[Zope-CVS] CVS: Products/VerboseSecurity - VerboseSecurityPolicy.py:1.2

Shane Hathaway shane@cvs.zope.org
Wed, 21 Aug 2002 15:34:06 -0400 

Update of /cvs-repository/Products/VerboseSecurity
In directory cvs.zope.org:/tmp/cvs-serv1636

Modified Files:
	VerboseSecurityPolicy.py 
Log Message:
Brought VerboseSecurity in line with cAccessControl in the same way
ZopeSecurityPolicy was corrected for Zope 2.6.

aq_base and aq_acquire
are not normally attributes of any object but acquisition wrappers, except in
one important case: if container is a module and that module happens to
import aq_base or aq_acquire from Acquisition, validate()
does unintended things.  This made ModuleSecurityInfo declarations fail when
using this security policy.

Now we no longer look at aq_base attributes, but rather the acquisition API,
which is what cAccessControl does.


=== Products/VerboseSecurity/VerboseSecurityPolicy.py 1.1.1.1 => 1.2 ===
--- Products/VerboseSecurity/VerboseSecurityPolicy.py:1.1.1.1	Tue Aug 20 13:09:40 2002
+++ Products/VerboseSecurity/VerboseSecurityPolicy.py	Wed Aug 21 15:34:06 2002
@@ -80,7 +80,11 @@
                     return 0
 
             containerbase = aq_base(container)
-            accessedbase=getattr(accessed, 'aq_base', container)
+            accessedbase = aq_base(accessed)
+            if accessedbase is accessed:
+                # accessed is not a wrapper, so assume that the
+                # value could not have been acquired.
+                accessedbase = container
 
             ############################################################
             # If roles weren't passed in, we'll try to get them from the object
@@ -105,22 +109,24 @@
 
                 roles=getattr(container, '__roles__', _noroles)
                 if roles is _noroles:
-                    aq=getattr(container, 'aq_acquire', None)
-                    if aq is None:
+                    if containerbase is container:
+                        # container is not wrapped.
                         roles=_noroles
                         if containerbase is not accessedbase:
                             setUnauthorized(
-                                'Container is not an acquisition wrapper',
+                                'Unable to find __roles__ in the container '
+                                'and the container is not wrapped',
                                 accessed, container, name, value, context)
                             return 0
                     else:
                         # Try to acquire roles
-                        try: roles=aq('__roles__')
+                        try: roles = container.aq_acquire('__roles__')
                         except AttributeError:
                             roles=_noroles
                             if containerbase is not accessedbase:
                                 setUnauthorized(
-                                    'Unable to find __roles__ in container',
+                                    'Unable to find or acquire __roles__ '
+                                    'from the container',
                                     accessed, container, name, value, context)
                                 return 0