[Zope3-checkins] CVS: Zope3/src/zope/security/examples -
sandbox.py:1.6 sandbox_security.py:1.9
Stephan Richter
srichter at cosmos.phy.tufts.edu
Fri Feb 20 15:39:07 EST 2004
Update of /cvs-repository/Zope3/src/zope/security/examples
In directory cvs.zope.org:/tmp/cvs-serv32679/src/zope/security/examples
Modified Files:
sandbox.py sandbox_security.py
Log Message:
Some cleanup and doc string improvements.
=== Zope3/src/zope/security/examples/sandbox.py 1.5 => 1.6 ===
--- Zope3/src/zope/security/examples/sandbox.py:1.5 Mon Feb 16 17:04:18 2004
+++ Zope3/src/zope/security/examples/sandbox.py Fri Feb 20 15:39:07 2004
@@ -20,81 +20,95 @@
from zope.interface import Interface, implements
class IAgent(Interface):
+ """A player/agent in the world.
+
+ The agent represents an autonomous unit, that lives in various
+ homes/sandboxes and accesses services present at the sandboxes. Agents are
+ imbued with a sense of wanderlust and attempt to find new homes after a
+ few turns of the time generator (think turn based games).
"""
- represents an autonomous unit, that lives in
- various homes/sandboxes and accesses services
- present at the sandboxes. agents are imbued with
- a sense of wanderlust and attempt to find new homes
- after a few turns of the time generator
- (think turn based games).
- """
-
def action():
- " agent performs their action "
- def setHome(self, home):
- " agent moves from home to home"
+ """Perform agent's action."""
+
+ def setHome(home):
+ """Move to a different home."""
+
def getHome():
- " where does this agent live "
- def getAuthenticationToken(self):
- " by what authority should the agent perform actions "
+ """Return the place where the agent currently lives."""
+
+ def getAuthenticationToken():
+ """Return the authority by which the agent perform actions."""
+
class IService(Interface):
- """
- marker interface. services are available from sandboxes,
- examples include time service, agent discovery, and sandbox
- discovery.
+ """Marker to designate some form of functionality.
+
+ Services are available from sandboxes, examples include time service,
+ agent discovery, and sandbox discovery.
"""
+
class ISandbox(Interface):
- """
- a container for agents and services.
- """
+ """A container for agents to live in and services to be available."""
+
def getService(service_id):
- " retrieve a service offered by this sandbox "
+ """Get the service having the provided id in this sandbox."""
+
def getAgents():
- " what agents live in this sandbox "
+ """Return a list of agents living in this sandbox."""
+
def addAgent(agent):
- " add an agent to this sandbox "
+ """Add a new agent to the sandbox."""
+
def transportAgent(agent, destination):
- " move an agent to the destination sandbox "
+ """Move the specified agent to the destination sandbox."""
+
+
+class SandboxError(Exception):
+ """A sandbox error is thrown, if any action could not be performed."""
+ pass
+
class Identity:
- """
- mixin for pretty printing and identity method
- """
+ """Mixin for pretty printing and identity method"""
def __init__(self, id, *args, **kw):
self.id = id
+
def getId(self):
return self.id
+
def __str__ (self):
return "<%s> %s"%(str(self.__class__.__name__), str(self.id))
+
__repr__ = __str__
+
class Agent(Identity):
- """
- see IAgent doc
- """
implements(IAgent)
def __init__(self, id, home, auth_token, action):
+ """Initialize agent."""
self.id = id
self.auth_token = auth_token
self.home = home
self._action = action
def action(self):
+ """See IAgent."""
self._action(self, self.getHome())
def setHome(self, home):
+ """See IAgent."""
self.home = home
def getHome(self):
+ """See IAgent."""
return self.home
def getAuthenticationToken(self):
+ """See IAgent."""
return self.auth_token
-class SandboxError(Exception): pass
class Sandbox(Identity):
"""
=== Zope3/src/zope/security/examples/sandbox_security.py 1.8 => 1.9 ===
--- Zope3/src/zope/security/examples/sandbox_security.py:1.8 Mon Feb 16 17:04:18 2004
+++ Zope3/src/zope/security/examples/sandbox_security.py Fri Feb 20 15:39:07 2004
@@ -13,6 +13,19 @@
##############################################################################
"""A small, secure sandbox application.
+This module is responsible of securing the sandbox application and run it in a
+secure mode. There are several steps that are taken to set up the security
+
+ 1. map permissions to actions
+
+ 2. map authentication tokens/principals onto permissions
+
+ 3. implement checker and security policies that affect 1,2
+
+ 4. bind checkers to classes/instances
+
+ 5. proxy wrap as necessary
+
$Id$
"""
import sandbox
@@ -20,16 +33,8 @@
from zope.security import checker, management
from zope.interface import implements
-#################################
-# 1. map permissions to actions
-# 2. map authentication tokens/principals onto permissions
-# 3. implement checker and security policies that affect 1,2
-# 4. bind checkers to classes/instances
-# 5. proxy wrap as nesc.
-#################################
-#################################
-# permissions
+# Define all permissions that will be available
NotAllowed = 'Not Allowed'
Public = checker.CheckerPublic
TransportAgent = 'Transport Agent'
@@ -44,43 +49,40 @@
NoSetAttr = lambda name: NotAllowed
-#################################
-# location -> auth token -> permission mapping
class SimulationSecurityDatabase:
+ """Security Database
+ In the database, locations are mapped to authentication tokens to
+ permissions.
+ """
origin = {
- 'any':[ALL]
+ 'any' : [ALL]
}
jail = {
- 'norse legend':[TransportAgent,
- AccessServices,
- AccessAgentService,
- AccessHomeService,
- TransportAgent,
- AccessAgents,],
-
- 'any':[AccessTimeService, AddAgent],
-
+ 'norse legend' : [TransportAgent, AccessServices, AccessAgentService,
+ AccessHomeService, TransportAgent, AccessAgents],
+ 'any' : [AccessTimeService, AddAgent]
}
valhalla = {
- 'norse legend':[AddAgent],
- 'any': [AccessServices,
- AccessTimeService,
- AccessAgentService,
- AccessHomeService,
- TransportAgent,
- AccessAgents,]
+ 'norse legend' : [AddAgent],
+ 'any' : [AccessServices, AccessTimeService, AccessAgentService,
+ AccessHomeService, TransportAgent, AccessAgents]
}
class SimulationSecurityPolicy:
+ """Security Policy during the Simulation.
+
+ A very simple security policy that is specific to the simulations.
+ """
implements(ISecurityPolicy)
def checkPermission(self, permission, object, context):
+ """See zope.security.interfaces.ISecurityPolicy"""
token = context.user.getAuthenticationToken()
home = object.getHome()
db = getattr(SimulationSecurityDatabase, home.getId(), None)
@@ -99,23 +101,24 @@
return False
-
def PermissionMapChecker(permissions_map={}, setattr_permission_func=NoSetAttr):
+ """Create a checker from using the 'permission_map.'"""
res = {}
- for k,v in permissions_map.items():
- for iv in v:
- res[iv]=k
+ for key, value in permissions_map.items():
+ for method in value:
+ res[method] = key
return checker.Checker(res.get, setattr_permission_func)
#################################
# sandbox security settings
-sandbox_security = {AccessServices:['getService', 'addService', 'getServiceIds'],
- AccessAgents:['getAgentsIds', 'getAgents'],
- AddAgent:['addAgent'],
- TransportAgent:['transportAgent'],
- Public:['getId','getHome']
- }
+sandbox_security = {
+ AccessServices : ['getService', 'addService', 'getServiceIds'],
+ AccessAgents : ['getAgentsIds', 'getAgents'],
+ AddAgent : ['addAgent'],
+ TransportAgent : ['transportAgent'],
+ Public : ['getId','getHome']
+ }
sandbox_checker = PermissionMapChecker(sandbox_security)
#################################
@@ -151,7 +154,7 @@
wrapped_home = agentChecker.proxy(self)
agent.setHome(wrapped_home)
else:
- raise sandbox.SandboxError("couldn't add agent %s"%agent)
+ raise sandbox.SandboxError("couldn't add agent %s" %agent)
sandbox.Sandbox.addAgent = addAgent
More information about the Zope3-Checkins
mailing list