[Zope-Checkins] SVN: Zope/trunk/lib/python/AccessControl/ Add
interface and tests for AccessControl.SecurityManager.
Tres Seaver
tseaver at palladion.com
Tue Nov 29 22:40:59 EST 2005
Log message for revision 40420:
Add interface and tests for AccessControl.SecurityManager.
o The new tests are amphibious: they exercise both the Python and the C
implementations, ensuring that they remain in sync.
Changed:
U Zope/trunk/lib/python/AccessControl/ImplPython.py
U Zope/trunk/lib/python/AccessControl/interfaces.py
A Zope/trunk/lib/python/AccessControl/tests/testSecurityManager.py
-=-
Modified: Zope/trunk/lib/python/AccessControl/ImplPython.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/ImplPython.py 2005-11-30 00:55:24 UTC (rev 40419)
+++ Zope/trunk/lib/python/AccessControl/ImplPython.py 2005-11-30 03:40:57 UTC (rev 40420)
@@ -22,6 +22,7 @@
from Acquisition import aq_acquire
from ExtensionClass import Base
from zLOG import LOG, BLATHER, PROBLEM
+from zope.interface import implements
# This is used when a permission maps explicitly to no permission. We
# try and get this from cAccessControl first to make sure that if both
@@ -33,6 +34,7 @@
from AccessControl import SecurityManagement
from AccessControl import Unauthorized
+from AccessControl.interfaces import ISecurityManager
from AccessControl.SimpleObjectPolicies import Containers, _noroles
from AccessControl.ZopeGuards import guarded_getitem
@@ -491,7 +493,7 @@
"""A security manager provides methods for checking access and managing
executable context and policies
"""
-
+ implements(ISecurityManager)
__allow_access_to_unprotected_subobjects__ = {
'validate': 1, 'checkPermission': 1,
'getUser': 1, 'calledByExecutable': 1
Modified: Zope/trunk/lib/python/AccessControl/interfaces.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/interfaces.py 2005-11-30 00:55:24 UTC (rev 40419)
+++ Zope/trunk/lib/python/AccessControl/interfaces.py 2005-11-30 03:40:57 UTC (rev 40420)
@@ -15,6 +15,7 @@
$Id$
"""
+from AccessControl.SimpleObjectPolicies import _noroles
from zope.interface import Attribute
from zope.interface import Interface
@@ -280,3 +281,104 @@
def getUserNames():
"""Get a sequence of names of the users which reside in the user folder.
"""
+
+class ISecurityManager(Interface):
+ """Checks access and manages executable context and policies.
+ """
+ _policy = Attribute(u'Current Security Policy')
+
+ def validate(accessed=None,
+ container=None,
+ name=None,
+ value=None,
+ roles=_noroles,
+ ):
+ """Validate access.
+
+ Arguments:
+
+ accessed -- the object that was being accessed
+
+ container -- the object the value was found in
+
+ name -- The name used to access the value
+
+ value -- The value retrieved though the access.
+
+ roles -- The roles of the object if already known.
+
+ The arguments may be provided as keyword arguments. Some of these
+ arguments may be ommitted, however, the policy may reject access
+ in some cases when arguments are ommitted. It is best to provide
+ all the values possible.
+ """
+
+ def DTMLValidate(accessed=None,
+ container=None,
+ name=None,
+ value=None,
+ md=None,
+ ):
+ """Validate access.
+ * THIS EXISTS FOR DTML COMPATIBILITY *
+
+ Arguments:
+
+ accessed -- the object that was being accessed
+
+ container -- the object the value was found in
+
+ name -- The name used to access the value
+
+ value -- The value retrieved though the access.
+
+ md -- multidict for DTML (ignored)
+
+ The arguments may be provided as keyword arguments. Some of these
+ arguments may be ommitted, however, the policy may reject access
+ in some cases when arguments are ommitted. It is best to provide
+ all the values possible.
+
+ """
+
+ def checkPermission(permission, object):
+ """Check whether the security context allows the given permission on
+ the given object.
+
+ Arguments:
+
+ permission -- A permission name
+
+ object -- The object being accessed according to the permission
+ """
+
+ def addContext(anExecutableObject):
+ """Add an ExecutableObject to the current security context.
+
+ o If it declares a custom security policy, make that policy
+ "current"; otherwise, make the "default" security policy
+ current.
+ """
+
+ def removeContext(anExecutableObject):
+ """Remove an ExecutableObject from the current security context.
+
+ o Remove all objects from the top of the stack "down" to the
+ supplied object.
+
+ o If the top object on the stack declares a custom security policy,
+ make that policy "current".
+
+ o If the stack is empty, or if the top declares no custom security
+ policy, restore the 'default" security policy as current.
+ """
+
+ def getUser():
+ """Get the currently authenticated user
+ """
+
+ def calledByExecutable():
+ """Return a boolean value indicating whether this context was called
+ in the context of an by an executable (i.e., one added via
+ 'addContext').
+ """
Copied: Zope/trunk/lib/python/AccessControl/tests/testSecurityManager.py (from rev 40419, Zope/branches/2.9/lib/python/AccessControl/tests/testSecurityManager.py)
More information about the Zope-Checkins
mailing list