Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
531882a5
Commit
531882a5
authored
Jun 05, 2010
by
Hanno Schlichting
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Create an API to access Products.__ac_permissions__
parent
d0f7568f
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
41 additions
and
43 deletions
+41
-43
src/AccessControl/Permission.py
src/AccessControl/Permission.py
+20
-9
src/AccessControl/Role.py
src/AccessControl/Role.py
+2
-2
src/AccessControl/security.py
src/AccessControl/security.py
+11
-19
src/AccessControl/tests/testZCML.py
src/AccessControl/tests/testZCML.py
+6
-9
src/HelpSys/HelpSys.py
src/HelpSys/HelpSys.py
+0
-1
src/OFS/ObjectManager.py
src/OFS/ObjectManager.py
+2
-3
No files found.
src/AccessControl/Permission.py
View file @
531882a5
...
@@ -141,10 +141,28 @@ class Permission:
...
@@ -141,10 +141,28 @@ class Permission:
_registeredPermissions
=
{}
_registeredPermissions
=
{}
def
getPermissions
():
import
Products
return
getattr
(
Products
,
'__ac_permissions__'
,
())
def
addPermission
(
perm
,
default_roles
=
(
'Manager'
,
)):
if
perm
in
_registeredPermissions
:
return
entry
=
((
perm
,
(),
default_roles
),
)
import
Products
Products_permissions
=
getPermissions
()
Products
.
__ac_permissions__
=
Products_permissions
+
entry
_registeredPermissions
[
perm
]
=
1
mangled
=
pname
(
perm
)
# get mangled permission name
if
not
hasattr
(
ApplicationDefaultPermissions
,
mangled
):
setattr
(
ApplicationDefaultPermissions
,
mangled
,
default_roles
)
def
registerPermissions
(
permissions
,
defaultDefault
=
(
'Manager'
,
)):
def
registerPermissions
(
permissions
,
defaultDefault
=
(
'Manager'
,
)):
"""Register an __ac_permissions__ sequence.
"""Register an __ac_permissions__ sequence.
"""
"""
import
Products
for
setting
in
permissions
:
for
setting
in
permissions
:
if
setting
[
0
]
in
_registeredPermissions
:
if
setting
[
0
]
in
_registeredPermissions
:
continue
continue
...
@@ -153,14 +171,7 @@ def registerPermissions(permissions, defaultDefault=('Manager', )):
...
@@ -153,14 +171,7 @@ def registerPermissions(permissions, defaultDefault=('Manager', )):
default
=
defaultDefault
default
=
defaultDefault
else
:
else
:
perm
,
methods
,
default
=
setting
perm
,
methods
,
default
=
setting
_registeredPermissions
[
perm
]
=
1
addPermission
(
perm
,
default
)
Products_permissions
=
getattr
(
Products
,
'__ac_permissions__'
,
())
Products
.
__ac_permissions__
=
(
Products_permissions
+
((
perm
,
(),
default
),
))
mangled
=
pname
(
perm
)
# get mangled permission name
if
not
hasattr
(
ApplicationDefaultPermissions
,
mangled
):
setattr
(
ApplicationDefaultPermissions
,
mangled
,
default
)
class
ApplicationDefaultPermissions
:
class
ApplicationDefaultPermissions
:
...
...
src/AccessControl/Role.py
View file @
531882a5
...
@@ -28,6 +28,7 @@ from zope.interface import implements
...
@@ -28,6 +28,7 @@ from zope.interface import implements
from
AccessControl
import
ClassSecurityInfo
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.interfaces
import
IRoleManager
from
AccessControl.interfaces
import
IRoleManager
from
AccessControl.Permission
import
getPermissions
from
AccessControl.Permission
import
Permission
from
AccessControl.Permission
import
Permission
from
AccessControl.Permissions
import
change_permissions
from
AccessControl.Permissions
import
change_permissions
from
AccessControl.requestmethod
import
requestmethod
from
AccessControl.requestmethod
import
requestmethod
...
@@ -608,9 +609,8 @@ class RoleManager(Base, RoleManager):
...
@@ -608,9 +609,8 @@ class RoleManager(Base, RoleManager):
pass
pass
def
possible_permissions
(
self
):
def
possible_permissions
(
self
):
import
Products
d
=
{}
d
=
{}
Products_permissions
=
get
attr
(
Products
,
'__ac_permissions__'
,
()
)
Products_permissions
=
get
Permissions
(
)
for
p
in
Products_permissions
:
for
p
in
Products_permissions
:
d
[
p
[
0
]]
=
1
d
[
p
[
0
]]
=
1
for
p
in
self
.
ac_inherited_permissions
(
1
):
for
p
in
self
.
ac_inherited_permissions
(
1
):
...
...
src/AccessControl/security.py
View file @
531882a5
...
@@ -27,16 +27,12 @@ from zope.security.simplepolicies import ParanoidSecurityPolicy
...
@@ -27,16 +27,12 @@ from zope.security.simplepolicies import ParanoidSecurityPolicy
from
AccessControl.SecurityInfo
import
ClassSecurityInfo
from
AccessControl.SecurityInfo
import
ClassSecurityInfo
from
AccessControl.SecurityManagement
import
getSecurityManager
from
AccessControl.SecurityManagement
import
getSecurityManager
from
AccessControl.Permission
import
_registeredPermissions
from
AccessControl.Permission
import
addPermission
from
AccessControl.Permission
import
pname
import
Products
from
AccessControl.Permission
import
ApplicationDefaultPermissions
CheckerPublicId
=
'zope.Public'
CheckerPublicId
=
'zope.Public'
CheckerPrivateId
=
'zope2.Private'
CheckerPrivateId
=
'zope2.Private'
def
getSecurityInfo
(
klass
):
def
getSecurityInfo
(
klass
):
sec
=
{}
sec
=
{}
info
=
vars
(
klass
)
info
=
vars
(
klass
)
...
@@ -47,8 +43,8 @@ def getSecurityInfo(klass):
...
@@ -47,8 +43,8 @@ def getSecurityInfo(klass):
sec
[
k
]
=
v
sec
[
k
]
=
v
return
sec
return
sec
def
clearSecurityInfo
(
klass
):
def
clearSecurityInfo
(
klass
):
sec
=
{}
info
=
vars
(
klass
)
info
=
vars
(
klass
)
if
info
.
has_key
(
'__ac_permissions__'
):
if
info
.
has_key
(
'__ac_permissions__'
):
delattr
(
klass
,
'__ac_permissions__'
)
delattr
(
klass
,
'__ac_permissions__'
)
...
@@ -56,6 +52,7 @@ def clearSecurityInfo(klass):
...
@@ -56,6 +52,7 @@ def clearSecurityInfo(klass):
if
k
.
endswith
(
'__roles__'
):
if
k
.
endswith
(
'__roles__'
):
delattr
(
klass
,
k
)
delattr
(
klass
,
k
)
def
checkPermission
(
permission
,
object
,
interaction
=
None
):
def
checkPermission
(
permission
,
object
,
interaction
=
None
):
"""Return whether security policy allows permission on object.
"""Return whether security policy allows permission on object.
...
@@ -82,6 +79,7 @@ def checkPermission(permission, object, interaction=None):
...
@@ -82,6 +79,7 @@ def checkPermission(permission, object, interaction=None):
return
False
return
False
class
SecurityPolicy
(
ParanoidSecurityPolicy
):
class
SecurityPolicy
(
ParanoidSecurityPolicy
):
"""Security policy that bridges between zope.security security mechanisms
"""Security policy that bridges between zope.security security mechanisms
and Zope 2's security policy.
and Zope 2's security policy.
...
@@ -94,6 +92,7 @@ class SecurityPolicy(ParanoidSecurityPolicy):
...
@@ -94,6 +92,7 @@ class SecurityPolicy(ParanoidSecurityPolicy):
def
checkPermission
(
self
,
permission
,
object
):
def
checkPermission
(
self
,
permission
,
object
):
return
checkPermission
(
permission
,
object
)
return
checkPermission
(
permission
,
object
)
def
newInteraction
():
def
newInteraction
():
"""Con zope.security to use Zope 2's checkPermission.
"""Con zope.security to use Zope 2's checkPermission.
...
@@ -105,6 +104,7 @@ def newInteraction():
...
@@ -105,6 +104,7 @@ def newInteraction():
if
getattr
(
thread_local
,
'interaction'
,
None
)
is
None
:
if
getattr
(
thread_local
,
'interaction'
,
None
)
is
None
:
thread_local
.
interaction
=
SecurityPolicy
()
thread_local
.
interaction
=
SecurityPolicy
()
def
_getSecurity
(
klass
):
def
_getSecurity
(
klass
):
# a Zope 2 class can contain some attribute that is an instance
# a Zope 2 class can contain some attribute that is an instance
# of ClassSecurityInfo. Zope 2 scans through things looking for
# of ClassSecurityInfo. Zope 2 scans through things looking for
...
@@ -120,6 +120,7 @@ def _getSecurity(klass):
...
@@ -120,6 +120,7 @@ def _getSecurity(klass):
setattr
(
klass
,
'__security__'
,
security
)
setattr
(
klass
,
'__security__'
,
security
)
return
security
return
security
def
protectName
(
klass
,
name
,
permission_id
):
def
protectName
(
klass
,
name
,
permission_id
):
"""Protect the attribute 'name' on 'klass' using the given
"""Protect the attribute 'name' on 'klass' using the given
permission"""
permission"""
...
@@ -139,6 +140,7 @@ def protectName(klass, name, permission_id):
...
@@ -139,6 +140,7 @@ def protectName(klass, name, permission_id):
perm
=
str
(
permission
.
title
)
perm
=
str
(
permission
.
title
)
security
.
declareProtected
(
perm
,
name
)
security
.
declareProtected
(
perm
,
name
)
def
protectClass
(
klass
,
permission_id
):
def
protectClass
(
klass
,
permission_id
):
"""Protect the whole class with the given permission"""
"""Protect the whole class with the given permission"""
security
=
_getSecurity
(
klass
)
security
=
_getSecurity
(
klass
)
...
@@ -155,21 +157,11 @@ def protectClass(klass, permission_id):
...
@@ -155,21 +157,11 @@ def protectClass(klass, permission_id):
perm
=
str
(
permission
.
title
)
perm
=
str
(
permission
.
title
)
security
.
declareObjectProtected
(
perm
)
security
.
declareObjectProtected
(
perm
)
def
create_permission_from_permission_directive
(
permission
,
event
):
def
create_permission_from_permission_directive
(
permission
,
event
):
"""When a new IPermission utility is registered (via the <permission />
"""When a new IPermission utility is registered (via the <permission />
directive), create the equivalent Zope2 style permission.
directive), create the equivalent Zope2 style permission.
"""
"""
global
_registeredPermissions
# Zope 2 uses string, not unicode yet
# Zope 2 uses string, not unicode yet
zope2_permission
=
str
(
permission
.
title
)
zope2_permission
=
str
(
permission
.
title
)
roles
=
(
'Manager'
,)
addPermission
(
zope2_permission
)
if
not
_registeredPermissions
.
has_key
(
zope2_permission
):
_registeredPermissions
[
zope2_permission
]
=
1
Products
.
__ac_permissions__
+=
((
zope2_permission
,
(),
roles
,),)
mangled
=
pname
(
zope2_permission
)
setattr
(
ApplicationDefaultPermissions
,
mangled
,
roles
)
src/AccessControl/tests/testZCML.py
View file @
531882a5
...
@@ -351,8 +351,8 @@ def test_register_permission():
...
@@ -351,8 +351,8 @@ def test_register_permission():
The permission will be made available globally, with default role set
The permission will be made available globally, with default role set
of ('Manager',).
of ('Manager',).
>>>
import Product
s
>>>
from AccessControl.Permission import getPermission
s
>>> permissions = get
attr(Products, '__ac_permissions__', ()
)
>>> permissions = get
Permissions(
)
>>> [p[2] for p in permissions
>>> [p[2] for p in permissions
... if p[0] == 'AccessControl: Dummy permission']
... if p[0] == 'AccessControl: Dummy permission']
[('Manager',)]
[('Manager',)]
...
@@ -360,10 +360,8 @@ def test_register_permission():
...
@@ -360,10 +360,8 @@ def test_register_permission():
Let's also ensure that permissions are not overwritten if they exist
Let's also ensure that permissions are not overwritten if they exist
already:
already:
>>> from AccessControl.Permission import _registeredPermissions
>>> from AccessControl.Permission import addPermission
>>> _registeredPermissions['Dummy: Other dummy'] = 1
>>> addPermission('Dummy: Other dummy', ('Anonymous', ))
>>> Products.__ac_permissions__ += (
... ('Dummy: Other dummy', (), ('Anonymous', ),),)
>>> from StringIO import StringIO
>>> from StringIO import StringIO
>>> configure_zcml = StringIO('''
>>> configure_zcml = StringIO('''
...
@@ -380,9 +378,8 @@ def test_register_permission():
...
@@ -380,9 +378,8 @@ def test_register_permission():
>>> from zope.configuration.xmlconfig import xmlconfig
>>> from zope.configuration.xmlconfig import xmlconfig
>>> xmlconfig(configure_zcml)
>>> xmlconfig(configure_zcml)
>>> permissions = getattr(Products, '__ac_permissions__', ())
>>> permissions = getPermissions()
>>> [p[2] for p in permissions
>>> [p[2] for p in permissions if p[0] == 'Dummy: Other dummy']
... if p[0] == 'Dummy: Other dummy']
[('Anonymous',)]
[('Anonymous',)]
>>> tearDown()
>>> tearDown()
...
...
src/HelpSys/HelpSys.py
View file @
531882a5
...
@@ -56,7 +56,6 @@ class HelpSys(Implicit, ObjectManager, Item, Persistent):
...
@@ -56,7 +56,6 @@ class HelpSys(Implicit, ObjectManager, Item, Persistent):
security
.
declareProtected
(
access_contents_information
,
'helpValues'
)
security
.
declareProtected
(
access_contents_information
,
'helpValues'
)
def
helpValues
(
self
,
spec
=
None
):
def
helpValues
(
self
,
spec
=
None
):
"ProductHelp objects of all Products that have help"
"ProductHelp objects of all Products that have help"
import
Products
hv
=
[]
hv
=
[]
for
product
in
self
.
Control_Panel
.
Products
.
objectValues
():
for
product
in
self
.
Control_Panel
.
Products
.
objectValues
():
productHelp
=
product
.
getProductHelp
()
productHelp
=
product
.
getProductHelp
()
...
...
src/OFS/ObjectManager.py
View file @
531882a5
...
@@ -26,6 +26,7 @@ import re
...
@@ -26,6 +26,7 @@ import re
import
sys
import
sys
from
AccessControl
import
ClassSecurityInfo
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.Permission
import
getPermissions
from
AccessControl.Permissions
import
view_management_screens
from
AccessControl.Permissions
import
view_management_screens
from
AccessControl.Permissions
import
access_contents_information
from
AccessControl.Permissions
import
access_contents_information
from
AccessControl.Permissions
import
delete_objects
from
AccessControl.Permissions
import
delete_objects
...
@@ -263,9 +264,7 @@ class ObjectManager(CopyContainer,
...
@@ -263,9 +264,7 @@ class ObjectManager(CopyContainer,
return
meta_types
return
meta_types
def
_subobject_permissions
(
self
):
def
_subobject_permissions
(
self
):
import
Products
return
getPermissions
()
Products_permissions
=
getattr
(
Products
,
'__ac_permissions__'
,
())
return
Products_permissions
def
filtered_meta_types
(
self
,
user
=
None
):
def
filtered_meta_types
(
self
,
user
=
None
):
# Return a list of the types for which the user has
# Return a list of the types for which the user has
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment