 
 
 class vps(Base):

Modified: Zope/trunk/lib/python/OFS/SimpleItem.py
===================================================================
--- Zope/trunk/lib/python/OFS/SimpleItem.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/SimpleItem.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -25,7 +25,10 @@
 
 import AccessControl.Role, AccessControl.Owned, App.Common
 import Globals, App.Management, Acquisition, App.Undo
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from AccessControl import getSecurityManager, Unauthorized
+from AccessControl.Permissions import view as View
 from AccessControl.ZopeSecurityPolicy import getRoles
 from Acquisition import aq_base, aq_parent, aq_inner, aq_acquire
 from ComputedAttribute import ComputedAttribute
@@ -52,11 +55,12 @@
            AccessControl.Owned.Owned,
            App.Undo.UndoSupport,
            ):
-
     """A common base class for simple, non-container objects."""
 
     implements(IItem)
 
+    security = ClassSecurityInfo()
+
     isPrincipiaFolderish=0
     isTopLevelPrincipiaApplicationObject=0
 
@@ -75,7 +79,7 @@
     # Direct use of the 'id' attribute is deprecated - use getId()
     id=''
 
-    getId__roles__=None
+    security.declarePublic('getId')
     def getId(self):
         """Return the id of the object as a string.
 
@@ -350,7 +354,7 @@
         res += '>'
         return res
 
-Globals.default__class_init__(Item)
+InitializeClass(Item)
 
 
 class Item_w__name__(Item):
@@ -414,11 +418,13 @@
 
     implements(ISimpleItem)
 
+    security = ClassSecurityInfo()
+    security.setPermissionDefault(View, ('Manager',))
+
     manage_options=Item.manage_options+(
         {'label':'Security',
          'action':'manage_access',
          'help':('OFSP', 'Security.stx')},
         )
 
-    __ac_permissions__=(('View', ()),)
-
+InitializeClass(SimpleItem)

Modified: Zope/trunk/lib/python/OFS/Traversable.py
===================================================================
--- Zope/trunk/lib/python/OFS/Traversable.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/Traversable.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -17,6 +17,8 @@
 
 from urllib import quote
 
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from AccessControl import getSecurityManager
 from AccessControl import Unauthorized
 from AccessControl.ZopeGuards import guarded_getattr
@@ -34,7 +36,9 @@
 
     implements(ITraversable)
 
-    absolute_url__roles__=None # Public
+    security = ClassSecurityInfo()
+
+    security.declarePublic('absolute_url')
     def absolute_url(self, relative=0):
         """Return the absolute URL of the object.
 
@@ -61,7 +65,7 @@
             return path2url(spp[1:])
         return toUrl(spp)
 
-    absolute_url_path__roles__=None # Public
+    security.declarePublic('absolute_url_path')
     def absolute_url_path(self):
         """Return the path portion of the absolute URL of the object.
 
@@ -75,7 +79,7 @@
             return path2url(spp) or '/'
         return toUrl(spp, relative=1) or '/'
 
-    virtual_url_path__roles__=None # Public
+    security.declarePublic('virtual_url_path')
     def virtual_url_path(self):
         """Return a URL for the object, relative to the site root.
 
@@ -90,10 +94,10 @@
             return path2url(spp[1:])
         return path2url(toVirt(spp))
 
-    getPhysicalRoot__roles__=() # Private
+    security.declarePrivate('getPhysicalRoot')
     getPhysicalRoot=Acquired
 
-    getPhysicalPath__roles__=None # Public
+    security.declarePublic('getPhysicalPath')
     def getPhysicalPath(self):
         """Get the physical path of the object.
 
@@ -110,7 +114,7 @@
 
         return path
 
-    unrestrictedTraverse__roles__=() # Private
+    security.declarePrivate('unrestrictedTraverse')
     def unrestrictedTraverse(self, path, default=_marker, restricted=0):
         """Lookup an object by path.
 
@@ -232,10 +236,13 @@
             else:
                 raise
 
-    restrictedTraverse__roles__=None # Public
+    security.declarePublic('restrictedTraverse')
     def restrictedTraverse(self, path, default=_marker):
         # Trusted code traversal code, always enforces security
         return self.unrestrictedTraverse(path, default, restricted=1)
 
+InitializeClass(Traversable)
+
+
 def path2url(path):
     return '/'.join(map(quote, path))

Modified: Zope/trunk/lib/python/OFS/ZDOM.py
===================================================================
--- Zope/trunk/lib/python/OFS/ZDOM.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/ZDOM.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,6 +16,9 @@
 All standard Zope objects support DOM to a limited extent.
 """
 import Acquisition
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import access_contents_information
 
 
 # Node type codes
@@ -82,61 +85,65 @@
     Node Interface
     """
 
-    __ac_permissions__=(
-        ('Access contents information',
-            ('getNodeName', 'getNodeValue', 'getParentNode',
-            'getChildNodes', 'getFirstChild', 'getLastChild',
-            'getPreviousSibling', 'getNextSibling', 'getOwnerDocument',
-            'getAttributes', 'hasChildNodes'),
-        ),
-    )
+    security = ClassSecurityInfo()
 
     # DOM attributes
     # --------------
 
+    security.declareProtected(access_contents_information, 'getNodeName')
     def getNodeName(self):
         """The name of this node, depending on its type"""
         return None
 
+    security.declareProtected(access_contents_information, 'getNodeValue')
     def getNodeValue(self):
         """The value of this node, depending on its type"""
         return None
 
+    security.declareProtected(access_contents_information, 'getParentNode')
     def getParentNode(self):
         """The parent of this node.  All nodes except Document
         DocumentFragment and Attr may have a parent"""
         return None
 
+    security.declareProtected(access_contents_information, 'getChildNodes')
     def getChildNodes(self):
         """Returns a NodeList that contains all children of this node.
         If there are no children, this is a empty NodeList"""
         return NodeList()
 
+    security.declareProtected(access_contents_information, 'getFirstChild')
     def getFirstChild(self):
         """The first child of this node. If there is no such node
         this returns None."""
         return None
 
+    security.declareProtected(access_contents_information, 'getLastChild')
     def getLastChild(self):
         """The last child of this node. If there is no such node
         this returns None."""
         return None
 
+    security.declareProtected(access_contents_information,
+                              'getPreviousSibling')
     def getPreviousSibling(self):
         """The node immediately preceding this node.  If
         there is no such node, this returns None."""
         return None
 
+    security.declareProtected(access_contents_information, 'getNextSibling')
     def getNextSibling(self):
         """The node immediately preceding this node.  If
         there is no such node, this returns None."""
         return None
 
+    security.declareProtected(access_contents_information, 'getAttributes')
     def getAttributes(self):
         """Returns a NamedNodeMap containing the attributes
         of this node (if it is an element) or None otherwise."""
         return None
 
+    security.declareProtected(access_contents_information, 'getOwnerDocument')
     def getOwnerDocument(self):
         """The Document object associated with this node.
         When this is a document this is None"""
@@ -149,32 +156,33 @@
     # DOM Methods
     # -----------
 
+    security.declareProtected(access_contents_information, 'hasChildNodes')
     def hasChildNodes(self):
         """Returns true if the node has any children, false
         if it doesn't. """
         return len(self.objectIds())
 
+InitializeClass(Node)
 
+
 class Document(Acquisition.Explicit, Node):
     """
     Document Interface
     """
 
-    __ac_permissions__=(
-        ('Access contents information',
-            ('getImplementation', 'getDoctype', 'getDocumentElement'),
-        ),
-    )
+    security = ClassSecurityInfo()
 
     # Document Methods
     # ----------------
 
+    security.declareProtected(access_contents_information, 'getImplementation')
     def getImplementation(self):
         """
         The DOMImplementation object that handles this document.
         """
         return DOMImplementation()
 
+    security.declareProtected(access_contents_information, 'getDoctype')
     def getDoctype(self):
         """
         The Document Type Declaration associated with this document.
@@ -183,6 +191,8 @@
         """
         return None
 
+    security.declareProtected(access_contents_information,
+                              'getDocumentElement')
     def getDocumentElement(self):
         """
         This is a convenience attribute that allows direct access to
@@ -226,18 +236,17 @@
         if it doesn't. """
         return 1
 
+InitializeClass(Document)
 
+
 class DOMImplementation:
     """
     DOMImplementation Interface
     """
 
-    __ac_permissions__=(
-        ('Access contents information',
-            ('hasFeature',),
-        ),
-    )
+    security = ClassSecurityInfo()
 
+    security.declareProtected(access_contents_information, 'hasFeature')
     def hasFeature(self, feature, version = None):
         """
         hasFeature - Test if the DOM implementation implements a specific
@@ -256,22 +265,20 @@
             if version == '1.0': return 1
             return 0
 
+InitializeClass(DOMImplementation)
 
+
 class Element(Node):
     """
     Element interface
     """
 
-    __ac_permissions__=(
-        ('Access contents information',
-            ('getTagName', 'getAttribute', 'getAttributeNode',
-            'getElementsByTagName'),
-        ),
-    )
+    security = ClassSecurityInfo()
 
     # Element Attributes
     # ------------------
 
+    security.declareProtected(access_contents_information, 'getTagName')
     def getTagName(self):
         """The name of the element"""
         return self.__class__.__name__
@@ -344,15 +351,19 @@
     # Element Methods
     # ---------------
 
+    security.declareProtected(access_contents_information, 'getAttribute')
     def getAttribute(self, name):
         """Retrieves an attribute value by name."""
         return None
 
+    security.declareProtected(access_contents_information, 'getAttributeNode')
     def getAttributeNode(self, name):
         """ Retrieves an Attr node by name or None if
         there is no such attribute. """
         return None
 
+    security.declareProtected(access_contents_information,
+                              'getElementsByTagName')
     def getElementsByTagName(self, tagname):
         """ Returns a NodeList of all the Elements with a given tag
         name in the order in which they would be encountered in a
@@ -370,7 +381,9 @@
                 nodeList = nodeList + n1._data
         return NodeList(nodeList)
 
+InitializeClass(Element)
 
+
 class ElementWithAttributes(Element):
     """
     Elements that allow DOM access to Zope properties of type 'string'.

Modified: Zope/trunk/lib/python/OFS/misc_.py
===================================================================
--- Zope/trunk/lib/python/OFS/misc_.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/misc_.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -11,16 +11,22 @@
 #
 ##############################################################################
 
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from App.ImageFile import ImageFile
 
 
 class misc_:
     "Miscellaneous product information"
-    __roles__=None
+    security = ClassSecurityInfo()
+    security.declareObjectPublic()
 
+InitializeClass(misc_)
+
 class p_:
     "Shared system information"
-    __roles__=None
+    security = ClassSecurityInfo()
+    security.declareObjectPublic()
 
     broken=ImageFile('www/broken.gif', globals())
 
@@ -63,11 +69,13 @@
     ProductHelp_icon=ImageFile('HelpSys/images/productHelp.gif')
     HelpTopic_icon=ImageFile('HelpSys/images/helpTopic.gif')
 
+InitializeClass(p_)
+
 class Misc_:
     "Miscellaneous product information"
+    security = ClassSecurityInfo()
+    security.declareObjectPublic()
 
-    __roles__=None
-
     def __init__(self, name, dict):
         self._d=dict
         self.__name__=name
@@ -75,3 +83,5 @@
     def __str__(self): return self.__name__
     def __getitem__(self, name): return self._d[name]
     def __setitem__(self, name, v): self._d[name]=v
+
+InitializeClass(Misc_)

Modified: Zope/trunk/lib/python/Products/ExternalMethod/ExternalMethod.py
===================================================================
--- Zope/trunk/lib/python/Products/ExternalMethod/ExternalMethod.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/ExternalMethod/ExternalMethod.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -19,6 +19,11 @@
 __version__='$Revision: 1.52 $'[11:-2]
 from Globals import Persistent, DTMLFile, MessageDialog, HTML
 import OFS.SimpleItem, Acquisition
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import change_external_methods
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import view as View
 import AccessControl.Role, sys, os, stat, traceback
 from OFS.SimpleItem import pretty_tb
 from App.Extensions import getObject, getPath, FuncCode
@@ -81,6 +86,9 @@
 
     meta_type = 'External Method'
 
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(View)
+
     func_defaults = ComputedAttribute(lambda self: self.getFuncDefaults())
     func_code = ComputedAttribute(lambda self: self.getFuncCode())
 
@@ -100,17 +108,14 @@
         +AccessControl.Role.RoleManager.manage_options
         )
 
-    __ac_permissions__=(
-        ('View management screens', ('manage_main',)),
-        ('Change External Methods', ('manage_edit',)),
-        ('View', ('__call__','')),
-        )
-
     def __init__(self, id, title, module, function):
         self.id=id
         self.manage_edit(title, module, function)
 
+    security.declareProtected(view_management_screens, 'manage_main')
     manage_main=DTMLFile('dtml/methodEdit', globals())
+
+    security.declareProtected(change_external_methods, 'manage_edit')
     def manage_edit(self, title, module, function, REQUEST=None):
         """Change the external method
 
@@ -182,6 +187,7 @@
                 self._v_f = self.getFunction()
             return self._v_func_code
 
+    security.declareProtected(View, '__call__')
     def __call__(self, *args, **kw):
         """Call an ExternalMethod
 
@@ -243,3 +249,5 @@
             self._v_filepath=getPath('Extensions', self._module,
                                      suffixes=('','py','pyc','pyp'))
         return self._v_filepath
+
+InitializeClass(ExternalMethod)

Modified: Zope/trunk/lib/python/Products/OFSP/Draft.py
===================================================================
--- Zope/trunk/lib/python/Products/OFSP/Draft.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/OFSP/Draft.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -12,6 +12,8 @@
 ##############################################################################
 import Globals, AccessControl.User
 from Globals import Persistent
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from Acquisition import Implicit
 from OFS import SimpleItem
 
@@ -27,12 +29,7 @@
     _version='/version'
     meta_type='Zope Draft'
 
-    __ac_permissions__=(
-        ('Approve draft changes',
-         ('manage_approve__draft__',
-          'manage_Save__draft__','manage_Discard__draft__')
-         ),
-    )
+    security = ClassSecurityInfo()
 
     def __init__(self, id, baseid, PATH_INFO):
         self.id=id
@@ -102,8 +99,12 @@
             # ZODB 3
             return not db.versionEmpty(self._version)
 
+    security.declareProtected('Approve draft changes',
+                              'manage_approve__draft__')
     manage_approve__draft__=Globals.HTMLFile('dtml/draftApprove', globals())
 
+    security.declareProtected('Approve draft changes',
+                              'manage_Save__draft__')
     def manage_Save__draft__(self, remark, REQUEST=None):
         """Make version changes permanent"""
         try: db=self._p_jar.db()
@@ -120,6 +121,8 @@
         if REQUEST:
             REQUEST['RESPONSE'].redirect(REQUEST['URL2']+'/manage_main')
 
+    security.declareProtected('Approve draft changes',
+                              'manage_Discard__draft__')
     def manage_Discard__draft__(self, REQUEST=None):
         'Discard changes made during the version'
         try: db=self._p_jar.db()
@@ -146,8 +149,9 @@
                 'Attempt to %sdelete a non-empty version.<p>'
                 ((self is not item) and 'indirectly ' or ''))
 
-Globals.default__class_init__(Draft)
+InitializeClass(Draft)
 
+
 def getdraft(ob, jar):
 
     if hasattr(ob,'aq_parent'):

Modified: Zope/trunk/lib/python/Products/OFSP/Version.py
===================================================================
--- Zope/trunk/lib/python/Products/OFSP/Version.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/OFSP/Version.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,6 +18,12 @@
 from AccessControl.Role import RoleManager
 from Globals import MessageDialog
 from Globals import Persistent
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import change_versions
+from AccessControl.Permissions import join_leave_versions
+from AccessControl.Permissions import save_discard_version_changes
+from AccessControl.Permissions import view_management_screens
 from Acquisition import Implicit
 from OFS.SimpleItem import Item
 from Globals import HTML
@@ -44,6 +50,9 @@
     """ """
     meta_type='Version'
 
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(view_management_screens)
+
     manage_options=(
         (
         {'label':'Join/Leave', 'action':'manage_main',
@@ -57,14 +66,7 @@
         +Item.manage_options
         )
 
-    __ac_permissions__=(
-        ('View management screens', ('manage','manage_editForm', '')),
-        ('Change Versions', ('manage_edit',)),
-        ('Join/leave Versions',
-         ('manage_main', 'enter','leave','leave_another')),
-        ('Save/discard Version changes',
-         ('manage_end', 'save','discard')),
-        )
+    security.declareProtected(view_management_screens, 'manage')
 
     cookie=''
 
@@ -74,8 +76,13 @@
         self.id=id
         self.title=title
 
+    security.declareProtected(join_leave_versions, 'manage_main')
     manage_main=Globals.DTMLFile('dtml/version', globals())
+
+    security.declareProtected(save_discard_version_changes, 'manage_end')
     manage_end=Globals.DTMLFile('dtml/versionEnd', globals())
+
+    security.declareProtected(view_management_screens, 'manage_editForm')
     manage_editForm   =Globals.DTMLFile('dtml/versionEdit', globals())
 
     def title_and_id(self):
@@ -98,6 +105,7 @@
                           'alt': 'Deprecated object',
                           'title': 'Version objects are deprecated and should not be used anyore.'},)
 
+    security.declareProtected(change_versions, 'manage_edit')
     def manage_edit(self, title, REQUEST=None):
         """ """
         self.title=title
@@ -106,6 +114,7 @@
                     message='Your changes have been saved',
                     action ='manage_main')
 
+    security.declareProtected(join_leave_versions, 'enter')
     def enter(self, REQUEST, RESPONSE):
         """Begin working in a version"""
         RESPONSE.setCookie(
@@ -123,6 +132,7 @@
                 )
         return RESPONSE.redirect(REQUEST['URL1']+'/manage_main')
 
+    security.declareProtected(join_leave_versions, 'leave')
     def leave(self, REQUEST, RESPONSE):
         """Temporarily stop working in a version"""
         RESPONSE.setCookie(
@@ -141,10 +151,12 @@
                 )
         return RESPONSE.redirect(REQUEST['URL1']+'/manage_main')
 
+    security.declareProtected(join_leave_versions, 'leave_another')
     def leave_another(self, REQUEST, RESPONSE):
         """Leave a version that may not be the current version"""
         return self.leave(REQUEST, RESPONSE)
 
+    security.declareProtected(save_discard_version_changes, 'save')
     def save(self, remark, REQUEST=None):
         """Make version changes permanent"""
         try: db=self._p_jar.db()
@@ -162,6 +174,7 @@
         if REQUEST is not None:
             REQUEST['RESPONSE'].redirect(REQUEST['URL1']+'/manage_main')
 
+    security.declareProtected(save_discard_version_changes, 'discard')
     def discard(self, remark='', REQUEST=None):
         'Discard changes made during the version'
         try: db=self._p_jar.db()
@@ -219,3 +232,5 @@
                     'version, because the version would no longer\n'
                     'be accessable.<p>\n'
                     % (v,v,v))
+
+InitializeClass(Version)

Modified: Zope/trunk/lib/python/Products/PluginIndexes/TextIndex/Vocabulary.py
===================================================================
--- Zope/trunk/lib/python/Products/PluginIndexes/TextIndex/Vocabulary.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/PluginIndexes/TextIndex/Vocabulary.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,7 +16,11 @@
 """
 
 from Globals import DTMLFile, MessageDialog
-import Globals, AccessControl.Role
+import AccessControl.Role
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import manage_vocabulary
+from AccessControl.Permissions import query_vocabulary
 from Acquisition import Implicit
 from Persistence import Persistent
 from OFS.SimpleItem import Item
@@ -52,6 +56,10 @@
 
     implements(IVocabulary)
 
+    security = ClassSecurityInfo()
+    security.setPermissionDefault(manage_vocabulary, ('Manager',))
+    security.setPermissionDefault(query_vocabulary, ('Anonymous', 'Manager',))
+
     meta_type = "Vocabulary"
     _isAVocabulary = 1
 
@@ -66,18 +74,10 @@
         +AccessControl.Role.RoleManager.manage_options
         )
 
-    __ac_permissions__=(
+    security.declareProtected(manage_vocabulary, 'manage_main')
+    manage_main = DTMLFile('dtml/manage_vocab', globals())
 
-        ('Manage Vocabulary',
-         ['manage_main', 'manage_query'],
-         ['Manager']),
-
-        ('Query Vocabulary',
-         ['query',],
-         ['Anonymous', 'Manager']),
-        )
-
-    manage_main = DTMLFile('dtml/manage_vocab', globals())
+    security.declareProtected(manage_vocabulary, 'manage_query')
     manage_query = DTMLFile('dtml/vocab_query', globals())
 
     def __init__(self, id, title='', globbing=None,splitter=None,extra=None):
@@ -106,6 +106,7 @@
     def getLexicon(self):
         return self.lexicon
 
+    security.declareProtected(query_vocabulary, 'query')
     def query(self, pattern):
         """ """
         result = []
@@ -132,3 +133,5 @@
 
     def words(self):
         return self.lexicon._lexicon.items()
+
+InitializeClass(Vocabulary)

Modified: Zope/trunk/lib/python/Products/SiteAccess/VirtualHostMonster.py
===================================================================
--- Zope/trunk/lib/python/Products/SiteAccess/VirtualHostMonster.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/SiteAccess/VirtualHostMonster.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -4,6 +4,9 @@
 """
 
 from Globals import DTMLFile, MessageDialog, Persistent
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view as View
 from OFS.SimpleItem import Item
 from Acquisition import Implicit, aq_inner, aq_parent
 from ZPublisher import BeforeTraverse
@@ -24,15 +27,19 @@
     lines = ()
     have_map = 0
 
-    __ac_permissions__=(('View', ('manage_main',)),('Add Site Roots', ('manage_edit', 'set_map')))
+    security = ClassSecurityInfo()
 
     manage_options=({'label':'About', 'action':'manage_main'},
                     {'label':'Mappings', 'action':'manage_edit'})
 
+    security.declareProtected(View, 'manage_main')
     manage_main = DTMLFile('www/VirtualHostMonster', globals(),
                            __name__='manage_main')
+
+    security.declareProtected('Add Site Roots', 'manage_edit')
     manage_edit = DTMLFile('www/manage_edit', globals())
 
+    security.declareProtected('Add Site Roots', 'set_map')
     def set_map(self, map_text, RESPONSE=None):
         "Set domain to path mappings."
         lines = map_text.split('\n')
@@ -238,6 +245,9 @@
             request.setVirtualRoot([])
         return parents.pop() # He'll get put back on
 
+InitializeClass(VirtualHostMonster)
+
+
 def manage_addVirtualHostMonster(self, id, REQUEST=None, **ignored):
     """ """
     vhm = VirtualHostMonster()

Modified: Zope/trunk/lib/python/Products/StandardCacheManagers/AcceleratedHTTPCacheManager.py
===================================================================
--- Zope/trunk/lib/python/Products/StandardCacheManagers/AcceleratedHTTPCacheManager.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/StandardCacheManagers/AcceleratedHTTPCacheManager.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -21,8 +21,10 @@
 from OFS.Cache import Cache, CacheManager
 from OFS.SimpleItem import SimpleItem
 import time
-import Globals
+from Globals import InitializeClass
 from Globals import DTMLFile
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
 import urlparse, httplib
 from cgi import escape
 from urllib import quote
@@ -108,14 +110,8 @@
 class AcceleratedHTTPCacheManager (CacheManager, SimpleItem):
     ' '
 
-    __ac_permissions__ = (
-        ('View management screens', ('getSettings',
-                                     'manage_main',
-                                     'manage_stats',
-                                     'getCacheReport',
-                                     'sort_link')),
-        ('Change cache managers', ('manage_editProps',), ('Manager',)),
-        )
+    security = ClassSecurityInfo()
+    security.setPermissionDefault('Change cache managers', ('Manager',))
 
     manage_options = (
         {'label':'Properties', 'action':'manage_main',
@@ -138,7 +134,7 @@
         ' '
         return self.id
 
-    ZCacheManager_getCache__roles__ = ()
+    security.declarePrivate('ZCacheManager_getCache')
     def ZCacheManager_getCache(self):
         cacheid = self.__cacheid
         try:
@@ -149,12 +145,15 @@
             caches[cacheid] = cache
             return cache
 
+    security.declareProtected(view_management_screens, 'getSettings')
     def getSettings(self):
         ' '
         return self._settings.copy()  # Don't let DTML modify it.
 
+    security.declareProtected(view_management_screens, 'manage_main')
     manage_main = DTMLFile('dtml/propsAccel', globals())
 
+    security.declareProtected('Change cache managers', 'manage_editProps')
     def manage_editProps(self, title, settings=None, REQUEST=None):
         ' '
         if settings is None:
@@ -170,6 +169,7 @@
             return self.manage_main(
                 self, REQUEST, manage_tabs_message='Properties changed.')
 
+    security.declareProtected(view_management_screens, 'manage_stats')
     manage_stats = DTMLFile('dtml/statsAccel', globals())
 
     def _getSortInfo(self):
@@ -182,6 +182,7 @@
         sort_reverse = int(req.get('sort_reverse', 1))
         return sort_by, sort_reverse
 
+    security.declareProtected(view_management_screens, 'getCacheReport')
     def getCacheReport(self):
         """
         Returns the list of objects in the cache, sorted according to
@@ -201,6 +202,7 @@
                 rval.reverse()
         return rval
 
+    security.declareProtected(view_management_screens, 'sort_link')
     def sort_link(self, name, id):
         """
         Utility for generating a sort link.
@@ -215,7 +217,7 @@
         return '<a href="%s">%s</a>' % (escape(url, 1), escape(name))
 
 
-Globals.default__class_init__(AcceleratedHTTPCacheManager)
+InitializeClass(AcceleratedHTTPCacheManager)
 
 
 manage_addAcceleratedHTTPCacheManagerForm = DTMLFile('dtml/addAccel',

Modified: Zope/trunk/lib/python/Products/StandardCacheManagers/RAMCacheManager.py
===================================================================
--- Zope/trunk/lib/python/Products/StandardCacheManagers/RAMCacheManager.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/StandardCacheManagers/RAMCacheManager.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -23,8 +23,10 @@
 from thread import allocate_lock
 from cgi import escape
 import time
-import Globals
+from Globals import InitializeClass
 from Globals import DTMLFile
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
 
 try: from cPickle import Pickler, HIGHEST_PROTOCOL
 except: from pickle import Pickler, HIGHEST_PROTOCOL
@@ -347,14 +349,8 @@
     caching.
     """
 
-    __ac_permissions__ = (
-        ('View management screens', ('getSettings',
-                                     'manage_main',
-                                     'manage_stats',
-                                     'getCacheReport',
-                                     'sort_link',)),
-        ('Change cache managers', ('manage_editProps','manage_invalidate'), ('Manager',)),
-        )
+    security = ClassSecurityInfo()
+    security.setPermissionDefault('Change cache managers', ('Manager',))
 
     manage_options = (
         {'label':'Properties', 'action':'manage_main',
@@ -391,6 +387,7 @@
             caches[cacheid] = cache
             return cache
 
+    security.declareProtected(view_management_screens, 'getSettings')
     def getSettings(self):
         'Returns the current cache settings.'
         res = self._settings.copy()
@@ -398,8 +395,10 @@
             res['max_age'] = 0
         return res
 
+    security.declareProtected(view_management_screens, 'manage_main')
     manage_main = DTMLFile('dtml/propsRCM', globals())
 
+    security.declareProtected('Change cache managers', 'manage_editProps')
     def manage_editProps(self, title, settings=None, REQUEST=None):
         'Changes the cache settings.'
         if settings is None:
@@ -419,6 +418,7 @@
             return self.manage_main(
                 self, REQUEST, manage_tabs_message='Properties changed.')
 
+    security.declareProtected(view_management_screens, 'manage_stats')
     manage_stats = DTMLFile('dtml/statsRCM', globals())
 
     def _getSortInfo(self):
@@ -431,6 +431,7 @@
         sort_reverse = int(req.get('sort_reverse', 1))
         return sort_by, sort_reverse
 
+    security.declareProtected(view_management_screens, 'getCacheReport')
     def getCacheReport(self):
         """
         Returns the list of objects in the cache, sorted according to
@@ -446,6 +447,7 @@
                 rval.reverse()
         return rval
 
+    security.declareProtected(view_management_screens, 'sort_link')
     def sort_link(self, name, id):
         """
         Utility for generating a sort link.
@@ -458,6 +460,7 @@
         url = url + '&sort_reverse=' + (newsr and '1' or '0')
         return '<a href="%s">%s</a>' % (escape(url, 1), escape(name))
 
+    security.declareProtected('Change cache managers', 'manage_invalidate')
     def manage_invalidate(self, paths, REQUEST=None):
         """ ZMI helper to invalidate an entry """
         for path in paths:
@@ -472,7 +475,7 @@
             msg = 'Cache entries invalidated'
             return self.manage_stats(manage_tabs_message=msg)
 
-Globals.default__class_init__(RAMCacheManager)
+InitializeClass(RAMCacheManager)
 
 
 class _ByteCounter:

Modified: Zope/trunk/lib/python/Products/ZCatalog/ZCatalog.py
===================================================================
--- Zope/trunk/lib/python/Products/ZCatalog/ZCatalog.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/ZCatalog/ZCatalog.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -19,7 +19,7 @@
 import urllib, time, sys, string, logging
 
 from Globals import DTMLFile, MessageDialog
-import Globals
+from Globals import InitializeClass
 from OFS.Folder import Folder
 from OFS.ObjectManager import ObjectManager
 from DateTime import DateTime
@@ -27,6 +27,7 @@
 from Persistence import Persistent
 from DocumentTemplate.DT_Util import InstanceDict, TemplateDict
 from DocumentTemplate.DT_Util import Eval
+from AccessControl import ClassSecurityInfo
 from AccessControl.Permission import name_trans
 from AccessControl.DTML import RestrictedDTML
 from AccessControl.Permissions import \
@@ -86,6 +87,11 @@
     __implements__ = z2IZCatalog
     implements(z3IZCatalog)
 
+    security = ClassSecurityInfo()
+    security.setPermissionDefault(manage_zcatalog_entries, ('Manager',))
+    security.setPermissionDefault(manage_zcatalog_indexes, ('Manager',))
+    security.setPermissionDefault(search_zcatalog, ('Anonymous', 'Manager'))
+
     meta_type = "ZCatalog"
     icon='misc_/ZCatalog/ZCatalog.gif'
 
@@ -122,46 +128,30 @@
          'help': ('OFSP','Ownership.stx'),}
         )
 
-    __ac_permissions__=(
+    security.declareProtected(manage_zcatalog_entries, 'manage_main')
 
-        (manage_zcatalog_entries,
-         ['manage_catalogObject', 'manage_uncatalogObject',
-          'catalog_object', 'uncatalog_object', 'refreshCatalog',
+    security.declareProtected(search_zcatalog, 'all_meta_types')
 
-          'manage_catalogView', 'manage_catalogFind',
-          'manage_catalogSchema', 'manage_catalogIndexes',
-          'manage_catalogAdvanced', 'manage_objectInformation',
+    manage_catalogAddRowForm = DTMLFile('dtml/catalogAddRowForm', globals())
 
-          'manage_catalogReindex', 'manage_catalogFoundItems',
-          'manage_catalogClear', 'manage_addColumn', 'manage_delColumn',
-          'manage_addIndex', 'manage_delIndex', 'manage_clearIndex',
-          'manage_reindexIndex', 'manage_main', 'availableSplitters',
-          'manage_setProgress',
+    security.declareProtected(manage_zcatalog_entries, 'manage_catalogView')
+    manage_catalogView = DTMLFile('dtml/catalogView',globals())
 
-          # these two are deprecated:
-          'manage_delColumns', 'manage_deleteIndex'
-          ],
-         ['Manager']),
+    security.declareProtected(manage_zcatalog_entries, 'manage_catalogFind')
+    manage_catalogFind = DTMLFile('dtml/catalogFind',globals())
 
-        (search_zcatalog,
-         ['searchResults', '__call__', 'uniqueValuesFor',
-          'getpath', 'schema', 'indexes', 'index_objects',
-          'all_meta_types', 'valid_roles', 'resolve_url',
-          'getobject', 'search'],
-         ['Anonymous', 'Manager']),
+    security.declareProtected(manage_zcatalog_entries, 'manage_catalogSchema')
+    manage_catalogSchema = DTMLFile('dtml/catalogSchema', globals())
 
-        (manage_zcatalog_indexes,
-         ['getIndexObjects'],
-         ['Manager']),
-        )
+    security.declareProtected(manage_zcatalog_entries, 'manage_catalogIndexes')
+    manage_catalogIndexes = DTMLFile('dtml/catalogIndexes', globals())
 
+    security.declareProtected(manage_zcatalog_entries,
+                              'manage_catalogAdvanced')
+    manage_catalogAdvanced = DTMLFile('dtml/catalogAdvanced', globals())
 
-    manage_catalogAddRowForm = DTMLFile('dtml/catalogAddRowForm', globals())
-    manage_catalogView = DTMLFile('dtml/catalogView',globals())
-    manage_catalogFind = DTMLFile('dtml/catalogFind',globals())
-    manage_catalogSchema = DTMLFile('dtml/catalogSchema', globals())
-    manage_catalogIndexes = DTMLFile('dtml/catalogIndexes', globals())
-    manage_catalogAdvanced = DTMLFile('dtml/catalogAdvanced', globals())
+    security.declareProtected(manage_zcatalog_entries,
+                              'manage_objectInformation')
     manage_objectInformation = DTMLFile('dtml/catalogObjectInformation',
                                         globals())
 
@@ -224,6 +214,7 @@
             URL1 +
             '/manage_catalogAdvanced?manage_tabs_message=Catalog%20Changed')
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_catalogObject')
     def manage_catalogObject(self, REQUEST, RESPONSE, URL1, urls=None):
         """ index Zope object(s) that 'urls' point to """
         if urls:
@@ -242,6 +233,8 @@
             '/manage_catalogView?manage_tabs_message=Object%20Cataloged')
 
 
+    security.declareProtected(manage_zcatalog_entries,
+                              'manage_uncatalogObject')
     def manage_uncatalogObject(self, REQUEST, RESPONSE, URL1, urls=None):
         """ removes Zope object(s) 'urls' from catalog """
 
@@ -257,6 +250,7 @@
             '/manage_catalogView?manage_tabs_message=Object%20Uncataloged')
 
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_catalogReindex')
     def manage_catalogReindex(self, REQUEST, RESPONSE, URL1):
         """ clear the catalog, then re-index everything """
 
@@ -278,6 +272,7 @@
                          'Total CPU time: %s' % (`elapse`, `c_elapse`)))
 
 
+    security.declareProtected(manage_zcatalog_entries, 'refreshCatalog')
     def refreshCatalog(self, clear=0, pghandler=None):
         """ re-index everything we can find """
 
@@ -309,6 +304,7 @@
 
         if pghandler: pghandler.finish()
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_catalogClear')
     def manage_catalogClear(self, REQUEST=None, RESPONSE=None, URL1=None):
         """ clears the whole enchilada """
         self._catalog.clear()
@@ -319,6 +315,8 @@
               '/manage_catalogAdvanced?manage_tabs_message=Catalog%20Cleared')
 
 
+    security.declareProtected(manage_zcatalog_entries,
+                              'manage_catalogFoundItems')
     def manage_catalogFoundItems(self, REQUEST, RESPONSE, URL2, URL1,
                                  obj_metatypes=None,
                                  obj_ids=None, obj_searchterm=None,
@@ -364,6 +362,7 @@
             )
 
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_addColumn')
     def manage_addColumn(self, name, REQUEST=None, RESPONSE=None, URL1=None):
         """ add a column """
         self.addColumn(name)
@@ -374,6 +373,7 @@
                 '/manage_catalogSchema?manage_tabs_message=Column%20Added')
 
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_delColumns')
     def manage_delColumns(self, names, REQUEST=None, RESPONSE=None, URL1=None):
         """ Deprecated method. Use manage_delColumn instead. """
         # log a deprecation warning
@@ -392,6 +392,7 @@
                               URL1=URL1)
 
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_delColumn')
     def manage_delColumn(self, names, REQUEST=None, RESPONSE=None, URL1=None):
         """ delete a column or some columns """
         if isinstance(names, str):
@@ -406,6 +407,7 @@
                 '/manage_catalogSchema?manage_tabs_message=Column%20Deleted')
 
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_addIndex')
     def manage_addIndex(self, name, type, extra=None,
                         REQUEST=None, RESPONSE=None, URL1=None):
         """add an index """
@@ -417,6 +419,7 @@
                 '/manage_catalogIndexes?manage_tabs_message=Index%20Added')
 
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_deleteIndex')
     def manage_deleteIndex(self, ids=None, REQUEST=None, RESPONSE=None,
         URL1=None):
         """ Deprecated method. Use manage_delIndex instead. """
@@ -436,6 +439,7 @@
                              URL1=URL1)
 
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_delIndex')
     def manage_delIndex(self, ids=None, REQUEST=None, RESPONSE=None,
         URL1=None):
         """ delete an index or some indexes """
@@ -456,6 +460,7 @@
                 '/manage_catalogIndexes?manage_tabs_message=Index%20Deleted')
 
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_clearIndex')
     def manage_clearIndex(self, ids=None, REQUEST=None, RESPONSE=None,
         URL1=None):
         """ clear an index or some indexes """
@@ -524,6 +529,7 @@
         if pghandler:
             pghandler.finish()
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_reindexIndex')
     def manage_reindexIndex(self, ids=None, REQUEST=None, RESPONSE=None,
                             URL1=None):
         """Reindex indexe(s) from a ZCatalog"""
@@ -543,11 +549,13 @@
                 '?manage_tabs_message=Reindexing%20Performed')
 
 
+    security.declareProtected(manage_zcatalog_entries, 'availableSplitters')
     def availableSplitters(self):
         """ splitter we can add """
         return Splitter.availableSplitters
 
 
+    security.declareProtected(manage_zcatalog_entries, 'catalog_object')
     def catalog_object(self, obj, uid=None, idxs=None, update_metadata=1, pghandler=None):
         """ wrapper around catalog """
 
@@ -593,14 +601,17 @@
                 if pghandler:
                     pghandler.info('commiting subtransaction')
 
+    security.declareProtected(manage_zcatalog_entries, 'uncatalog_object')
     def uncatalog_object(self, uid):
         """Wrapper around catalog """
         self._catalog.uncatalogObject(uid)
 
+    security.declareProtected(search_zcatalog, 'uniqueValuesFor')
     def uniqueValuesFor(self, name):
         """Return the unique values for a given FieldIndex """
         return self._catalog.uniqueValuesFor(name)
 
+    security.declareProtected(search_zcatalog, 'getpath')
     def getpath(self, rid):
         """Return the path to a cataloged object given a 'data_record_id_'
         """
@@ -611,6 +622,7 @@
         """
         return self._catalog.uids.get(path, default)
 
+    security.declareProtected(search_zcatalog, 'getobject')
     def getobject(self, rid, REQUEST=None):
         """Return a cataloged object given a 'data_record_id_'
         """
@@ -639,17 +651,21 @@
         """return the current index contents for the specific rid"""
         return self._catalog.getIndexDataForRID(rid)
 
+    security.declareProtected(search_zcatalog, 'schema')
     def schema(self):
         return self._catalog.schema.keys()
 
+    security.declareProtected(search_zcatalog, 'indexes')
     def indexes(self):
         return self._catalog.indexes.keys()
 
+    security.declareProtected(search_zcatalog, 'index_objects')
     def index_objects(self):
         # This method returns unwrapped indexes!
         # You should probably use getIndexObjects instead
         return self._catalog.indexes.values()
 
+    security.declareProtected(manage_zcatalog_indexes, 'getIndexObjects')
     def getIndexObjects(self):
         # Return a list of wrapped(!) indexes
         getIndex = self._catalog.getIndex
@@ -677,6 +693,7 @@
                   'width': 8})
         return r
 
+    security.declareProtected(search_zcatalog, 'searchResults')
     def searchResults(self, REQUEST=None, used=None, **kw):
         """Search the catalog
 
@@ -688,8 +705,10 @@
 
         return self._catalog.searchResults(REQUEST, used, **kw)
 
+    security.declareProtected(search_zcatalog, '__call__')
     __call__=searchResults
 
+    security.declareProtected(search_zcatalog, 'search')
     def search(
         self, query_request, sort_index=None, reverse=0, limit=None, merge=1):
         """Programmatic search interface, use for searching the catalog from
@@ -720,6 +739,7 @@
     #        except AttributeError:  pass
     #    return self.meta_types+Products.meta_types+pmt
 
+    security.declareProtected(search_zcatalog, 'valid_roles')
     def valid_roles(self):
         "Return list of valid roles"
         obj=self
@@ -838,6 +858,7 @@
 
         return result
 
+    security.declareProtected(search_zcatalog, 'resolve_url')
     def resolve_url(self, path, REQUEST):
         """
         Attempt to resolve a url into an object in the Zope
@@ -902,6 +923,7 @@
                   '%s unchanged.' % (len(fixed), len(removed), unchanged),
           action='./manage_main')
 
+    security.declareProtected(manage_zcatalog_entries, 'manage_setProgress')
     def manage_setProgress(self, pgthreshold=0, RESPONSE=None, URL1=None):
         """Set parameter to perform logging of reindexing operations very 
            'pgthreshold' objects
@@ -1026,7 +1048,7 @@
         return self._catalog.delColumn(name)
 
 
-Globals.default__class_init__(ZCatalog)
+InitializeClass(ZCatalog)
 
 
 def p_name(name):

Modified: Zope/trunk/lib/python/Products/ZSQLMethods/SQL.py
===================================================================
--- Zope/trunk/lib/python/Products/ZSQLMethods/SQL.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/ZSQLMethods/SQL.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,6 +18,9 @@
 
 import Shared.DC.ZRDB.DA
 from Globals import DTMLFile
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import change_database_methods
 from webdav.WriteLockInterface import WriteLockInterface
 
 def SQLConnectionIDs(self):
@@ -120,12 +123,11 @@
     __implements__ = (WriteLockInterface,)
     meta_type='Z SQL Method'
 
+    security = ClassSecurityInfo()
+
+    security.declareProtected(change_database_methods, 'manage')
+    security.declareProtected(change_database_methods, 'manage_main')
     manage=manage_main=DTMLFile('dtml/edit', globals())
     manage_main._setName('manage_main')
 
-    __ac_permissions__=(
-        ('Change Database Methods', ('manage', 'manage_main')),
-    )
-
-import Globals
-Globals.InitializeClass(SQL)
+InitializeClass(SQL)

Modified: Zope/trunk/lib/python/Shared/DC/Scripts/Bindings.py
===================================================================
--- Zope/trunk/lib/python/Shared/DC/Scripts/Bindings.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Shared/DC/Scripts/Bindings.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -13,8 +13,10 @@
 
 __version__='$Revision$'[11:-2]
 
-import Globals
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from AccessControl import getSecurityManager
+from AccessControl.Permissions import view_management_screens
 from AccessControl.PermissionRole import _what_not_even_god_should_do
 from AccessControl.ZopeGuards import guarded_getattr
 from Persistence import Persistent
@@ -190,18 +192,17 @@
 
 class Bindings:
 
-    __ac_permissions__ = (
-        ('View management screens', ('getBindingAssignments',)),
-        ('Change bindings', ('ZBindings_edit', 'ZBindings_setClient')),
-        )
+    security = ClassSecurityInfo()
 
     _Bindings_client = None
 
+    security.declareProtected('Change bindings', 'ZBindings_edit')
     def ZBindings_edit(self, mapping):
         names = self._setupBindings(mapping)
         self._prepareBindCode()
         self._editedBindings()
 
+    security.declareProtected('Change bindings', 'ZBindings_setClient')
     def ZBindings_setClient(self, clientname):
         '''Name the binding to be used as the "client".
 
@@ -217,6 +218,7 @@
         self._bind_names = names = NameAssignments(names)
         return names
 
+    security.declareProtected(view_management_screens, 'getBindingAssignments')
     def getBindingAssignments(self):
         if not hasattr(self, '_bind_names'):
             self._setupBindings()
@@ -348,3 +350,5 @@
             return self._exec(bound_data, args, kw)
         finally:
             security.removeContext(self)
+
+InitializeClass(Bindings)

Modified: Zope/trunk/lib/python/Shared/DC/Scripts/BindingsUI.py
===================================================================
--- Zope/trunk/lib/python/Shared/DC/Scripts/BindingsUI.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Shared/DC/Scripts/BindingsUI.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -14,23 +14,26 @@
 __version__='$Revision$'[11:-2]
 
 import Globals
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
 from Bindings import Bindings
 
 class BindingsUI(Bindings):
 
+    security = ClassSecurityInfo()
+
     manage_options = (
         {'label':'Bindings',
          'action':'ZBindingsHTML_editForm',
          'help':('PythonScripts', 'Bindings.stx')},
         )
 
-    __ac_permissions__ = (
-        ('View management screens', ('ZBindingsHTML_editForm',)),
-        ('Change bindings', ('ZBindingsHTML_editAction',)),
-        )
-
+    security.declareProtected(view_management_screens,
+                              'ZBindingsHTML_editForm')
     ZBindingsHTML_editForm = Globals.DTMLFile('dtml/scriptBindings', globals())
 
+    security.declareProtected('Change bindings', 'ZBindingsHTML_editAction')
     def ZBindingsHTML_editAction(self, REQUEST):
         '''Changes binding names.
         '''
@@ -38,4 +41,4 @@
         message = "Bindings changed."
         return self.manage_main(self, REQUEST, manage_tabs_message=message)
 
-Globals.default__class_init__(BindingsUI)
+InitializeClass(BindingsUI)

Modified: Zope/trunk/lib/python/Shared/DC/Scripts/Script.py
===================================================================
--- Zope/trunk/lib/python/Shared/DC/Scripts/Script.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Shared/DC/Scripts/Script.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,7 +18,10 @@
 
 __version__='$Revision$'[11:-2]
 
+from Globals import InitializeClass
 from Globals import DTMLFile
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
 from OFS.SimpleItem import SimpleItem
 from string import join
 from urllib import quote
@@ -34,17 +37,17 @@
     """Web-callable script mixin
     """
 
+    security = ClassSecurityInfo()
+
     index_html = None
     func_defaults=()
     func_code=None
 
     _Bindings_ns_class = TemplateDict
 
-    __ac_permissions__ = (
-        ('View management screens', ('ZScriptHTML_tryForm',)),
-        )
+    security.declareProtected(view_management_screens, 'ZScriptHTML_tryForm')
+    ZScriptHTML_tryForm = DTMLFile('dtml/scriptTry', globals())
 
-    ZScriptHTML_tryForm = DTMLFile('dtml/scriptTry', globals())
     def ZScriptHTML_tryAction(self, REQUEST, argvars):
         """Apply the test parameters.
         """
@@ -55,3 +58,5 @@
         raise Redirect, "%s?%s" % (REQUEST['URL1'], join(vv, '&'))
 
     from Signature import _setFuncSignature
+
+InitializeClass(Script)

Modified: Zope/trunk/lib/python/Shared/DC/ZRDB/Connection.py
===================================================================
--- Zope/trunk/lib/python/Shared/DC/ZRDB/Connection.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Shared/DC/ZRDB/Connection.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -19,6 +19,12 @@
 from DateTime import DateTime
 from App.Dialogs import MessageDialog
 from Globals import DTMLFile
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import change_database_connections
+from AccessControl.Permissions import test_database_connections
+from AccessControl.Permissions import open_close_database_connection
 from string import find, join, split
 from Aqueduct import custom_default_report
 from cStringIO import StringIO
@@ -36,6 +42,8 @@
     Acquisition.Implicit,
     ):
 
+    security = ClassSecurityInfo()
+
     # Specify definitions for tabs:
     manage_options=(
         (
@@ -47,15 +55,6 @@
         +OFS.SimpleItem.Item.manage_options
         )
 
-    # Specify how individual operations add up to "permissions":
-    __ac_permissions__=(
-        ('View management screens', ('manage_main',)),
-        ('Change Database Connections', ('manage_edit',)),
-        ('Test Database Connections', ('manage_testForm','manage_test')),
-        ('Open/Close Database Connection',
-         ('manage_open_connection', 'manage_close_connection')),
-        )
-
     _v_connected=''
     connection_string=''
 
@@ -97,6 +96,8 @@
         if check: self.connect(connection_string)
 
     manage_properties=DTMLFile('dtml/connectionEdit', globals())
+
+    security.declareProtected(change_database_connections, 'manage_edit')
     def manage_edit(self, title, connection_string, check=None, REQUEST=None):
         """Change connection
         """
@@ -108,7 +109,10 @@
                 action ='./manage_main',
                 )
 
+    security.declareProtected(test_database_connections, 'manage_testForm')
     manage_testForm=DTMLFile('dtml/connectionTestForm', globals())
+
+    security.declareProtected(test_database_connections, 'manage_test')
     def manage_test(self, query, REQUEST=None):
         "Executes the SQL in parameter 'query' and returns results"
         dbc=self()      #get our connection
@@ -142,8 +146,11 @@
         return report
 
 
+    security.declareProtected(view_management_screens, 'manage_main')
     manage_main=DTMLFile('dtml/connectionStatus', globals())
 
+    security.declareProtected(open_close_database_connection,
+                              'manage_close_connection')
     def manage_close_connection(self, REQUEST=None):
         " "
         try: 
@@ -158,6 +165,8 @@
         if REQUEST is not None:
             return self.manage_main(self, REQUEST)
 
+    security.declareProtected(open_close_database_connection,
+                              'manage_open_connection')
     def manage_open_connection(self, REQUEST=None):
         " "
         self.connect(self.connection_string)
@@ -193,3 +202,5 @@
     def sql_quote__(self, v):
         if find(v,"\'") >= 0: v=join(split(v,"\'"),"''")
         return "'%s'" % v
+
+InitializeClass(Connection)

Modified: Zope/trunk/lib/python/Shared/DC/ZRDB/DA.py
===================================================================
--- Zope/trunk/lib/python/Shared/DC/ZRDB/DA.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Shared/DC/ZRDB/DA.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -34,7 +34,12 @@
 from cPickle import dumps, loads
 from Results import Results
 from App.Extensions import getBrain
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from AccessControl import getSecurityManager
+from AccessControl.Permissions import change_database_methods
+from AccessControl.Permissions import use_database_methods
+from AccessControl.Permissions import view_management_screens
 from AccessControl.DTML import RestrictedDTML
 from webdav.Resource import Resource
 from webdav.Lockable import ResourceLockedError
@@ -73,6 +78,11 @@
     ):
     'Database Adapter'
 
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(use_database_methods)
+    security.setPermissionDefault(use_database_methods,
+                                  ('Anonymous', 'Manager'))
+
     _col=None
     max_rows_=1000
     cache_time_=0
@@ -96,27 +106,14 @@
         +OFS.SimpleItem.Item.manage_options
         )
 
-    # Specify how individual operations add up to "permissions":
-    __ac_permissions__=(
-        ('View management screens',
-         (
-        'index_html',
-        'manage_advancedForm', 'PrincipiaSearchSource', 'document_src'
-        )),
-        ('Change Database Methods',
-         ('manage_edit','manage_advanced', 'manage_testForm','manage_test',
-          'manage_product_zclass_info', 'PUT')),
-        ('Use Database Methods', ('__call__',''), ('Anonymous','Manager')),
-        )
-
-
     def __init__(self, id, title, connection_id, arguments, template):
         self.id=str(id)
         self.manage_edit(title, connection_id, arguments, template)
 
+    security.declareProtected(view_management_screens, 'manage_advancedForm')
     manage_advancedForm=DTMLFile('dtml/advanced', globals())
 
-    test_url___roles__=None
+    security.declarePublic('test_url')
     def test_url_(self):
         'Method for testing server connection information'
         return 'PING'
@@ -148,6 +145,7 @@
                                 arguments_src=arguments,
                                 connection_id=connection_id, src=template)
 
+    security.declareProtected(change_database_methods, 'manage_edit')
     def manage_edit(self,title,connection_id,arguments,template,
                     SUBMIT='Change', dtpref_cols='100%', dtpref_rows='20',
                     REQUEST=None):
@@ -189,6 +187,7 @@
         return ''
 
 
+    security.declareProtected(change_database_methods, 'manage_advanced')
     def manage_advanced(self, max_rows, max_cache, cache_time,
                         class_name, class_file, direct=None,
                         REQUEST=None, zclass='', connection_hook=None):
@@ -256,6 +255,7 @@
     #    """Return content for use by the Find machinery."""
     #    return '%s\n%s' % (self.arguments_src, self.src)
 
+    security.declareProtected(view_management_screens, 'PrincipiaSearchSource')
     def PrincipiaSearchSource(self):
         """Return content for use by the Find machinery."""
         return '%s\n%s' % (self.arguments_src, self.src)
@@ -265,6 +265,7 @@
 
     default_content_type = 'text/plain'
 
+    security.declareProtected(view_management_screens, 'document_src')
     def document_src(self, REQUEST=None, RESPONSE=None):
         """Return unprocessed document source."""
         if RESPONSE is not None:
@@ -278,6 +279,7 @@
 
     def get_size(self): return len(self.document_src())
 
+    security.declareProtected(change_database_methods, 'PUT')
     def PUT(self, REQUEST, RESPONSE):
         """Handle put requests"""
         self.dav__init(REQUEST, RESPONSE)
@@ -297,6 +299,7 @@
         return RESPONSE
 
 
+    security.declareProtected(change_database_methods, 'manage_testForm')
     def manage_testForm(self, REQUEST):
         " "
         input_src=default_input_form(self.title_or_id(),
@@ -304,6 +307,7 @@
                                      '<dtml-var manage_tabs>')
         return DocumentTemplate.HTML(input_src)(self, REQUEST, HTTP_REFERER='')
 
+    security.declareProtected(change_database_methods, 'manage_test')
     def manage_test(self, REQUEST):
         """Test an SQL method."""
         # Try to render the query template first so that the rendered
@@ -344,6 +348,7 @@
 
         finally: tb=None
 
+    security.declareProtected(view_management_screens, 'index_html')
     def index_html(self, REQUEST):
         """ """
         REQUEST.RESPONSE.redirect("%s/manage_testForm" % REQUEST['URL1'])
@@ -388,6 +393,7 @@
 
         return result
 
+    security.declareProtected(use_database_methods, '__call__')
     def __call__(self, REQUEST=None, __ick__=None, src__=0, test__=0, **kw):
         """Call the database method
 
@@ -500,6 +506,8 @@
         return getattr(getattr(self, self.connection_id), 'connected')()
 
 
+    security.declareProtected(change_database_methods,
+                              'manage_product_zclass_info')
     def manage_product_zclass_info(self):
         r=[]
         Z=self._zclass
@@ -517,12 +525,10 @@
 
         return r
 
+InitializeClass(DA)
 
 
-Globals.default__class_init__(DA)
 
-
-
 ListType=type([])
 class Traverse(ExtensionClass.Base):
     """Helper class for 'traversing' searches during URL traversal
@@ -586,4 +592,3 @@
     #__implements__ = ITracebackSupplement
     def __init__(self, sql):
         self.object = sql
-

Modified: Zope/trunk/lib/python/Testing/ZopeTestCase/ZopeLite.py
===================================================================
--- Zope/trunk/lib/python/Testing/ZopeTestCase/ZopeLite.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Testing/ZopeTestCase/ZopeLite.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -153,7 +153,7 @@
                                 get_folder_permissions(), raise_exc=1)
                 _installedProducts[product_name] = 1
                 Products.meta_types = Products.meta_types + tuple(meta_types)
-                Globals.default__class_init__(Folder)
+                Globals.InitializeClass(Folder)
                 if not quiet: _print('done (%.3fs)\n' % (time.time() - start))
                 break
         else:

Modified: Zope/trunk/lib/python/ZClasses/Property.py
===================================================================
--- Zope/trunk/lib/python/ZClasses/Property.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/ZClasses/Property.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -17,7 +17,12 @@
 
 import OFS.PropertySheets, Globals, OFS.SimpleItem, OFS.PropertyManager
 import Acquisition
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from AccessControl.Permission import pname
+from AccessControl.Permissions import manage_zclasses
+from AccessControl.Permissions import manage_properties
+from AccessControl.Permissions import access_contents_information
 
 class ClassCaretaker:
     def __init__(self, klass): self.__dict__['_k']=klass
@@ -48,10 +53,11 @@
          'help':('OFSP','Security_Define-Permissions.stx')},
         )
 
-    __ac_permissions__=(
-        ('Manage Z Classes', ('', 'manage')),
-        )
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(manage_zclasses)
 
+    security.declareProtected(manage_zclasses, 'manage')
+
     def __init__(self, id, title):
         self.id=id
         self.title=title
@@ -238,8 +244,9 @@
                 self, REQUEST,
                 manage_tabs_message='The permission mapping has been updated')
 
-Globals.default__class_init__(ZCommonSheet)
+InitializeClass(ZCommonSheet)
 
+
 property_sheet_permissions=(
     # 'Access contents information',
     'Manage properties',
@@ -250,27 +257,29 @@
                     ):
     "Waaa this is too hard"
 
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(access_contents_information)
+
+    security.declareProtected(access_contents_information, 'hasProperty')
+    security.declareProtected(access_contents_information, 'propertyIds')
+    security.declareProtected(access_contents_information, 'propertyValues')
+    security.declareProtected(access_contents_information, 'propertyItems')
+    security.declareProtected(access_contents_information, 'propertyMap')
+    security.declareProtected(manage_properties, 'manage')
+    security.declareProtected(manage_properties, 'manage_addProperty')
+    security.declareProtected(manage_properties, 'manage_editProperties')
+    security.declareProtected(manage_properties, 'manage_delProperties')
+    security.declareProtected(manage_properties, 'manage_changeProperties')
+
     _Manage_properties_Permission='_Manage_properties_Permission'
     _Access_contents_information_Permission='_View_Permission'
 
-    __ac_permissions__=(
-        ('Manage properties', ('manage_addProperty',
-                               'manage_editProperties',
-                               'manage_delProperties',
-                               'manage_changeProperties',
-                               'manage',
-                               )),
-        ('Access contents information', ('hasProperty', 'propertyIds',
-                                         'propertyValues','propertyItems',
-                                         'propertyMap', ''),
-         ),
-        )
-
     def v_self(self):
         return self.aq_inner.aq_parent.aq_parent
 
-Globals.default__class_init__(ZInstanceSheet)
+InitializeClass(ZInstanceSheet)
 
+
 def rclass(klass):
     if not getattr(klass, '_p_changed', 0) and klass._p_jar is not None:
         transaction.get().register(klass)
@@ -348,5 +357,4 @@
             r.append(getattr(self, id))
         return propsets+tuple(r)
 
-
-Globals.default__class_init__(ZInstanceSheets)
+InitializeClass(ZInstanceSheets)

Modified: Zope/trunk/lib/python/ZClasses/ZClass.py
===================================================================
--- Zope/trunk/lib/python/ZClasses/ZClass.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/ZClasses/ZClass.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -13,7 +13,10 @@
 """Zope Classes
 """
 import Globals,  OFS.SimpleItem, OFS.PropertySheets, Products
+from Globals import InitializeClass
 import Method, Basic, Property, AccessControl.Role, re
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import create_class_instances
 
 from ZPublisher.mapply import mapply
 from ExtensionClass import Base
@@ -220,10 +223,8 @@
     __propsets__=()
     isPrincipiaFolderish=1
 
-    __ac_permissions__=(
-        ('Create class instances',
-         ('', '__call__', 'index_html', 'createInObjectManager')),
-        )
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(create_class_instances)
 
     def __init__(self, id, title, bases, zope_object=1):
         """Build a Zope class
@@ -343,7 +344,7 @@
 
         return '*'+id
 
-    changeClassId__roles__ = ()  # Private
+    security.declarePrivate('changeClassId')
     def changeClassId(self, newid=None):
         if newid is None: newid=self._new_class_id()
         self._unregister()
@@ -442,6 +443,7 @@
 
     manage_options=ComputedAttribute(manage_options)
 
+    security.declareProtected(create_class_instances, 'createInObjectManager')
     def createInObjectManager(self, id, REQUEST, RESPONSE=None):
         """
         Create Z instance. If called with a RESPONSE,
@@ -470,6 +472,7 @@
         else:
             return folder._getOb(id)
 
+    security.declareProtected(create_class_instances, 'index_html')
     index_html=createInObjectManager
 
     def fromRequest(self, id=None, REQUEST={}):
@@ -487,6 +490,7 @@
                 i.id = id
         return i
 
+    security.declareProtected(create_class_instances, '__call__')
     def __call__(self, *args, **kw):
         return apply(self._zclass_, args, kw)
 
@@ -511,7 +515,7 @@
         r.sort()
         return r
 
-    getClassAttr__roles__ = ()  # Private
+    security.declarePrivate('getClassAttr')
     def getClassAttr(self, name, default=_marker, inherit=0):
         if default is _marker:
             if inherit: return getattr(self._zclass_, name)
@@ -521,7 +525,7 @@
             else: return self._zclass_.__dict__[name]
         except: return default
 
-    setClassAttr__roles__ = ()  # Private
+    security.declarePrivate('setClassAttr')
     def setClassAttr(self, name, value):
         c=self._zclass_
         setattr(c, name, value)
@@ -529,7 +533,7 @@
             transaction.get().register(c)
             c._p_changed=1
 
-    delClassAttr__roles__ = ()  # Private
+    security.declarePrivate('delClassAttr')
     def delClassAttr(self, name):
         c=self._zclass_
         delattr(c, name)
@@ -559,12 +563,11 @@
         return (self.classDefinedPermissions()+
                 self.classInheritedPermissions())
 
+    security.declarePublic('ziconImage')
     def ziconImage(self, REQUEST, RESPONSE):
         "Display a class icon"
         return self._zclass_.ziconImage.index_html(REQUEST, RESPONSE)
 
-    ziconImage__roles__=None
-
     def tpValues(self):
         return self.propertysheets.common, self.propertysheets.methods
 
@@ -619,6 +622,9 @@
                     values.remove( value )
         return values
 
+InitializeClass(ZClass)
+
+
 class ZClassSheets(OFS.PropertySheets.PropertySheets):
     "Manage a collection of property sheets that provide ZClass management"
 

Modified: Zope/trunk/lib/python/ZClasses/ZClassOwner.py
===================================================================
--- Zope/trunk/lib/python/ZClasses/ZClassOwner.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/ZClasses/ZClassOwner.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -13,6 +13,7 @@
 """Zope Classes
 """
 import ExtensionClass, Globals, ZClass, Products
+from Globals import InitializeClass
 
 def manage_subclassableClassNames(self):
     r={}
@@ -43,5 +44,4 @@
 
     manage_subclassableClassNames=manage_subclassableClassNames
 
-
-Globals.default__class_init__(ZClassOwner)
+InitializeClass(ZClassOwner)

Modified: Zope/trunk/lib/python/webdav/Collection.py
===================================================================
--- Zope/trunk/lib/python/webdav/Collection.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/webdav/Collection.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -17,7 +17,7 @@
 
 from urllib import unquote
 
-import Globals
+from Globals import InitializeClass
 from AccessControl import getSecurityManager
 from zExceptions import MethodNotAllowed, NotFound
 from zope.interface import implements
@@ -142,4 +142,4 @@
             return objectValues()
         return []
 
-Globals.default__class_init__(Collection)
+InitializeClass(Collection)

Modified: Zope/trunk/lib/python/webdav/NullResource.py
===================================================================
--- Zope/trunk/lib/python/webdav/NullResource.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/webdav/NullResource.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,9 +18,14 @@
 import sys
 
 import Acquisition, OFS.content_types
-import Globals
+from Globals import InitializeClass
 import OFS.SimpleItem
 from AccessControl import getSecurityManager
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view as View
+from AccessControl.Permissions import add_folders
+from AccessControl.Permissions import webdav_lock_items
+from AccessControl.Permissions import webdav_unlock_items
 from Globals import Persistent, DTMLFile
 from OFS.CopySupport import CopyError
 from zExceptions import MethodNotAllowed
@@ -43,11 +48,7 @@
     __implements__ = (WriteLockInterface,)
     __null_resource__=1
 
-    __ac_permissions__=(
-        ('View',                             ('HEAD',)),
-        ('Add Folders',                      ('MKCOL',)),
-        ('WebDAV Lock items',                ('LOCK',)),
-    )
+    security = ClassSecurityInfo()
 
     def __init__(self, parent, name, request=None):
         self.__name__=name
@@ -64,6 +65,7 @@
             raise Conflict, 'Collection ancestors must already exist.'
         raise NotFound, 'The requested resource was not found.'
 
+    security.declareProtected(View, 'HEAD')
     def HEAD(self, REQUEST, RESPONSE):
         """Retrieve resource information without a response message body."""
         self.dav__init(REQUEST, RESPONSE)
@@ -89,7 +91,7 @@
             ob=File(name, '', body, content_type=typ)
         return ob
 
-    PUT__roles__ = ('Anonymous',)
+    security.declarePublic('PUT')
     def PUT(self, REQUEST, RESPONSE):
         """Create a new non-collection resource.
         """
@@ -166,6 +168,7 @@
         RESPONSE.setBody('')
         return RESPONSE
 
+    security.declareProtected(add_folders, 'MKCOL')
     def MKCOL(self, REQUEST, RESPONSE):
         """Create a new collection resource."""
         self.dav__init(REQUEST, RESPONSE)
@@ -201,6 +204,7 @@
         RESPONSE.setBody('')
         return RESPONSE
 
+    security.declareProtected(webdav_lock_items, 'LOCK')
     def LOCK(self, REQUEST, RESPONSE):
         """ LOCK on a Null Resource makes a LockNullResource instance """
         self.dav__init(REQUEST, RESPONSE)
@@ -252,10 +256,9 @@
             RESPONSE.setHeader('Lock-Token', 'opaquelocktoken:' + token)
             RESPONSE.setBody(lock.asXML())
 
+InitializeClass(NullResource)
 
-Globals.default__class_init__(NullResource)
 
-
 class LockNullResource(NullResource, OFS.SimpleItem.Item_w__name__):
     """ A Lock-Null Resource is created when a LOCK command is succesfully
     executed on a NullResource, essentially locking the Name.  A PUT or
@@ -266,17 +269,14 @@
     __locknull_resource__ = 1
     meta_type = 'WebDAV LockNull Resource'
 
-    __ac_permissions__ = (
-        ('WebDAV Unlock items',              ('UNLOCK',)),
-        ('View',                             ('manage_main',
-                                              'manage_workspace', 'manage')),
-        ('Add Folders',                      ('MKCOL',)),
-        ('WebDAV Lock items',                ('LOCK',)),
-        )
+    security = ClassSecurityInfo()
 
     manage_options = ({'label': 'Info', 'action': 'manage_main'},)
 
+    security.declareProtected(View, 'manage')
+    security.declareProtected(View, 'manage_main')
     manage = manage_main = DTMLFile('dtml/locknullmain', globals())
+    security.declareProtected(View, 'manage_workspace')
     manage_workspace = manage
     manage_main._setName('manage_main')  # explicit
 
@@ -291,7 +291,7 @@
         self.id = self.__name__ = name
         self.title = "LockNull Resource '%s'" % name
 
-    title_or_id__roles__=None
+    security.declarePublic('title_or_id')
     def title_or_id(self):
         return 'Foo'
 
@@ -299,6 +299,7 @@
         """Retrieve properties defined on the resource."""
         return Resource.PROPFIND(self, REQUEST, RESPONSE)
 
+    security.declareProtected(webdav_lock_items, 'LOCK')
     def LOCK(self, REQUEST, RESPONSE):
         """ A Lock command on a LockNull resource should only be a
         refresh request (one without a body) """
@@ -336,6 +337,7 @@
         return RESPONSE
 
 
+    security.declareProtected(webdav_unlock_items, 'UNLOCK')
     def UNLOCK(self, REQUEST, RESPONSE):
         """ Unlocking a Null Resource removes it from its parent """
         self.dav__init(REQUEST, RESPONSE)
@@ -362,7 +364,7 @@
             RESPONSE.setStatus(204)
         return RESPONSE
 
-    PUT__roles__ = ('Anonymous',)
+    security.declarePublic('PUT')
     def PUT(self, REQUEST, RESPONSE):
         """ Create a new non-collection resource, deleting the LockNull
         object from the container before putting the new object in. """
@@ -437,6 +439,7 @@
         RESPONSE.setBody('')
         return RESPONSE
 
+    security.declareProtected(add_folders, 'MKCOL')
     def MKCOL(self, REQUEST, RESPONSE):
         """ Create a new Collection (folder) resource.  Since this is being
         done on a LockNull resource, this also involves removing the LockNull
@@ -484,4 +487,4 @@
         RESPONSE.setBody('')
         return RESPONSE
 
-Globals.default__class_init__(LockNullResource)
+InitializeClass(LockNullResource)

Modified: Zope/trunk/lib/python/webdav/Resource.py
===================================================================
--- Zope/trunk/lib/python/webdav/Resource.py	2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/webdav/Resource.py	2005-11-21 16:54:03 UTC (rev 40300)
@@ -20,8 +20,15 @@
 from urllib import unquote
 
 import ExtensionClass
-import Globals
+from Globals import InitializeClass
 from AccessControl import getSecurityManager
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import delete_objects
+from AccessControl.Permissions import manage_properties
+from AccessControl.Permissions import view as View
+from AccessControl.Permissions import webdav_lock_items
+from AccessControl.Permissions import webdav_unlock_items
+from AccessControl.Permissions import webdav_access
 from Acquisition import aq_base
 from zExceptions import BadRequest, MethodNotAllowed
 from zExceptions import Unauthorized, Forbidden
@@ -56,16 +63,8 @@
                       'MOVE', 'LOCK', 'UNLOCK',
                       )
 
-    __ac_permissions__=(
-        ('View',                             ('HEAD',)),
-        ('WebDAV access',                    ('PROPFIND', 'manage_DAVget',
-                                              'listDAVObjects'),
-         ('Authenticated', 'Manager')),
-        ('Manage properties',                ('PROPPATCH',)),
-        ('Delete objects',                   ('DELETE',)),
-        ('WebDAV Lock items',                ('LOCK',)),
-        ('WebDAV Unlock items',              ('UNLOCK',)),
-    )
+    security = ClassSecurityInfo()
+    security.setPermissionDefault(webdav_access, ('Authenticated', 'Manager'))
 
     def dav__init(self, request, response):
         # Init expected HTTP 1.1 / WebDAV headers which are not
@@ -158,6 +157,7 @@
 
 
     # WebDAV class 1 support
+    security.declareProtected(View, 'HEAD')
     def HEAD(self, REQUEST, RESPONSE):
         """Retrieve resource information without a response body."""
         self.dav__init(REQUEST, RESPONSE)
@@ -197,7 +197,7 @@
         self.dav__init(REQUEST, RESPONSE)
         raise MethodNotAllowed, 'Method not supported for this resource.'
 
-    OPTIONS__roles__=None
+    security.declarePublic('OPTIONS')
     def OPTIONS(self, REQUEST, RESPONSE):
         """Retrieve communication options."""
         self.dav__init(REQUEST, RESPONSE)
@@ -207,7 +207,7 @@
         RESPONSE.setStatus(200)
         return RESPONSE
 
-    TRACE__roles__=None
+    security.declarePublic('TRACE')
     def TRACE(self, REQUEST, RESPONSE):
         """Return the HTTP message received back to the client as the
         entity-body of a 200 (OK) response. This will often usually
@@ -218,6 +218,7 @@
         self.dav__init(REQUEST, RESPONSE)
         raise MethodNotAllowed, 'Method not supported for this resource.'
 
+    security.declareProtected(delete_objects, 'DELETE')
     def DELETE(self, REQUEST, RESPONSE):
         """Delete a resource. For non-collection resources, DELETE may
         return either 200 or 204 (No Content) to indicate success."""
@@ -256,6 +257,7 @@
 
         return RESPONSE
 
+    security.declareProtected(webdav_access, 'PROPFIND')
     def PROPFIND(self, REQUEST, RESPONSE):
         """Retrieve properties defined on the resource."""
         self.dav__init(REQUEST, RESPONSE)
@@ -273,6 +275,7 @@
         RESPONSE.setBody(result)
         return RESPONSE
 
+    security.declareProtected(manage_properties, 'PROPPATCH')
     def PROPPATCH(self, REQUEST, RESPONSE):
         """Set and/or remove properties defined on the resource."""
         self.dav__init(REQUEST, RESPONSE)
@@ -300,7 +303,7 @@
         self.dav__init(REQUEST, RESPONSE)
         raise MethodNotAllowed, 'The resource already exists.'
 
-    COPY__roles__=('Anonymous',)
+    security.declarePublic('COPY')
     def COPY(self, REQUEST, RESPONSE):
         """Create a duplicate of the source resource whose state
         and behavior match that of the source resource as closely
@@ -406,7 +409,7 @@
         RESPONSE.setBody('')
         return RESPONSE
 
-    MOVE__roles__=('Anonymous',)
+    security.declarePublic('MOVE')
     def MOVE(self, REQUEST, RESPONSE):
         """Move a resource to a new location. Though we may later try to
         make a move appear seamless across namespaces (e.g. from Zope
@@ -522,6 +525,7 @@
 
     # WebDAV Class 2, Lock and Unlock
 
+    security.declareProtected(webdav_lock_items, 'LOCK')
     def LOCK(self, REQUEST, RESPONSE):
         """Lock a resource"""
         self.dav__init(REQUEST, RESPONSE)
@@ -581,6 +585,7 @@
 
         return RESPONSE
 
+    security.declareProtected(webdav_unlock_items, 'UNLOCK')
     def UNLOCK(self, REQUEST, RESPONSE):
         """Remove an existing lock on a resource."""
         self.dav__init(REQUEST, RESPONSE)
@@ -601,12 +606,14 @@
         return RESPONSE
 
 
+    security.declareProtected(webdav_access, 'manage_DAVget')
     def manage_DAVget(self):
         """Gets the document source"""
         # The default implementation calls manage_FTPget
         return self.manage_FTPget()
 
+    security.declareProtected(webdav_access, 'listDAVObjects')
     def listDAVObjects(self):
         return []
 
-Globals.default__class_init__(Resource)
+InitializeClass(Resource)



More information about the Zope-Checkins mailing list