[Zope3-checkins] SVN: Zope3/branches/ZopeX3-3.0/src/zope/ Merged from trunk 25920:

Jim Fulton jim at zope.com
Fri Jul 2 15:34:31 EDT 2004


Log message for revision 26058:
Merged from trunk 25920:
Changed basic checkers to use dictionaries.

Now when you create checkers, you must pass one or 
two dictionary objects. We used to allow functions 
to be passed that would be called to get the permission
needed to access a name.  It turns out that this generality
wasn't needed or used.  If we need this in the furture, we
can add custom checkers.  For now, we only allow
dictionaries, as that will enable more efficient checker
implementation. 



-=-
Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/apidoc/utilities.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/apidoc/utilities.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/apidoc/utilities.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -201,8 +201,8 @@
       >>> class Sample2(object):
       ...      pass
 
-      >>> checker = Checker({'attr': 'zope.Read', 'attr3': CheckerPublic}.get,
-      ...                   {'attr': 'zope.Write', 'attr3': CheckerPublic}.get) 
+      >>> checker = Checker({'attr': 'zope.Read', 'attr3': CheckerPublic},
+      ...                   {'attr': 'zope.Write', 'attr3': CheckerPublic}) 
       >>> defineChecker(Sample, checker)
 
       Now let's see how this function works

Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/component/metaconfigure.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/component/metaconfigure.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/component/metaconfigure.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -218,7 +218,7 @@
             for name in i.names(all=True):
                 require[name] = permission
 
-    checker = Checker(require.get)
+    checker = Checker(require)
     return checker
 
 def resource(_context, factory, type, name, layer='default',

Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/publisher/browser/i18nresourcemeta.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/publisher/browser/i18nresourcemeta.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/publisher/browser/i18nresourcemeta.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -96,7 +96,7 @@
                 permission = CheckerPublic
 
         if require:
-            checker = Checker(require.get)
+            checker = Checker(require)
 
             factory = self._proxyFactory(factory, checker)
 

Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/publisher/xmlrpc/metaconfigure.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/publisher/xmlrpc/metaconfigure.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/publisher/xmlrpc/metaconfigure.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -57,7 +57,7 @@
                 for field_name in iface:
                     require[field_name] = permission
     
-        checker = Checker(require.get)
+        checker = Checker(require)
     
         def proxyView(context, request, class_=class_, checker=checker):
             view = class_(context, request)

Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/security/metaconfigure.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/security/metaconfigure.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/security/metaconfigure.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -54,7 +54,7 @@
         permission = CheckerPublic
 
     # We know a dictionary get method was used because we set it
-    protections = checker.getPermission_func().__self__
+    protections = checker.get_permissions
     protections[name] = permission
 
 

Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/security/protectclass.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/security/protectclass.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/security/protectclass.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -27,7 +27,7 @@
 
     checker = getCheckerForInstancesOf(class_)
     if checker is None:
-        checker = Checker({}.get, {}.get)
+        checker = Checker({}, {})
         defineChecker(class_, checker)
 
     if permission == 'zope.Public':
@@ -35,7 +35,7 @@
         permission = CheckerPublic
 
     # We know a dictionart get method was used because we set it
-    protections = checker.getPermission_func().__self__
+    protections = checker.get_permissions
     protections[name] = permission
 
 def protectSetAttribute(class_, name, permission):
@@ -43,7 +43,7 @@
 
     checker = getCheckerForInstancesOf(class_)
     if checker is None:
-        checker = Checker({}.get, {}.get)
+        checker = Checker({}, {})
         defineChecker(class_, checker)
 
     if permission == 'zope.Public':
@@ -51,7 +51,7 @@
         permission = CheckerPublic
 
     # We know a dictionart get method was used because we set it
-    protections = checker.getSetattrPermission_func().__self__
+    protections = checker.set_permissions
     protections[name] = permission
 
 def protectLikeUnto(class_, like_unto):
@@ -62,19 +62,19 @@
         return
 
     # We know a dictionart get method was used because we set it
-    unto_get_protections = unto_checker.getPermission_func().__self__
-    unto_set_protections = unto_checker.getSetattrPermission_func().__self__
+    unto_get_protections = unto_checker.get_permissions
+    unto_set_protections = unto_checker.set_permissions
 
     checker = getCheckerForInstancesOf(class_)
     if checker is None:
-        checker = Checker({}.get, {}.get)
+        checker = Checker({}, {})
         defineChecker(class_, checker)
 
     # OK, so it's a hack.
-    get_protections = checker.getPermission_func().__self__
+    get_protections = checker.get_permissions
     for name in unto_get_protections:
         get_protections[name] = unto_get_protections[name]
 
-    set_protections = checker.getSetattrPermission_func().__self__
+    set_protections = checker.set_permissions
     for name in unto_set_protections:
         set_protections[name] = unto_set_protections[name]

Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/security/tests/test_directives.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/security/tests/test_directives.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/security/tests/test_directives.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -60,7 +60,7 @@
     name and permission:
 
     >>> checker = moduleChecker(test_directives)
-    >>> cdict = checker.getPermission_func().__self__
+    >>> cdict = checker.get_permissions
     >>> pprint(cdict)
     {'foo': 'zope.app.security.metaconfigure.test'}
     

Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/traversing/tests/test_traverser.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/traversing/tests/test_traverser.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/traversing/tests/test_traverser.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -144,15 +144,6 @@
     def testNotFoundNoDefault(self):
         self.assertRaises(NotFoundError, self.tr.traverse, 'foo')
 
-def Denied(*names):
-
-    def check(name):
-        if name in names:
-            return 'Waaaa'
-        return CheckerPublic
-
-    return Checker(check)
-
 class RestrictedTraverseTests(PlacefulSetup, unittest.TestCase):
     _oldPolicy = None
     _deniedNames = ()
@@ -178,7 +169,9 @@
         self.tr = Traverser(ProxyFactory(root))
 
     def testAllAllowed(self):
-        defineChecker(C, Checker(lambda name: CheckerPublic))
+        defineChecker(C, Checker({'folder': CheckerPublic,
+                                  'item': CheckerPublic,
+                                  }))
         tr = Traverser(ProxyFactory(self.root))
         item = self.item
 
@@ -187,7 +180,7 @@
 
     def testItemDenied(self):
         newInteraction(ParticipationStub('no one'))
-        defineChecker(C, Denied('item'))
+        defineChecker(C, Checker({'item': 'Waaaa', 'folder': CheckerPublic}))
         tr = Traverser(ProxyFactory(self.root))
         folder = self.folder
 

Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/workflow/stateful/instance.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/workflow/stateful/instance.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/workflow/stateful/instance.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -97,8 +97,8 @@
             directlyProvides(self, schema)
 
             # Build up a Checker rules and store it for later
-            self.__checker_getattr = PersistentDict()
-            self.__checker_setattr = PersistentDict()
+            self.__checker_getattr = {}
+            self.__checker_setattr = {}
             for name in getFields(schema):
                 get_perm, set_perm = schemaPermissions.get(name, (None, None))
                 self.__checker_getattr[name] = get_perm or CheckerPublic
@@ -118,8 +118,8 @@
                key.startswith('_p_'):
             return super(RelevantData, self).__setattr__(key, value)
 
-        is_schema_field = self.__schema is not None and \
-                          key in getFields(self.__schema).keys()
+        is_schema_field = (self.__schema is not None and 
+                           key in getFields(self.__schema).keys())
 
         if is_schema_field:
             process = self.__parent__ 
@@ -136,8 +136,7 @@
                 process, self.__schema, key, oldvalue, value))
 
     def getChecker(self):
-        return Checker(self.__checker_getattr.get,
-                       self.__checker_setattr.get)
+        return Checker(self.__checker_getattr, self.__checker_setattr)
 
     def getSchema(self):
         return self.__schema
@@ -246,11 +245,11 @@
         # using a setter-method directly is not protected :((
         #try:
         #    checker = getChecker(content)
-        #    checker._setattr_permission_func = lambda x: None
+        #    checker.set_permissions = {}
         #except TypeError:
         #    # got object without Security Proxy
         #    checker = selectChecker(content)
-        #    checker._setattr_permission_func = lambda x: None
+        #    checker.set_permissions = {}
         #    content = Proxy(content, checker)
 
         #ctx['content'] = content

Modified: Zope3/branches/ZopeX3-3.0/src/zope/security/checker.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/security/checker.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/security/checker.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -98,43 +98,35 @@
 class Checker(TrustedCheckerBase):
     implements(INameBasedChecker)
 
-    def __init__(self, permission_func,
-                 setattr_permission_func=lambda name: None
-                 ):
+    def __init__(self, get_permissions, set_permissions=None):
         """Create a checker
 
-        A dictionary or a callable must be provided for computing
-        permissions for names. The callable will be called with
-        attribute names and must return a permission id, None, or the
-        special marker, CheckerPublic. If None is returned, then
-        access to the name is forbidden. If CheckerPublic is returned,
-        then access will be granted without checking a permission.
+        A dictionary must be provided for computing permissions for
+        names. The disctionary get will be called with attribute names
+        and must return a permission id, None, or the special marker,
+        CheckerPublic. If None is returned, then access to the name is
+        forbidden. If CheckerPublic is returned, then access will be
+        granted without checking a permission.
 
-        An optional setattr permission function or dictionary may be
-        provided for checking set attribute access.
+        An optional setattr dictionary may be provided for checking
+        set attribute access.
+
         """
 
-        if type(permission_func) is dict:
-            permission_func = permission_func.get
-        self._permission_func = permission_func
+        assert isinstance(get_permissions, dict)
+        self.get_permissions = get_permissions
+        if set_permissions is not None:
+            assert isinstance(set_permissions, dict)
+        self.set_permissions = set_permissions
 
-        if type(setattr_permission_func) is dict:
-            setattr_permission_func = setattr_permission_func.get
-        self._setattr_permission_func = setattr_permission_func
-
-    def getPermission_func(self):
-        return self._permission_func
-
-    def getSetattrPermission_func(self):
-        return self._setattr_permission_func
-
     def permission_id(self, name):
         'See INameBasedChecker'
-        return self._permission_func(name)
+        return self.get_permissions.get(name)
 
     def setattr_permission_id(self, name):
         'See INameBasedChecker'
-        return self._setattr_permission_func(name)
+        if self.set_permissions:
+            return self.set_permissions.get(name)
 
     def check_getattr(self, object, name):
         'See IChecker'
@@ -142,7 +134,11 @@
 
     def check_setattr(self, object, name):
         'See IChecker'
-        permission = self._setattr_permission_func(name)
+        if self.set_permissions:
+            permission = self.set_permissions.get(name)
+        else:
+            permission = None
+            
         if permission is not None:
             if permission is CheckerPublic:
                 return # Public
@@ -159,7 +155,7 @@
 
     def check(self, object, name):
         'See IChecker'
-        permission = self._permission_func(name)
+        permission = self.get_permissions.get(name)
         if permission is not None:
             if permission is CheckerPublic:
                 return # Public
@@ -410,7 +406,7 @@
             raise DuplicationError(name)
         data[name] = permission_id
 
-    return Checker(data.get)
+    return Checker(data)
 
 def InterfaceChecker(interface, permission_id=CheckerPublic, **__kw__):
     return NamesChecker(interface.names(all=True), permission_id, **__kw__)
@@ -449,7 +445,7 @@
                     raise DuplicationError(name)
                 data[name] = permission_id
 
-    return Checker(data.get)
+    return Checker(data)
 
 def selectChecker(object):
     """Get a checker for the given object
@@ -527,7 +523,7 @@
 
 _getChecker = _checkers.get
 
-_defaultChecker = Checker({}.get)
+_defaultChecker = Checker({})
 
 def _instanceChecker(inst):
     checker = _checkers.get(inst.__class__, _defaultChecker)

Modified: Zope3/branches/ZopeX3-3.0/src/zope/security/examples/sandbox_security.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/security/examples/sandbox_security.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/security/examples/sandbox_security.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -121,13 +121,13 @@
         self.interaction = None
 
 
-def PermissionMapChecker(permissions_map={}, setattr_permission_func=NoSetAttr):
+def PermissionMapChecker(permissions_map={}, set_permissions=None):
     """Create a checker from using the 'permission_map.'"""
     res = {}
     for key, value in permissions_map.items():
         for method in value:
             res[method] = key
-    return checker.Checker(res.get, setattr_permission_func)
+    return checker.Checker(res, set_permissions)
 
 
 #################################

Modified: Zope3/branches/ZopeX3-3.0/src/zope/security/proxy.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/security/proxy.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/security/proxy.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -46,10 +46,6 @@
     otherwise, None is returned.
     """
     checker = getChecker(proxy)
-    func = checker.getPermission_func()
-    dict = getattr(func, '__self__', None)
-    if dict is None:
-        return None
-    items = dict.items()
+    items = checker.get_permissions.items()
     items.sort()
     return items

Modified: Zope3/branches/ZopeX3-3.0/src/zope/security/tests/test_checker.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/security/tests/test_checker.py	2004-07-02 19:31:42 UTC (rev 26057)
+++ Zope3/branches/ZopeX3-3.0/src/zope/security/tests/test_checker.py	2004-07-02 19:34:31 UTC (rev 26058)
@@ -238,7 +238,7 @@
             #
             #    checker = getChecker(proxy)
             #    self.failUnless(checker is special,
-            #                    checker.getPermission_func().__self__)
+            #                    checker.get_permissions)
             #
             #    proxy2 = checker.proxy(proxy)
             #    self.failUnless(proxy2 is proxy, [proxy, proxy2])



More information about the Zope3-Checkins mailing list