[Zope3-checkins] SVN: Zope3/trunk/ Implemented local permissions.
Stephan Richter
srichter at cosmos.phy.tufts.edu
Sun Dec 5 16:08:25 EST 2004
Log message for revision 28568:
Implemented local permissions.
Changed:
U Zope3/trunk/doc/CHANGES.txt
U Zope3/trunk/src/zope/app/security/browser/configure.zcml
U Zope3/trunk/src/zope/app/security/configure.zcml
U Zope3/trunk/src/zope/app/security/permission.py
-=-
Modified: Zope3/trunk/doc/CHANGES.txt
===================================================================
--- Zope3/trunk/doc/CHANGES.txt 2004-12-05 21:01:40 UTC (rev 28567)
+++ Zope3/trunk/doc/CHANGES.txt 2004-12-05 21:08:25 UTC (rev 28568)
@@ -10,6 +10,10 @@
New features
+ - Implemented local permission. This is not really that interesting
+ right now, since we do not support TTW development yet, but it will
+ become important somewhen.
+
- Page templates now allow metal:define-macro and
metal:use-macro in the same tag. This allows a macro to
extend another macro, which is particularly useful for writing
Modified: Zope3/trunk/src/zope/app/security/browser/configure.zcml
===================================================================
--- Zope3/trunk/src/zope/app/security/browser/configure.zcml 2004-12-05 21:01:40 UTC (rev 28567)
+++ Zope3/trunk/src/zope/app/security/browser/configure.zcml 2004-12-05 21:08:25 UTC (rev 28568)
@@ -34,4 +34,34 @@
allowed_interface="zope.app.publisher.interfaces.http.ILogout"
/>
+ <browser:tool
+ interface="..interfaces.IPermission"
+ title="Permission"
+ description="Security Permission"
+ />
+
+ <browser:addform
+ name="AddPermission.html"
+ schema="..interfaces.IPermission"
+ label="Add Permission"
+ content_factory="..permission.LocalPermission"
+ fields="title description"
+ permission="zope.Security"
+ />
+
+ <browser:addMenuItem
+ title="Permission"
+ description="A Secutiry Permission"
+ class="..permission.LocalPermission"
+ permission="zope.ManageServices"
+ view="AddPermission.html"
+ />
+
+ <browser:editform
+ schema="..interfaces.IPermission"
+ label="Edit Permission"
+ name="edit.html"
+ permission="zope.ManageServices"
+ menu="zmi_views" title="Edit" />
+
</configure>
Modified: Zope3/trunk/src/zope/app/security/configure.zcml
===================================================================
--- Zope3/trunk/src/zope/app/security/configure.zcml 2004-12-05 21:01:40 UTC (rev 28567)
+++ Zope3/trunk/src/zope/app/security/configure.zcml 2004-12-05 21:08:25 UTC (rev 28568)
@@ -21,9 +21,7 @@
<include file="globalmodules.zcml" />
<include file="_protections.zcml" />
- <include package=".browser" />
-
<serviceType
id="Authentication"
interface=".interfaces.IAuthenticationService" />
@@ -32,6 +30,29 @@
serviceType="Authentication"
component=".principalregistry.principalRegistry" />
+ <localUtility class=".permission.LocalPermission">
+ <factory
+ id="zope.app.security.Permission"
+ />
+ <allow
+ interface=".interfaces.IPermission"
+ />
+ <require
+ permission="zope.Security"
+ set_schema=".interfaces.IPermission"
+ />
+ </localUtility>
+
+ <subscriber
+ for="..registration.interfaces.IRegistrationActivatedEvent"
+ factory=".permission.setIdOnActivation"
+ />
+
+ <subscriber
+ for="..registration.interfaces.IRegistrationDeactivatedEvent"
+ factory=".permission.unsetIdOnDeactivation"
+ />
+
<content class=".permission.Permission">
<allow interface=".interfaces.IPermission" />
</content>
Modified: Zope3/trunk/src/zope/app/security/permission.py
===================================================================
--- Zope3/trunk/src/zope/app/security/permission.py 2004-12-05 21:01:40 UTC (rev 28567)
+++ Zope3/trunk/src/zope/app/security/permission.py 2004-12-05 21:08:25 UTC (rev 28568)
@@ -15,12 +15,16 @@
$Id$
"""
+from persistent import Persistent
from zope.interface import implements
from zope.schema.interfaces import ValidationError
from zope.security.checker import CheckerPublic
from zope.app import zapi
+from zope.app.location import Location
from zope.app.security.interfaces import IPermission
+from zope.app.i18n import ZopeMessageIDFactory as _
+NULL_ID = _('<permission not activated>')
class Permission(object):
implements(IPermission)
@@ -31,6 +35,106 @@
self.description = description
+class LocalPermission(Persistent, Location):
+ implements(IPermission)
+
+ def __init__(self, title="", description=""):
+ self.id = NULL_ID
+ self.title = title
+ self.description = description
+
+
+def setIdOnActivation(event):
+ """Set the permission id upon registration activation.
+
+ Let's see how this notifier can be used. First we need to create an event
+ using the permission instance and a registration stub:
+
+ >>> class Registration:
+ ... def __init__(self, obj, name):
+ ... self.object = obj
+ ... self.name = name
+ ...
+ ... def getComponent(self):
+ ... return self.object
+
+ >>> perm1 = LocalPermission('Permission 1', 'A first permission')
+ >>> perm1.id
+ u'<permission not activated>'
+
+ >>> from zope.app.registration import registration
+ >>> event = registration.RegistrationActivatedEvent(
+ ... Registration(perm1, 'perm1'))
+
+ Now we pass the event into this function, and the id of the permission
+ should be set to 'perm1'.
+
+ >>> setIdOnActivation(event)
+ >>> perm1.id
+ 'perm1'
+
+ If the function is called and the component is not a local permission,
+ nothing is done:
+
+ >>> class Foo:
+ ... id = 'no id'
+ >>> foo = Foo()
+ >>> event = registration.RegistrationActivatedEvent(
+ ... Registration(foo, 'foo'))
+ >>> setIdOnActivation(event)
+ >>> foo.id
+ 'no id'
+ """
+ perm = event.object.getComponent()
+ if isinstance(perm, LocalPermission):
+ perm.id = event.object.name
+
+
+def unsetIdOnDeactivation(event):
+ """Unset the permission id up registration deactivation.
+
+ Let's see how this notifier can be used. First we need to create an event
+ using the permission instance and a registration stub:
+
+ >>> class Registration:
+ ... def __init__(self, obj, name):
+ ... self.object = obj
+ ... self.name = name
+ ...
+ ... def getComponent(self):
+ ... return self.object
+
+ >>> perm1 = LocalPermission('Permission 1', 'A first permission')
+ >>> perm1.id = 'perm1'
+
+ >>> from zope.app.registration import registration
+ >>> event = registration.RegistrationDeactivatedEvent(
+ ... Registration(perm1, 'perm1'))
+
+ Now we pass the event into this function, and the id of the permission
+ should be set to NULL_ID.
+
+ >>> unsetIdOnDeactivation(event)
+ >>> perm1.id
+ u'<permission not activated>'
+
+ If the function is called and the component is not a local permission,
+ nothing is done:
+
+ >>> class Foo:
+ ... id = 'foo'
+ >>> foo = Foo()
+ >>> event = registration.RegistrationDeactivatedEvent(
+ ... Registration(foo, 'foo'))
+ >>> unsetIdOnDeactivation(event)
+ >>> foo.id
+ 'foo'
+ """
+ perm = event.object.getComponent()
+ if isinstance(perm, LocalPermission):
+ perm.id = NULL_ID
+
+
def checkPermission(context, permission_id):
"""Check whether a given permission exists in the provided context.
More information about the Zope3-Checkins
mailing list