[Zope3-checkins] CVS: Zope3/src/zope/app/security -
modulezcml.py:1.1 meta.zcml:1.5
Jim Fulton
jim at zope.com
Tue Sep 2 17:47:36 EDT 2003
Update of /cvs-repository/Zope3/src/zope/app/security
In directory cvs.zope.org:/tmp/cvs-serv17184/src/zope/app/security
Modified Files:
meta.zcml
Added Files:
modulezcml.py
Log Message:
Added a new 'module' zcml directibe for making security declarations
abouy modules. For example:
<module module=".service">
<allow attributes="ISite" />
</module>
=== Added File Zope3/src/zope/app/security/modulezcml.py ===
##############################################################################
#
# Copyright (c) 2003 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""ZCML directive for module security declarations
$Id: modulezcml.py,v 1.1 2003/09/02 20:47:05 jim Exp $
"""
from __future__ import generators
import zope.interface
import zope.schema
import zope.configuration.fields
import zope.configuration.config
from zope.app.security.protectclass import checkPermission
from zope.security.checker import moduleChecker, Checker, defineChecker
from zope.security.checker import CheckerPublic
class IModule(zope.interface.Interface):
module = zope.configuration.fields.GlobalObject(
__doc__ = "Module",
)
class IAllow(zope.interface.Interface):
attributes = zope.configuration.fields.Tokens(
__doc__ = """Attributes
The attributes to provide access to.
""",
value_type = zope.configuration.fields.PythonIdentifier(),
required=False,
)
interface = zope.configuration.fields.Tokens(
__doc__ = """Interface
Interfaces whos names to provide access to. Access will be
provided to all of the names defined by the
interface(s). Multiple interfaces can be supplied.
""",
value_type = zope.configuration.fields.GlobalObject(
value_type=zope.schema.InterfaceField()
),
required=False,
)
class IRequire(zope.interface.Interface):
permission = zope.schema.Id(
__doc__ = """Permission ID
The id of the permission to require.
""",
)
def protectModule(module, name, permission):
"""Set up a module checker to require a permission to access a name
If there isn't a checker for the module, create one.
"""
checkPermission(permission)
checker = moduleChecker(module)
if checker is None:
checker = Checker({}, {})
defineChecker(module, checker)
if permission == 'zope.Public':
# Translate public permission to CheckerPublic
permission = CheckerPublic
# We know a dictionary get method was used because we set it
protections = checker.getPermission_func().__self__
protections[name] = permission
def _names(attributes, interface):
seen = {}
for name in attributes:
if not name in seen:
seen[name] = 1
yield name
for interface in interface:
for name in interface:
if not name in seen:
seen[name] = 1
yield name
def allow(context, attributes=(), interface=()):
for name in _names(attributes, interface):
context.action(
discriminator=('http://namespaces.zope.org/zope:module',
context.module, name),
callable = protectModule,
args = (context.module, name, 'zope.Public'),
)
def require(context, permission, attributes=(), interface=()):
for name in _names(attributes, interface):
context.action(
discriminator=('http://namespaces.zope.org/zope:module',
context.module, name),
callable = protectModule,
args = (context.module, name, permission),
)
=== Zope3/src/zope/app/security/meta.zcml 1.4 => 1.5 ===
--- Zope3/src/zope/app/security/meta.zcml:1.4 Tue Aug 5 10:25:10 2003
+++ Zope3/src/zope/app/security/meta.zcml Tue Sep 2 16:47:05 2003
@@ -6,9 +6,46 @@
<include package=".grants" file="meta.zcml" />
<meta:directive
- namespace="http://namespaces.zope.org/zope"
- name="securityPolicy"
- schema=".metadirectives.ISecurityPolicyDirective"
- handler=".metaconfigure.securityPolicy" />
+ name="securityPolicy"
+ namespace="http://namespaces.zope.org/zope"
+ schema=".metadirectives.ISecurityPolicyDirective"
+ handler=".metaconfigure.securityPolicy"
+ />
+ <meta:groupingDirective
+ name="module"
+ namespace="http://namespaces.zope.org/zope"
+ schema=".modulezcml.IModule"
+ handler="zope.configuration.config.GroupingContextDecorator"
+ >
+ Group security declarations about a module
+ </meta:groupingDirective>
+
+ <meta:directive
+ name="allow"
+ namespace="http://namespaces.zope.org/zope"
+ schema=".modulezcml.IAllow"
+ handler=".modulezcml.allow"
+ >
+ Allow access to selected module attributes
+
+ Access is unconditionally allowed to any names provided directly
+ in the attributes attribute or to any names defined by
+ interfaces listed in the interface attribute.
+ </meta:directive>
+
+ <meta:directive
+ name="require"
+ namespace="http://namespaces.zope.org/zope"
+ schema=".modulezcml.IRequire"
+ handler=".modulezcml.require"
+ >
+ Require a permission to access selected module attributes
+
+ The given permission is required to access any names provided
+ directly in the attributes attribute or any names defined by
+ interfaces listed in the interface attribute.
+
+ </meta:directive>
+
</configure>
More information about the Zope3-Checkins
mailing list