[Zope3-checkins] SVN: Zope3/trunk/src/zope/ Rearranged the security
apis, largely combining security policies and
Jim Fulton
jim at zope.com
Fri Jul 16 15:51:26 EDT 2004
Log message for revision 26591:
Rearranged the security apis, largely combining security policies and
interactions. Now security policies are just interaction factories --
usually just the interaction class.
See:
http://mail.zope.org/pipermail/zope3-dev/2004-July/011656.html
Changed:
U Zope3/trunk/src/zope/app/component/tests/test_contentdirective.py
U Zope3/trunk/src/zope/app/component/tests/test_factory.py
U Zope3/trunk/src/zope/app/component/tests/test_servicedirective.py
U Zope3/trunk/src/zope/app/dublincore/tests/test_creatorannotator.py
U Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py
U Zope3/trunk/src/zope/app/publisher/browser/tests/test_directives.py
U Zope3/trunk/src/zope/app/publisher/browser/tests/test_globalbrowsermenuservice.py
U Zope3/trunk/src/zope/app/publisher/browser/tests/test_menuaccessview.py
U Zope3/trunk/src/zope/app/schema/tests/test_field.py
U Zope3/trunk/src/zope/app/schema/tests/test_fieldfactory.py
U Zope3/trunk/src/zope/app/schema/tests/test_schemautility.py
U Zope3/trunk/src/zope/app/security/metaconfigure.py
U Zope3/trunk/src/zope/app/securitypolicy/configure.zcml
U Zope3/trunk/src/zope/app/securitypolicy/tests/test_zopepolicy.py
U Zope3/trunk/src/zope/app/securitypolicy/zopepolicy.py
U Zope3/trunk/src/zope/app/tests/placelesssetup.py
U Zope3/trunk/src/zope/app/traversing/tests/test_traverser.py
U Zope3/trunk/src/zope/app/workflow/stateful/tests/test_instance.py
U Zope3/trunk/src/zope/security/__init__.py
U Zope3/trunk/src/zope/security/_zope_security_checker.c
U Zope3/trunk/src/zope/security/checker.py
U Zope3/trunk/src/zope/security/examples/sandbox_security.py
U Zope3/trunk/src/zope/security/interfaces.py
U Zope3/trunk/src/zope/security/management.py
D Zope3/trunk/src/zope/security/simpleinteraction.py
U Zope3/trunk/src/zope/security/simplepolicies.py
U Zope3/trunk/src/zope/security/tests/test_checker.py
U Zope3/trunk/src/zope/security/tests/test_management.py
U Zope3/trunk/src/zope/security/tests/test_simpleinteraction.py
-=-
Modified: Zope3/trunk/src/zope/app/component/tests/test_contentdirective.py
===================================================================
--- Zope3/trunk/src/zope/app/component/tests/test_contentdirective.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/component/tests/test_contentdirective.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -26,8 +26,6 @@
from zope.component.exceptions import ComponentLookupError
from zope.configuration.xmlconfig import xmlconfig, XMLConfig
from zope.app.tests.placelesssetup import PlacelessSetup
-from zope.security.management import system_user
-from zope.security.management import newInteraction
from zope.app.component.interface import queryInterface
# explicitly import ExampleClass and IExample using full paths
@@ -54,7 +52,6 @@
class TestContentDirective(PlacelessSetup, unittest.TestCase):
def setUp(self):
super(TestContentDirective, self).setUp()
- newInteraction(ParticipationStub(system_user))
XMLConfig('meta.zcml', zope.app.component)()
XMLConfig('meta.zcml', zope.app.security)()
@@ -141,7 +138,6 @@
class TestFactorySubdirective(PlacelessSetup, unittest.TestCase):
def setUp(self):
super(TestFactorySubdirective, self).setUp()
- newInteraction(ParticipationStub(system_user))
XMLConfig('meta.zcml', zope.app.component)()
XMLConfig('meta.zcml', zope.app.security)()
Modified: Zope3/trunk/src/zope/app/component/tests/test_factory.py
===================================================================
--- Zope3/trunk/src/zope/app/component/tests/test_factory.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/component/tests/test_factory.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -23,7 +23,6 @@
from zope.component import createObject
from zope.proxy import removeAllProxies
from zope.app.tests.placelesssetup import PlacelessSetup
-from zope.security.management import newInteraction, system_user
from zope.app import zapi
import zope.app.security
@@ -50,7 +49,6 @@
class Test(PlacelessSetup, unittest.TestCase):
def setUp(self):
super(Test, self).setUp()
- newInteraction(ParticipationStub(system_user))
XMLConfig('meta.zcml', zope.app.component)()
XMLConfig('meta.zcml', zope.app.security)()
Modified: Zope3/trunk/src/zope/app/component/tests/test_servicedirective.py
===================================================================
--- Zope3/trunk/src/zope/app/component/tests/test_servicedirective.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/component/tests/test_servicedirective.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -176,7 +176,8 @@
)))
# Need to "log someone in" to turn on checks
- from zope.security.management import newInteraction
+ from zope.security.management import newInteraction, endInteraction
+ endInteraction()
newInteraction(ParticipationStub('someuser'))
service = getService("Foo")
Modified: Zope3/trunk/src/zope/app/dublincore/tests/test_creatorannotator.py
===================================================================
--- Zope3/trunk/src/zope/app/dublincore/tests/test_creatorannotator.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/dublincore/tests/test_creatorannotator.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -94,7 +94,6 @@
'this is a very bad author')
# Check what happens if no user is there
- newInteraction(None)
CreatorAnnotator(event)
self.assertEqual(data.creators,())
endInteraction()
Modified: Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py
===================================================================
--- Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -112,10 +112,12 @@
def setUp(self):
super(BasePublicationTests, self).setUp()
+ from zope.security.management import endInteraction
+ endInteraction()
ztapi.provideAdapter(IHTTPRequest, IUserPreferredCharsets,
HTTPCharsets)
self.policy = setSecurityPolicy(
- simplepolicies.PermissiveSecurityPolicy()
+ simplepolicies.PermissiveSecurityPolicy
)
self.storage = DemoStorage('test_storage')
self.db = db = DB(self.storage)
Modified: Zope3/trunk/src/zope/app/publisher/browser/tests/test_directives.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/tests/test_directives.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/publisher/browser/tests/test_directives.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -28,6 +28,7 @@
from zope.component import getDefaultViewName, getResource
from zope.app.tests.placelesssetup import PlacelessSetup
from zope.security.proxy import ProxyFactory
+import zope.security.management
from zope.proxy import removeAllProxies
from zope.app.publisher.browser.globalbrowsermenuservice import \
@@ -699,6 +700,7 @@
def testProtectedPageViews(self):
ztapi.provideUtility(IPermission, Permission('p', 'P'), 'p')
+ request = TestRequest()
self.assertEqual(queryView(ob, 'test', request),
None)
@@ -722,6 +724,7 @@
v = getView(ob, 'index.html', request)
v = ProxyFactory(v)
+ zope.security.management.getInteraction().add(request)
self.assertRaises(Exception, v)
v = getView(ob, 'action.html', request)
v = ProxyFactory(v)
@@ -879,6 +882,7 @@
path = os.path.join(tests_path, 'testfiles', 'test.pt')
+ request = TestRequest()
self.assertEqual(queryView(ob, 'test', request),
None)
@@ -908,6 +912,7 @@
v = getView(ob, 'xxx.html', request)
v = ProxyFactory(v)
+ zope.security.management.getInteraction().add(request)
self.assertRaises(Exception, v)
v = getView(ob, 'index.html', request)
Modified: Zope3/trunk/src/zope/app/publisher/browser/tests/test_globalbrowsermenuservice.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/tests/test_globalbrowsermenuservice.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/publisher/browser/tests/test_globalbrowsermenuservice.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -21,7 +21,6 @@
from zope.publisher.browser import TestRequest
from zope.publisher.interfaces.browser import IBrowserPublisher
from zope.security.management import newInteraction, endInteraction
-from zope.security.management import system_user
from zope.app import zapi
from zope.app.tests import ztapi
@@ -113,6 +112,7 @@
r.menuItem('test_id', I111, 'u8', 't8', 'd8')
r.menuItem('test_id', I12, 'a9', 't9', 'd9')
+ endInteraction()
newInteraction(ParticipationStub('test'))
menu = r.getMenu('test_id', TestObject(), TestRequest())
@@ -120,9 +120,7 @@
self.assertEqual(list(menu), [d(6), d(3), d(2), d(1)])
endInteraction()
-
- newInteraction(ParticipationStub(system_user))
-
+ newInteraction()
menu = r.getMenu('test_id', TestObject(), TestRequest())
self.assertEqual(list(menu), [d(5), d(6), d(3), d(2), d(1)])
Modified: Zope3/trunk/src/zope/app/publisher/browser/tests/test_menuaccessview.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/tests/test_menuaccessview.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/publisher/browser/tests/test_menuaccessview.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -95,6 +95,8 @@
abad='waaa'))
def test(self):
+ from zope.security.management import endInteraction
+ endInteraction()
newInteraction(ParticipationStub('who'))
v = MenuAccessView(ProxyFactory(ob), TestRequest())
self.assertEqual(v['zmi_views'],
Modified: Zope3/trunk/src/zope/app/schema/tests/test_field.py
===================================================================
--- Zope3/trunk/src/zope/app/schema/tests/test_field.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/schema/tests/test_field.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -54,7 +54,6 @@
def setUp(self):
setup.placefulSetUp()
self.context = xmlconfig.file("fields.zcml", zope.app.schema.tests)
- newInteraction(ParticipationStub(system_user))
def test_wrapped_field_checker(self):
f1 = Text(title=u'alpha')
Modified: Zope3/trunk/src/zope/app/schema/tests/test_fieldfactory.py
===================================================================
--- Zope3/trunk/src/zope/app/schema/tests/test_fieldfactory.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/schema/tests/test_fieldfactory.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -23,7 +23,6 @@
from zope.component.exceptions import ComponentLookupError
from zope.component.interfaces import IFactory
from zope.app.tests.placelesssetup import PlacelessSetup
-from zope.security.management import newInteraction, system_user
from zope.schema.interfaces import IField, IText
from zope.interface import Interface
from zope.configuration import xmlconfig
@@ -41,7 +40,6 @@
def setUp(self):
super(TestFieldFactory, self).setUp()
- newInteraction(ParticipationStub(system_user))
context = xmlconfig.file('tests/test_fieldfactory.zcml',
zope.app.schema)
Modified: Zope3/trunk/src/zope/app/schema/tests/test_schemautility.py
===================================================================
--- Zope3/trunk/src/zope/app/schema/tests/test_schemautility.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/schema/tests/test_schemautility.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -19,7 +19,6 @@
from zope.configuration import xmlconfig
from zope.schema import Text, getFieldNamesInOrder, getFieldsInOrder
-from zope.security.management import system_user, newInteraction
from zope.security.checker import getChecker, _defaultChecker, ProxyFactory
from zope.app.schema.schema import SchemaUtility
from zope.app.tests import setup
@@ -190,7 +189,6 @@
s = self.s
s.addField(u'alpha', self.alpha)
s = ProxyFactory(s)
- newInteraction(ParticipationStub(system_user))
f1 = ProxyFactory(s[u'alpha'])
order = f1.order
f1 = zapi.traverse(s, 'alpha')
Modified: Zope3/trunk/src/zope/app/security/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/security/metaconfigure.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/security/metaconfigure.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -28,9 +28,6 @@
def securityPolicy(_context, component):
- if callable(component):
- component = component()
-
_context.action(
discriminator = 'defaultPolicy',
callable = setSecurityPolicy,
Modified: Zope3/trunk/src/zope/app/securitypolicy/configure.zcml
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/configure.zcml 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/securitypolicy/configure.zcml 2004-07-16 19:51:26 UTC (rev 26591)
@@ -87,9 +87,7 @@
<include package=".browser"/>
- <securityPolicy
- component=".zopepolicy.zopeSecurityPolicy"
- />
+ <securityPolicy component=".zopepolicy.ZopeSecurityPolicy" />
<role id="zope.Anonymous" title="Everybody"
description="All users have this role implicitly" />
Modified: Zope3/trunk/src/zope/app/securitypolicy/tests/test_zopepolicy.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/tests/test_zopepolicy.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/securitypolicy/tests/test_zopepolicy.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -89,11 +89,13 @@
AttributeAnnotations)
# set up some principals
- self.jim = principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
- 'jim', '123')
+ self.jim = principalRegistry.definePrincipal(
+ 'jim', 'Jim', 'Jim Fulton',
+ 'jim', '123')
- self.tim = principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
- 'tim', '456')
+ self.tim = principalRegistry.definePrincipal(
+ 'tim', 'Tim', 'Tim Peters',
+ 'tim', '456')
self.unknown = principalRegistry.defineDefaultPrincipal('unknown',
'Unknown', 'Nothing is known about this principal')
@@ -135,10 +137,10 @@
principalRoleManager.assignRoleToPrincipal(self.peon, self.jim.id)
principalRoleManager.assignRoleToPrincipal(self.manager, self.tim.id)
- self.policy = self._makePolicy()
+ self.interaction = self._makeInteraction()
- def _makePolicy(self):
+ def _makeInteraction(self):
from zope.app.securitypolicy.zopepolicy import ZopeSecurityPolicy
return ZopeSecurityPolicy()
@@ -154,38 +156,40 @@
def testInterfaces(self):
from zope.security.interfaces import ISecurityPolicy
from zope.app.securitypolicy.zopepolicy import ZopeSecurityPolicy
- verifyObject(ISecurityPolicy, ZopeSecurityPolicy())
+ verifyObject(ISecurityPolicy, ZopeSecurityPolicy)
def testCreateInteraction(self):
from zope.security.interfaces import IInteraction
from zope.app.securitypolicy.zopepolicy import ZopeSecurityPolicy
- i1 = ZopeSecurityPolicy().createInteraction(None)
+ i1 = ZopeSecurityPolicy()
verifyObject(IInteraction, i1)
self.assertEquals(list(i1.participations), [])
user = object()
rq = RequestStub(user)
- i2 = ZopeSecurityPolicy().createInteraction(rq)
+ i2 = ZopeSecurityPolicy(rq)
verifyObject(IInteraction, i2)
self.assertEquals(list(i2.participations), [rq])
def testGlobalCheckPermission(self):
- self.failUnless(
- self.policy.checkPermission(self.read, None, Interaction(self.jim)))
- self.failUnless(
- self.policy.checkPermission(self.read, None, Interaction(self.tim)))
- self.failUnless(
- self.policy.checkPermission(self.write, None, Interaction(self.tim)))
+ r = RequestStub(self.jim)
+ self.interaction.add(r)
+ self.failUnless(self.interaction.checkPermission(self.read, None))
+ self.interaction.remove(r)
- self.failIf(self.policy.checkPermission(
- self.read, None, Interaction(self.unknown)))
- self.failIf(self.policy.checkPermission(
- self.write, None, Interaction(self.unknown)))
+ r = RequestStub(self.tim)
+ self.interaction.add(r)
+ self.failUnless(self.interaction.checkPermission(self.read, None))
+ self.failUnless(self.interaction.checkPermission(self.write, None))
+ self.interaction.remove(r)
- self.failIf(
- self.policy.checkPermission(
- self.read, None, Interaction(self.unknown)))
+ r = RequestStub(self.unknown)
+ self.interaction.add(r)
+ self.failIf(self.interaction.checkPermission(self.read, None))
+ self.failIf(self.interaction.checkPermission(self.write, None))
+ self.failIf(self.interaction.checkPermission(self.read, None))
+
self.__assertPermissions(self.jim, ['create', 'read'])
self.__assertPermissions(self.tim, ['read', 'write'])
self.__assertPermissions(self.unknown, [])
@@ -193,30 +197,29 @@
rolePermissionManager.grantPermissionToRole(
self.read, 'zope.Anonymous')
- self.failUnless(
- self.policy.checkPermission(
- self.read, None, Interaction(self.unknown)))
+ self.failUnless(self.interaction.checkPermission(self.read, None))
+ self.interaction.remove(r)
self.__assertPermissions(self.unknown, ['read'])
principalPermissionManager.grantPermissionToPrincipal(
self.write, self.jim.id)
- self.failUnless(
- self.policy.checkPermission(self.write, None, Interaction(self.jim)))
+ r = RequestStub(self.jim)
+ self.interaction.add(r)
+ self.failUnless(self.interaction.checkPermission(self.write, None))
self.__assertPermissions(self.jim, ['create', 'read', 'write'])
def testPlaylessPrincipalRole(self):
- self.failIf(self.policy.checkPermission(
- self.write, None, Interaction(self.jim)))
+ r = RequestStub(self.jim)
+ self.interaction.add(r)
+ self.failIf(self.interaction.checkPermission(self.write, None))
principalRoleManager.assignRoleToPrincipal(
self.manager, self.jim.id)
- self.failUnless(self.policy.checkPermission(
- self.write, None, Interaction(self.jim)))
+ self.failUnless(self.interaction.checkPermission(self.write, None))
principalRoleManager.removeRoleFromPrincipal(
self.manager, self.jim.id)
- self.failIf(self.policy.checkPermission(
- self.write, None, Interaction(self.jim)))
+ self.failIf(self.interaction.checkPermission(self.write, None))
def testPlayfulPrincipalRole(self):
ztapi.provideAdapter(
@@ -227,16 +230,15 @@
ob2 = TestClass(); ob2.__parent__ = ob1
ob3 = TestClass(); ob3.__parent__ = ob2
- self.failIf(self.policy.checkPermission(
- self.write, ob3, Interaction(self.jim)))
+ r = RequestStub(self.jim)
+ self.interaction.add(r)
+ self.failIf(self.interaction.checkPermission(self.write, ob3))
AnnotationPrincipalRoleManager(ob3).assignRoleToPrincipal(
self.manager, self.jim.id)
- self.failUnless(self.policy.checkPermission(
- self.write, ob3, Interaction(self.jim)))
+ self.failUnless(self.interaction.checkPermission(self.write, ob3))
AnnotationPrincipalRoleManager(ob3).removeRoleFromPrincipal(
self.manager, self.jim.id)
- self.failIf(self.policy.checkPermission(
- self.write, ob3, Interaction(self.jim)))
+ self.failIf(self.interaction.checkPermission(self.write, ob3))
def testPlayfulRolePermissions(self):
@@ -250,30 +252,33 @@
ob2 = TestClass(); ob2.__parent__ = ob1
ob3 = TestClass(); ob3.__parent__ = ob2
- self.failIf(self.policy.checkPermission(test, ob3, Interaction(self.tim)))
+ r = RequestStub(self.tim)
+ self.interaction.add(r)
+ self.failIf(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
ARPM(ob2).grantPermissionToRole(test, self.manager)
- self.failUnless(self.policy.checkPermission(test, ob3,
- Interaction(self.tim)))
+ self.failUnless(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
+ self.interaction.remove(r)
- self.failIf(self.policy.checkPermission(test, ob3, Interaction(self.jim)))
+ r = RequestStub(self.jim)
+ self.interaction.add(r)
+ self.failIf(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.jim, ['create', 'read'], ob3)
ARPM(ob3).grantPermissionToRole(test, self.peon)
- self.failUnless(self.policy.checkPermission(
- test, ob3, Interaction(self.jim)))
+ self.failUnless(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
principalPermissionManager.denyPermissionToPrincipal(
test, self.jim.id)
- self.failIf(self.policy.checkPermission(
- test, ob3, Interaction(self.jim)))
+ self.failIf(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.jim, ['create', 'read'], ob3)
+ self.interaction.remove(r)
principalPermissionManager.unsetPermissionForPrincipal(
test, self.jim.id)
@@ -286,11 +291,13 @@
new = principalRegistry.definePrincipal('new', 'Newbie',
'Newbie User', 'new', '098')
principalRoleManager.assignRoleToPrincipal(self.arole, new.id)
- self.failUnless(self.policy.checkPermission(test, ob3, Interaction(new)))
+ r = RequestStub(new)
+ self.interaction.add(r)
+ self.failUnless(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(new, ['test'], ob3)
principalRoleManager.assignRoleToPrincipal(self.peon, new.id)
- self.failIf(self.policy.checkPermission(test, ob3, Interaction(new)))
+ self.failIf(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(new, ['read'], ob3)
def testPlayfulPrinciplePermissions(self):
@@ -304,38 +311,41 @@
test = definePermission('test', 'Test', '').id
- self.failIf(self.policy.checkPermission(test, ob3, Interaction(self.tim)))
+ r = RequestStub(self.tim)
+ self.interaction.add(r)
+ self.failIf(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
APPM(ob2).grantPermissionToPrincipal(test, self.tim.id)
- self.failUnless(self.policy.checkPermission(
- test, ob3, Interaction(self.tim)))
+ self.failUnless(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
APPM(ob3).denyPermissionToPrincipal(test, self.tim.id)
- self.failIf(self.policy.checkPermission(
- test, ob3, Interaction(self.tim)))
+ self.failIf(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
+ self.interaction.remove(r)
+ r = RequestStub(self.jim)
+ self.interaction.add(r)
APPM(ob1).denyPermissionToPrincipal(test, self.jim.id)
APPM(ob3).grantPermissionToPrincipal(test, self.jim.id)
- self.failUnless(self.policy.checkPermission(
- test, ob3, Interaction(self.jim)))
+ self.failUnless(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
APPM(ob3).unsetPermissionForPrincipal(test, self.jim.id)
- self.failIf(self.policy.checkPermission(
- test, ob3, Interaction(self.jim)))
+ self.failIf(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.jim, ['create', 'read'], ob3)
+ self.interaction.remove(r)
# make sure placeless principal permissions override placeful ones
+ r = RequestStub(self.tim)
+ self.interaction.add(r)
APPM(ob3).grantPermissionToPrincipal(test, self.tim.id)
principalPermissionManager.denyPermissionToPrincipal(
test, self.tim.id)
- self.failIf(self.policy.checkPermission(
- test, ob3, Interaction(self.tim)))
+ self.failIf(self.interaction.checkPermission(test, ob3))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
Modified: Zope3/trunk/src/zope/app/securitypolicy/zopepolicy.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/zopepolicy.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/securitypolicy/zopepolicy.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -15,21 +15,18 @@
$Id$
"""
-from zope.interface import implements
-from zope.security.interfaces import ISecurityPolicy
from zope.security.management import system_user
-from zope.security.simpleinteraction import createInteraction \
- as _createInteraction
+import zope.security.simplepolicies
+from zope.security.interfaces import ISecurityPolicy
from zope.app.location import LocationIterator
-
+from zope.app.security.settings import Allow, Deny
from zope.app.securitypolicy.interfaces import \
IRolePermissionMap, IPrincipalPermissionMap, IPrincipalRoleMap
from zope.app.securitypolicy.principalpermission \
import principalPermissionManager
from zope.app.securitypolicy.rolepermission import rolePermissionManager
from zope.app.securitypolicy.principalrole import principalRoleManager
-from zope.app.security.settings import Allow, Deny
getPermissionsForPrincipal = \
principalPermissionManager.getPermissionsForPrincipal
@@ -39,39 +36,13 @@
globalContext = object()
-class ZopeSecurityPolicy(object):
- implements(ISecurityPolicy)
+class ZopeSecurityPolicy(zope.security.simplepolicies.ParanoidSecurityPolicy):
+ zope.interface.classProvides(ISecurityPolicy)
- def __init__(self, ownerous=True, authenticated=True):
- """
- Two optional keyword arguments may be provided:
-
- ownerous -- Untrusted users can create code (e.g. Python
- scripts or templates), so check that code owners can
- access resources. The argument must have a truth value.
- The default is true.
-
- authenticated -- Allow access to resources based on the
-
- privileges of the authenticated user. The argument must
- have a truth value. The default is true.
-
- This (somewhat experimental) option can be set to false on
- sites that allow only public (unauthenticated) access. An
- anticipated scenario is a ZEO configuration in which some
- clients allow only public access and other clients allow
- full management.
- """
-
- self._ownerous = ownerous
- self._authenticated = authenticated
-
- createInteraction = staticmethod(_createInteraction)
-
- def checkPermission(self, permission, object, interaction):
+ def checkPermission(self, permission, object):
# XXX We aren't really handling multiple principals yet
- assert len(interaction.participations) == 1 # XXX
- user = interaction.participations[0].principal
+ assert len(self.participations) == 1 # XXX
+ user = self.participations[0].principal
# mapping from principal to set of roles
if user is system_user:
@@ -287,4 +258,3 @@
return result
-zopeSecurityPolicy=ZopeSecurityPolicy()
Modified: Zope3/trunk/src/zope/app/tests/placelesssetup.py
===================================================================
--- Zope3/trunk/src/zope/app/tests/placelesssetup.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/tests/placelesssetup.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -49,6 +49,9 @@
from zope.app.security.tests import addCheckerPublic
addCheckerPublic()
+ from zope.security.management import newInteraction
+ newInteraction()
+
setVocabularyRegistry(None)
Modified: Zope3/trunk/src/zope/app/traversing/tests/test_traverser.py
===================================================================
--- Zope3/trunk/src/zope/app/traversing/tests/test_traverser.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/traversing/tests/test_traverser.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -37,7 +37,7 @@
from zope.app.site.tests.placefulsetup import PlacefulSetup
from zope.security.checker \
import ProxyFactory, defineChecker, CheckerPublic, Checker
-from zope.security.management import newInteraction
+from zope.security.management import newInteraction, endInteraction
from zope.app.container.contained import Contained, contained
class ParticipationStub(object):
@@ -178,6 +178,7 @@
self.assertEquals(tr.traverse(('folder', 'item')), item)
def testItemDenied(self):
+ endInteraction()
newInteraction(ParticipationStub('no one'))
defineChecker(C, Checker({'item': 'Waaaa', 'folder': CheckerPublic}))
tr = Traverser(ProxyFactory(self.root))
Modified: Zope3/trunk/src/zope/app/workflow/stateful/tests/test_instance.py
===================================================================
--- Zope3/trunk/src/zope/app/workflow/stateful/tests/test_instance.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/workflow/stateful/tests/test_instance.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -26,7 +26,7 @@
from zope.app.security.interfaces import IPermission
from zope.app.security.permission import Permission
from zope.security.checker import CheckerPublic
-from zope.security.management import newInteraction
+from zope.security.management import newInteraction, endInteraction
from zope.app.annotation.interfaces import IAttributeAnnotatable
from zope.app.registration.interfaces import IRegisterable
@@ -363,6 +363,7 @@
ztapi.provideUtility(IPermission, Permission('deny', 'Deny'), 'deny')
+ endInteraction()
newInteraction(ParticipationStub('test'))
pd = TestProcessDefinition()
Modified: Zope3/trunk/src/zope/security/__init__.py
===================================================================
--- Zope3/trunk/src/zope/security/__init__.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/__init__.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -4,42 +4,21 @@
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
-"""Security Package
+"""Base security system
$Id$
+
"""
+
# TODO: There's a circular import problem with the proxy package.
# The proxy framework needs some refactoring, but not today.
import zope.proxy
-from zope.security.checker import CheckerPublic as _CheckerPublic
-from zope.security.management import queryInteraction as _queryInteraction
-from zope.security.management import getSecurityPolicy as _getSecurityPolicy
-
-def checkPermission(permission, object, interaction=None):
- """Return whether security policy allows permission on object.
-
- Arguments:
- permission -- A permission name
- object -- The object being accessed according to the permission
- interaction -- An interaction, which provides access to information
- such as authenticated principals. If it is None, the current
- interaction is used.
-
- checkPermission is guaranteed to return True if permission is
- CheckerPublic or None.
- """
- if permission is None or permission is _CheckerPublic:
- return True
- if interaction is None:
- interaction = _queryInteraction()
- policy = _getSecurityPolicy()
- return policy.checkPermission(permission, object, interaction)
-
+from zope.security.management import checkPermission
Modified: Zope3/trunk/src/zope/security/_zope_security_checker.c
===================================================================
--- Zope3/trunk/src/zope/security/_zope_security_checker.c 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/_zope_security_checker.c 2004-07-16 19:51:26 UTC (rev 26591)
@@ -14,13 +14,14 @@
#include <Python.h>
static PyObject *_checkers, *_defaultChecker, *_available_by_default, *NoProxy;
-static PyObject *Proxy, *getSecurityPolicy, *queryInteraction, *CheckerPublic;
+static PyObject *Proxy, *thread_local, *CheckerPublic;
static PyObject *ForbiddenAttribute, *Unauthorized;
#define DECLARE_STRING(N) static PyObject *str_##N
DECLARE_STRING(checkPermission);
DECLARE_STRING(__Security_checker__);
+DECLARE_STRING(interaction);
#define CLEAR(O) if (O) {PyObject *t = O; O = 0; Py_DECREF(t); }
@@ -72,25 +73,16 @@
static int
checkPermission(PyObject *permission, PyObject *object, PyObject *name)
{
- PyObject *policy, *interaction, *r;
+ PyObject *interaction, *r;
int i;
-/* policy = getSecurityPolicy() */
- policy = PyObject_CallObject(getSecurityPolicy, NULL);
- if (policy == NULL)
- return -1;
-/* interaction = queryInteraction() */
- interaction = PyObject_CallObject(queryInteraction, NULL);
- if (interaction == NULL)
- {
- Py_DECREF(policy);
- return -1;
- }
-/* if policy.checkPermission(permission, object, interaction): */
+/* if thread_local.interaction.checkPermission(permission, object): */
/* return */
- r = PyObject_CallMethodObjArgs(policy, str_checkPermission,
- permission, object, interaction, NULL);
- Py_DECREF(policy);
+ interaction = PyObject_GetAttr(thread_local, str_interaction);
+ if (interaction == NULL)
+ return -1;
+ r = PyObject_CallMethodObjArgs(interaction, str_checkPermission,
+ permission, object, NULL);
Py_DECREF(interaction);
if (r == NULL)
return -1;
@@ -550,6 +542,7 @@
INIT_STRING(checkPermission);
INIT_STRING(__Security_checker__);
+ INIT_STRING(interaction);
if ((_checkers = PyDict_New()) == NULL)
return;
@@ -563,10 +556,8 @@
Py_DECREF(m);
if ((m = PyImport_ImportModule("zope.security.management")) == NULL) return;
- getSecurityPolicy = PyObject_GetAttrString(m, "getSecurityPolicy");
- if (getSecurityPolicy == NULL) return;
- queryInteraction = PyObject_GetAttrString(m, "queryInteraction");
- if (queryInteraction == NULL) return;
+ thread_local = PyObject_GetAttrString(m, "thread_local");
+ if (thread_local == NULL) return;
Py_DECREF(m);
if ((m = PyImport_ImportModule("zope.exceptions")) == NULL) return;
Modified: Zope3/trunk/src/zope/security/checker.py
===================================================================
--- Zope3/trunk/src/zope/security/checker.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/checker.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -39,7 +39,7 @@
from zope.interface.interfaces import IInterface, IDeclaration
from zope.security.interfaces import IChecker, INameBasedChecker
from zope.security.interfaces import ISecurityProxyFactory
-from zope.security.management import getSecurityPolicy, queryInteraction
+from zope.security.management import thread_local
from zope.security._proxy import _Proxy as Proxy, getChecker
from zope.exceptions import Unauthorized, ForbiddenAttribute, DuplicationError
@@ -130,10 +130,8 @@
if permission is not None:
if permission is CheckerPublic:
return # Public
- policy = getSecurityPolicy()
- interaction = queryInteraction()
- if policy.checkPermission(permission, object, interaction):
- return
+ if thread_local.interaction.checkPermission(permission, object):
+ return # allowed
else:
__traceback_supplement__ = (TracebackSupplement, object)
raise Unauthorized(name, permission)
@@ -147,9 +145,7 @@
if permission is not None:
if permission is CheckerPublic:
return # Public
- policy = getSecurityPolicy()
- interaction = queryInteraction()
- if policy.checkPermission(permission, object, interaction):
+ if thread_local.interaction.checkPermission(permission, object):
return
else:
__traceback_supplement__ = (TracebackSupplement, object)
Modified: Zope3/trunk/src/zope/security/examples/sandbox_security.py
===================================================================
--- Zope3/trunk/src/zope/security/examples/sandbox_security.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/examples/sandbox_security.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -30,7 +30,7 @@
"""
import sandbox
from zope.security.interfaces import ISecurityPolicy, IParticipation
-from zope.security import checker, management, simpleinteraction
+from zope.security import checker, management, simplepolicies
from zope.interface import implements
@@ -73,17 +73,13 @@
}
-class SimulationSecurityPolicy(object):
+class SimulationSecurityPolicy(simplepolicies.ParanoidSecurityPolicy):
"""Security Policy during the Simulation.
A very simple security policy that is specific to the simulations.
"""
- implements(ISecurityPolicy)
-
- createInteraction = staticmethod(simpleinteraction.createInteraction)
-
- def checkPermission(self, permission, object, interaction):
+ def checkPermission(self, permission, object):
"""See zope.security.interfaces.ISecurityPolicy"""
home = object.getHome()
db = getattr(SimulationSecurityDatabase, home.getId(), None)
@@ -95,11 +91,10 @@
if permission in allowed or ALL in allowed:
return True
- if interaction is None:
+ if not self.participations:
return False
- if not interaction.participations:
- return False
- for participation in interaction.participations:
+
+ for participation in self.participations:
token = participation.principal.getAuthenticationToken()
allowed = db.get(token, ())
if permission not in allowed:
@@ -159,7 +154,7 @@
def wire_security():
- management.setSecurityPolicy(SimulationSecurityPolicy())
+ management.setSecurityPolicy(SimulationSecurityPolicy)
checker.defineChecker(sandbox.Sandbox, sandbox_checker)
checker.defineChecker(sandbox.TimeService, time_service_checker)
Modified: Zope3/trunk/src/zope/security/interfaces.py
===================================================================
--- Zope3/trunk/src/zope/security/interfaces.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/interfaces.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -135,27 +135,13 @@
class ISecurityPolicy(Interface):
- def createInteraction(participation=None):
+ def __call__(participation=None):
"""Creates a new interaction for a given request.
If participation is not None, it is added to the new interaction.
-
- TODO: perhaps this should be a separate interface IInteractionFactory,
- and the factory registered by calling
- ISecurityManagement.global setInteractionFactory(factory).
"""
- def checkPermission(permission, object, interaction):
- """Return whether security context allows permission on object.
- Arguments:
- permission -- A permission name
- object -- The object being accessed according to the permission
- interaction -- An interaction, which provides access to information
- such as authenticated principals.
- """
-
-
class IInteraction(Interface):
"""A representation of an interaction between some actors and the system.
"""
@@ -168,13 +154,25 @@
def remove(participation):
"""Remove a participation."""
+ def checkPermission(permission, object):
+ """Return whether security context allows permission on object.
+ Arguments:
+ permission -- A permission name
+ object -- The object being accessed according to the permission
+ """
+
+
class IParticipation(Interface):
interaction = Attribute("The interaction")
principal = Attribute("The authenticated principal")
+class NoInteraction(Exception):
+ """No interaction started
+ """
+
class IInteractionManagement(Interface):
"""Interaction management API.
@@ -192,9 +190,15 @@
def queryInteraction():
"""Return the current interaction.
- Returns None if there is no interaction.
+ Return None if there is no interaction.
"""
+ def getInteraction():
+ """Return the current interaction.
+
+ Raise NoInteraction if there isn't a current interaction.
+ """
+
def endInteraction():
"""End the current interaction.
Modified: Zope3/trunk/src/zope/security/management.py
===================================================================
--- Zope3/trunk/src/zope/security/management.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/management.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -24,6 +24,7 @@
from zope.interface import moduleProvides
from zope.security.interfaces import ISecurityManagement
from zope.security.interfaces import IInteractionManagement
+from zope.security.interfaces import NoInteraction
from zope.testing.cleanup import addCleanUp
import zope.thread
@@ -34,7 +35,7 @@
def _clear():
global _defaultPolicy
- _defaultPolicy = ParanoidSecurityPolicy()
+ _defaultPolicy = ParanoidSecurityPolicy
addCleanUp(_clear)
@@ -66,28 +67,60 @@
#
def queryInteraction():
- """Get the current interaction."""
return getattr(thread_local, 'interaction', None)
-def newInteraction(participation=None, _policy=None):
+def getInteraction():
+ """Get the current interaction."""
+ try:
+ return thread_local.interaction
+ except AttributeError:
+ raise NoInteraction
+
+def newInteraction(*participations):
"""Start a new interaction."""
+
+
if queryInteraction() is not None:
stack = queryInteraction()._newInteraction_called_from
raise AssertionError("newInteraction called"
" while another interaction is active:\n%s"
% "".join(traceback.format_list(stack)))
- interaction = getSecurityPolicy().createInteraction(participation)
+
+ interaction = getSecurityPolicy()(*participations)
+
interaction._newInteraction_called_from = traceback.extract_stack()
thread_local.interaction = interaction
def endInteraction():
"""End the current interaction."""
- thread_local.interaction = None
+ try:
+ del thread_local.interaction
+ except AttributeError:
+ pass
+
+
+def checkPermission(permission, object, interaction=None):
+ """Return whether security policy allows permission on object.
+
+ Arguments:
+ permission -- A permission name
+ object -- The object being accessed according to the permission
+ interaction -- An interaction, which provides access to information
+ such as authenticated principals. If it is None, the current
+ interaction is used.
+
+ checkPermission is guaranteed to return True if permission is
+ CheckerPublic or None.
+ """
+ if interaction is None:
+ interaction = thread_local.interaction
+ return interaction.checkPermission(permission, object)
+
addCleanUp(endInteraction)
# circular imports are not fun
from zope.security.simplepolicies import ParanoidSecurityPolicy
-_defaultPolicy = ParanoidSecurityPolicy()
+_defaultPolicy = ParanoidSecurityPolicy
Deleted: Zope3/trunk/src/zope/security/simpleinteraction.py
===================================================================
--- Zope3/trunk/src/zope/security/simpleinteraction.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/simpleinteraction.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -1,50 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Define Zope's default interaction class
-
-$Id$
-"""
-import sets
-
-from zope.interface import implements
-from zope.security.interfaces import IInteraction
-
-class Interaction(object):
- implements(IInteraction)
-
- def __init__(self):
- self.participations = []
-
- def add(self, participation):
- if participation.interaction is not None:
- raise ValueError("%r already belongs to an interaction"
- % participation)
- participation.interaction = self
- self.participations.append(participation)
-
- def remove(self, participation):
- if participation.interaction is not self:
- raise ValueError("%r does not belong to this interaction"
- % participation)
- self.participations.remove(participation)
- participation.interaction = None
-
-
-def createInteraction(participation=None):
- """A helper for implementing ISecurityPolicy.createInteraction"""
- interaction = Interaction()
- if participation is not None:
- interaction.add(participation)
- return interaction
-
Modified: Zope3/trunk/src/zope/security/simplepolicies.py
===================================================================
--- Zope3/trunk/src/zope/security/simplepolicies.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/simplepolicies.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -15,39 +15,47 @@
$Id$
"""
-from zope.interface import implements
-from zope.security.interfaces import ISecurityPolicy
+import zope.interface
+from zope.security.checker import CheckerPublic
+from zope.security.interfaces import IInteraction, ISecurityPolicy
from zope.security.management import system_user
-from zope.security.simpleinteraction import createInteraction \
- as _createInteraction
-import zope.security.checker
class ParanoidSecurityPolicy(object):
- """Deny all access."""
- implements(ISecurityPolicy)
+ zope.interface.implements(IInteraction)
+ zope.interface.classProvides(ISecurityPolicy)
- createInteraction = staticmethod(_createInteraction)
+ def __init__(self, *participations):
+ self.participations = []
+ for participation in participations:
+ self.add(participation)
- def checkPermission(self, permission, object, interaction):
- if permission is zope.security.checker.CheckerPublic:
- return True
+ def add(self, participation):
+ if participation.interaction is not None:
+ raise ValueError("%r already belongs to an interaction"
+ % participation)
+ participation.interaction = self
+ self.participations.append(participation)
- if interaction is None:
- return False
+ def remove(self, participation):
+ if participation.interaction is not self:
+ raise ValueError("%r does not belong to this interaction"
+ % participation)
+ self.participations.remove(participation)
+ participation.interaction = None
- users = [p.principal for p in interaction.participations]
- if len(users) == 1 and users[0] is system_user:
- return True # Nobody not to trust!
+ def checkPermission(self, permission, object):
+ if permission is CheckerPublic:
+ return True
- return False
+ users = [p.principal
+ for p in self.participations
+ if p.principal is not system_user]
+ return not users
-class PermissiveSecurityPolicy(object):
+class PermissiveSecurityPolicy(ParanoidSecurityPolicy):
"""Allow all access."""
- implements(ISecurityPolicy)
+ zope.interface.classProvides(ISecurityPolicy)
- createInteraction = staticmethod(_createInteraction)
-
- def checkPermission(self, permission, object, interaction):
+ def checkPermission(self, permission, object):
return True
-
Modified: Zope3/trunk/src/zope/security/tests/test_checker.py
===================================================================
--- Zope3/trunk/src/zope/security/tests/test_checker.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/tests/test_checker.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -22,7 +22,7 @@
from zope.testing.cleanup import CleanUp
from zope.security.interfaces import ISecurityPolicy
from zope.exceptions import Forbidden, Unauthorized, ForbiddenAttribute
-from zope.security.management import setSecurityPolicy
+from zope.security.management import setSecurityPolicy, newInteraction, endInteraction, getInteraction
from zope.proxy import getProxiedObject
from zope.security.proxy import getChecker
from zope.security.checker import defineChecker, ProxyFactory
@@ -32,7 +32,7 @@
class SecurityPolicy(object):
implements(ISecurityPolicy)
- def checkPermission(self, permission, object, interaction):
+ def checkPermission(self, permission, object):
'See ISecurityPolicy'
return permission == 'test_allowed'
@@ -43,7 +43,7 @@
self._checked = []
self.permissions = {}
- def checkPermission(self, permission, object, interaction):
+ def checkPermission(self, permission, object):
'See ISecurityPolicy'
self._checked.append(permission)
return self.permissions.get(permission, True)
@@ -98,9 +98,11 @@
def setUp(self):
CleanUp.setUp(self)
- self.__oldpolicy = setSecurityPolicy(SecurityPolicy())
+ self.__oldpolicy = setSecurityPolicy(SecurityPolicy)
+ newInteraction()
def tearDown(self):
+ endInteraction()
setSecurityPolicy(self.__oldpolicy)
CleanUp.tearDown(self)
@@ -378,36 +380,39 @@
class TestMixinDecoratedChecker(TestCase):
def decoratedSetUp(self):
- self.policy = RecordedSecurityPolicy()
+ self.policy = RecordedSecurityPolicy
self._oldpolicy = setSecurityPolicy(self.policy)
+ newInteraction()
+ self.interaction = getInteraction()
self.obj = object()
def decoratedTearDown(self):
+ endInteraction()
setSecurityPolicy(self._oldpolicy)
def check_checking_impl(self, checker):
o = self.obj
checker.check_getattr(o, 'both_get_set')
- self.assert_(self.policy.checkChecked(['dc_get_permission']))
+ self.assert_(self.interaction.checkChecked(['dc_get_permission']))
checker.check_getattr(o, 'c_only')
- self.assert_(self.policy.checkChecked(['get_permission']))
+ self.assert_(self.interaction.checkChecked(['get_permission']))
checker.check_getattr(o, 'd_only')
- self.assert_(self.policy.checkChecked(['dc_get_permission']))
+ self.assert_(self.interaction.checkChecked(['dc_get_permission']))
self.assertRaises(ForbiddenAttribute,
checker.check_getattr, o,
'completely_different_attr')
- self.assert_(self.policy.checkChecked([]))
+ self.assert_(self.interaction.checkChecked([]))
checker.check(o, '__str__')
- self.assert_(self.policy.checkChecked(['get_permission']))
+ self.assert_(self.interaction.checkChecked(['get_permission']))
checker.check_setattr(o, 'both_get_set')
- self.assert_(self.policy.checkChecked(['dc_set_permission']))
+ self.assert_(self.interaction.checkChecked(['dc_set_permission']))
self.assertRaises(ForbiddenAttribute,
checker.check_setattr, o, 'c_only')
- self.assert_(self.policy.checkChecked([]))
+ self.assert_(self.interaction.checkChecked([]))
self.assertRaises(ForbiddenAttribute,
checker.check_setattr, o, 'd_only')
- self.assert_(self.policy.checkChecked([]))
+ self.assert_(self.interaction.checkChecked([]))
originalChecker = NamesChecker(['both_get_set', 'c_only', '__str__'],
'get_permission')
@@ -437,10 +442,10 @@
# When a permission is not authorized by the security policy,
# the policy is queried twice per check_getattr -- once for each
# checker.
- self.policy.permissions['dc_get_permission'] = False
+ self.interaction.permissions['dc_get_permission'] = False
cc.check_getattr(self.obj, 'both_get_set')
self.assert_(
- self.policy.checkChecked(['dc_get_permission', 'get_permission'])
+ self.interaction.checkChecked(['dc_get_permission', 'get_permission'])
)
# This should raise Unauthorized instead of ForbiddenAttribute, since
Modified: Zope3/trunk/src/zope/security/tests/test_management.py
===================================================================
--- Zope3/trunk/src/zope/security/tests/test_management.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/tests/test_management.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -37,7 +37,7 @@
from zope.security.management import getSecurityPolicy
from zope.security.simplepolicies import PermissiveSecurityPolicy
- policy = PermissiveSecurityPolicy()
+ policy = PermissiveSecurityPolicy
setSecurityPolicy(policy)
self.assert_(getSecurityPolicy() is policy)
@@ -47,11 +47,10 @@
from zope.security.management import newInteraction
- rq = None
- newInteraction(rq)
+ newInteraction()
self.assert_(queryInteraction() is not None)
- self.assertRaises(AssertionError, newInteraction, rq)
+ self.assertRaises(AssertionError, newInteraction)
from zope.security.management import endInteraction
@@ -68,25 +67,22 @@
permission = 'zope.Test'
obj = object()
- interaction = object()
class InteractionStub(object):
pass
class PolicyStub(object):
- def createInteraction(s, r):
- return InteractionStub()
- def checkPermission(s, p, o, i):
+ def checkPermission(s, p, o,):
self.assert_(p is permission)
self.assert_(o is obj)
- self.assert_(i is queryInteraction() or i is interaction)
- return i is interaction
+ self.assert_(s is queryInteraction() or s is interaction)
+ return s is interaction
- setSecurityPolicy(PolicyStub())
- newInteraction(None)
- self.assertEquals(checkPermission(permission, obj), False)
- self.assertEquals(checkPermission(permission, obj, interaction), True)
+ setSecurityPolicy(PolicyStub)
+ newInteraction()
+ interaction = queryInteraction()
+ self.assertEquals(checkPermission(permission, obj), True)
def test_suite():
Modified: Zope3/trunk/src/zope/security/tests/test_simpleinteraction.py
===================================================================
--- Zope3/trunk/src/zope/security/tests/test_simpleinteraction.py 2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/tests/test_simpleinteraction.py 2004-07-16 19:51:26 UTC (rev 26591)
@@ -18,8 +18,9 @@
import unittest
from zope.interface.verify import verifyObject
+from zope.security.interfaces import IInteraction
+from zope.security.simplepolicies import ParanoidSecurityPolicy
-
class RequestStub(object):
def __init__(self, principal=None):
@@ -30,15 +31,12 @@
class TestInteraction(unittest.TestCase):
def test(self):
- from zope.security.interfaces import IInteraction
- from zope.security.simpleinteraction import Interaction
- interaction = Interaction()
+ interaction = ParanoidSecurityPolicy()
verifyObject(IInteraction, interaction)
def test_add(self):
- from zope.security.simpleinteraction import Interaction
rq = RequestStub()
- interaction = Interaction()
+ interaction = ParanoidSecurityPolicy()
interaction.add(rq)
self.assert_(rq in interaction.participations)
self.assert_(rq.interaction is interaction)
@@ -46,13 +44,12 @@
# rq already added
self.assertRaises(ValueError, interaction.add, rq)
- interaction2 = Interaction()
+ interaction2 = ParanoidSecurityPolicy()
self.assertRaises(ValueError, interaction2.add, rq)
def test_remove(self):
- from zope.security.simpleinteraction import Interaction
rq = RequestStub()
- interaction = Interaction()
+ interaction = ParanoidSecurityPolicy()
self.assertRaises(ValueError, interaction.remove, rq)
@@ -63,15 +60,13 @@
self.assert_(rq.interaction is None)
def testCreateInteraction(self):
- from zope.security.interfaces import IInteraction
- from zope.security.simpleinteraction import createInteraction
- i1 = createInteraction()
+ i1 = ParanoidSecurityPolicy()
verifyObject(IInteraction, i1)
self.assertEquals(list(i1.participations), [])
user = object()
request = RequestStub(user)
- i2 = createInteraction(request)
+ i2 = ParanoidSecurityPolicy(request)
verifyObject(IInteraction, i2)
self.assertEquals(list(i2.participations), [request])
More information about the Zope3-Checkins
mailing list