Create an API to access Products.__ac_permissions__

src/AccessControl/Permission.py

@@ -141,10 +141,28 @@ class Permission:
 _registeredPermissions = {}
 
 
+def getPermissions():
+    import Products
+    return getattr(Products, '__ac_permissions__', ())
+
+
+def addPermission(perm, default_roles=('Manager', )):
+    if perm in _registeredPermissions:
+        return
+
+    entry = ((perm, (), default_roles), )
+    import Products
+    Products_permissions = getPermissions()
+    Products.__ac_permissions__ = Products_permissions + entry
+    _registeredPermissions[perm] = 1
+    mangled = pname(perm) # get mangled permission name
+    if not hasattr(ApplicationDefaultPermissions, mangled):
+        setattr(ApplicationDefaultPermissions, mangled, default_roles)
+
+
 def registerPermissions(permissions, defaultDefault=('Manager', )):
     """Register an __ac_permissions__ sequence.
     """
-    import Products
     for setting in permissions:
         if setting[0] in _registeredPermissions:
             continue
@@ -153,14 +171,7 @@ def registerPermissions(permissions, defaultDefault=('Manager', )):
             default = defaultDefault
         else:
             perm, methods, default = setting
-        _registeredPermissions[perm]=1
-        Products_permissions = getattr(Products, '__ac_permissions__', ())
-        Products.__ac_permissions__=(
-            Products_permissions + ((perm, (), default), ))
-        mangled=pname(perm) # get mangled permission name
-        if not hasattr(ApplicationDefaultPermissions, mangled):
-            setattr(ApplicationDefaultPermissions,
-                    mangled, default)
+        addPermission(perm, default)
 
 
 class ApplicationDefaultPermissions:

src/AccessControl/Role.py

@@ -28,6 +28,7 @@ from zope.interface import implements
 from AccessControl import ClassSecurityInfo
 from AccessControl.class_init import InitializeClass
 from AccessControl.interfaces import IRoleManager
+from AccessControl.Permission import getPermissions
 from AccessControl.Permission import Permission
 from AccessControl.Permissions import change_permissions
 from AccessControl.requestmethod import requestmethod
@@ -608,9 +609,8 @@ class RoleManager(Base, RoleManager):
         pass
 
     def possible_permissions(self):
-        import Products
         d={}
-        Products_permissions = getattr(Products, '__ac_permissions__', ())
+        Products_permissions = getPermissions()
         for p in Products_permissions:
             d[p[0]]=1
         for p in self.ac_inherited_permissions(1):

src/AccessControl/security.py

@@ -27,16 +27,12 @@ from zope.security.simplepolicies import ParanoidSecurityPolicy
 
 from AccessControl.SecurityInfo import ClassSecurityInfo
 from AccessControl.SecurityManagement import getSecurityManager
-from AccessControl.Permission import _registeredPermissions
-from AccessControl.Permission import pname
-
-import Products
-
-from AccessControl.Permission import ApplicationDefaultPermissions
+from AccessControl.Permission import addPermission
 
 CheckerPublicId = 'zope.Public'
 CheckerPrivateId = 'zope2.Private'
 
+
 def getSecurityInfo(klass):
     sec = {}
     info = vars(klass)
@@ -47,8 +43,8 @@ def getSecurityInfo(klass):
             sec[k] = v
     return sec
 
+
 def clearSecurityInfo(klass):
-    sec = {}
     info = vars(klass)
     if info.has_key('__ac_permissions__'):
         delattr(klass, '__ac_permissions__')
@@ -56,6 +52,7 @@ def clearSecurityInfo(klass):
         if k.endswith('__roles__'):
             delattr(klass, k)
 
+
 def checkPermission(permission, object, interaction=None):
     """Return whether security policy allows permission on object.
 
@@ -82,6 +79,7 @@ def checkPermission(permission, object, interaction=None):
 
     return False
 
+
 class SecurityPolicy(ParanoidSecurityPolicy):
     """Security policy that bridges between zope.security security mechanisms
     and Zope 2's security policy.
@@ -94,6 +92,7 @@ class SecurityPolicy(ParanoidSecurityPolicy):
     def checkPermission(self, permission, object):
         return checkPermission(permission, object)
 
+
 def newInteraction():
     """Con zope.security to use Zope 2's checkPermission.
 
@@ -105,6 +104,7 @@ def newInteraction():
     if getattr(thread_local, 'interaction', None) is None:
         thread_local.interaction = SecurityPolicy()
 
+
 def _getSecurity(klass):
     # a Zope 2 class can contain some attribute that is an instance
     # of ClassSecurityInfo. Zope 2 scans through things looking for
@@ -120,6 +120,7 @@ def _getSecurity(klass):
     setattr(klass, '__security__', security)
     return security
 
+
 def protectName(klass, name, permission_id):
     """Protect the attribute 'name' on 'klass' using the given
        permission"""
@@ -139,6 +140,7 @@ def protectName(klass, name, permission_id):
         perm = str(permission.title)
         security.declareProtected(perm, name)
 
+
 def protectClass(klass, permission_id):
     """Protect the whole class with the given permission"""
     security = _getSecurity(klass)
@@ -155,21 +157,11 @@ def protectClass(klass, permission_id):
         perm = str(permission.title)
         security.declareObjectProtected(perm)
 
+
 def create_permission_from_permission_directive(permission, event):
     """When a new IPermission utility is registered (via the <permission />
     directive), create the equivalent Zope2 style permission.
     """
-
-    global _registeredPermissions
-
     # Zope 2 uses string, not unicode yet
     zope2_permission = str(permission.title)
-    roles = ('Manager',)
-
-    if not _registeredPermissions.has_key(zope2_permission):
-        _registeredPermissions[zope2_permission] = 1
-
-        Products.__ac_permissions__ += ((zope2_permission, (), roles,),)
-
-        mangled = pname(zope2_permission)
-        setattr(ApplicationDefaultPermissions, mangled, roles)
+    addPermission(zope2_permission)

src/AccessControl/tests/testZCML.py

@@ -351,8 +351,8 @@ def test_register_permission():
     The permission will be made available globally, with default role set
     of ('Manager',).
 
-      >>> import Products
-      >>> permissions = getattr(Products, '__ac_permissions__', ())
+      >>> from AccessControl.Permission import getPermissions
+      >>> permissions = getPermissions()
       >>> [p[2] for p in permissions
       ...          if p[0] == 'AccessControl: Dummy permission']
       [('Manager',)]
@@ -360,10 +360,8 @@ def test_register_permission():
     Let's also ensure that permissions are not overwritten if they exist
     already:
 
-      >>> from AccessControl.Permission import _registeredPermissions
-      >>> _registeredPermissions['Dummy: Other dummy'] = 1
-      >>> Products.__ac_permissions__ += (
-      ...     ('Dummy: Other dummy', (), ('Anonymous', ),),)
+      >>> from AccessControl.Permission import addPermission
+      >>> addPermission('Dummy: Other dummy', ('Anonymous', ))
 
       >>> from StringIO import StringIO
       >>> configure_zcml = StringIO('''
@@ -380,9 +378,8 @@ def test_register_permission():
       >>> from zope.configuration.xmlconfig import xmlconfig
       >>> xmlconfig(configure_zcml)
 
-      >>> permissions = getattr(Products, '__ac_permissions__', ())
-      >>> [p[2] for p in permissions
-      ...          if p[0] == 'Dummy: Other dummy']
+      >>> permissions = getPermissions()
+      >>> [p[2] for p in permissions if p[0] == 'Dummy: Other dummy']
       [('Anonymous',)]
 
       >>> tearDown()

src/HelpSys/HelpSys.py

@@ -56,7 +56,6 @@ class HelpSys(Implicit, ObjectManager, Item, Persistent):
     security.declareProtected(access_contents_information, 'helpValues')
     def helpValues(self, spec=None):
         "ProductHelp objects of all Products that have help"
-        import Products
         hv=[]
         for product in self.Control_Panel.Products.objectValues():
             productHelp=product.getProductHelp()

src/OFS/ObjectManager.py

@@ -26,6 +26,7 @@ import re
 import sys
 
 from AccessControl import ClassSecurityInfo
+from AccessControl.Permission import getPermissions
 from AccessControl.Permissions import view_management_screens
 from AccessControl.Permissions import access_contents_information
 from AccessControl.Permissions import delete_objects
@@ -263,9 +264,7 @@ class ObjectManager(CopyContainer,
         return meta_types
 
     def _subobject_permissions(self):
-        import Products
-        Products_permissions = getattr(Products, '__ac_permissions__', ())
-        return Products_permissions
+        return getPermissions()
 
     def filtered_meta_types(self, user=None):
         # Return a list of the types for which the user has