[Zope3-checkins] SVN: Zope3/trunk/ Fix #384: Handling utility permissions

Jim Fulton jim at zope.com
Fri Jul 29 19:36:22 EDT 2005


Log message for revision 37586:
  Fix #384: Handling utility permissions
  
  When defining utilities in ZCML with permissions, checker objects were
  saved on the utilty's __Security_checker__ attribute. This caused
  problems if the component was registered more than once, or if the
  component was a class.  Now a proxy is used to hold the security
  checker, so that the checker is specific to a particular registration.
  

Changed:
  U   Zope3/trunk/doc/CHANGES.txt
  U   Zope3/trunk/doc/TODO.txt
  U   Zope3/trunk/src/zope/app/component/metaconfigure.py
  U   Zope3/trunk/src/zope/app/component/tests/components.py
  U   Zope3/trunk/src/zope/app/component/tests/test_directives.py

-=-
Modified: Zope3/trunk/doc/CHANGES.txt
===================================================================
--- Zope3/trunk/doc/CHANGES.txt	2005-07-29 23:25:19 UTC (rev 37585)
+++ Zope3/trunk/doc/CHANGES.txt	2005-07-29 23:36:21 UTC (rev 37586)
@@ -655,6 +655,15 @@
 
     Bug Fixes
 
+      - Fix #384: Handling utility permissions
+
+        When defining utilities in ZCML with permissions, checker
+        objects were saved on the utilty's __Security_checker__
+        attribute. This caused problems if the component was
+        registered more than once, or if the component was a class.
+        Now a proxy is used to hold the security checker, so that the 
+        checker is specific to a particular registration.
+
       - Fix  307: browser:addMenuItem and broken view references
 
       - Fix #411: Remove SendmailMailer

Modified: Zope3/trunk/doc/TODO.txt
===================================================================
--- Zope3/trunk/doc/TODO.txt	2005-07-29 23:25:19 UTC (rev 37585)
+++ Zope3/trunk/doc/TODO.txt	2005-07-29 23:36:21 UTC (rev 37586)
@@ -15,7 +15,5 @@
 Bug Fixes
 ---------
 
-  * 384: Problems with permissions in zcml utility directives
-
 Bugs starting with * represent bugs that must be fixed for the 3.0.x branch as
 well .

Modified: Zope3/trunk/src/zope/app/component/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/component/metaconfigure.py	2005-07-29 23:25:19 UTC (rev 37585)
+++ Zope3/trunk/src/zope/app/component/metaconfigure.py	2005-07-29 23:36:21 UTC (rev 37586)
@@ -21,9 +21,11 @@
 from zope.component.interfaces import IDefaultViewName, IFactory
 from zope.configuration.exceptions import ConfigurationError
 import zope.interface
-from zope.interface import Interface
+from zope.interface import Interface, providedBy
 from zope.interface.interfaces import IInterface
 
+from zope.proxy import ProxyBase, getProxiedObject
+
 from zope.security.checker import InterfaceChecker, CheckerPublic
 from zope.security.checker import Checker, NamesChecker
 from zope.security.proxy import Proxy
@@ -46,19 +48,24 @@
         callable = provideInterface,
         args = ('', interface, type)
         )
-    
 
+
+class PermissionProxy(ProxyBase):
+
+    __slots__ = ('__Security_checker__', )
+
+    def __providedBy__(self):
+        return providedBy(getProxiedObject(self))
+    __providedBy__ = property(__providedBy__)
+
 def proxify(ob, checker):
     """Try to get the object proxied with the `checker`, but not too soon
 
     We really don't want to proxy the object unless we need to.
     """
 
-    try:
-        ob.__Security_checker__ = checker
-    except AttributeError:
-        ob = Proxy(ob, checker)
-
+    ob = PermissionProxy(ob)
+    ob.__Security_checker__ = checker
     return ob
 
 _handler=handler

Modified: Zope3/trunk/src/zope/app/component/tests/components.py
===================================================================
--- Zope3/trunk/src/zope/app/component/tests/components.py	2005-07-29 23:25:19 UTC (rev 37585)
+++ Zope3/trunk/src/zope/app/component/tests/components.py	2005-07-29 23:36:21 UTC (rev 37586)
@@ -18,10 +18,13 @@
 from zope.interface import Interface, Attribute, implements
 from zope.component import adapts
 
-class IApp(Interface):
+class IAppb(Interface):
     a = Attribute('test attribute')
     def f(): "test func"
 
+class IApp(IAppb):
+    pass
+
 class IContent(Interface): pass
 
 class Content(object):

Modified: Zope3/trunk/src/zope/app/component/tests/test_directives.py
===================================================================
--- Zope3/trunk/src/zope/app/component/tests/test_directives.py	2005-07-29 23:25:19 UTC (rev 37585)
+++ Zope3/trunk/src/zope/app/component/tests/test_directives.py	2005-07-29 23:36:21 UTC (rev 37586)
@@ -877,20 +877,35 @@
         self.assertEqual(zapi.getUtility(IApp).__class__, Comp)
 
     def testProtectedUtility(self):
+        """Test that we can protect a utility.
+
+        Also:
+        Check that multiple configurations for the same utility and
+        don't interfere.
+        """
         self.assertEqual(zapi.queryUtility(IV), None)
         xmlconfig(StringIO(template % (
             '''
+            <permission id="tell.everyone" title="Yay" />
             <utility
               component="zope.app.component.tests.components.comp"
               provides="zope.app.component.tests.components.IApp"
-              permission="zope.Public"
+              permission="tell.everyone"
               />
+            <permission id="top.secret" title="shhhh" />
+            <utility
+              component="zope.app.component.tests.components.comp"
+              provides="zope.app.component.tests.components.IAppb"
+              permission="top.secret"
+              />
             '''
             )))
 
         utility = ProxyFactory(zapi.getUtility(IApp))
-        items = [item[0] for item in getTestProxyItems(utility)]
-        self.assertEqual(items, ['a', 'f'])
+        items = getTestProxyItems(utility)
+        self.assertEqual(items, [('a', 'tell.everyone'),
+                                 ('f', 'tell.everyone')
+                                 ])
         self.assertEqual(removeSecurityProxy(utility), comp)
 
     def testUtilityUndefinedPermission(self):



More information about the Zope3-Checkins mailing list