[Zope3-checkins] SVN: Zope3/trunk/ Warn the user on startup if the security policy is the default

Albertas Agejevas alga at pov.lt
Fri Jul 29 16:02:10 EDT 2005 

Log message for revision 37559:
  Warn the user on startup if the security policy is the default
  ParanoidSecuritypolicy.
  See http://www.zope.org/Collectors/Zope3-dev/381
  

Changed:
  U   Zope3/trunk/doc/TODO.txt
  U   Zope3/trunk/src/zope/app/appsetup/bootstrap.py
  U   Zope3/trunk/src/zope/app/appsetup/bootstrap.txt
  U   Zope3/trunk/src/zope/app/appsetup/configure.zcml

-=-
Modified: Zope3/trunk/doc/TODO.txt
===================================================================
--- Zope3/trunk/doc/TODO.txt	2005-07-29 18:58:28 UTC (rev 37558)
+++ Zope3/trunk/doc/TODO.txt	2005-07-29 20:02:09 UTC (rev 37559)
@@ -25,8 +25,6 @@
 
   * 307: browser:addMenuItem and broken view references
 
-  - 381: Handle migration of site instance 'securitypolicy.zcml' files
-
   * 384: Problems with permissions in zcml utility directives
 
 Bugs starting with * represent bugs that must be fixed for the 3.0.x branch as

Modified: Zope3/trunk/src/zope/app/appsetup/bootstrap.py
===================================================================
--- Zope3/trunk/src/zope/app/appsetup/bootstrap.py	2005-07-29 18:58:28 UTC (rev 37558)
+++ Zope3/trunk/src/zope/app/appsetup/bootstrap.py	2005-07-29 20:02:09 UTC (rev 37559)
@@ -20,8 +20,11 @@
 """
 __docformat__ = 'restructuredtext'
 import transaction
+import logging
 
 import zope.event
+from zope.security.management import getSecurityPolicy
+from zope.security.simplepolicies import ParanoidSecurityPolicy
 
 from zope.app.component.interfaces import ISite
 from zope.app.component import site
@@ -150,3 +153,16 @@
 
 ########################################################################
 ########################################################################
+
+def checkSecurityPolicy(event):
+    """Warn if the configured security policy is ParanoidSecurityPolicy
+
+    Between Zope X3 3.0 and Zope X3 3.1 the security policy got
+    refactored and now it needs to be included from site.zcml.
+    """
+    if getSecurityPolicy() is ParanoidSecurityPolicy:
+        logging.getLogger('zope.app.appsetup').warn(
+            'Security policy is not configured.\n'
+            'Please make sure that securitypolicy.zcml is included'
+            ' in site.zcml immediately\n'
+            'before principals.zcml')

Modified: Zope3/trunk/src/zope/app/appsetup/bootstrap.txt
===================================================================
--- Zope3/trunk/src/zope/app/appsetup/bootstrap.txt	2005-07-29 18:58:28 UTC (rev 37558)
+++ Zope3/trunk/src/zope/app/appsetup/bootstrap.txt	2005-07-29 20:02:09 UTC (rev 37559)
@@ -42,3 +42,40 @@
     True
 
 
+Check the Security Policy
+-------------------------
+
+When the security policy got refactored to be really pluggable, the
+inclusion of the security policy configuration was moved to the very
+top level, to site.zcml.  This happened in r24770, after ZopeX3 3.0
+was released, but before 3.1.
+
+Now the maintainers of existing 3.0 sites need to manually update
+their site.zcml to include securitypolicy.zcml while upgrading to 3.1.
+See also http://www.zope.org/Collectors/Zope3-dev/381 .
+
+    >>> from zope.testing.loggingsupport import InstalledHandler
+    >>> handler = InstalledHandler('zope.app.appsetup')
+
+If the security policy is unset from the default
+ParanoidSecurityPolicy, we get a warning:
+
+    >>> from zope.app.appsetup.bootstrap import checkSecurityPolicy
+    >>> event = object()
+    >>> checkSecurityPolicy(event)
+    >>> print handler
+    zope.app.appsetup WARNING
+      Security policy is not configured.
+    Please make sure that securitypolicy.zcml is included in site.zcml immediately
+    before principals.zcml
+
+However, if any non-default security policy is installed, no warning
+is emitted:
+
+    >>> from zope.security.management import setSecurityPolicy
+    >>> defaultPolicy = setSecurityPolicy(object())
+    >>> handler.clear()
+    >>> checkSecurityPolicy(event)
+    >>> print handler
+    <BLANKLINE>
+

Modified: Zope3/trunk/src/zope/app/appsetup/configure.zcml
===================================================================
--- Zope3/trunk/src/zope/app/appsetup/configure.zcml	2005-07-29 18:58:28 UTC (rev 37558)
+++ Zope3/trunk/src/zope/app/appsetup/configure.zcml	2005-07-29 20:02:09 UTC (rev 37559)
@@ -5,4 +5,9 @@
       for="zope.app.appsetup.IDatabaseOpenedEvent"
       />
 
+  <subscriber
+      handler=".bootstrap.checkSecurityPolicy"
+      for="zope.app.appsetup.IDatabaseOpenedEvent"
+      />
+
 </configure>

More information about the Zope3-Checkins mailing list