[Zope3-checkins] CVS: Zope3/src/zope/app/security - zopesecuritypolicy.py:1.4

R. David Murray bitz@bitdance.com
Fri, 27 Dec 2002 20:36:00 -0500


Update of /cvs-repository/Zope3/src/zope/app/security
In directory cvs.zope.org:/tmp/cvs-serv31119

Modified Files:
	zopesecuritypolicy.py 
Log Message:
Use the new getRoles method of IPrincipal to get the base list of roles
for the given principal.  This means we need to fetch the Authentication
service.  The fetch and computation is factored into a module method
_computeBasePrincipalRoles as it is used by both checkPermissions and
permissionsOfPrincipal.


=== Zope3/src/zope/app/security/zopesecuritypolicy.py 1.3 => 1.4 ===
--- Zope3/src/zope/app/security/zopesecuritypolicy.py:1.3	Thu Dec 26 13:49:06 2002
+++ Zope3/src/zope/app/security/zopesecuritypolicy.py	Fri Dec 27 20:36:00 2002
@@ -17,7 +17,7 @@
 """
 __version__='$Revision$'[11:-2]
 
-from zope.component import queryAdapter
+from zope.component import queryAdapter, getService
 
 from zope.proxy.context import ContainmentIterator
 
@@ -49,6 +49,17 @@
 
 globalContext = object()
 
+
+def _computeBasePrincipalRoles(principalid,object):
+    auth = getService(object, "Authentication")
+    p = auth.getPrincipal(principalid)
+    roles = tuple(p.getRoles()) + ('Anonymous',)
+    roledict = {}
+    for role in roles:
+        roledict[role] = Allow
+    return roledict
+
+
 class ZopeSecurityPolicy:
 
     __implements__ = ISecurityPolicy
@@ -86,8 +97,8 @@
         user = context.user
         if user is system_user:
             return 1
-
-        principals = {user : {'Anonymous': Allow}}
+        roledict = _computeBasePrincipalRoles(user, object)
+        principals = {user : roledict}
 
         role_permissions = {}
         remove = {}
@@ -232,7 +243,7 @@
 
 def permissionsOfPrincipal(principal, object):
     permissions = {}
-    roles = {'Anonymous': Allow} # Everyone has anonymous
+    roles = _computeBasePrincipalRoles(principal, object)
     role_permissions = {}
 
     # Make two passes.