[Zope3-checkins] CVS: Zope3/src/zope/app/security - zopepolicy.py:1.11.22.1

Jim Fulton jim at zope.com
Tue Sep 2 18:41:09 EDT 2003 

Update of /cvs-repository/Zope3/src/zope/app/security
In directory cvs.zope.org:/tmp/cvs-serv26498/src/zope/app/security

Modified Files:
      Tag: user-preferences-branch
	zopepolicy.py 
Log Message:
Checking in some work (on a branch) that Staphan and I did toward
implementing user preferences.  More work is needed to finish this up.
Detailed log messages need to be provided in the merge.


=== Zope3/src/zope/app/security/zopepolicy.py 1.11 => 1.11.22.1 ===
--- Zope3/src/zope/app/security/zopepolicy.py:1.11	Tue Jun  3 11:45:10 2003
+++ Zope3/src/zope/app/security/zopepolicy.py	Tue Sep  2 17:40:38 2003
@@ -15,7 +15,6 @@
 
 $Id$
 """
-__version__='$Revision$'[11:-2]
 
 from zope.component import queryAdapter
 from zope.context import ContainmentIterator
@@ -23,8 +22,11 @@
 from zope.security.interfaces import ISecurityPolicy
 from zope.security.management import system_user
 
-from zope.app.interfaces.security import \
-     IRolePermissionMap, IPrincipalPermissionMap, IPrincipalRoleMap
+from zope.proxy import sameProxiedObjects
+
+from zope.app.interfaces.security import IPrincipalRoleMap
+from zope.app.interfaces.security import IPrincipalPermissionMap
+from zope.app.interfaces.security import IRolePermissionMap
 from zope.app.security.grants.principalpermission \
      import principalPermissionManager
 from zope.app.security.grants.rolepermission import rolePermissionManager
@@ -44,38 +46,17 @@
 
     implements(ISecurityPolicy)
 
-    def __init__(self, ownerous=True, authenticated=True):
-        """
-            Two optional keyword arguments may be provided:
-
-            ownerous -- Untrusted users can create code
-                (e.g. Python scripts or templates),
-                so check that code owners can access resources.
-                The argument must have a truth value.
-                The default is true.
-
-            authenticated -- Allow access to resources based on the
-                privileges of the authenticated user.
-                The argument must have a truth value.
-                The default is true.
-
-                This (somewhat experimental) option can be set
-                to false on sites that allow only public
-                (unauthenticated) access. An anticipated
-                scenario is a ZEO configuration in which some
-                clients allow only public access and other
-                clients allow full management.
-        """
-
-        self._ownerous = ownerous
-        self._authenticated = authenticated
-
     def checkPermission(self, permission, object, context):
         # XXX We aren't really handling multiple principals yet
 
         # mapping from principal to set of roles
         user = context.user
         if user is system_user:
+            return True
+
+        if (permission == 'zope.ManagePrincipals'
+            and sameProxiedObjects(user, object)):
+            # Users can always manage themselves
             return True
 
         roledict = {'Anonymous': Allow}

More information about the Zope3-Checkins mailing list