[Zope-CVS] CVS: Products/VerboseSecurity - VerboseSecurityPolicy.py:1.5.2.1
Shane Hathaway
shane@zope.com
Mon, 9 Jun 2003 14:43:56 -0400
Update of /cvs-repository/Products/VerboseSecurity
In directory cvs.zope.org:/tmp/cvs-serv28649
Modified Files:
Tag: shane-security-policy-branch
VerboseSecurityPolicy.py
Log Message:
Brought in line with Zope HEAD: never return 0, always raise Unauthorized
=== Products/VerboseSecurity/VerboseSecurityPolicy.py 1.5 => 1.5.2.1 ===
--- Products/VerboseSecurity/VerboseSecurityPolicy.py:1.5 Fri Aug 30 12:36:52 2002
+++ Products/VerboseSecurity/VerboseSecurityPolicy.py Mon Jun 9 14:43:56 2003
@@ -17,7 +17,7 @@
__version__='$Revision$'[11:-2]
-if 1: # Preserve indentation for better diff
+if 1: # Preserve indentation for better diff with ZopeSecurityPolicy
from types import StringType
@@ -64,27 +64,23 @@
self._authenticated=authenticated
def validate(self, accessed, container, name, value, context,
- roles=_noroles, None=None, type=type, IntType=type(0),
+ roles=_noroles, type=type, IntType=type(0),
DictType=type({}), getattr=getattr, _noroles=_noroles,
StringType=type(''),
Containers=SimpleObjectPolicies.Containers,
valid_aq_=('aq_parent','aq_inner', 'aq_explicit')):
+ # Note: accessed is not used.
############################################################
# Provide special rules for the acquisition attributes
if type(name) is StringType:
if name.startswith('aq_') and name not in valid_aq_:
- setUnauthorized('aq_* names are not allowed',
- accessed, container, name, value, context)
- return 0
-
- containerbase = aq_base(container)
- accessedbase = aq_base(accessed)
- if accessedbase is accessed:
- # accessed is not a wrapper, so assume that the
- # value could not have been acquired.
- accessedbase = container
+ info = setUnauthorized(
+ 'aq_* names other than %s are not allowed' %
+ repr(valid_aq_),
+ accessed, container, name, value, context)
+ raise Unauthorized(info)
############################################################
# If roles weren't passed in, we'll try to get them from the object
@@ -103,32 +99,24 @@
# object like a string or a list. We'll try to get roles
# from its container.
if container is None:
- setUnauthorized('No container provided',
- accessed, container, name, value, context)
- return 0 # Bail if no container
+ # Either container or a list of roles is required
+ # for ZopeSecurityPolicy to know whether access is
+ # allowable.
+ info = setUnauthorized(
+ 'No container provided',
+ accessed, container, name, value, context)
+ raise Unauthorized(info)
roles=getattr(container, '__roles__', _noroles)
if roles is _noroles:
- if containerbase is container:
- # container is not wrapped.
- roles=_noroles
- if containerbase is not accessedbase:
- setUnauthorized(
- 'Unable to find __roles__ in the container '
- 'and the container is not wrapped',
- accessed, container, name, value, context)
- return 0
- else:
- # Try to acquire roles
- try: roles = container.aq_acquire('__roles__')
+ # Try to acquire __roles__. If __roles__ can't be
+ # acquired, the value is unprotected and roles is
+ # left set to _noroles.
+ if aq_base(container) is not container:
+ try:
+ roles = container.aq_acquire('__roles__')
except AttributeError:
- roles=_noroles
- if containerbase is not accessedbase:
- setUnauthorized(
- 'Unable to find or acquire __roles__ '
- 'from the container',
- accessed, container, name, value, context)
- return 0
+ pass
# We need to make sure that we are allowed to
# get unprotected attributes from the container. We are
@@ -153,10 +141,7 @@
'The container has no security assertions',
accessed, container, name, value, context
)
- if (containerbase is accessedbase):
- raise Unauthorized(info)
- else:
- return 0
+ raise Unauthorized(info)
if roles is _noroles: return 1
@@ -204,9 +189,7 @@
required_roles=roles, eo_owner=owner, eo=eo,
eo_owner_roles=getUserRolesInContext(
owner, value))
- if accessedbase is containerbase:
- raise Unauthorized(info)
- return 0
+ raise Unauthorized(info)
# Proxy roles, which are a lot safer now.
proxy_roles=getattr(eo, '_proxy_roles', None)
@@ -226,10 +209,7 @@
accessed, container, name, value, context,
eo=eo, eo_proxy_roles=proxy_roles,
required_roles=roles)
- if accessedbase is containerbase:
- raise Unauthorized(info)
-
- return 0
+ raise Unauthorized(info)
try:
@@ -237,7 +217,6 @@
return 1
except AttributeError: pass
- # We don't want someone to acquire if they can't get an unacquired!
if len(roles) < 1:
info = setUnauthorized(
"The object is marked as private",
@@ -260,10 +239,8 @@
accessed, container, name, value, context,
required_roles=roles, user=context.user,
user_roles=getUserRolesInContext(context.user, value))
- if accessedbase is containerbase:
- raise Unauthorized(info)
+ raise Unauthorized(info)
- return 0
def checkPermission(self, permission, object, context):
# XXX proxy roles and executable owner are not checked