[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/ Permissions were
being checked by individual directive handlers
Jim Fulton
jim at zope.com
Fri Jun 4 09:50:38 EDT 2004
Log message for revision 25251:
Permissions were being checked by individual directive handlers
even though permissions are now checked by permission schema
fields. This work is redundant and doesn't provide suffient control.
-=-
Modified: Zope3/trunk/src/zope/app/component/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/component/metaconfigure.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/component/metaconfigure.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -25,7 +25,6 @@
from zope.app import zapi
from zope.app.component.interface import queryInterface
-from zope.app.security.permission import checkPermission
from zope.app.servicenames import Adapters, Presentation
PublicPermission = 'zope.Public'
@@ -48,12 +47,6 @@
# the interface service.
from zope.app.component.interface import provideInterface
-def checkingHandler(permission=None, *args, **kw):
- """Check if permission is defined"""
- if permission is not None:
- checkPermission(None, permission)
- handler(*args, **kw)
-
def managerHandler(methodName, *args, **kwargs):
method=getattr(zapi.getGlobalServices(), methodName)
method(*args, **kwargs)
@@ -106,8 +99,8 @@
_context.action(
discriminator = None,
- callable = checkingHandler,
- args = (permission, Adapters, 'subscribe',
+ callable = handler,
+ args = (Adapters, 'subscribe',
for_, provides, factory),
)
@@ -154,8 +147,8 @@
_context.action(
discriminator = ('adapter', for_, provides, name),
- callable = checkingHandler,
- args = (permission, Adapters, 'register',
+ callable = handler,
+ args = (Adapters, 'register',
for_, provides, name, factory, _context.info),
)
_context.action(
@@ -188,8 +181,8 @@
_context.action(
discriminator = ('utility', provides, name),
- callable = checkingHandler,
- args = (permission, 'Utilities', 'provideUtility',
+ callable = handler,
+ args = ('Utilities', 'provideUtility',
provides, component, name),
)
_context.action(
@@ -252,8 +245,8 @@
_context.action(
discriminator = ('resource', name, type, layer, provides),
- callable = checkingHandler,
- args = (permission, Presentation, 'provideResource',
+ callable = handler,
+ args = (Presentation, 'provideResource',
name, type, factory, layer, provides),
)
_context.action(
@@ -319,8 +312,8 @@
_context.action(
discriminator = ('view', for_, name, type, layer, provides),
- callable = checkingHandler,
- args = (permission, Presentation, 'provideAdapter',
+ callable = handler,
+ args = (Presentation, 'provideAdapter',
type, factory, name, for_, provides, layer, _context.info),
)
if type is not None:
Modified: Zope3/trunk/src/zope/app/container/browser/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/container/browser/metaconfigure.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/container/browser/metaconfigure.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -22,6 +22,7 @@
from zope.app.container.browser.contents import Contents
from zope.app.container.browser.adding import Adding
from zope.app.i18n import ZopeMessageIDFactory as _
+from zope.app.security.fields import Permission
class IContainerViews(Interface):
"""Define a container views"""
@@ -34,17 +35,17 @@
required=True
)
- contents = Id(
+ contents = Permission(
title=u"The permission needed for content page.",
required=False,
)
- index = Id(
+ index = Permission(
title=u"The permission needed for index page.",
required=False,
)
- add = Id(
+ add = Permission(
title=u"The permission needed for add page.",
required=False,
)
Modified: Zope3/trunk/src/zope/app/container/browser/tests/test_directive.py
===================================================================
--- Zope3/trunk/src/zope/app/container/browser/tests/test_directive.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/container/browser/tests/test_directive.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -63,9 +63,6 @@
'zope.ManageContent',
None)),
(None,
- <function checkPermission>,
- (None, 'zope.ManageContent')),
- (None,
<function provideInterface>,
('',
<InterfaceClass zope.app.container.browser.tests.test_directive.I>)),
@@ -85,9 +82,6 @@
'default',
'info')),
(None,
- <function checkPermission>,
- (None, 'zope.View')),
- (None,
<function provideInterface>,
('',
<InterfaceClass zope.app.container.browser.tests.test_directive.I>)),
@@ -120,9 +114,6 @@
'zope.ManageContent',
None)),
(None,
- <function checkPermission>,
- (None, 'zope.ManageContent')),
- (None,
<function provideInterface>,
('',
<InterfaceClass zope.app.container.browser.tests.test_directive.I>)),
Modified: Zope3/trunk/src/zope/app/publisher/browser/globalbrowsermenuservice.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/globalbrowsermenuservice.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/publisher/browser/globalbrowsermenuservice.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -22,8 +22,6 @@
from zope.interface import implements
from zope.security.checker import CheckerPublic
from zope.security import checkPermission
-from zope.app.security.permission import checkPermission \
- as checkPermissionDefined
from zope.app.component.metaconfigure import handler
from zope.app.publisher.interfaces.browser import IBrowserMenuService
from zope.app.publisher.interfaces.browser import IGlobalBrowserMenuService
@@ -268,8 +266,6 @@
if permission:
if permission == 'zope.Public':
permission = CheckerPublic
- else:
- checkPermissionDefined(None, permission)
data = registry.get(interface) or []
data.append(
Modified: Zope3/trunk/src/zope/app/publisher/browser/tests/test_addMenuItem.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/tests/test_addMenuItem.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/publisher/browser/tests/test_addMenuItem.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -1,4 +1,4 @@
-##############################################################################
+#############################################################################
#
# Copyright (c) 2003 Zope Corporation and Contributors.
# All Rights Reserved.
@@ -21,9 +21,8 @@
((('utility',
<InterfaceClass zope.component.interfaces.IFactory>,
'zope.app.browser.add.X.f1'),
- <function checkingHandler>,
- (Global(CheckerPublic,zope.security.checker),
- 'Utilities',
+ <function handler>,
+ ('Utilities',
'provideUtility',
<InterfaceClass zope.component.interfaces.IFactory>,
<zope.component.factory.Factory object>,
@@ -134,9 +133,8 @@
((('utility',
<InterfaceClass zope.component.interfaces.IFactory>,
'zope.app.browser.add.X.f1'),
- <function checkingHandler>,
- (Global(CheckerPublic,zope.security.checker),
- 'Utilities',
+ <function handler>,
+ ('Utilities',
'provideUtility',
<InterfaceClass zope.component.interfaces.IFactory>,
<zope.component.factory.Factory object>,
Modified: Zope3/trunk/src/zope/app/publisher/browser/viewmeta.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/viewmeta.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/publisher/browser/viewmeta.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -420,12 +420,6 @@
def _handle_permission(_context, permission):
if permission == 'zope.Public':
permission = CheckerPublic
- else:
- _context.action(
- discriminator = None,
- callable = checkPermission,
- args = (None, permission)
- )
return permission
Modified: Zope3/trunk/src/zope/app/security/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/security/metaconfigure.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/security/metaconfigure.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -43,7 +43,6 @@
If there isn't a checker for the module, create one.
"""
- checkPermission(None, permission)
checker = moduleChecker(module)
if checker is None:
Modified: Zope3/trunk/src/zope/app/security/protectclass.py
===================================================================
--- Zope3/trunk/src/zope/app/security/protectclass.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/security/protectclass.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -24,7 +24,6 @@
def protectName(class_, name, permission):
"""Set a permission on a particular name."""
- checkPermission(None, permission)
checker = getCheckerForInstancesOf(class_)
if checker is None:
@@ -41,7 +40,6 @@
def protectSetAttribute(class_, name, permission):
"""Set a permission on a particular name."""
- checkPermission(None, permission)
checker = getCheckerForInstancesOf(class_)
if checker is None:
Modified: Zope3/trunk/src/zope/app/security/tests/test_directives.py
===================================================================
--- Zope3/trunk/src/zope/app/security/tests/test_directives.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/security/tests/test_directives.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -51,14 +51,7 @@
Initially, there's no checker defined for the module:
>>> moduleChecker(test_directives)
-
- Should get an error if a permission isn't defined before it's used:
-
- >>> metaconfigure.protectModule(test_directives, 'foo', test_perm)
- Traceback (most recent call last):
- ...
- ValueError: ('Undefined permission id', 'zope.app.security.metaconfigure.test')
-
+
>>> perm = Permission(test_perm, '')
>>> ztapi.provideUtility(IPermission, perm, test_perm)
>>> metaconfigure.protectModule(test_directives, 'foo', test_perm)
Modified: Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -116,7 +116,6 @@
''' See the interface IPrincipalPermissionManager '''
if check:
- checkPermission(None, permission_id)
checkPrincipal(None, principal_id)
self.addCell(permission_id, principal_id, Allow)
@@ -132,7 +131,6 @@
''' See the interface IPrincipalPermissionManager '''
if check:
- checkPermission(None, permission_id)
checkPrincipal(None, principal_id)
self.addCell(permission_id, principal_id, Deny)
Modified: Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -165,7 +165,6 @@
if check:
checkRole(None, role_id)
- checkPermission(None, permission_id)
self.addCell(permission_id, role_id, Allow)
@@ -178,7 +177,6 @@
if check:
checkRole(None, role_id)
- checkPermission(None, permission_id)
self.addCell(permission_id, role_id, Deny)
Modified: Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -61,15 +61,6 @@
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
- def test_invalidPermission(self):
- self.assertRaises(ValueError,
- manager.grantPermissionToPrincipal,
- 'permission', 'principal')
- principal = self._make_principal()
- self.assertRaises(ValueError,
- manager.grantPermissionToPrincipal,
- 'permission', principal)
-
def test_invalidPrincipal(self):
permission = definePermission('APerm', 'title').id
self.assertRaises(ValueError,
Modified: Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -121,12 +121,6 @@
self.assertRaises(ValueError,
manager.grantPermissionToRole, perm1, 'role1'
)
-
- def test_invalidPerm(self):
- role1 = defineRole('Role One', 'Role #1').id
- self.assertRaises(ValueError,
- manager.grantPermissionToRole, 'perm1', role1
- )
def test_suite():
Modified: Zope3/trunk/src/zope/app/site/browser/tests/test_directives.py
===================================================================
--- Zope3/trunk/src/zope/app/site/browser/tests/test_directives.py 2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/site/browser/tests/test_directives.py 2004-06-04 13:50:37 UTC (rev 25251)
@@ -58,7 +58,7 @@
<InterfaceClass zope.interface.Interface>
>>> view['callable'].__module__
'zope.app.component.metaconfigure'
- >>> view['args'][5]
+ >>> view['args'][4]
'manageIDummyUtilityTool.html'
"""
@@ -89,7 +89,7 @@
<InterfaceClass zope.interface.Interface>
>>> view['callable'].__module__
'zope.app.component.metaconfigure'
- >>> view['args'][5]
+ >>> view['args'][4]
'manageILocalServiceTool.html'
"""
More information about the Zope3-Checkins
mailing list