[Zope3-checkins] CVS: Zope3/src/zope/app/security - meta.zcml:1.7
metaconfigure.py:1.6 metadirectives.py:1.2 modulezcml.py:NONE
Stephan Richter
srichter at cosmos.phy.tufts.edu
Mon Mar 8 07:06:42 EST 2004
Update of /cvs-repository/Zope3/src/zope/app/security
In directory cvs.zope.org:/tmp/cvs-serv13802/src/zope/app/security
Modified Files:
meta.zcml metaconfigure.py metadirectives.py
Removed Files:
modulezcml.py
Log Message:
Put all the directives declared by the security package into the same modules.
=== Zope3/src/zope/app/security/meta.zcml 1.6 => 1.7 ===
--- Zope3/src/zope/app/security/meta.zcml:1.6 Wed Jan 14 17:55:23 2004
+++ Zope3/src/zope/app/security/meta.zcml Mon Mar 8 07:06:41 2004
@@ -2,7 +2,23 @@
xmlns="http://namespaces.zope.org/zope"
xmlns:meta="http://namespaces.zope.org/meta">
- <include package=".registries" file="meta.zcml" />
+ <meta:directive
+ namespace="http://namespaces.zope.org/zope"
+ name="permission"
+ schema=".metadirectives.IDefinePermissionDirective"
+ handler=".metaconfigure.definePermission" />
+
+ <meta:directive
+ namespace="http://namespaces.zope.org/zope"
+ name="principal"
+ schema=".metadirectives.IDefinePrincipalDirective"
+ handler=".metaconfigure.principal" />
+
+ <meta:directive
+ namespace="http://namespaces.zope.org/zope"
+ name="unauthenticatedPrincipal"
+ schema=".metadirectives.IDefineUnauthenticatedPrincipalDirective"
+ handler=".metaconfigure.unauthenticatedPrincipal" />
<meta:directive
name="securityPolicy"
@@ -14,37 +30,19 @@
<meta:groupingDirective
name="module"
namespace="http://namespaces.zope.org/zope"
- schema=".modulezcml.IModule"
- handler="zope.configuration.config.GroupingContextDecorator"
- >
- Group security declarations about a module
- </meta:groupingDirective>
+ schema=".metadirectives.IModule"
+ handler="zope.configuration.config.GroupingContextDecorator" />
<meta:directive
name="allow"
namespace="http://namespaces.zope.org/zope"
- schema=".modulezcml.IAllow"
- handler=".modulezcml.allow"
- >
- Allow access to selected module attributes
-
- Access is unconditionally allowed to any names provided directly
- in the attributes attribute or to any names defined by
- interfaces listed in the interface attribute.
- </meta:directive>
+ schema=".metadirectives.IAllow"
+ handler=".metaconfigure.allow" />
<meta:directive
name="require"
namespace="http://namespaces.zope.org/zope"
- schema=".modulezcml.IRequire"
- handler=".modulezcml.require"
- >
- Require a permission to access selected module attributes
-
- The given permission is required to access any names provided
- directly in the attributes attribute or any names defined by
- interfaces listed in the interface attribute.
-
- </meta:directive>
+ schema=".metadirectives.IRequire"
+ handler=".metaconfigure.require" />
</configure>
=== Zope3/src/zope/app/security/metaconfigure.py 1.5 => 1.6 ===
--- Zope3/src/zope/app/security/metaconfigure.py:1.5 Sun Aug 17 02:08:00 2003
+++ Zope3/src/zope/app/security/metaconfigure.py Mon Mar 8 07:06:41 2004
@@ -15,7 +15,16 @@
$Id$
"""
+from zope.app.component.metaconfigure import utility
+
+from zope.security.checker import moduleChecker, Checker, defineChecker
+from zope.security.checker import CheckerPublic
from zope.security.manager import setSecurityPolicy
+from zope.app.security.interfaces import IPermission
+from zope.app.security.permission import Permission
+from zope.app.security.protectclass import checkPermission
+from zope.app.security.principalregistry import principalRegistry
+
def securityPolicy(_context, component):
@@ -26,3 +35,78 @@
discriminator = 'defaultPolicy',
callable = setSecurityPolicy,
args = (component,) )
+
+
+
+def protectModule(module, name, permission):
+ """Set up a module checker to require a permission to access a name
+
+ If there isn't a checker for the module, create one.
+ """
+ checkPermission(None, permission)
+
+ checker = moduleChecker(module)
+ if checker is None:
+ checker = Checker({}, {})
+ defineChecker(module, checker)
+
+ if permission == 'zope.Public':
+ # Translate public permission to CheckerPublic
+ permission = CheckerPublic
+
+ # We know a dictionary get method was used because we set it
+ protections = checker.getPermission_func().__self__
+ protections[name] = permission
+
+
+def _names(attributes, interfaces):
+ seen = {}
+ for name in attributes:
+ if not name in seen:
+ seen[name] = 1
+ yield name
+ for interface in interfaces:
+ for name in interface:
+ if not name in seen:
+ seen[name] = 1
+ yield name
+
+
+def allow(context, attributes=(), interface=()):
+
+ for name in _names(attributes, interface):
+ context.action(
+ discriminator=('http://namespaces.zope.org/zope:module',
+ context.module, name),
+ callable = protectModule,
+ args = (context.module, name, 'zope.Public'),
+ )
+
+
+def require(context, permission, attributes=(), interface=()):
+ for name in _names(attributes, interface):
+ context.action(
+ discriminator=('http://namespaces.zope.org/zope:module',
+ context.module, name),
+ callable = protectModule,
+ args = (context.module, name, permission),
+ )
+
+
+def definePermission(_context, id, title, description=''):
+ permission = Permission(id, title, description)
+ utility(_context, IPermission, permission, name=id)
+
+
+def principal(_context, id, title, login, password, description=''):
+ _context.action(
+ discriminator = ('principal', id),
+ callable = principalRegistry.definePrincipal,
+ args = (id, title, description, login, password) )
+
+
+def unauthenticatedPrincipal(_context, id, title, description=''):
+ _context.action(
+ discriminator = 'unauthenticatedPrincipal',
+ callable = principalRegistry.defineDefaultPrincipal,
+ args = (id, title, description) )
=== Zope3/src/zope/app/security/metadirectives.py 1.1 => 1.2 ===
--- Zope3/src/zope/app/security/metadirectives.py:1.1 Sat Aug 2 16:05:30 2003
+++ Zope3/src/zope/app/security/metadirectives.py Mon Mar 8 07:06:41 2004
@@ -15,8 +15,10 @@
$Id$
"""
-from zope.configuration.fields import GlobalObject
from zope.interface import Interface
+from zope.configuration.fields import GlobalObject, Tokens, PythonIdentifier
+from zope.configuration.fields import MessageID
+from zope.schema import InterfaceField, Id, TextLine
class ISecurityPolicyDirective(Interface):
"""Defines the security policy that will be used for Zope."""
@@ -25,3 +27,106 @@
title=u"Component",
description=u"Pointer to the object that will handle the security.",
required=True)
+
+
+class IModule(Interface):
+ """Group security declarations about a module"""
+
+ module = GlobalObject(
+ title=u"Module",
+ description=u"Pointer to the module object.",
+ required=True)
+
+
+class IAllow(Interface):
+ """Allow access to selected module attributes
+
+ Access is unconditionally allowed to any names provided directly
+ in the attributes attribute or to any names defined by
+ interfaces listed in the interface attribute.
+ """
+
+ attributes = Tokens(
+ title=u"Attributes",
+ description=u"The attributes to provide access to.",
+ value_type = PythonIdentifier(),
+ required=False)
+
+ interface = Tokens(
+ title=u"Interface",
+ description=u"Interfaces whos names to provide access to. Access "
+ u"will be provided to all of the names defined by the "
+ u"interface(s). Multiple interfaces can be supplied.",
+ value_type = GlobalObject(value_type=InterfaceField()),
+ required=False)
+
+
+class IRequire(Interface):
+ """Require a permission to access selected module attributes
+
+ The given permission is required to access any names provided
+ directly in the attributes attribute or any names defined by
+ interfaces listed in the interface attribute.
+ """
+
+ permission = Id(
+ title=u"Permission ID",
+ description=u"The id of the permission to require.")
+
+
+class IBaseDefineDirective(Interface):
+ """Define a new security object."""
+
+ id = Id(
+ title=u"Id",
+ description=u"Id as which this object will be known and used.",
+ required=True)
+
+ title = MessageID(
+ title=u"Title",
+ description=u"Provides a title for the object.",
+ required=True)
+
+ description = MessageID(
+ title=u"Description",
+ description=u"Provides a description for the object.",
+ required=False)
+
+
+class IDefinePermissionDirective(IBaseDefineDirective):
+ """Define a new permission."""
+
+class IBasePrincipalDirective(Interface):
+ """Base interface for principal definition directives."""
+
+ id = Id(
+ title=u"Id",
+ description=u"Id as which this object will be known and used.",
+ required=True)
+
+ title = TextLine(
+ title=u"Title",
+ description=u"Provides a title for the object.",
+ required=True)
+
+ description = TextLine(
+ title=u"Title",
+ description=u"Provides a description for the object.",
+ required=False)
+
+class IDefinePrincipalDirective(IBasePrincipalDirective):
+ """Define a new principal."""
+
+ login = TextLine(
+ title=u"Username/Login",
+ description=u"Specifies the Principal's Username/Login.",
+ required=True)
+
+ password = TextLine(
+ title=u"Password",
+ description=u"Specifies the Principal's Password.",
+ required=True)
+
+
+class IDefineUnauthenticatedPrincipalDirective(IBasePrincipalDirective):
+ """Define a new unauthenticated principal."""
=== Removed File Zope3/src/zope/app/security/modulezcml.py ===
More information about the Zope3-Checkins
mailing list