Create an API to access Products.__ac_permissions__

531882a5 · Hanno Schlichting · d0f7568f · 531882a5 · 531882a5 · 531882a5
Commit 531882a5 authored Jun 05, 2010 by Hanno Schlichting
6 changed files
--- a/src/AccessControl/Permission.py
+++ b/src/AccessControl/Permission.py
@@ -141,10 +141,28 @@ class Permission:
 _registeredPermissions = {}


+def getPermissions():
+    import Products
+    return getattr(Products, '__ac_permissions__', ())
+
+
+def addPermission(perm, default_roles=('Manager', )):
+    if perm in _registeredPermissions:
+        return
+
+    entry = ((perm, (), default_roles), )
+    import Products
+    Products_permissions = getPermissions()
+    Products.__ac_permissions__ = Products_permissions + entry
+    _registeredPermissions[perm] = 1
+    mangled = pname(perm) # get mangled permission name
+    if not hasattr(ApplicationDefaultPermissions, mangled):
+        setattr(ApplicationDefaultPermissions, mangled, default_roles)
+
+
 def registerPermissions(permissions, defaultDefault=('Manager', )):
    """Register an __ac_permissions__ sequence.
    """
-    import Products
    for setting in permissions:
        if setting[0] in _registeredPermissions:
            continue
@@ -153,14 +171,7 @@ def registerPermissions(permissions, defaultDefault=('Manager', )):
            default = defaultDefault
        else:
            perm, methods, default = setting
-        _registeredPermissions[perm]=1
-        Products_permissions = getattr(Products, '__ac_permissions__', ())
-        Products.__ac_permissions__=(
-            Products_permissions + ((perm, (), default), ))
-        mangled=pname(perm) # get mangled permission name
-        if not hasattr(ApplicationDefaultPermissions, mangled):
-            setattr(ApplicationDefaultPermissions,
-                    mangled, default)
+        addPermission(perm, default)


 class ApplicationDefaultPermissions:

--- a/src/AccessControl/Role.py
+++ b/src/AccessControl/Role.py
@@ -28,6 +28,7 @@ from zope.interface import implements
 from AccessControl import ClassSecurityInfo
 from AccessControl.class_init import InitializeClass
 from AccessControl.interfaces import IRoleManager
+from AccessControl.Permission import getPermissions
 from AccessControl.Permission import Permission
 from AccessControl.Permissions import change_permissions
 from AccessControl.requestmethod import requestmethod
@@ -608,9 +609,8 @@ class RoleManager(Base, RoleManager):
        pass

    def possible_permissions(self):
-        import Products
        d={}
-        Products_permissions = getattr(Products, '__ac_permissions__', ())
+        Products_permissions = getPermissions()
        for p in Products_permissions:
            d[p[0]]=1
        for p in self.ac_inherited_permissions(1):

--- a/src/AccessControl/security.py
+++ b/src/AccessControl/security.py
@@ -27,16 +27,12 @@ from zope.security.simplepolicies import ParanoidSecurityPolicy

 from AccessControl.SecurityInfo import ClassSecurityInfo
 from AccessControl.SecurityManagement import getSecurityManager
-from AccessControl.Permission import _registeredPermissions
-from AccessControl.Permission import pname
-
-import Products
-
-from AccessControl.Permission import ApplicationDefaultPermissions
+from AccessControl.Permission import addPermission

 CheckerPublicId = 'zope.Public'
 CheckerPrivateId = 'zope2.Private'

+
 def getSecurityInfo(klass):
    sec = {}
    info = vars(klass)
@@ -47,8 +43,8 @@ def getSecurityInfo(klass):
            sec[k] = v
    return sec

+
 def clearSecurityInfo(klass):
-    sec = {}
    info = vars(klass)
    if info.has_key('__ac_permissions__'):
        delattr(klass, '__ac_permissions__')
@@ -56,6 +52,7 @@ def clearSecurityInfo(klass):
        if k.endswith('__roles__'):
            delattr(klass, k)

+
 def checkPermission(permission, object, interaction=None):
    """Return whether security policy allows permission on object.

@@ -82,6 +79,7 @@ def checkPermission(permission, object, interaction=None):

    return False

+
 class SecurityPolicy(ParanoidSecurityPolicy):
    """Security policy that bridges between zope.security security mechanisms
    and Zope 2's security policy.
@@ -94,6 +92,7 @@ class SecurityPolicy(ParanoidSecurityPolicy):
    def checkPermission(self, permission, object):
        return checkPermission(permission, object)

+
 def newInteraction():
    """Con zope.security to use Zope 2's checkPermission.

@@ -105,6 +104,7 @@ def newInteraction():
    if getattr(thread_local, 'interaction', None) is None:
        thread_local.interaction = SecurityPolicy()

+
 def _getSecurity(klass):
    # a Zope 2 class can contain some attribute that is an instance
    # of ClassSecurityInfo. Zope 2 scans through things looking for
@@ -120,6 +120,7 @@ def _getSecurity(klass):
    setattr(klass, '__security__', security)
    return security

+
 def protectName(klass, name, permission_id):
    """Protect the attribute 'name' on 'klass' using the given
       permission"""
@@ -139,6 +140,7 @@ def protectName(klass, name, permission_id):
        perm = str(permission.title)
        security.declareProtected(perm, name)

+
 def protectClass(klass, permission_id):
    """Protect the whole class with the given permission"""
    security = _getSecurity(klass)
@@ -155,21 +157,11 @@ def protectClass(klass, permission_id):
        perm = str(permission.title)
        security.declareObjectProtected(perm)

+
 def create_permission_from_permission_directive(permission, event):
    """When a new IPermission utility is registered (via the <permission />
    directive), create the equivalent Zope2 style permission.
    """
-
-    global _registeredPermissions
-
    # Zope 2 uses string, not unicode yet
    zope2_permission = str(permission.title)
-    roles = ('Manager',)
-
-    if not _registeredPermissions.has_key(zope2_permission):
-        _registeredPermissions[zope2_permission] = 1
-
-        Products.__ac_permissions__ += ((zope2_permission, (), roles,),)
-
-        mangled = pname(zope2_permission)
-        setattr(ApplicationDefaultPermissions, mangled, roles)
+    addPermission(zope2_permission)
--- a/src/AccessControl/tests/testZCML.py
+++ b/src/AccessControl/tests/testZCML.py
@@ -351,8 +351,8 @@ def test_register_permission():
    The permission will be made available globally, with default role set
    of ('Manager',).

-      >>> import Products
-      >>> permissions = getattr(Products, '__ac_permissions__', ())
+      >>> from AccessControl.Permission import getPermissions
+      >>> permissions = getPermissions()
      >>> [p[2] for p in permissions
      ...          if p[0] == 'AccessControl: Dummy permission']
      [('Manager',)]
@@ -360,10 +360,8 @@ def test_register_permission():
    Let's also ensure that permissions are not overwritten if they exist
    already:

-      >>> from AccessControl.Permission import _registeredPermissions
-      >>> _registeredPermissions['Dummy: Other dummy'] = 1
-      >>> Products.__ac_permissions__ += (
-      ...     ('Dummy: Other dummy', (), ('Anonymous', ),),)
+      >>> from AccessControl.Permission import addPermission
+      >>> addPermission('Dummy: Other dummy', ('Anonymous', ))

      >>> from StringIO import StringIO
      >>> configure_zcml = StringIO('''
@@ -380,9 +378,8 @@ def test_register_permission():
      >>> from zope.configuration.xmlconfig import xmlconfig
      >>> xmlconfig(configure_zcml)

-      >>> permissions = getattr(Products, '__ac_permissions__', ())
-      >>> [p[2] for p in permissions
-      ...          if p[0] == 'Dummy: Other dummy']
+      >>> permissions = getPermissions()
+      >>> [p[2] for p in permissions if p[0] == 'Dummy: Other dummy']
      [('Anonymous',)]

      >>> tearDown()

--- a/src/HelpSys/HelpSys.py
+++ b/src/HelpSys/HelpSys.py
@@ -56,7 +56,6 @@ class HelpSys(Implicit, ObjectManager, Item, Persistent):
    security.declareProtected(access_contents_information, 'helpValues')
    def helpValues(self, spec=None):
        "ProductHelp objects of all Products that have help"
-        import Products
        hv=[]
        for product in self.Control_Panel.Products.objectValues():
            productHelp=product.getProductHelp()

--- a/src/OFS/ObjectManager.py
+++ b/src/OFS/ObjectManager.py
@@ -26,6 +26,7 @@ import re
 import sys

 from AccessControl import ClassSecurityInfo
+from AccessControl.Permission import getPermissions
 from AccessControl.Permissions import view_management_screens
 from AccessControl.Permissions import access_contents_information
 from AccessControl.Permissions import delete_objects
@@ -263,9 +264,7 @@ class ObjectManager(CopyContainer,
        return meta_types

    def _subobject_permissions(self):
-        import Products
-        Products_permissions = getattr(Products, '__ac_permissions__', ())
-        return Products_permissions
+        return getPermissions()

    def filtered_meta_types(self, user=None):
        # Return a list of the types for which the user has