[Zope3-checkins] CVS: Zope3/src/zope/app/security/grants - principalpermission.py:1.1 principalrole.py:1.1 rolepermission.py:1.1 securitymap.py:1.1 configure.zcml:1.3 metaconfigure.py:1.3 annotationprincipalpermissionmanager.py:NONE annotationprincipalrolemanager.py:NONE annotationrolepermissionmanager.py:NONE localsecuritymap.py:NONE persistentlocalsecuritymap.py:NONE principalpermissionmanager.py:NONE principalrolemanager.py:NONE rolepermissionmanager.py:NONE rolepermissions.py:NONE
Jim Fulton
jim@zope.com
Thu, 26 Dec 2002 13:49:38 -0500
Update of /cvs-repository/Zope3/src/zope/app/security/grants
In directory cvs.zope.org:/tmp/cvs-serv19745/grants
Modified Files:
configure.zcml metaconfigure.py
Added Files:
principalpermission.py principalrole.py rolepermission.py
securitymap.py
Removed Files:
annotationprincipalpermissionmanager.py
annotationprincipalrolemanager.py
annotationrolepermissionmanager.py localsecuritymap.py
persistentlocalsecuritymap.py principalpermissionmanager.py
principalrolemanager.py rolepermissionmanager.py
rolepermissions.py
Log Message:
Added functions for checking validity of permission, role, and
principal ids.
Updated global grants to perform these chacks.
Renamed and consolidated a number of files in the ongoing quest to get
to single-line imports.
=== Added File Zope3/src/zope/app/security/grants/principalpermission.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Mappings between principals and permissions, stored in an object locally."""
from zope.component import getAdapter
from zope.app.interfaces.annotation import IAnnotations
from zope.app.interfaces.security import IPrincipalPermissionManager
from zope.app.security.settings import Allow, Deny, Unset
from zope.app.security.principal import checkPrincipal
from zope.app.security.permission import checkPermission
from zope.app.security.grants.securitymap import SecurityMap
annotation_key = 'zopel.app.security.AnnotationPrincipalPermissionManager'
class AnnotationPrincipalPermissionManager:
"""Mappings between principals and permissions."""
__implements__ = IPrincipalPermissionManager
def __init__(self, context):
self._context = context
def grantPermissionToPrincipal(self, permission_id, principal_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions(create=1)
pp.addCell(permission_id, principal_id, Allow)
self._context._p_changed = 1
def denyPermissionToPrincipal(self, permission_id, principal_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions(create=1)
pp.addCell(permission_id, principal_id, Deny)
self._context._p_changed = 1
def unsetPermissionForPrincipal(self, permission_id, principal_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
# Only unset if there is a security map, otherwise, we're done
if pp:
pp.delCell(permission_id, principal_id)
self._context._p_changed = 1
def getPrincipalsForPermission(self, permission_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getRow(permission_id)
return []
def getPermissionsForPrincipal(self, principal_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getCol(principal_id)
return []
def getSetting(self, permission_id, principal_id):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getCell(permission_id, principal_id, default=Unset)
return []
def getPrincipalsAndPermissions(self):
''' See the interface IPrincipalPermissionManager '''
pp = self._getPrincipalPermissions()
if pp:
return pp.getAllCells()
return []
# Implementation helpers
def _getPrincipalPermissions(self, create=0):
""" Get the principal permission map stored in the context, optionally
creating one if necessary """
# need to remove security proxies here, otherwise we enter
# an infinite loop, becuase checking security depends on
# getting PrincipalPermissions.
from zope.proxy.introspection import removeAllProxies
context = removeAllProxies(self._context)
annotations = getAdapter(context, IAnnotations)
try:
return annotations[annotation_key]
except KeyError:
if create:
rp = annotations[annotation_key] = SecurityMap()
return rp
return None
class PrincipalPermissionManager(SecurityMap):
"""Mappings between principals and permissions."""
__implements__ = IPrincipalPermissionManager
def grantPermissionToPrincipal(self, permission_id, principal_id,
check=True):
''' See the interface IPrincipalPermissionManager '''
if check:
checkPermission(None, permission_id)
checkPrincipal(None, principal_id)
self.addCell(permission_id, principal_id, Allow)
def denyPermissionToPrincipal(self, permission_id, principal_id,
check=True):
''' See the interface IPrincipalPermissionManager '''
if check:
checkPermission(None, permission_id)
checkPrincipal(None, principal_id)
self.addCell(permission_id, principal_id, Deny)
def unsetPermissionForPrincipal(self, permission_id, principal_id):
''' See the interface IPrincipalPermissionManager '''
# Don't check validity intentionally.
# After all, we certianly want to unset invalid ids.
self.delCell(permission_id, principal_id)
def getPrincipalsForPermission(self, permission_id):
''' See the interface IPrincipalPermissionManager '''
return self.getRow(permission_id)
def getPermissionsForPrincipal(self, principal_id):
''' See the interface IPrincipalPermissionManager '''
return self.getCol(principal_id)
def getSetting(self, permission_id, principal_id):
''' See the interface IPrincipalPermissionManager '''
return self.getCell(permission_id, principal_id, default=Unset)
def getPrincipalsAndPermissions(self):
''' See the interface IPrincipalPermissionManager '''
return self.getAllCells()
# Permissions are our rows, and principals are our columns
principalPermissionManager = PrincipalPermissionManager()
# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
from zope.testing.cleanup import addCleanUp
addCleanUp(principalPermissionManager._clear)
del addCleanUp
=== Added File Zope3/src/zope/app/security/grants/principalrole.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Mappings between principals and roles, stored in an object locally."""
from zope.component import getAdapter
from zope.app.interfaces.annotation import IAnnotations
from zope.app.interfaces.security import IPrincipalRoleManager
from zope.app.interfaces.security import IPrincipalRoleMap
from zope.app.security.settings import Allow, Deny, Unset
from zope.app.security.grants.securitymap import SecurityMap
from zope.app.security.grants.securitymap import PersistentSecurityMap
from zope.app.security.principal import checkPrincipal
from zope.app.security.role import checkRole
annotation_key = 'zope.app.security.AnnotationPrincipalRoleManager'
class AnnotationPrincipalRoleManager:
"""Mappings between principals and roles."""
__implements__ = IPrincipalRoleManager
def __init__(self, context):
self._context = context
def assignRoleToPrincipal(self, role_id, principal_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles(create=1)
pp.addCell(role_id, principal_id, Allow)
def removeRoleFromPrincipal(self, role_id, principal_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles(create=1)
pp.addCell(role_id, principal_id, Deny)
def unsetRoleForPrincipal(self, role_id, principal_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles()
# Only unset if there is a security map, otherwise, we're done
if pp:
pp.delCell(role_id, principal_id)
def getPrincipalsForRole(self, role_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles()
if pp:
return pp.getRow(role_id)
return []
def getRolesForPrincipal(self, principal_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles()
if pp:
return pp.getCol(principal_id)
return []
def getSetting(self, role_id, principal_id):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles()
if pp:
return pp.getCell(role_id, principal_id, default=Unset)
return Unset
def getPrincipalsAndRoles(self):
''' See the interface IPrincipalRoleManager '''
pp = self._getPrincipalRoles()
if pp:
return pp.getAllCells()
return []
# Implementation helpers
def _getPrincipalRoles(self, create=0):
""" Get the principal role map stored in the context, optionally
creating one if necessary """
annotations = getAdapter(self._context, IAnnotations)
try:
return annotations[annotation_key]
except KeyError:
if create:
rp = annotations[annotation_key] = PersistentSecurityMap()
return rp
return None
class PrincipalRoleManager(SecurityMap):
"""Mappings between principals and roles."""
__implements__ = (IPrincipalRoleManager, IPrincipalRoleMap)
def assignRoleToPrincipal(self, role_id, principal_id, check=True):
''' See the interface IPrincipalRoleManager '''
if check:
checkPrincipal(None, principal_id)
checkRole(None, role_id)
self.addCell(role_id, principal_id, Allow)
def removeRoleFromPrincipal(self, role_id, principal_id, check=True):
''' See the interface IPrincipalRoleManager '''
if check:
checkPrincipal(None, principal_id)
checkRole(None, role_id)
self.addCell(role_id, principal_id, Deny)
def unsetRoleForPrincipal(self, role_id, principal_id):
''' See the interface IPrincipalRoleManager '''
# Don't check validity intentionally.
# After all, we certianly want to unset invalid ids.
self.delCell(role_id, principal_id)
def getPrincipalsForRole(self, role_id):
''' See the interface IPrincipalRoleMap '''
return self.getRow(role_id)
def getRolesForPrincipal(self, principal_id):
''' See the interface IPrincipalRoleMap '''
return self.getCol(principal_id)
def getSetting(self, role_id, principal_id):
''' See the interface IPrincipalRoleMap '''
return self.getCell(role_id, principal_id, default=Unset)
def getPrincipalsAndRoles(self):
''' See the interface IPrincipalRoleMap '''
return self.getAllCells()
# Roles are our rows, and principals are our columns
principalRoleManager = PrincipalRoleManager()
# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
from zope.testing.cleanup import addCleanUp
addCleanUp(principalRoleManager._clear)
del addCleanUp
=== Added File Zope3/src/zope/app/security/grants/rolepermission.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
$Id: rolepermission.py,v 1.1 2002/12/26 18:49:07 jim Exp $
"""
from zope.component import getAdapter
from zope.app.interfaces.annotation import IAnnotations
from zope.app.interfaces.security import IRolePermissionMap
from zope.app.interfaces.security import IRolePermissionManager
from zope.app.interfaces.security import IRole
from zope.app.security.settings import Allow, Deny, Unset
from zope.app.security.role import checkRole
from zope.app.security.permission import checkPermission
from zope.app.security.grants.securitymap import PersistentSecurityMap
from zope.app.security.grants.securitymap import SecurityMap
annotation_key = 'zope.app.security.AnnotationRolePermissionManager'
class AnnotationRolePermissionManager:
"""
provide adapter that manages role permission data in an object attribute
"""
__implements__ = IRolePermissionManager, IRolePermissionMap
def __init__(self, context):
self._context = context
def grantPermissionToRole(self, permission_id, role_id):
''' See the interface IRolePermissionManager '''
rp = self._getRolePermissions(create=1)
rp.addCell(permission_id, role_id, Allow)
# probably not needed, as annotations should manage
# their own persistence
#self._context._p_changed = 1
def denyPermissionToRole(self, permission_id, role_id):
''' See the interface IRolePermissionManager '''
rp = self._getRolePermissions(create=1)
rp.addCell(permission_id, role_id, Deny)
# probably not needed, as annotations should manage
# their own persistence
#self._context._p_changed = 1
def unsetPermissionFromRole(self, permission_id, role_id):
''' See the interface IRolePermissionManager '''
rp = self._getRolePermissions()
# Only unset if there is a security map, otherwise, we're done
if rp:
rp.delCell(permission_id, role_id)
# probably not needed, as annotations should manage
# their own persistence
#self._context._p_changed = 1
def getRolesForPermission(self, permission_id):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getRow(permission_id)
else:
return []
def getPermissionsForRole(self, role_id):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getCol(role_id)
else:
return []
def getRolesAndPermissions(self):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getAllCells()
else:
return []
def getSetting(self, permission_id, role_id):
'''See interface IRolePermissionMap'''
rp = self._getRolePermissions()
if rp:
return rp.getCell(permission_id, role_id)
else:
return Unset
def _getRolePermissions(self, create=0):
"""Get the role permission map stored in the context, optionally
creating one if necessary"""
# need to remove security proxies here, otherwise we enter
# an infinite loop, becuase checking security depends on
# getting RolePermissions.
from zope.proxy.introspection import removeAllProxies
context = removeAllProxies(self._context)
annotations = getAdapter(context, IAnnotations)
try:
return annotations[annotation_key]
except KeyError:
if create:
rp = annotations[annotation_key] = PersistentSecurityMap()
return rp
return None
class RolePermissions:
__implements__ = IRole
def __init__(self, role, context, permissions):
self._role = role
self._context = context
self._permissions = permissions
def getId(self):
return self._role.getId()
def getTitle(self):
return self._role.getTitle()
def getDescription(self):
return self._role.getDescription()
def permissionsInfo(self):
prm = getAdapter(self._context, IRolePermissionManager)
rperms = prm.getPermissionsForRole(self._role.getId())
settings = {}
for permission, setting in rperms:
settings[permission] = setting.getName()
nosetting = Unset.getName()
return [{'id': permission.getId(),
'title': permission.getTitle(),
'setting': settings.get(permission.getId(), nosetting)}
for permission in self._permissions]
class RolePermissionManager(SecurityMap):
"""Mappings between roles and permissions."""
__implements__ = IRolePermissionManager
def grantPermissionToRole(self, permission_id, role_id, check=True):
'''See interface IRolePermissionMap'''
if check:
checkRole(None, role_id)
checkPermission(None, permission_id)
self.addCell(permission_id, role_id, Allow)
def denyPermissionToRole(self, permission_id, role_id, check=True):
'''See interface IRolePermissionMap'''
if check:
checkRole(None, role_id)
checkPermission(None, permission_id)
self.addCell(permission_id, role_id, Deny)
def unsetPermissionFromRole(self, permission_id, role_id):
'''See interface IRolePermissionMap'''
# Don't check validity intentionally.
# After all, we certianly want to unset invalid ids.
self.delCell(permission_id, role_id)
def getRolesForPermission(self, permission_id):
'''See interface IRolePermissionMap'''
return self.getRow(permission_id)
def getPermissionsForRole(self, role_id):
'''See interface IRolePermissionMap'''
return self.getCol(role_id)
def getSetting(self, permission_id, role_id):
'''See interface IRolePermissionMap'''
return self.getCell(permission_id, role_id)
def getRolesAndPermissions(self):
'''See interface IRolePermissionMap'''
return self.getAllCells()
# Permissions are our rows, and roles are our columns
rolePermissionManager = RolePermissionManager()
# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
from zope.testing.cleanup import addCleanUp
addCleanUp(rolePermissionManager._clear)
del addCleanUp
=== Added File Zope3/src/zope/app/security/grants/securitymap.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
""" Generic two-dimensional array type """
from persistence import Persistent
from persistence.dict import PersistentDict
from zope.app.interfaces.security.grants.securitymap import ISecurityMap
class SecurityMap(object):
__implements__ = ISecurityMap
def __init__(self):
self._clear()
def _clear(self):
self._byrow = {}
self._bycol = {}
def _empty_mapping(self):
return {}
def addCell(self, rowentry, colentry, value):
# setdefault may get expensive if an empty mapping is
# expensive to create, for PersistentDict for instance.
row = self._byrow.setdefault(rowentry, self._empty_mapping())
row[colentry] = value
col = self._bycol.setdefault(colentry, self._empty_mapping())
col[rowentry] = value
def delCell(self, rowentry, colentry):
row = self._byrow.get(rowentry)
if row and (colentry in row):
del self._byrow[rowentry][colentry]
del self._bycol[colentry][rowentry]
def getCell(self, rowentry, colentry, default=None):
" return the value of a cell by row, entry "
row = self._byrow.get(rowentry)
if row: return row.get(colentry, default)
else: return default
def getRow(self, rowentry):
" return a list of (colentry, value) tuples from a row "
row = self._byrow.get(rowentry)
if row:
return row.items()
else: return []
def getCol(self, colentry):
" return a list of (rowentry, value) tuples from a col "
col = self._bycol.get(colentry)
if col:
return col.items()
else: return []
def getAllCells(self):
" return a list of (rowentry, colentry, value) "
res = []
for r in self._byrow.keys():
for c in self._byrow[r].items():
res.append((r,) + c)
return res
class PersistentSecurityMap(SecurityMap, Persistent):
__implements__ = ISecurityMap
def _clear(self):
self._byrow = PersistentDict()
self._bycol = PersistentDict()
def _empty_mapping(self):
return PersistentDict()
=== Zope3/src/zope/app/security/grants/configure.zcml 1.2 => 1.3 ===
--- Zope3/src/zope/app/security/grants/configure.zcml:1.2 Wed Dec 25 09:13:16 2002
+++ Zope3/src/zope/app/security/grants/configure.zcml Thu Dec 26 13:49:07 2002
@@ -1,34 +1,38 @@
<zopeConfigure
xmlns='http://namespaces.zope.org/zope'
xmlns:browser='http://namespaces.zope.org/browser'
- package="zope.app.security"
->
+ >
- <content class="zope.app.security.grants.permissionroles.PermissionRoles">
+ <content class=".permissionroles.PermissionRoles">
<require
permission="zope.Security"
attributes="roles rolesInfo"
- interface="zope.app.interfaces.security.IRegisteredObject" />
- </content>
+ interface="zope.app.interfaces.security.IRegisteredObject"
+ />
+ </content>
- <content class="zope.app.security.grants.rolepermissions.RolePermissions">
+ <content class="zope.app.security.grants.rolepermission.RolePermissions">
<require
permission="zope.Security"
attributes="permissions permissionsInfo"
- interface="zope.app.interfaces.security.IRegisteredObject" />
- </content>
+ interface="zope.app.interfaces.security.IRegisteredObject"
+ />
+ </content>
- <adapter factory="zope.app.security.grants.annotationrolepermissionmanager.AnnotationRolePermissionManager"
+ <adapter factory=".rolepermission.AnnotationRolePermissionManager"
provides="zope.app.interfaces.security.IRolePermissionManager"
- for="zope.app.interfaces.annotation.IAnnotatable" />
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ />
- <adapter factory="zope.app.security.grants.annotationprincipalrolemanager.AnnotationPrincipalRoleManager"
+ <adapter factory=".principalrole.AnnotationPrincipalRoleManager"
provides="zope.app.interfaces.security.IPrincipalRoleManager"
- for="zope.app.interfaces.annotation.IAnnotatable" />
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ />
- <adapter factory="zope.app.security.grants.annotationprincipalpermissionmanager.AnnotationPrincipalPermissionManager"
+ <adapter factory=".principalpermission.AnnotationPrincipalPermissionManager"
provides="zope.app.interfaces.security.IPrincipalPermissionManager"
- for="zope.app.interfaces.annotation.IAnnotatable" />
+ for="zope.app.interfaces.annotation.IAnnotatable"
+ />
</zopeConfigure>
=== Zope3/src/zope/app/security/grants/metaconfigure.py 1.2 => 1.3 ===
--- Zope3/src/zope/app/security/grants/metaconfigure.py:1.2 Wed Dec 25 09:13:16 2002
+++ Zope3/src/zope/app/security/grants/metaconfigure.py Thu Dec 26 13:49:07 2002
@@ -15,11 +15,11 @@
$Id$
"""
-from zope.app.security.grants.rolepermissionmanager \
+from zope.app.security.grants.rolepermission \
import rolePermissionManager as role_perm_mgr
-from zope.app.security.grants.principalpermissionmanager \
+from zope.app.security.grants.principalpermission \
import principalPermissionManager as principal_perm_mgr
-from zope.app.security.grants.principalrolemanager \
+from zope.app.security.grants.principalrole \
import principalRoleManager as principal_role_mgr
from zope.configuration.action import Action
from zope.configuration.exceptions import ConfigurationError
=== Removed File Zope3/src/zope/app/security/grants/annotationprincipalpermissionmanager.py ===
=== Removed File Zope3/src/zope/app/security/grants/annotationprincipalrolemanager.py ===
=== Removed File Zope3/src/zope/app/security/grants/annotationrolepermissionmanager.py ===
=== Removed File Zope3/src/zope/app/security/grants/localsecuritymap.py ===
=== Removed File Zope3/src/zope/app/security/grants/persistentlocalsecuritymap.py ===
=== Removed File Zope3/src/zope/app/security/grants/principalpermissionmanager.py ===
=== Removed File Zope3/src/zope/app/security/grants/principalrolemanager.py ===
=== Removed File Zope3/src/zope/app/security/grants/rolepermissionmanager.py ===
=== Removed File Zope3/src/zope/app/security/grants/rolepermissions.py ===