[Zope3-checkins] SVN: Zope3/branches/mgedmin-security/src/zope/ Get
rid of security managers and security contexts.
Marius Gedminas
marius at pov.lt
Wed May 12 17:42:14 EDT 2004
Log message for revision 24615:
Get rid of security managers and security contexts.
-=-
Modified: Zope3/branches/mgedmin-security/src/zope/app/security/metaconfigure.py
===================================================================
--- Zope3/branches/mgedmin-security/src/zope/app/security/metaconfigure.py 2004-05-12 21:38:07 UTC (rev 24614)
+++ Zope3/branches/mgedmin-security/src/zope/app/security/metaconfigure.py 2004-05-12 21:42:14 UTC (rev 24615)
@@ -19,7 +19,7 @@
from zope.security.checker import moduleChecker, Checker, defineChecker
from zope.security.checker import CheckerPublic
-from zope.security.manager import setSecurityPolicy
+from zope.security.management import setSecurityPolicy
from zope.app.security.interfaces import IPermission
from zope.app.security.permission import Permission
from zope.app.security.protectclass import checkPermission
Deleted: Zope3/branches/mgedmin-security/src/zope/security/context.py
===================================================================
--- Zope3/branches/mgedmin-security/src/zope/security/context.py 2004-05-12 21:38:07 UTC (rev 24614)
+++ Zope3/branches/mgedmin-security/src/zope/security/context.py 2004-05-12 21:42:14 UTC (rev 24615)
@@ -1,39 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Default 'ISecurityContext' implementation.
-
-$Id: context.py,v 1.5 2004/02/20 20:42:12 srichter Exp $
-"""
-from zope.security.interfaces import ISecurityContext
-from zope.interface import implements
-
-class SecurityContext:
- """Capture transient request-specific security information.
-
- Attribute('stack',
- 'A stack of elements, each either be an ExecutableObject or a'
- ' tuple consisting of an ExecutableObject and a custom'
- ' SecurityPolicy.'
- )
-
- Attribute('user',
- 'The AUTHENTICATED_USER for the request.'
- )
- """
- implements(ISecurityContext)
-
- def __init__(self, user):
- self.stack = []
- self.user = user
- self.objectCache = {}
Modified: Zope3/branches/mgedmin-security/src/zope/security/interfaces.py
===================================================================
--- Zope3/branches/mgedmin-security/src/zope/security/interfaces.py 2004-05-12 21:38:07 UTC (rev 24614)
+++ Zope3/branches/mgedmin-security/src/zope/security/interfaces.py 2004-05-12 21:42:14 UTC (rev 24615)
@@ -60,57 +60,6 @@
"""
-# XXX This interface has too much Zope application dependence. This
-# needs to be refactored somehow.
-
-class ISecurityManager(Interface): # XXX: going away
- """
- A security manager provides methods for checking access and managing
- executable context and policies.
- """
-
- def getPrincipal():
- """Return the authenticated principal.
-
- This is equivalent to something like::
- REQUEST['AUTHENTICATED_USER']
- but is a bit cleaner, especially if 'REQUEST' isn't handy.
-
- An IPrincipal object wrapped in a context of its
- AuthenticationService is returned.
- """
-
- def checkPermission(permission, object):
- """Return whether security context allows permission on object.
-
- Arguments:
- permission -- A permission name
- object -- The object being accessed according to the permission
- """
-
- def pushExecutable(anExecutableObject):
- """
- Push an ExecutableObject onto the manager's stack, and
- activate its custom security policy, if any.
- """
-
- def popExecutable(anExecutableObject):
- """
- Pop the topmost ExecutableObject from the stack, deactivating
- any custom security policy it might have installed.
- """
-
- def calledByExecutable():
- """
- Return a boolean indicating whether the current request has
- invoked any IExecutableObjects.
-
- This can be used to determine if an object was called
- (more or less) directly from a URL, or if it was called by
- through-the-web provided code.
- """
-
-
class IChecker(Interface):
"""Security-proxy plugin objects that implement low-level checks
@@ -184,20 +133,6 @@
"""
-class ISecurityContext(Interface): # XXX: going away
- """Capture transient request-specific security information."""
-
- Attribute('stack',
- 'A stack of elements, each either be an ExecutableObject'
- 'or a tuple consisting of an ExecutableObject and a'
- 'custom SecurityPolicy.'
- )
-
- Attribute('user',
- 'The AUTHENTICATED_USER for the request.'
- )
-
-
class IInteraction(Interface):
"""A representation of an interaction between some actors and the system.
"""
Modified: Zope3/branches/mgedmin-security/src/zope/security/management.py
===================================================================
--- Zope3/branches/mgedmin-security/src/zope/security/management.py 2004-05-12 21:38:07 UTC (rev 24614)
+++ Zope3/branches/mgedmin-security/src/zope/security/management.py 2004-05-12 21:42:14 UTC (rev 24615)
@@ -16,7 +16,7 @@
$Id: management.py,v 1.5 2004/02/20 20:42:12 srichter Exp $
"""
# Special system user that has all permissions
-# zope.security.manager needs it
+# zope.security.simplepolicies needs it
system_user = object()
import traceback
@@ -24,21 +24,26 @@
from zope.interface import moduleProvides
from zope.security.interfaces import ISecurityManagement
from zope.security.interfaces import IInteractionManagement
-from zope.security.manager import setSecurityPolicy as _setSecurityPolicy
-from zope.security.manager import getSecurityPolicy as _getSecurityPolicy
from zope.testing.cleanup import addCleanUp
from zope.thread import thread_globals
moduleProvides(ISecurityManagement, IInteractionManagement)
+def _clear():
+ global _defaultPolicy
+ _defaultPolicy = ParanoidSecurityPolicy()
+
+addCleanUp(_clear)
+
+
#
# ISecurityManagement implementation
#
def getSecurityPolicy():
"""Get the system default security policy."""
- return _getSecurityPolicy()
+ return _defaultPolicy
def setSecurityPolicy(aSecurityPolicy):
"""Set the system default security policy, and return the previous
@@ -47,9 +52,13 @@
This method should only be called by system startup code.
It should never, for example, be called during a web request.
"""
- return _setSecurityPolicy(aSecurityPolicy)
+ global _defaultPolicy
+ last, _defaultPolicy = _defaultPolicy, aSecurityPolicy
+ return last
+
+
#
# IInteractionManagement implementation
#
@@ -83,3 +92,7 @@
addCleanUp(_cleanUp)
+# circular imports are not fun
+
+from zope.security.simplepolicies import ParanoidSecurityPolicy
+_defaultPolicy = ParanoidSecurityPolicy()
Deleted: Zope3/branches/mgedmin-security/src/zope/security/manager.py
===================================================================
--- Zope3/branches/mgedmin-security/src/zope/security/manager.py 2004-05-12 21:38:07 UTC (rev 24614)
+++ Zope3/branches/mgedmin-security/src/zope/security/manager.py 2004-05-12 21:42:14 UTC (rev 24615)
@@ -1,155 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Default ISecurityManager implementation
-
-$Id: manager.py,v 1.4 2003/06/02 14:34:49 stevea Exp $
-"""
-from zope.interface import implements
-from zope.security.simplepolicies import ParanoidSecurityPolicy
-
-MAX_STACK_SIZE = 100
-
-_defaultPolicy = ParanoidSecurityPolicy()
-
-def _clear():
- global _defaultPolicy
- _defaultPolicy = ParanoidSecurityPolicy()
-
-from zope.testing.cleanup import addCleanUp
-addCleanUp(_clear)
-
-def getSecurityPolicy():
- """Get the system default security policy."""
- return _defaultPolicy
-
-def setSecurityPolicy(aSecurityPolicy):
- """Set the system default security policy.
-
- This method should only be caused by system startup code. It should never,
- for example, be called during a web request.
- """
- global _defaultPolicy
-
- last, _defaultPolicy = _defaultPolicy, aSecurityPolicy
-
- return last
-
-from zope.security.interfaces import ISecurityManager
-
-class SecurityManager:
- """A security manager provides methods for checking access and managing
- executable context and policies.
- """
- implements(ISecurityManager)
-
- def __init__(self, context):
- self._context = context
- self._policy = None
-
- def _getPolicy(self):
- """Find current policy, or default.
- """
- policy = self._policy
- if policy is None:
- policy = _defaultPolicy
- return policy
-
- #
- # ISecurityManager implementation
- #
- def getPrincipal(self):
- """Return the authenticated user.
-
- This is equivalent to something like::
-
- REQUEST['AUTHENTICATED_USER']
-
- but is a bit cleaner, especially if 'REQUEST' isn't handy.
- """
- return self._context.user
-
- def checkPermission(self, permission, object):
- """Check whether the security context allows the given
- permission on the given object. Return a boolean value.
-
- Arguments:
-
- permission -- A permission name
-
- object -- The object being accessed according to the permission
- """
- from zope.security.management import getInteraction # this is temporary
- return self._getPolicy().checkPermission(permission, object,
- getInteraction())
-
- def pushExecutable(self, anExecutableObject):
- """Push an ExecutableObject onto the manager's stack, and
- activate its custom security policy, if any.
- """
- stack = self._context.stack
-
- if len(stack) >= MAX_STACK_SIZE:
- raise SystemError, 'Excessive recursion'
-
- stack.append(anExecutableObject)
- p = getattr(anExecutableObject, '_customSecurityPolicy', None)
-
- if p is not None:
- p = p()
-
- self._policy = p
-
- def popExecutable(self, anExecutableObject):
- """Pop the topmost ExecutableObject from the stack, deactivating
- any custom security policy it might have installed.
- """
- stack = self._context.stack
-
- if not stack:
- return
-
- top = stack[-1]
-
- if top is anExecutableObject:
- del stack[-1]
- else:
- indexes = range(len(stack))
- indexes.reverse()
- for i in indexes:
- top = stack[i]
- if top is anExecutableObject:
- del stack[i:]
- break
- else:
- return
-
- if stack:
- top = stack[-1]
- p = getattr(top, '_customSecurityPolicy', None)
-
- if p is not None:
- p = p()
- self._policy = p
- else:
- self._policy = None
-
- def calledByExecutable(self):
- """Return a boolean indicating whether the current request has
- invoked any IExecutableObjects.
-
- This can be used to determine if an object was called (more or less)
- directly from a URL, or if it was called by through-the-web provided
- code.
- """
- return len(self._context.stack)
Deleted: Zope3/branches/mgedmin-security/src/zope/security/tests/test_manager.py
===================================================================
--- Zope3/branches/mgedmin-security/src/zope/security/tests/test_manager.py 2004-05-12 21:38:07 UTC (rev 24614)
+++ Zope3/branches/mgedmin-security/src/zope/security/tests/test_manager.py 2004-05-12 21:42:14 UTC (rev 24615)
@@ -1,159 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Unit tests for SecurityManager
-
-$Id: test_manager.py,v 1.5 2004/03/13 17:21:51 philikon Exp $
-"""
-
-import unittest
-
-from zope.interface.verify import verifyClass
-
-from zope.security import manager
-from zope.security.simplepolicies import ParanoidSecurityPolicy
-from zope.security.simplepolicies import PermissiveSecurityPolicy
-from zope.security.context import SecurityContext
-
-class DummyExecutable:
- """implements( (pseudo) IExecutableObject)"""
-
-class DummyExecutableWithCustomPolicy:
- """implements( (pseudo) IExecutableObjectWithCustomSecurityPolicy)"""
-
- def _customSecurityPolicy(self):
- return PermissiveSecurityPolicy()
-
-class Test(unittest.TestCase):
-
- def setUp(self):
- self._oldPolicy = manager._defaultPolicy
- manager.setSecurityPolicy(ParanoidSecurityPolicy())
- self._context = SecurityContext('xyzzy')
-
- def tearDown(self):
- from zope.security.manager import setSecurityPolicy
- setSecurityPolicy(self._oldPolicy)
-
- def _makeMgr(self):
- from zope.security.manager import SecurityManager
- return SecurityManager(self._context)
-
- def _setPermissive(self):
- from zope.security.manager import setSecurityPolicy
- setSecurityPolicy(PermissiveSecurityPolicy())
-
-
- def test_import(self):
- from zope.security.manager import SecurityManager
- from zope.security.interfaces import ISecurityManager
- verifyClass(ISecurityManager, SecurityManager)
-
- def test_empty(self):
- mgr = self._makeMgr()
- self.assertEqual(mgr.getPrincipal(), self._context.user)
- self.failIf(mgr.calledByExecutable())
-
- def test_w_default_policy(self):
- mgr = self._makeMgr()
- self.failIf(mgr.checkPermission(None, None))
-
- def test_w_permissive_policy(self):
- mgr = self._makeMgr()
- self._setPermissive()
- self.failUnless(mgr.checkPermission(None, None))
-
- def test_exec_stack_overflow(self):
- from zope.security.manager import MAX_STACK_SIZE
- mgr = self._makeMgr()
-
- for i in range(MAX_STACK_SIZE):
- mgr.pushExecutable(None)
-
- self.assertRaises(SystemError, mgr.pushExecutable, None)
-
- def test_pushExecutable_simple(self):
- mgr = self._makeMgr()
- self.failIf(mgr.calledByExecutable())
-
- mgr.pushExecutable(DummyExecutable())
- self.failUnless(mgr.calledByExecutable())
-
- def test_popExecutable_simple(self):
- mgr = self._makeMgr()
- exe = DummyExecutable()
- exe2 = DummyExecutable()
-
- mgr.pushExecutable(exe)
- mgr.pushExecutable(exe2)
- mgr.popExecutable(exe2)
- self.failUnless(mgr.calledByExecutable())
-
- mgr.popExecutable(exe)
- self.failIf(mgr.calledByExecutable())
-
- def test_popExecutable_nomatch(self):
- mgr = self._makeMgr()
- exe = DummyExecutable()
- exe2 = DummyExecutable()
- other = DummyExecutable()
-
- mgr.pushExecutable(exe)
- mgr.pushExecutable(exe2)
- mgr.popExecutable(other) # not on stack => no change
- self.failUnless(mgr.calledByExecutable())
-
- mgr.popExecutable(exe) # bottom of stack => empty it
- self.failIf(mgr.calledByExecutable())
-
- def test_pushExecutable_customPolicy(self):
- mgr = self._makeMgr()
- exe = DummyExecutableWithCustomPolicy()
- self.failIf(mgr.checkPermission(None, None))
- mgr.pushExecutable(exe)
- self.failUnless(mgr.checkPermission(None, None))
- mgr.popExecutable(exe)
- self.failIf(mgr.checkPermission(None, None))
-
- def test_pushPop_complexPolicies(self):
- mgr = self._makeMgr()
-
- exe1 = DummyExecutableWithCustomPolicy()
- exe2 = DummyExecutable()
- exe3 = DummyExecutableWithCustomPolicy()
-
- mgr.pushExecutable(exe1) # now has custom permissive policy
- self.failUnless(mgr.checkPermission(None, None))
-
- mgr.pushExecutable(exe2) # now has default policy
- self.failIf(mgr.checkPermission(None, None))
-
- mgr.pushExecutable(exe3) # now has custom permissive policy
- self.failUnless(mgr.checkPermission(None, None))
-
- mgr.popExecutable(exe3) # back to default policy
- self.failIf(mgr.checkPermission(None, None))
-
- mgr.popExecutable(exe2) # back to has custom permissive policy
- self.failUnless(mgr.checkPermission(None, None))
-
- mgr.popExecutable(exe1) # back to default policy
- self.failIf(mgr.checkPermission(None, None))
-
-
-def test_suite():
- loader=unittest.TestLoader()
- return loader.loadTestsFromTestCase(Test)
-
-if __name__=='__main__':
- unittest.TextTestRunner().run(test_suite())
More information about the Zope3-Checkins
mailing list