[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/securitypolicy/
Added a new configuration directive to grant all permissions to a
Jim Fulton
jim at zope.com
Mon May 17 06:06:11 EDT 2004
Log message for revision 24770:
Added a new configuration directive to grant all permissions to a
role or principal.
-=-
Modified: Zope3/trunk/src/zope/app/securitypolicy/meta.zcml
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/meta.zcml 2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/meta.zcml 2004-05-17 10:06:10 UTC (rev 24770)
@@ -7,6 +7,11 @@
handler=".metaconfigure.grant" />
<meta:directive namespace="http://namespaces.zope.org/zope"
+ name="grantAll"
+ schema=".metadirectives.IGrantAllDirective"
+ handler=".metaconfigure.grantAll" />
+
+ <meta:directive namespace="http://namespaces.zope.org/zope"
name="role"
schema=".metadirectives.IDefineRoleDirective"
handler=".metaconfigure.defineRole" />
Modified: Zope3/trunk/src/zope/app/securitypolicy/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/metaconfigure.py 2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/metaconfigure.py 2004-05-17 10:06:10 UTC (rev 24770)
@@ -29,10 +29,12 @@
def grant(_context, principal=None, role=None, permission=None):
- if ( (principal is not None)
- + (role is not None)
- + (permission is not None)
- ) != 2:
+ nspecified = ((principal is not None)
+ + (role is not None)
+ + (permission is not None)
+ )
+
+ if nspecified != 2:
raise ConfigurationError(
"Exactly two of the principal, role, and permission attributes "
"must be specified")
@@ -42,22 +44,51 @@
_context.action(
discriminator = ('grantRoleToPrincipal', role, principal),
callable = principal_role_mgr.assignRoleToPrincipal,
- args = (role, principal) )
-
- if permission:
+ args = (role, principal)
+ )
+ else:
_context.action(
discriminator = ('grantPermissionToPrincipal',
permission,
principal),
callable = principal_perm_mgr.grantPermissionToPrincipal,
- args = (permission, principal) )
+ args = (permission, principal)
+ )
else:
_context.action(
discriminator = ('grantPermissionToRole', permission, role),
callable = role_perm_mgr.grantPermissionToRole,
- args = (permission, role) )
+ args = (permission, role)
+ )
+def grantAll(_context, principal=None, role=None):
+ """Grant all permissions to a role or principal
+ """
+ nspecified = ((principal is not None)
+ + (role is not None)
+ )
+ if nspecified != 1:
+ raise ConfigurationError(
+ "Exactly one of the principal and role attributes "
+ "must be specified")
+
+ if principal:
+ _context.action(
+ discriminator = ('grantAllPermissionsToPrincipal',
+ principal),
+ callable =
+ principal_perm_mgr.grantAllPermissionsToPrincipal,
+ args = (principal, )
+ )
+ else:
+ _context.action(
+ discriminator = ('grantAllPermissionsToRole', role),
+ callable = role_perm_mgr.grantAllPermissionsToRole,
+ args = (role, )
+ )
+
+
def defineRole(_context, id, title, description=''):
role = Role(id, title, description)
utility(_context, IRole, role, name=id)
Modified: Zope3/trunk/src/zope/app/securitypolicy/metadirectives.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/metadirectives.py 2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/metadirectives.py 2004-05-17 10:06:10 UTC (rev 24770)
@@ -20,7 +20,7 @@
from zope.app.security.metadirectives import IBaseDefineDirective
from zope.app.security.fields import Permission
-class IGrantDirective(Interface):
+class IGrantAllDirective(Interface):
"""Grant Permissions to roles and principals and roles to principals."""
principal = Id(
@@ -28,16 +28,19 @@
description=u"Specifies the Principal to be mapped.",
required=False)
+ role = Id(
+ title=u"Role",
+ description=u"Specifies the Role to be mapped.",
+ required=False)
+
+class IGrantDirective(IGrantAllDirective):
+ """Grant Permissions to roles and principals and roles to principals."""
+
permission = Permission(
title=u"Permission",
description=u"Specifies the Permission to be mapped.",
required=False)
- role = Id(
- title=u"Role",
- description=u"Specifies the Role to be mapped.",
- required=False)
-
class IDefineRoleDirective(IBaseDefineDirective):
"""Define a new role."""
Modified: Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py 2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py 2004-05-17 10:06:10 UTC (rev 24770)
@@ -22,7 +22,7 @@
from zope.app.security.settings import Allow, Deny, Unset
from zope.app.security.principal import checkPrincipal
-from zope.app.security.permission import checkPermission
+from zope.app.security.permission import checkPermission, allPermissions
from zope.app.securitypolicy.securitymap import SecurityMap
@@ -121,6 +121,12 @@
self.addCell(permission_id, principal_id, Allow)
+ def grantAllPermissionsToPrincipal(self, principal_id):
+ ''' See the interface IPrincipalPermissionManager '''
+
+ for permission_id in allPermissions(None):
+ self.grantPermissionToPrincipal(permission_id, principal_id, False)
+
def denyPermissionToPrincipal(self, permission_id, principal_id,
check=True):
''' See the interface IPrincipalPermissionManager '''
Modified: Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py 2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py 2004-05-17 10:06:10 UTC (rev 24770)
@@ -20,7 +20,7 @@
from zope.app.annotation.interfaces import IAnnotations
from zope.app.security.settings import Allow, Deny, Unset
-from zope.app.security.permission import checkPermission
+from zope.app.security.permission import checkPermission, allPermissions
from zope.app.securitypolicy.role import checkRole
from zope.app.securitypolicy.interfaces import IRolePermissionManager
@@ -169,6 +169,10 @@
self.addCell(permission_id, role_id, Allow)
+ def grantAllPermissionsToRole(self, role_id):
+ for permission_id in allPermissions(None):
+ self.grantPermissionToRole(permission_id, role_id, False)
+
def denyPermissionToRole(self, permission_id, role_id, check=True):
'''See interface IRolePermissionMap'''
Modified: Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py 2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py 2004-05-17 10:06:10 UTC (rev 24770)
@@ -141,6 +141,16 @@
self.failUnless((perm1,prin1,Allow) in perms)
self.failUnless((perm2,prin1,Deny) in perms)
+ def testAllPermissions(self):
+ perm1 = definePermission('Perm One', 'title').id
+ perm2 = definePermission('Perm Two', 'title').id
+ prin1 = self._make_principal()
+ manager.grantAllPermissionsToPrincipal(prin1)
+ perms = manager.getPermissionsForPrincipal(prin1)
+ self.assertEqual(len(perms), 2)
+ self.failUnless((perm1,Allow) in perms)
+ self.failUnless((perm2,Allow) in perms)
+
def testManyPrincipalsOnePermission(self):
perm1 = definePermission('Perm One', 'title').id
prin1 = self._make_principal()
Modified: Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py 2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py 2004-05-17 10:06:10 UTC (rev 24770)
@@ -79,6 +79,20 @@
self.assertEqual(len(perms), 2)
self.failUnless((perm2,Allow) in perms)
+ def testAllPermissions(self):
+ perm1 = definePermission('Perm One', 'P1').id
+ perm2 = definePermission('Perm Two', 'P2').id
+ perm3 = definePermission('Perm Three', 'P3').id
+ role1 = defineRole('Role One', 'Role #1').id
+ perms = manager.getPermissionsForRole(role1)
+ self.assertEqual(len(perms), 0)
+ manager.grantAllPermissionsToRole(role1)
+ perms = manager.getPermissionsForRole(role1)
+ self.assertEqual(len(perms), 3)
+ self.failUnless((perm1, Allow) in perms)
+ self.failUnless((perm2, Allow) in perms)
+ self.failUnless((perm3, Allow) in perms)
+
def testManyRolesOnePermission(self):
perm1 = definePermission('Perm One', 'title').id
role1 = defineRole('Role One', 'Role #1').id
More information about the Zope3-Checkins
mailing list