Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
82d43c24
Commit
82d43c24
authored
Jun 05, 2010
by
Hanno Schlichting
Browse files
Options
Browse Files
Download
Plain Diff
Merge the hannosch-dtml-vs-accesscontrol branch
parents
8e66586c
7bfeaa40
Changes
41
Hide whitespace changes
Inline
Side-by-side
Showing
41 changed files
with
366 additions
and
788 deletions
+366
-788
AC-vs-DTML-TODO.txt
AC-vs-DTML-TODO.txt
+71
-0
src/AccessControl/DTML.py
src/AccessControl/DTML.py
+5
-91
src/AccessControl/ImplC.py
src/AccessControl/ImplC.py
+1
-6
src/AccessControl/ImplPython.py
src/AccessControl/ImplPython.py
+0
-13
src/AccessControl/Implementation.py
src/AccessControl/Implementation.py
+0
-2
src/AccessControl/Owned.py
src/AccessControl/Owned.py
+1
-1
src/AccessControl/PermissionMapping.py
src/AccessControl/PermissionMapping.py
+1
-1
src/AccessControl/Permissions.py
src/AccessControl/Permissions.py
+10
-2
src/AccessControl/Role.py
src/AccessControl/Role.py
+1
-1
src/AccessControl/SecurityInfo.py
src/AccessControl/SecurityInfo.py
+1
-1
src/AccessControl/SimpleObjectPolicies.py
src/AccessControl/SimpleObjectPolicies.py
+0
-15
src/AccessControl/User.py
src/AccessControl/User.py
+1
-1
src/AccessControl/__init__.py
src/AccessControl/__init__.py
+0
-3
src/AccessControl/class_init.py
src/AccessControl/class_init.py
+89
-0
src/AccessControl/metaconfigure.py
src/AccessControl/metaconfigure.py
+1
-1
src/AccessControl/securitySuite/README
src/AccessControl/securitySuite/README
+0
-11
src/AccessControl/securitySuite/ResultObject.py
src/AccessControl/securitySuite/ResultObject.py
+0
-38
src/AccessControl/securitySuite/SecurityBase.py
src/AccessControl/securitySuite/SecurityBase.py
+0
-201
src/AccessControl/securitySuite/framework.py
src/AccessControl/securitySuite/framework.py
+0
-44
src/AccessControl/securitySuite/regressionSecurity.py
src/AccessControl/securitySuite/regressionSecurity.py
+0
-248
src/AccessControl/tests/testAcquisition.py
src/AccessControl/tests/testAcquisition.py
+1
-1
src/AccessControl/tests/testBindings.py
src/AccessControl/tests/testBindings.py
+1
-1
src/AccessControl/tests/testClassSecurityInfo.py
src/AccessControl/tests/testClassSecurityInfo.py
+1
-1
src/AccessControl/tests/testZCML.py
src/AccessControl/tests/testZCML.py
+1
-1
src/AccessControl/tests/testZopeGuards.py
src/AccessControl/tests/testZopeGuards.py
+1
-1
src/App/class_init.py
src/App/class_init.py
+3
-73
src/DocumentTemplate/DT_Util.py
src/DocumentTemplate/DT_Util.py
+5
-0
src/DocumentTemplate/__init__.py
src/DocumentTemplate/__init__.py
+5
-5
src/DocumentTemplate/permissions.py
src/DocumentTemplate/permissions.py
+2
-0
src/DocumentTemplate/security.py
src/DocumentTemplate/security.py
+148
-0
src/DocumentTemplate/sequence/__init__.py
src/DocumentTemplate/sequence/__init__.py
+1
-0
src/DocumentTemplate/tests/testSecurity.py
src/DocumentTemplate/tests/testSecurity.py
+3
-13
src/Globals/__init__.py
src/Globals/__init__.py
+2
-2
src/OFS/DTMLDocument.py
src/OFS/DTMLDocument.py
+2
-2
src/OFS/DTMLMethod.py
src/OFS/DTMLMethod.py
+2
-2
src/OFS/FindSupport.py
src/OFS/FindSupport.py
+1
-1
src/Products/PageTemplates/ZRPythonExpr.py
src/Products/PageTemplates/ZRPythonExpr.py
+1
-1
src/Products/PythonScripts/standard.py
src/Products/PythonScripts/standard.py
+1
-1
src/Products/ZCatalog/ZCatalog.py
src/Products/ZCatalog/ZCatalog.py
+1
-1
src/Shared/DC/ZRDB/DA.py
src/Shared/DC/ZRDB/DA.py
+1
-1
src/Testing/ZopeTestCase/testFunctional.py
src/Testing/ZopeTestCase/testFunctional.py
+1
-1
No files found.
AC-vs-DTML-TODO.txt
0 → 100644
View file @
82d43c24
Standalone AccessControl and DTML
=================================
AccessControl
-------------
- Acceptable dependencies (we can improve on that later):
* zope.component
* zope.configuration
* zope.deferredimport
* zope.interface
* zope.publisher
* zope.schema
* zope.security
* zExceptions
* Acquisition
* ExtensionClass
* Persistence
* Record
* RestrictedPython
* ZODB3
- Remaining outside imports:
* Products (in registerPermissions using it as a data container for
``__ac_permissions__``) - this should use a global inside the module
inside AccessControl.
* App (MessageDialog, DTMLFile, ...) - all need to go - redoing the UI is
hard. We probably need to move it into some other core part of Zope2, like
the App package, which could serve as a general dumping ground for ZMI
related stuff from "reusable" packages.
- Test only dependencies:
* OFS
* Products.PythonScripts
* Products.SiteErrorLog
* Testing
* transaction
* Zope2
DocumentTemplate
----------------
- TreeDisplay should be moved into the DocumentTemplate distribution, the two
depend on each other.
- Acceptable dependencies (we can improve on that later):
* zope.sequencesort
* zope.structuredtext
* AccessControl (once it is its own distribution)
* Acquisition
* ExtensionClass
* Missing
* RestrictedPython
* zExceptions
- Remaining outside imports:
* App (getConfiguration().structured_text_header_level)
* reStructuredText (HTML) - Both of these deal with format support and
configuration via zope.conf. The calls are localized to one function each.
Add an optional dependency on Zope2? Configure if it is available,
otherwise use some default?
- Test only dependencies:
* Products.PythonScripts
src/AccessControl/DTML.py
View file @
82d43c24
...
@@ -11,97 +11,11 @@
...
@@ -11,97 +11,11 @@
#
#
##############################################################################
##############################################################################
"""Add security system support to Document Templates
"""Add security system support to Document Templates
$Id$
"""
"""
from
DocumentTemplate
import
DT_Util
import
SecurityManagement
,
string
,
math
,
random
,
sets
import
DocumentTemplate.sequence
from
ZopeGuards
import
safe_builtins
# RestrictedDTML is inserted by AccessControl.Implementation.
# Allow access to unprotected attributes
DT_Util
.
TemplateDict
.
__allow_access_to_unprotected_subobjects__
=
1
string
.
__allow_access_to_unprotected_subobjects__
=
1
math
.
__allow_access_to_unprotected_subobjects__
=
1
random
.
__allow_access_to_unprotected_subobjects__
=
1
sets
.
__allow_access_to_unprotected_subobjects__
=
1
DocumentTemplate
.
sequence
.
__allow_access_to_unprotected_subobjects__
=
1
# Add security testing capabilities
class
DTMLSecurityAPI
:
"""API for performing security checks in DTML using '_' methods.
"""
def
SecurityValidate
(
md
,
inst
,
parent
,
name
,
value
):
"""Validate access.
Arguments:
accessed -- the object that was being accessed
container -- the object the value was found in
name -- The name used to access the value
value -- The value retrieved though the access.
The arguments may be provided as keyword arguments. Some of these
arguments may be ommitted, however, the policy may reject access
in some cases when arguments are ommitted. It is best to provide
all the values possible.
"""
return
(
SecurityManagement
.
getSecurityManager
()
.
validate
(
inst
,
parent
,
name
,
value
)
)
def
SecurityCheckPermission
(
md
,
permission
,
object
):
"""Check whether the security context allows the given permission on
the given object.
Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
"""
return
(
SecurityManagement
.
getSecurityManager
()
.
checkPermission
(
permission
,
object
)
)
def
SecurityGetUser
(
md
):
"""Gen the current authenticated user"""
return
(
SecurityManagement
.
getSecurityManager
()
.
getUser
()
)
def
SecurityCalledByExecutable
(
md
):
"""Return a boolean value indicating if this context was called
by an executable"""
r
=
(
SecurityManagement
.
getSecurityManager
()
.
calledByExecutable
()
)
if
r
>
0
:
return
r
-
1
return
r
for
name
,
v
in
DTMLSecurityAPI
.
__dict__
.
items
():
from
zope.deferredimport
import
deprecated
if
name
[
0
]
!=
'_'
:
setattr
(
DT_Util
.
TemplateDict
,
name
,
v
)
from
types
import
FunctionType
deprecated
(
"Please import from DocumentTemplate.security"
,
for
name
,
v
in
safe_builtins
.
items
():
DTMLSecurityAPI
=
'DocumentTemplate.security:DTMLSecurityAPI'
,
if
type
(
v
)
is
FunctionType
:
RestrictedDTML
=
'DocumentTemplate.security:RestrictedDTML'
,
v
=
DT_Util
.
NotBindable
(
v
)
)
if
name
.
startswith
(
'__'
):
continue
setattr
(
DT_Util
.
TemplateDict
,
name
,
v
)
src/AccessControl/ImplC.py
View file @
82d43c24
...
@@ -18,7 +18,6 @@ try:
...
@@ -18,7 +18,6 @@ try:
from
AccessControl.cAccessControl
import
PermissionRole
from
AccessControl.cAccessControl
import
PermissionRole
from
AccessControl.cAccessControl
import
imPermissionRole
from
AccessControl.cAccessControl
import
imPermissionRole
from
AccessControl.cAccessControl
import
_what_not_even_god_should_do
from
AccessControl.cAccessControl
import
_what_not_even_god_should_do
from
AccessControl.cAccessControl
import
RestrictedDTMLMixin
from
AccessControl.cAccessControl
import
aq_validate
from
AccessControl.cAccessControl
import
aq_validate
from
AccessControl.cAccessControl
import
guarded_getattr
from
AccessControl.cAccessControl
import
guarded_getattr
from
AccessControl.cAccessControl
import
setDefaultBehaviors
from
AccessControl.cAccessControl
import
setDefaultBehaviors
...
@@ -31,15 +30,11 @@ except ImportError:
...
@@ -31,15 +30,11 @@ except ImportError:
# make sure a partial import doesn't pollute sys.modules
# make sure a partial import doesn't pollute sys.modules
del
sys
.
modules
[
__name__
]
del
sys
.
modules
[
__name__
]
raise
raise
from
AccessControl.ImplPython
import
RestrictedDTML
from
AccessControl.ImplPython
import
SecurityManager
from
AccessControl.ImplPython
import
SecurityManager
from
AccessControl.ImplPython
import
ZopeSecurityPolicy
from
AccessControl.ImplPython
import
ZopeSecurityPolicy
class
RestrictedDTML
(
RestrictedDTMLMixin
,
RestrictedDTML
):
"""A mix-in for derivatives of DT_String.String that adds Zope security."""
class
ZopeSecurityPolicy
(
cZopeSecurityPolicy
,
ZopeSecurityPolicy
):
class
ZopeSecurityPolicy
(
cZopeSecurityPolicy
,
ZopeSecurityPolicy
):
"""A security manager provides methods for checking access and managing
"""A security manager provides methods for checking access and managing
executable context and policies
executable context and policies
...
...
src/AccessControl/ImplPython.py
View file @
82d43c24
...
@@ -180,19 +180,6 @@ class imPermissionRole(Base):
...
@@ -180,19 +180,6 @@ class imPermissionRole(Base):
return
len
(
v
)
return
len
(
v
)
# AccessControl.DTML
# ------------------
class
RestrictedDTML
:
"""A mix-in for derivatives of DT_String.String that adds Zope security."""
def
guarded_getattr
(
self
,
*
args
):
# ob, name [, default]
return
guarded_getattr
(
*
args
)
def
guarded_getitem
(
self
,
ob
,
index
):
return
guarded_getitem
(
ob
,
index
)
# AccessControl.ZopeSecurityPolicy
# AccessControl.ZopeSecurityPolicy
# --------------------------------
# --------------------------------
#
#
...
...
src/AccessControl/Implementation.py
View file @
82d43c24
...
@@ -75,8 +75,6 @@ _implementation_set = 0
...
@@ -75,8 +75,6 @@ _implementation_set = 0
_policy_names
=
{
_policy_names
=
{
"AccessControl"
:
(
"setDefaultBehaviors"
,
"AccessControl"
:
(
"setDefaultBehaviors"
,
),
),
"AccessControl.DTML"
:
(
"RestrictedDTML"
,
),
"AccessControl.PermissionRole"
:
(
"_what_not_even_god_should_do"
,
"AccessControl.PermissionRole"
:
(
"_what_not_even_god_should_do"
,
"rolesForPermissionOn"
,
"rolesForPermissionOn"
,
"PermissionRole"
,
"PermissionRole"
,
...
...
src/AccessControl/Owned.py
View file @
82d43c24
...
@@ -21,10 +21,10 @@ from Acquisition import aq_get
...
@@ -21,10 +21,10 @@ from Acquisition import aq_get
from
Acquisition
import
aq_inner
from
Acquisition
import
aq_inner
from
Acquisition
import
aq_parent
from
Acquisition
import
aq_parent
from
App.special_dtml
import
DTMLFile
from
App.special_dtml
import
DTMLFile
from
App.class_init
import
InitializeClass
from
ExtensionClass
import
Base
from
ExtensionClass
import
Base
from
zope.interface
import
implements
from
zope.interface
import
implements
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.interfaces
import
IOwned
from
AccessControl.interfaces
import
IOwned
from
AccessControl.Permissions
import
view_management_screens
from
AccessControl.Permissions
import
view_management_screens
from
AccessControl.Permissions
import
take_ownership
from
AccessControl.Permissions
import
take_ownership
...
...
src/AccessControl/PermissionMapping.py
View file @
82d43c24
...
@@ -22,10 +22,10 @@ $Id$
...
@@ -22,10 +22,10 @@ $Id$
from
cgi
import
escape
from
cgi
import
escape
from
Acquisition
import
ImplicitAcquisitionWrapper
from
Acquisition
import
ImplicitAcquisitionWrapper
from
App.class_init
import
InitializeClass
from
ExtensionClass
import
Base
from
ExtensionClass
import
Base
from
zope.interface
import
implements
from
zope.interface
import
implements
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.interfaces
import
IPermissionMappingSupport
from
AccessControl.interfaces
import
IPermissionMappingSupport
from
AccessControl.Owned
import
UnownableOwner
from
AccessControl.Owned
import
UnownableOwner
from
AccessControl.Permission
import
pname
from
AccessControl.Permission
import
pname
...
...
src/AccessControl/Permissions.py
View file @
82d43c24
...
@@ -28,8 +28,6 @@ add_vocabularies='Add Vocabularies'
...
@@ -28,8 +28,6 @@ add_vocabularies='Add Vocabularies'
add_z_gadfly_database_connections
=
'Add Z Gadfly Database Connections'
add_z_gadfly_database_connections
=
'Add Z Gadfly Database Connections'
add_zcatalogs
=
'Add ZCatalogs'
add_zcatalogs
=
'Add ZCatalogs'
add_zope_tutorials
=
'Add Zope Tutorials'
add_zope_tutorials
=
'Add Zope Tutorials'
change_dtml_documents
=
'Change DTML Documents'
change_dtml_methods
=
'Change DTML Methods'
change_database_connections
=
'Change Database Connections'
change_database_connections
=
'Change Database Connections'
change_database_methods
=
'Change Database Methods'
change_database_methods
=
'Change Database Methods'
change_external_methods
=
'Change External Methods'
change_external_methods
=
'Change External Methods'
...
@@ -67,3 +65,13 @@ view_management_screens='View management screens'
...
@@ -67,3 +65,13 @@ view_management_screens='View management screens'
webdav_access
=
'WebDAV access'
webdav_access
=
'WebDAV access'
webdav_lock_items
=
'WebDAV Lock items'
webdav_lock_items
=
'WebDAV Lock items'
webdav_unlock_items
=
'WebDAV Unlock items'
webdav_unlock_items
=
'WebDAV Unlock items'
from
zope.deferredimport
import
deprecated
new_loc
=
'DocumentTemplate.permissions'
deprecated
(
"Please import from %s"
%
new_loc
,
change_dtml_documents
=
'%s:change_dtml_documents'
%
new_loc
,
change_dtml_methods
=
'%s:change_dtml_methods'
%
new_loc
,
)
src/AccessControl/Role.py
View file @
82d43c24
...
@@ -22,13 +22,13 @@ from Acquisition import aq_get
...
@@ -22,13 +22,13 @@ from Acquisition import aq_get
from
AccessControl
import
ClassSecurityInfo
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.SecurityManagement
import
newSecurityManager
from
AccessControl.SecurityManagement
import
newSecurityManager
from
AccessControl.Permissions
import
change_permissions
from
AccessControl.Permissions
import
change_permissions
from
App.class_init
import
InitializeClass
from
App.Dialogs
import
MessageDialog
from
App.Dialogs
import
MessageDialog
from
App.special_dtml
import
DTMLFile
from
App.special_dtml
import
DTMLFile
from
ExtensionClass
import
Base
from
ExtensionClass
import
Base
from
PermissionMapping
import
RoleManager
from
PermissionMapping
import
RoleManager
from
zope.interface
import
implements
from
zope.interface
import
implements
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.interfaces
import
IRoleManager
from
AccessControl.interfaces
import
IRoleManager
from
AccessControl.Permission
import
Permission
from
AccessControl.Permission
import
Permission
from
AccessControl.requestmethod
import
requestmethod
from
AccessControl.requestmethod
import
requestmethod
...
...
src/AccessControl/SecurityInfo.py
View file @
82d43c24
...
@@ -311,5 +311,5 @@ def allow_class(Class):
...
@@ -311,5 +311,5 @@ def allow_class(Class):
sec
.
declareObjectPublic
()
sec
.
declareObjectPublic
()
sec
.
setDefaultAccess
(
1
)
sec
.
setDefaultAccess
(
1
)
sec
.
apply
(
Class
)
sec
.
apply
(
Class
)
from
A
pp
.class_init
import
InitializeClass
from
A
ccessControl
.class_init
import
InitializeClass
InitializeClass
(
Class
)
InitializeClass
(
Class
)
src/AccessControl/SimpleObjectPolicies.py
View file @
82d43c24
...
@@ -77,21 +77,6 @@ ContainerAssertions={
...
@@ -77,21 +77,6 @@ ContainerAssertions={
type
(
u''
):
1
,
type
(
u''
):
1
,
}
}
class
_dummy_class
:
pass
from
DocumentTemplate.DT_Util
import
TemplateDict
# Temporarily create a DictInstance so that we can mark its type as
# being a key in the ContainerAssertions.
templateDict
=
TemplateDict
()
try
:
dictInstance
=
templateDict
(
dummy
=
1
)[
0
]
if
type
(
dictInstance
)
is
not
type
(
_dummy_class
()):
ContainerAssertions
[
type
(
dictInstance
)]
=
1
except
:
# Hmm, this may cause _() and _.namespace() to fail.
# What to do?
pass
Containers
=
ContainerAssertions
.
get
Containers
=
ContainerAssertions
.
get
def
allow_type
(
Type
,
allowed
=
1
):
def
allow_type
(
Type
,
allowed
=
1
):
...
...
src/AccessControl/User.py
View file @
82d43c24
...
@@ -24,12 +24,12 @@ from Acquisition import aq_base
...
@@ -24,12 +24,12 @@ from Acquisition import aq_base
from
Acquisition
import
aq_parent
from
Acquisition
import
aq_parent
from
Acquisition
import
aq_inContextOf
from
Acquisition
import
aq_inContextOf
from
Acquisition
import
Implicit
from
Acquisition
import
Implicit
from
App.class_init
import
InitializeClass
from
App.Management
import
Navigation
from
App.Management
import
Navigation
from
App.Management
import
Tabs
from
App.Management
import
Tabs
from
App.special_dtml
import
DTMLFile
from
App.special_dtml
import
DTMLFile
from
App.Dialogs
import
MessageDialog
from
App.Dialogs
import
MessageDialog
from
AccessControl
import
ClassSecurityInfo
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.Permissions
import
manage_users
as
ManageUsers
from
AccessControl.Permissions
import
manage_users
as
ManageUsers
from
OFS.SimpleItem
import
Item
from
OFS.SimpleItem
import
Item
from
Persistence
import
Persistent
from
Persistence
import
Persistent
...
...
src/AccessControl/__init__.py
View file @
82d43c24
...
@@ -31,6 +31,3 @@ from AccessControl.ZopeGuards import full_write_guard
...
@@ -31,6 +31,3 @@ from AccessControl.ZopeGuards import full_write_guard
from
AccessControl.ZopeGuards
import
safe_builtins
from
AccessControl.ZopeGuards
import
safe_builtins
ModuleSecurityInfo
(
'AccessControl'
).
declarePublic
(
'getSecurityManager'
)
ModuleSecurityInfo
(
'AccessControl'
).
declarePublic
(
'getSecurityManager'
)
from
AccessControl
import
DTML
# XXX side effects?
del
DTML
src/AccessControl/class_init.py
0 → 100644
View file @
82d43c24
##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Class initialization.
$Id$
"""
import
logging
from
AccessControl.Permission
import
ApplicationDefaultPermissions
# BBB
def
InitializeClass
(
self
):
from
AccessControl.Permission
import
registerPermissions
from
AccessControl.PermissionRole
import
PermissionRole
dict
=
self
.
__dict__
have
=
dict
.
has_key
ft
=
type
(
InitializeClass
)
dict_items
=
dict
.
items
()
for
name
,
v
in
dict_items
:
if
getattr
(
v
,
'_need__name__'
,
0
):
d
=
v
.
__dict__
oldname
=
d
.
get
(
'__name__'
,
''
)
if
d
.
get
(
'_implicit__name__'
,
0
):
# Already supplied a name.
if
name
!=
oldname
:
# Tried to implicitly assign a different name!
try
:
classname
=
'%s.%s'
%
(
self
.
__module__
,
self
.
__name__
)
except
AttributeError
:
classname
=
`self`
logging
.
getLogger
(
"Init"
).
warning
(
'Ambiguous name for method of %s: %r != %r'
,
classname
,
d
[
'__name__'
],
name
)
else
:
# Supply a name implicitly so that the method can
# find the security assertions on its container.
v
.
_implicit__name__
=
1
v
.
__name__
=
name
if
name
==
'manage'
or
name
[:
7
]
==
'manage_'
:
name
=
name
+
'__roles__'
if
not
have
(
name
):
setattr
(
self
,
name
,
(
'Manager'
,))
elif
name
==
'manage'
or
name
[:
7
]
==
'manage_'
and
type
(
v
)
is
ft
:
name
=
name
+
'__roles__'
if
not
have
(
name
):
setattr
(
self
,
name
,
(
'Manager'
,))
# Look for a SecurityInfo object on the class. If found, call its
# apply() method to generate __ac_permissions__ for the class. We
# delete the SecurityInfo from the class dict after it has been
# applied out of paranoia.
for
key
,
value
in
dict_items
:
if
hasattr
(
value
,
'__security_info__'
):
security_info
=
value
security_info
.
apply
(
self
)
delattr
(
self
,
key
)
break
if
self
.
__dict__
.
has_key
(
'__ac_permissions__'
):
registerPermissions
(
self
.
__ac_permissions__
)
for
acp
in
self
.
__ac_permissions__
:
pname
,
mnames
=
acp
[:
2
]
if
len
(
acp
)
>
2
:
roles
=
acp
[
2
]
pr
=
PermissionRole
(
pname
,
roles
)
else
:
pr
=
PermissionRole
(
pname
)
for
mname
in
mnames
:
setattr
(
self
,
mname
+
'__roles__'
,
pr
)
if
(
mname
and
mname
not
in
(
'context'
,
'request'
)
and
not
hasattr
(
self
,
mname
)):
# don't complain about context or request, as they are
# frequently not available as class attributes
logging
.
getLogger
(
"Init"
).
warning
(
"Class %s.%s has a security declaration for "
"nonexistent method %r"
,
self
.
__module__
,
self
.
__name__
,
mname
)
default__class_init__
=
InitializeClass
# BBB: old name
src/AccessControl/metaconfigure.py
View file @
82d43c24
...
@@ -14,8 +14,8 @@
...
@@ -14,8 +14,8 @@
import
warnings
import
warnings
from
zope.security
import
metaconfigure
from
zope.security
import
metaconfigure
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.security
import
protectName
from
AccessControl.security
import
protectName
from
App.class_init
import
InitializeClass
class
ClassDirective
(
metaconfigure
.
ClassDirective
):
class
ClassDirective
(
metaconfigure
.
ClassDirective
):
...
...
src/AccessControl/securitySuite/README
deleted
100644 → 0
View file @
8e66586c
Architecture of the Zope SecuritySuite
The base class of the suite is "SecurityBase" and contains
the basic function of perform tests for permissions, roles
and perform ZPublisher request:
- _checkPermission()
- _checkRoles()
- _request()
src/AccessControl/securitySuite/ResultObject.py
deleted
100644 → 0
View file @
8e66586c
##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
class
ResultObject
:
""" result object used for keeping results from the
ZPublisher.Zope() calls
$Id$
"""
def
__str__
(
self
,
expected
=-
1
,
with_output
=
1
):
s
=
'
\
n
'
s
+=
'-'
*
78
s
+=
"
\
n
Request: %s"
%
self
.
request
s
+=
"
\
n
User: %s"
%
self
.
user
s
+=
"
\
n
Expected: %s"
%
expected
+
" got: %s %s"
%
(
self
.
code
,
self
.
return_text
)
if
with_output
:
s
+=
"
\
n
Output:"
s
+=
self
.
output
s
+=
"
\
n
"
return
s
__repr__
=
__str__
def
__call__
(
self
,
expected
=-
1
):
return
self
.
__str__
(
expected
)
src/AccessControl/securitySuite/SecurityBase.py
deleted
100644 → 0
View file @
8e66586c
##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
import
sys
,
re
,
unittest
,
cStringIO
import
ZPublisher
,
ResultObject
import
OFS.Application
import
AccessControl.SecurityManagement
# Set up a publishable, non-ZODB Zope application.
app
=
OFS
.
Application
.
Application
()
def
index_html
():
" "
return
"This is index_html."
app
.
index_html
=
index_html
# Will index_html ever go away? ;-)
class
BoboApplication
:
# OFS.Application has a __bobo_traverse__ that ZPublisher thinks
# it should use to find the "real" root of the application.
# This class gets around that.
def
__bobo_traverse__
(
self
,
request
,
name
=
None
):
return
app
# ZPublisher will look for these vars.
bobo_application
=
BoboApplication
()
zpublisher_validated_hook
=
AccessControl
.
SecurityManagement
.
newSecurityManager
__bobo_before__
=
AccessControl
.
SecurityManagement
.
noSecurityManager
class
SecurityBase
(
unittest
.
TestCase
)
:
""" Base class for all security tests
$Id$
"""
status_regex
=
re
.
compile
(
"Status: ([0-9]{1,4}) (.*)"
,
re
.
I
)
\
################################################################
# print the object hierachy
################################################################
def
_testHierarchy
(
self
):
""" print all test objects, permissions and roles """
self
.
_PrintTestEnvironment
(
root
=
self
.
root
.
test
)
def
_PrintTestEnvironment
(
self
,
root
):
""" print recursive all objects """
print
'....'
*
len
(
root
.
getPhysicalPath
()),
root
.
getId
()
folderObjs
=
[]
for
id
,
obj
in
root
.
objectItems
():
if
obj
.
meta_type
in
[
'Folder'
,
'TestFolder'
]:
folderObjs
.
append
(
obj
)
else
:
print
' '
*
(
1
+
len
(
root
.
getPhysicalPath
())),
obj
.
getId
(),
print
getattr
(
obj
,
"__roles__"
,(
None
,))
for
folder
in
folderObjs
:
self
.
_PrintTestEnvironment
(
folder
)
################################################################
# Check functions for permissions, roles and friends
################################################################
def
_checkPermission
(
self
,
user
,
hier
,
perm
,
expected
):
""" permission check on an objects for a given user.
-- 'user' is a user object as returned from a user folder
-- 'hier' is the path to the object in the notation 'f1.f2.f3.obj'
-- 'perm' is a permission name
-- 'expected' is either 0 or 1
"""
s
=
"self.root.%s"
%
hier
obj
=
eval
(
s
)
res
=
user
.
has_permission
(
perm
,
obj
)
if
res
!=
expected
:
raise
AssertionError
,
\
self
.
_perm_debug
(
s
,
perm
,
res
,
expected
)
def
_checkRoles
(
self
,
hier
,
expected_roles
=
()):
""" check roles for a given object.
-- 'hier' is the path to the object in the notation 'f1.f2.f3.obj'
-- 'expected_roles' is a sequence of expected roles
"""
s
=
"self.root.%s.__roles__"
%
hier
roles
=
eval
(
s
)
same
=
0
if
roles
is
None
or
expected_roles
is
None
:
if
(
roles
is
None
or
tuple
(
roles
)
==
(
'Anonymous'
,))
and
(
expected_roles
is
None
or
tuple
(
expected_roles
)
==
(
'Anonymous'
,)):
same
=
1
else
:
got
=
{}
for
r
in
roles
:
got
[
r
]
=
1
expected
=
{}
for
r
in
expected_roles
:
expected
[
r
]
=
1
if
got
==
expected
:
# Dict compare does the Right Thing.
same
=
1
if
not
same
:
raise
AssertionError
,
self
.
_roles_debug
(
hier
,
roles
,
expected_roles
)
def
_checkRequest
(
self
,
*
args
,
**
kw
):
""" perform a ZPublisher request """
expected_code
=
kw
.
get
(
'expected'
,
200
)
del
kw
[
'expected'
]
res
=
apply
(
self
.
_request
,
args
,
kw
)
if
expected_code
!=
res
.
code
:
raise
AssertionError
,
\
self
.
_request_debug
(
res
,
expected_code
,
args
,
kw
)
################################################################
# Debugging helpers when raising AssertionError
################################################################
def
_perm_debug
(
self
,
obj
,
perm
,
res
,
expected
):
s
+=
'Object: %s'
%
obj
s
+=
', Permission: %s'
%
perm
s
+=
', has permission: %s'
%
res
s
+=
', expected: %s'
%
expected
return
s
def
_roles_debug
(
self
,
hier
,
got_roles
,
expected_roles
):
s
=
'Object: %s'
%
hier
s
+=
', has roles: %s'
%
`got_roles`
s
+=
', expected roles: %s'
%
`expected_roles`
return
s
def
_request_debug
(
self
,
res
,
expected
,
args
,
kw
):
s
=
'Args: %s'
%
str
(
args
)
s
+=
', KW: %s'
%
str
(
kw
)
s
+=
'
\
n
%s
\
n
'
%
res
.
__str__
(
with_output
=
0
,
expected
=
expected
)
return
s
def
_request
(
self
,
*
args
,
**
kw
):
""" perform a Zope request """
io
=
cStringIO
.
StringIO
()
kw
[
'fp'
]
=
io
# Publish this module.
testargs
=
(
__name__
,)
+
args
real_stdout
=
sys
.
stdout
garbage_out
=
cStringIO
.
StringIO
()
sys
.
stdout
=
garbage_out
# Silence, ZPublisher!
try
:
ZPublisher
.
test
(
*
testargs
,
**
kw
)
finally
:
sys
.
stdout
=
real_stdout
outp
=
io
.
getvalue
()
mo
=
self
.
status_regex
.
search
(
outp
)
code
,
txt
=
mo
.
groups
()
res
=
ResultObject
.
ResultObject
()
res
.
request
=
args
res
.
user
=
kw
.
get
(
'u'
,
''
)
res
.
code
=
int
(
code
)
res
.
return_text
=
txt
res
.
output
=
outp
return
res
src/AccessControl/securitySuite/framework.py
deleted
100644 → 0
View file @
8e66586c
##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
######################################################################
# Set up unit testing framework
#
# The following code should be at the top of every test module:
#
# import os, sys
# execfile(os.path.join(sys.path[0], 'framework.py'))
#
# ...and the following at the bottom:
#
# framework()
# Find the Testing package
if
not
sys
.
modules
.
has_key
(
'Testing'
):
p0
=
sys
.
path
[
0
]
if
p0
and
__name__
==
'__main__'
:
os
.
chdir
(
p0
)
p0
=
''
p
=
d
=
os
.
path
.
abspath
(
os
.
curdir
)
while
d
:
if
os
.
path
.
isdir
(
os
.
path
.
join
(
p
,
'Testing'
)):
sys
.
path
[:
1
]
=
[
p0
,
os
.
pardir
,
p
]
break
p
,
d
=
os
.
path
.
split
(
p
)
else
:
print
'Unable to locate Testing package.'
sys
.
exit
(
1
)
import
Testing
,
unittest
execfile
(
os
.
path
.
join
(
os
.
path
.
split
(
Testing
.
__file__
)[
0
],
'common.py'
))
src/AccessControl/securitySuite/regressionSecurity.py
deleted
100755 → 0
View file @
8e66586c
##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
# $Id$
import
unittest
from
AccessControl.SecurityInfo
import
ClassSecurityInfo
from
AccessControl.SecurityManagement
import
getSecurityManager
from
AccessControl.User
import
nobody
from
AccessControl.securitySuite
import
SecurityBase
from
OFS.Folder
import
Folder
from
OFS.SimpleItem
import
SimpleItem
from
App.class_init
import
InitializeClass
# let's define some permissions first
MAGIC_PERMISSION1
=
'Magic Permission 1'
MAGIC_PERMISSION2
=
'Magic Permission 2'
##############################################################################
# TestObject class
##############################################################################
class
TestObject
(
SimpleItem
):
""" test object """
security
=
ClassSecurityInfo
()
__allow_access_to_unprotected_subobjects__
=
0
public_attr
=
1
_protected_attr
=
2
def
__init__
(
self
,
id
):
self
.
id
=
id
security
.
declarePrivate
(
"private_func"
)
def
private_func
(
self
):
""" private func """
return
"i am private"
def
manage_func
(
self
):
""" should be protected by manager role """
return
"i am your manager function"
security
.
declareProtected
(
MAGIC_PERMISSION2
,
"manage_func2"
)
def
manage_func2
(
self
):
""" should be protected by manager role """
return
"i am your manager function2"
security
.
declareProtected
(
MAGIC_PERMISSION1
,
"protected_func"
)
def
protected_func
(
self
):
""" proteced func """
return
"i am protected "
security
.
declarePublic
(
"public_func"
)
def
public_func
(
self
):
""" public func """
return
"i am public"
security
.
setPermissionDefault
(
MAGIC_PERMISSION1
,
(
"Manager"
,
"Owner"
))
security
.
setPermissionDefault
(
MAGIC_PERMISSION2
,
(
"TestRole"
,))
InitializeClass
(
TestObject
)
##############################################################################
# Testfolder class
##############################################################################
class
TestFolder
(
Folder
):
""" test class """
def
__init__
(
self
,
id
):
self
.
id
=
id
def
getId
(
self
):
return
self
.
id
meta_type
=
'TestFolder'
security
=
ClassSecurityInfo
()
InitializeClass
(
TestFolder
)
##############################################################################
# User Class
##############################################################################
class
User
:
def
__init__
(
self
,
username
,
password
,
roles
):
self
.
username
=
username
self
.
password
=
password
self
.
roles
=
roles
def
auth
(
self
):
return
"%s:%s"
%
(
self
.
username
,
self
.
password
)
def
__str__
(
self
):
return
"User(%s:%s:%s)"
%
(
self
.
username
,
self
.
password
,
self
.
roles
)
__repr__
=
__str__
USERS
=
(
User
(
'user1'
,
'123'
,[]),
User
(
'user2'
,
'123'
,[]),
User
(
'owner'
,
'123'
,(
'Owner'
,)),
User
(
'manager'
,
'123'
,(
'Manager'
,))
)
def
getAuth
(
username
):
for
user
in
USERS
:
if
user
.
username
==
username
:
return
"%s:%s"
%
(
user
.
username
,
user
.
password
)
raise
KeyError
,
"no such username: %"
%
username
class
AVeryBasicSecurityTest
(
SecurityBase
.
SecurityBase
):
################################################################
# set up the test hierachy of objects
################################################################
def
setUp
(
self
):
""" my setup """
self
.
root
=
SecurityBase
.
app
acl
=
self
.
root
.
acl_users
for
user
in
USERS
:
try
:
acl
.
_delUsers
(
user
.
username
)
except
:
pass
for
user
in
USERS
:
acl
.
_addUser
(
user
.
username
,
user
.
password
,
user
.
password
,
user
.
roles
,
[])
# try to remove old crap
if
'test'
in
self
.
root
.
objectIds
():
self
.
root
.
_delObject
(
'test'
)
# setup Folder hierarchy
test
=
TestFolder
(
'test'
)
f1
=
TestFolder
(
'f1'
)
f2
=
TestFolder
(
'f2'
)
f3
=
TestFolder
(
'f3'
)
obj
=
TestObject
(
'obj3'
)
anonobj
=
TestObject
(
'anonobj'
)
anonobj
.
__roles__
=
(
'Anonymous'
,)
self
.
root
.
_setObject
(
'test'
,
test
)
self
.
root
.
test
.
_setObject
(
'f1'
,
f1
)
self
.
root
.
test
.
_setObject
(
'f2'
,
f2
)
self
.
root
.
test
.
f1
.
_setObject
(
'anonobj'
,
anonobj
)
self
.
root
.
test
.
f2
.
_setObject
(
'f3'
,
f3
)
self
.
root
.
test
.
f2
.
f3
.
_setObject
(
'obj3'
,
obj
)
def
testNobody
(
self
):
""" check permissions for nobody user """
self
.
_checkPermission
(
nobody
,
'test.f1'
,
'View'
,
1
)
self
.
_checkPermission
(
nobody
,
'test.f2'
,
'View'
,
1
)
self
.
_checkPermission
(
nobody
,
'test.f2.f3'
,
'View'
,
1
)
self
.
_checkPermission
(
nobody
,
'test.f1'
,
MAGIC_PERMISSION1
,
None
)
self
.
_checkPermission
(
nobody
,
'test.f2'
,
MAGIC_PERMISSION1
,
None
)
self
.
_checkPermission
(
nobody
,
'test.f2.f3'
,
MAGIC_PERMISSION1
,
None
)
def
testPermissionAccess
(
self
):
""" check permission based access """
self
.
_checkRoles
(
'test.f2.f3.obj3.public_func'
,
None
)
self
.
_checkRoles
(
'test.f2.f3.obj3.protected_func'
,
(
'Manager'
,
'Owner'
))
self
.
_checkRoles
(
'test.f2.f3.obj3.manage_func'
,
(
'Manager'
,))
self
.
_checkRoles
(
'test.f2.f3.obj3.private_func'
,
())
def
testZPublisherAccess
(
self
):
""" test access through ZPublisher """
_r
=
[
(
'/test/f1/'
,
None
,
200
),
(
'/test/f2'
,
None
,
200
),
(
'/test/f2/f3'
,
None
,
200
),
(
'/test/f2/f3/obj3/public_func'
,
None
,
200
),
(
'/test/f2/f3/obj3/protected_func'
,
None
,
401
),
(
'/test/f2/f3/obj3/manage_func'
,
None
,
401
),
(
'/test/f2/f3/obj3/private_func'
,
None
,
401
),
(
'/test/f1/'
,
getAuth
(
'manager'
),
200
),
(
'/test/f2'
,
getAuth
(
'manager'
),
200
),
(
'/test/f2/f3'
,
getAuth
(
'manager'
),
200
),
(
'/test/f2/f3/obj3/public_func'
,
getAuth
(
'manager'
),
200
),
(
'/test/f2/f3/obj3/protected_func'
,
getAuth
(
'manager'
),
200
),
(
'/test/f2/f3/obj3/manage_func'
,
getAuth
(
'manager'
),
200
),
(
'/test/f2/f3/obj3/private_func'
,
getAuth
(
'manager'
),
401
),
(
'/test/f1/'
,
getAuth
(
'owner'
),
200
),
(
'/test/f2'
,
getAuth
(
'owner'
),
200
),
(
'/test/f2/f3'
,
getAuth
(
'owner'
),
200
),
(
'/test/f2/f3/obj3/public_func'
,
getAuth
(
'owner'
),
200
),
(
'/test/f2/f3/obj3/protected_func'
,
getAuth
(
'owner'
),
200
),
(
'/test/f2/f3/obj3/manage_func'
,
getAuth
(
'owner'
),
401
),
(
'/test/f2/f3/obj3/private_func'
,
getAuth
(
'owner'
),
401
),
]
for
path
,
auth
,
expected
in
_r
:
if
auth
:
res
=
self
.
_checkRequest
(
path
,
u
=
auth
,
expected
=
expected
)
else
:
res
=
self
.
_checkRequest
(
path
,
expected
=
expected
)
def
test_suite
():
return
unittest
.
makeSuite
(
AVeryBasicSecurityTest
)
def
main
():
unittest
.
TextTestRunner
().
run
(
test_suite
())
if
__name__
==
'__main__'
:
main
()
src/AccessControl/tests/testAcquisition.py
View file @
82d43c24
...
@@ -25,8 +25,8 @@ import Zope2
...
@@ -25,8 +25,8 @@ import Zope2
Zope2
.
startup
()
Zope2
.
startup
()
from
OFS.SimpleItem
import
SimpleItem
from
OFS.SimpleItem
import
SimpleItem
from
App.class_init
import
InitializeClass
from
AccessControl
import
ClassSecurityInfo
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.SecurityManagement
import
newSecurityManager
from
AccessControl.SecurityManagement
import
newSecurityManager
from
AccessControl.SecurityManagement
import
noSecurityManager
from
AccessControl.SecurityManagement
import
noSecurityManager
from
AccessControl.Permissions
import
view
,
view_management_screens
from
AccessControl.Permissions
import
view
,
view_management_screens
...
...
src/AccessControl/tests/testBindings.py
View file @
82d43c24
...
@@ -21,7 +21,7 @@ import ZODB
...
@@ -21,7 +21,7 @@ import ZODB
import
transaction
import
transaction
from
Acquisition
import
Implicit
from
Acquisition
import
Implicit
from
AccessControl
import
ClassSecurityInfo
from
AccessControl
import
ClassSecurityInfo
from
A
pp
.class_init
import
InitializeClass
from
A
ccessControl
.class_init
import
InitializeClass
from
OFS.ObjectManager
import
ObjectManager
from
OFS.ObjectManager
import
ObjectManager
from
OFS.Folder
import
Folder
from
OFS.Folder
import
Folder
...
...
src/AccessControl/tests/testClassSecurityInfo.py
View file @
82d43c24
...
@@ -28,7 +28,7 @@ class ClassSecurityInfoTests(unittest.TestCase):
...
@@ -28,7 +28,7 @@ class ClassSecurityInfoTests(unittest.TestCase):
# Test setting default roles for permissions.
# Test setting default roles for permissions.
from
A
pp
.class_init
import
InitializeClass
from
A
ccessControl
.class_init
import
InitializeClass
from
ExtensionClass
import
Base
from
ExtensionClass
import
Base
ClassSecurityInfo
=
self
.
_getTargetClass
()
ClassSecurityInfo
=
self
.
_getTargetClass
()
...
...
src/AccessControl/tests/testZCML.py
View file @
82d43c24
...
@@ -109,7 +109,7 @@ def test_security_equivalence():
...
@@ -109,7 +109,7 @@ def test_security_equivalence():
>>> from zope.configuration.xmlconfig import xmlconfig
>>> from zope.configuration.xmlconfig import xmlconfig
>>> xmlconfig(configure_zcml)
>>> xmlconfig(configure_zcml)
>>> from A
pp
.class_init import InitializeClass
>>> from A
ccessControl
.class_init import InitializeClass
>>> InitializeClass(Dummy2)
>>> InitializeClass(Dummy2)
Now we compare their access controls:
Now we compare their access controls:
...
...
src/AccessControl/tests/testZopeGuards.py
View file @
82d43c24
...
@@ -583,9 +583,9 @@ class TestActualPython(GuardTestCase):
...
@@ -583,9 +583,9 @@ class TestActualPython(GuardTestCase):
def
_getProtectedBaseClass
(
self
):
def
_getProtectedBaseClass
(
self
):
from
AccessControl.class_init
import
InitializeClass
from
AccessControl.SecurityInfo
import
ClassSecurityInfo
from
AccessControl.SecurityInfo
import
ClassSecurityInfo
from
ExtensionClass
import
Base
from
ExtensionClass
import
Base
from
App.class_init
import
InitializeClass
global
_ProtectedBase
global
_ProtectedBase
if
_ProtectedBase
is
None
:
if
_ProtectedBase
is
None
:
...
...
src/App/class_init.py
View file @
82d43c24
...
@@ -11,79 +11,9 @@
...
@@ -11,79 +11,9 @@
#
#
##############################################################################
##############################################################################
"""Class initialization.
"""Class initialization.
$Id$
"""
"""
import
logging
# BBB
from
AccessControl.Permission
import
ApplicationDefaultPermissions
from
AccessControl.Permission
import
ApplicationDefaultPermissions
# BBB
from
AccessControl.class_init
import
InitializeClass
def
InitializeClass
(
self
):
from
AccessControl.Permission
import
registerPermissions
from
AccessControl.PermissionRole
import
PermissionRole
dict
=
self
.
__dict__
have
=
dict
.
has_key
ft
=
type
(
InitializeClass
)
dict_items
=
dict
.
items
()
for
name
,
v
in
dict_items
:
if
getattr
(
v
,
'_need__name__'
,
0
):
d
=
v
.
__dict__
oldname
=
d
.
get
(
'__name__'
,
''
)
if
d
.
get
(
'_implicit__name__'
,
0
):
# Already supplied a name.
if
name
!=
oldname
:
# Tried to implicitly assign a different name!
try
:
classname
=
'%s.%s'
%
(
self
.
__module__
,
self
.
__name__
)
except
AttributeError
:
classname
=
`self`
logging
.
getLogger
(
"Init"
).
warning
(
'Ambiguous name for method of %s: %r != %r'
,
classname
,
d
[
'__name__'
],
name
)
else
:
# Supply a name implicitly so that the method can
# find the security assertions on its container.
v
.
_implicit__name__
=
1
v
.
__name__
=
name
if
name
==
'manage'
or
name
[:
7
]
==
'manage_'
:
name
=
name
+
'__roles__'
if
not
have
(
name
):
setattr
(
self
,
name
,
(
'Manager'
,))
elif
name
==
'manage'
or
name
[:
7
]
==
'manage_'
and
type
(
v
)
is
ft
:
name
=
name
+
'__roles__'
if
not
have
(
name
):
setattr
(
self
,
name
,
(
'Manager'
,))
# Look for a SecurityInfo object on the class. If found, call its
# apply() method to generate __ac_permissions__ for the class. We
# delete the SecurityInfo from the class dict after it has been
# applied out of paranoia.
for
key
,
value
in
dict_items
:
if
hasattr
(
value
,
'__security_info__'
):
security_info
=
value
security_info
.
apply
(
self
)
delattr
(
self
,
key
)
break
if
self
.
__dict__
.
has_key
(
'__ac_permissions__'
):
registerPermissions
(
self
.
__ac_permissions__
)
for
acp
in
self
.
__ac_permissions__
:
pname
,
mnames
=
acp
[:
2
]
if
len
(
acp
)
>
2
:
roles
=
acp
[
2
]
pr
=
PermissionRole
(
pname
,
roles
)
else
:
pr
=
PermissionRole
(
pname
)
for
mname
in
mnames
:
setattr
(
self
,
mname
+
'__roles__'
,
pr
)
if
(
mname
and
mname
not
in
(
'context'
,
'request'
)
and
not
hasattr
(
self
,
mname
)):
# don't complain about context or request, as they are
# frequently not available as class attributes
logging
.
getLogger
(
"Init"
).
warning
(
"Class %s.%s has a security declaration for "
"nonexistent method %r"
,
self
.
__module__
,
self
.
__name__
,
mname
)
default__class_init__
=
InitializeClass
# BBB: old name
default__class_init__
=
InitializeClass
# BBB: old name
src/DocumentTemplate/DT_Util.py
View file @
82d43c24
...
@@ -34,6 +34,10 @@ from RestrictedPython.Eval import RestrictionCapableEval
...
@@ -34,6 +34,10 @@ from RestrictedPython.Eval import RestrictionCapableEval
from
AccessControl.tainted
import
TaintedString
from
AccessControl.tainted
import
TaintedString
if
'test'
not
in
utility_builtins
:
from
RestrictedPython.Utilities
import
test
utility_builtins
[
'test'
]
=
test
test
=
utility_builtins
[
'test'
]
# for backwards compatibility, dont remove!
test
=
utility_builtins
[
'test'
]
# for backwards compatibility, dont remove!
utility_builtins
[
'sequence'
]
=
sequence
utility_builtins
[
'sequence'
]
=
sequence
...
@@ -111,6 +115,7 @@ class StringFunctionWrapper:
...
@@ -111,6 +115,7 @@ class StringFunctionWrapper:
return
retval
return
retval
TemplateDict
.
string
=
StringModuleWrapper
()
TemplateDict
.
string
=
StringModuleWrapper
()
TemplateDict
.
__allow_access_to_unprotected_subobjects__
=
1
# The functions below are meant to bind to the TemplateDict.
# The functions below are meant to bind to the TemplateDict.
...
...
src/DocumentTemplate/__init__.py
View file @
82d43c24
...
@@ -10,16 +10,16 @@
...
@@ -10,16 +10,16 @@
# FOR A PARTICULAR PURPOSE
# FOR A PARTICULAR PURPOSE
#
#
##############################################################################
##############################################################################
__doc__
=
'''
Package wrapper for Document Template
"""
Package wrapper for Document Template
This wrapper allows the (now many) document template modules to be
This wrapper allows the (now many) document template modules to be
segregated in a separate package.
segregated in a separate package."""
$Id$'''
__version__
=
'$Revision: 1.18 $'
[
11
:
-
2
]
from
DocumentTemplate.DT_String
import
String
,
File
from
DocumentTemplate.DT_String
import
String
,
File
from
DocumentTemplate.DT_HTML
import
HTML
,
HTMLDefault
,
HTMLFile
from
DocumentTemplate.DT_HTML
import
HTML
,
HTMLDefault
,
HTMLFile
# Register the dtml-tree tag
# Register the dtml-tree tag
import
TreeDisplay
import
TreeDisplay
from
DocumentTemplate
import
security
# Side effects!
del
security
src/DocumentTemplate/permissions.py
0 → 100644
View file @
82d43c24
change_dtml_documents
=
'Change DTML Documents'
change_dtml_methods
=
'Change DTML Methods'
src/DocumentTemplate/security.py
0 → 100644
View file @
82d43c24
##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Add security system support to Document Templates
"""
import
string
,
math
,
random
,
sets
# Allow access to unprotected attributes
string
.
__allow_access_to_unprotected_subobjects__
=
1
math
.
__allow_access_to_unprotected_subobjects__
=
1
random
.
__allow_access_to_unprotected_subobjects__
=
1
sets
.
__allow_access_to_unprotected_subobjects__
=
1
# Setup RestrictedDTML
from
AccessControl.ImplPython
import
guarded_getattr
from
AccessControl.ZopeGuards
import
guarded_getitem
RestrictedDTML
=
None
class
BaseRestrictedDTML
:
"""A mix-in for derivatives of DT_String.String that adds Zope security."""
def
guarded_getattr
(
self
,
*
args
):
# ob, name [, default]
return
guarded_getattr
(
*
args
)
def
guarded_getitem
(
self
,
ob
,
index
):
return
guarded_getitem
(
ob
,
index
)
# This does not respect the security policy as set by AccessControl. Instead
# it only deals with the C module being compiled or not.
try
:
from
AccessControl.cAccessControl
import
RestrictedDTMLMixin
except
ImportError
:
RestrictedDTML
=
BaseRestrictedDTML
else
:
class
RestrictedDTML
(
RestrictedDTMLMixin
,
BaseRestrictedDTML
):
"""C version of RestrictedDTML."""
# Add security testing capabilities
from
AccessControl
import
SecurityManagement
class
DTMLSecurityAPI
:
"""API for performing security checks in DTML using '_' methods.
"""
def
SecurityValidate
(
md
,
inst
,
parent
,
name
,
value
):
"""Validate access.
Arguments:
accessed -- the object that was being accessed
container -- the object the value was found in
name -- The name used to access the value
value -- The value retrieved though the access.
The arguments may be provided as keyword arguments. Some of these
arguments may be ommitted, however, the policy may reject access
in some cases when arguments are ommitted. It is best to provide
all the values possible.
"""
return
(
SecurityManagement
.
getSecurityManager
()
.
validate
(
inst
,
parent
,
name
,
value
)
)
def
SecurityCheckPermission
(
md
,
permission
,
object
):
"""Check whether the security context allows the given permission on
the given object.
Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
"""
return
(
SecurityManagement
.
getSecurityManager
()
.
checkPermission
(
permission
,
object
)
)
def
SecurityGetUser
(
md
):
"""Gen the current authenticated user"""
return
(
SecurityManagement
.
getSecurityManager
()
.
getUser
()
)
def
SecurityCalledByExecutable
(
md
):
"""Return a boolean value indicating if this context was called
by an executable"""
r
=
(
SecurityManagement
.
getSecurityManager
()
.
calledByExecutable
()
)
if
r
>
0
:
return
r
-
1
return
r
from
DocumentTemplate
import
DT_Util
for
name
,
v
in
DTMLSecurityAPI
.
__dict__
.
items
():
if
name
[
0
]
!=
'_'
:
setattr
(
DT_Util
.
TemplateDict
,
name
,
v
)
from
types
import
FunctionType
from
AccessControl.ZopeGuards
import
safe_builtins
for
name
,
v
in
safe_builtins
.
items
():
if
type
(
v
)
is
FunctionType
:
v
=
DT_Util
.
NotBindable
(
v
)
if
name
.
startswith
(
'__'
):
continue
setattr
(
DT_Util
.
TemplateDict
,
name
,
v
)
# Temporarily create a DictInstance so that we can mark its type as
# being a key in the ContainerAssertions.
from
AccessControl.SimpleObjectPolicies
import
ContainerAssertions
class
_dummy_class
:
pass
templateDict
=
DT_Util
.
TemplateDict
()
try
:
dictInstance
=
templateDict
(
dummy
=
1
)[
0
]
if
type
(
dictInstance
)
is
not
type
(
_dummy_class
()):
ContainerAssertions
[
type
(
dictInstance
)]
=
1
except
:
# Hmm, this may cause _() and _.namespace() to fail.
# What to do?
pass
src/DocumentTemplate/sequence/__init__.py
View file @
82d43c24
...
@@ -11,5 +11,6 @@
...
@@ -11,5 +11,6 @@
#
#
##############################################################################
##############################################################################
__allow_access_to_unprotected_subobjects__
=
1
from
zope.sequencesort.ssort
import
*
from
zope.sequencesort.ssort
import
*
src/
AccessControl
/tests/testSecurity.py
→
src/
DocumentTemplate
/tests/testSecurity.py
View file @
82d43c24
...
@@ -13,16 +13,12 @@
...
@@ -13,16 +13,12 @@
"""Document Template Tests
"""Document Template Tests
"""
"""
__rcs_id__
=
'$Id$'
import
unittest
__version__
=
'$Revision: 1.13 $'
[
11
:
-
2
]
import
os
,
sys
,
unittest
import
ZODB
from
DocumentTemplate
import
HTML
from
DocumentTemplate
import
HTML
from
DocumentTemplate.tests.testDTML
import
DTMLTests
from
DocumentTemplate.tests.testDTML
import
DTMLTests
from
Products.PythonScripts.standard
import
DTML
from
Products.PythonScripts.standard
import
DTML
from
AccessControl
import
U
ser
,
U
nauthorized
from
AccessControl
import
Unauthorized
from
ExtensionClass
import
Base
from
ExtensionClass
import
Base
class
UnownedDTML
(
DTML
):
class
UnownedDTML
(
DTML
):
...
@@ -112,11 +108,5 @@ class SecurityTests (DTMLTests):
...
@@ -112,11 +108,5 @@ class SecurityTests (DTMLTests):
def
test_suite
():
def
test_suite
():
suite
=
unittest
.
TestSuite
()
suite
=
unittest
.
TestSuite
()
suite
.
addTest
(
unittest
.
makeSuite
(
SecurityTests
)
)
suite
.
addTest
(
unittest
.
makeSuite
(
SecurityTests
)
)
return
suite
return
suite
def
main
():
unittest
.
TextTestRunner
().
run
(
test_suite
())
if
__name__
==
'__main__'
:
main
()
src/Globals/__init__.py
View file @
82d43c24
...
@@ -34,8 +34,8 @@ deprecated("import from Persistence instead",
...
@@ -34,8 +34,8 @@ deprecated("import from Persistence instead",
PersistentMapping
=
'Persistence:PersistentMapping'
,
PersistentMapping
=
'Persistence:PersistentMapping'
,
)
)
deprecated
(
"import from A
pp
.class_init instead"
,
deprecated
(
"import from A
ccessControl
.class_init instead"
,
InitializeClass
=
'A
pp
.class_init:InitializeClass'
,
InitializeClass
=
'A
ccessControl
.class_init:InitializeClass'
,
)
)
deprecated
(
"import from AccessControl.Permission instead"
,
deprecated
(
"import from AccessControl.Permission instead"
,
...
...
src/OFS/DTMLDocument.py
View file @
82d43c24
...
@@ -15,11 +15,11 @@
...
@@ -15,11 +15,11 @@
from
urllib
import
quote
from
urllib
import
quote
from
AccessControl
import
getSecurityManager
from
AccessControl
import
getSecurityManager
from
AccessControl.Permissions
import
change_dtml_methods
from
AccessControl.Permissions
import
change_dtml_documents
from
App.class_init
import
InitializeClass
from
App.class_init
import
InitializeClass
from
App.special_dtml
import
DTMLFile
from
App.special_dtml
import
DTMLFile
from
App.special_dtml
import
HTML
from
App.special_dtml
import
HTML
from
DocumentTemplate.permissions
import
change_dtml_methods
from
DocumentTemplate.permissions
import
change_dtml_documents
from
OFS.DTMLMethod
import
decapitate
from
OFS.DTMLMethod
import
decapitate
from
OFS.DTMLMethod
import
DTMLMethod
from
OFS.DTMLMethod
import
DTMLMethod
from
OFS.PropertyManager
import
PropertyManager
from
OFS.PropertyManager
import
PropertyManager
...
...
src/OFS/DTMLMethod.py
View file @
82d43c24
...
@@ -22,14 +22,14 @@ from App.special_dtml import DTMLFile
...
@@ -22,14 +22,14 @@ from App.special_dtml import DTMLFile
from
App.special_dtml
import
HTML
from
App.special_dtml
import
HTML
from
DateTime.DateTime
import
DateTime
from
DateTime.DateTime
import
DateTime
from
AccessControl
import
getSecurityManager
from
AccessControl
import
getSecurityManager
from
AccessControl.Permissions
import
change_dtml_methods
from
AccessControl.Permissions
import
view_management_screens
from
AccessControl.Permissions
import
view_management_screens
from
AccessControl.Permissions
import
change_proxy_roles
from
AccessControl.Permissions
import
change_proxy_roles
from
AccessControl.Permissions
import
view
as
View
from
AccessControl.Permissions
import
view
as
View
from
AccessControl.Permissions
import
ftp_access
from
AccessControl.Permissions
import
ftp_access
from
AccessControl.DTML
import
RestrictedDTML
from
AccessControl.requestmethod
import
requestmethod
from
AccessControl.requestmethod
import
requestmethod
from
AccessControl.tainted
import
TaintedString
from
AccessControl.tainted
import
TaintedString
from
DocumentTemplate.permissions
import
change_dtml_methods
from
DocumentTemplate.security
import
RestrictedDTML
from
OFS.Cache
import
Cacheable
from
OFS.Cache
import
Cacheable
from
OFS.History
import
Historical
from
OFS.History
import
Historical
from
OFS.History
import
html_diff
from
OFS.History
import
html_diff
...
...
src/OFS/FindSupport.py
View file @
82d43c24
...
@@ -18,7 +18,6 @@ $Id$
...
@@ -18,7 +18,6 @@ $Id$
from
string
import
translate
from
string
import
translate
from
AccessControl
import
ClassSecurityInfo
from
AccessControl
import
ClassSecurityInfo
from
AccessControl.DTML
import
RestrictedDTML
from
AccessControl.Permission
import
name_trans
from
AccessControl.Permission
import
name_trans
from
AccessControl.Permissions
import
view_management_screens
from
AccessControl.Permissions
import
view_management_screens
from
Acquisition
import
aq_base
from
Acquisition
import
aq_base
...
@@ -28,6 +27,7 @@ from DateTime.DateTime import DateTime
...
@@ -28,6 +27,7 @@ from DateTime.DateTime import DateTime
from
DocumentTemplate.DT_Util
import
Eval
from
DocumentTemplate.DT_Util
import
Eval
from
DocumentTemplate.DT_Util
import
InstanceDict
from
DocumentTemplate.DT_Util
import
InstanceDict
from
DocumentTemplate.DT_Util
import
TemplateDict
from
DocumentTemplate.DT_Util
import
TemplateDict
from
DocumentTemplate.security
import
RestrictedDTML
from
ExtensionClass
import
Base
from
ExtensionClass
import
Base
from
zope.interface
import
implements
from
zope.interface
import
implements
...
...
src/Products/PageTemplates/ZRPythonExpr.py
View file @
82d43c24
...
@@ -59,7 +59,7 @@ class _SecureModuleImporter:
...
@@ -59,7 +59,7 @@ class _SecureModuleImporter:
return
mod
return
mod
from
DocumentTemplate.DT_Util
import
TemplateDict
,
InstanceDict
from
DocumentTemplate.DT_Util
import
TemplateDict
,
InstanceDict
from
AccessControl.DTML
import
RestrictedDTML
from
DocumentTemplate.security
import
RestrictedDTML
class
Rtd
(
RestrictedDTML
,
TemplateDict
):
class
Rtd
(
RestrictedDTML
,
TemplateDict
):
this
=
None
this
=
None
...
...
src/Products/PythonScripts/standard.py
View file @
82d43c24
...
@@ -21,7 +21,6 @@ __version__='$Revision: 1.14 $'[11:-2]
...
@@ -21,7 +21,6 @@ __version__='$Revision: 1.14 $'[11:-2]
from
urllib
import
urlencode
from
urllib
import
urlencode
from
AccessControl.DTML
import
RestrictedDTML
from
AccessControl.SecurityInfo
import
ModuleSecurityInfo
from
AccessControl.SecurityInfo
import
ModuleSecurityInfo
from
AccessControl.SecurityManagement
import
getSecurityManager
from
AccessControl.SecurityManagement
import
getSecurityManager
from
App.special_dtml
import
HTML
from
App.special_dtml
import
HTML
...
@@ -38,6 +37,7 @@ from DocumentTemplate.DT_Var import thousands_commas
...
@@ -38,6 +37,7 @@ from DocumentTemplate.DT_Var import thousands_commas
from
DocumentTemplate.DT_Var
import
url_unquote
from
DocumentTemplate.DT_Var
import
url_unquote
from
DocumentTemplate.DT_Var
import
url_unquote_plus
from
DocumentTemplate.DT_Var
import
url_unquote_plus
from
DocumentTemplate.DT_Var
import
restructured_text
from
DocumentTemplate.DT_Var
import
restructured_text
from
DocumentTemplate.security
import
RestrictedDTML
from
ZPublisher.HTTPRequest
import
record
from
ZPublisher.HTTPRequest
import
record
security
=
ModuleSecurityInfo
()
security
=
ModuleSecurityInfo
()
...
...
src/Products/ZCatalog/ZCatalog.py
View file @
82d43c24
...
@@ -22,7 +22,6 @@ import time
...
@@ -22,7 +22,6 @@ import time
import
urllib
import
urllib
from
warnings
import
warn
from
warnings
import
warn
from
AccessControl.DTML
import
RestrictedDTML
from
AccessControl.Permission
import
name_trans
from
AccessControl.Permission
import
name_trans
from
AccessControl.Permissions
import
manage_zcatalog_entries
from
AccessControl.Permissions
import
manage_zcatalog_entries
from
AccessControl.Permissions
import
manage_zcatalog_indexes
from
AccessControl.Permissions
import
manage_zcatalog_indexes
...
@@ -36,6 +35,7 @@ from DateTime.DateTime import DateTime
...
@@ -36,6 +35,7 @@ from DateTime.DateTime import DateTime
from
DocumentTemplate.DT_Util
import
InstanceDict
from
DocumentTemplate.DT_Util
import
InstanceDict
from
DocumentTemplate.DT_Util
import
TemplateDict
from
DocumentTemplate.DT_Util
import
TemplateDict
from
DocumentTemplate.DT_Util
import
Eval
from
DocumentTemplate.DT_Util
import
Eval
from
DocumentTemplate.security
import
RestrictedDTML
from
OFS.Folder
import
Folder
from
OFS.Folder
import
Folder
from
OFS.ObjectManager
import
ObjectManager
from
OFS.ObjectManager
import
ObjectManager
from
Persistence
import
Persistent
from
Persistence
import
Persistent
...
...
src/Shared/DC/ZRDB/DA.py
View file @
82d43c24
...
@@ -19,7 +19,6 @@ import string
...
@@ -19,7 +19,6 @@ import string
import
sys
import
sys
from
time
import
time
from
time
import
time
from
AccessControl.DTML
import
RestrictedDTML
from
AccessControl.Permissions
import
change_database_methods
from
AccessControl.Permissions
import
change_database_methods
from
AccessControl.Permissions
import
use_database_methods
from
AccessControl.Permissions
import
use_database_methods
from
AccessControl.Permissions
import
view_management_screens
from
AccessControl.Permissions
import
view_management_screens
...
@@ -32,6 +31,7 @@ from App.Extensions import getBrain
...
@@ -32,6 +31,7 @@ from App.Extensions import getBrain
from
App.special_dtml
import
DTMLFile
from
App.special_dtml
import
DTMLFile
from
DocumentTemplate
import
HTML
from
DocumentTemplate
import
HTML
from
DocumentTemplate.html_quote
import
html_quote
from
DocumentTemplate.html_quote
import
html_quote
from
DocumentTemplate.security
import
RestrictedDTML
from
DateTime.DateTime
import
DateTime
from
DateTime.DateTime
import
DateTime
from
ExtensionClass
import
Base
from
ExtensionClass
import
Base
from
BTrees.OOBTree
import
OOBucket
as
Bucket
from
BTrees.OOBTree
import
OOBucket
as
Bucket
...
...
src/Testing/ZopeTestCase/testFunctional.py
View file @
82d43c24
...
@@ -29,7 +29,7 @@ from AccessControl import getSecurityManager
...
@@ -29,7 +29,7 @@ from AccessControl import getSecurityManager
from
AccessControl.Permissions
import
view
from
AccessControl.Permissions
import
view
from
AccessControl.Permissions
import
manage_properties
from
AccessControl.Permissions
import
manage_properties
from
AccessControl.Permissions
import
add_documents_images_and_files
from
AccessControl.Permissions
import
add_documents_images_and_files
from
AccessControl.P
ermissions
import
change_dtml_documents
from
DocumentTemplate.p
ermissions
import
change_dtml_documents
from
StringIO
import
StringIO
from
StringIO
import
StringIO
from
urllib
import
urlencode
from
urllib
import
urlencode
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment