[Checkins] SVN: zope.app.security/trunk/ Global principal registry aws moved to zope.principalregistry. Provide backward-compatibility imports.
Dan Korostelev
nadako at gmail.com
Wed Mar 11 22:31:26 EDT 2009
Log message for revision 97947:
Global principal registry aws moved to zope.principalregistry. Provide backward-compatibility imports.
Separate standard permissions into their own zcml file for now.
Changed:
U zope.app.security/trunk/CHANGES.txt
U zope.app.security/trunk/buildout.cfg
U zope.app.security/trunk/setup.py
U zope.app.security/trunk/src/zope/app/security/_protections.py
U zope.app.security/trunk/src/zope/app/security/configure.zcml
D zope.app.security/trunk/src/zope/app/security/globalprincipals.txt
U zope.app.security/trunk/src/zope/app/security/meta.zcml
U zope.app.security/trunk/src/zope/app/security/metaconfigure.py
U zope.app.security/trunk/src/zope/app/security/metadirectives.py
U zope.app.security/trunk/src/zope/app/security/principalregistry.py
A zope.app.security/trunk/src/zope/app/security/standardpermissions.zcml
U zope.app.security/trunk/src/zope/app/security/tests/__init__.py
D zope.app.security/trunk/src/zope/app/security/tests/perm.zcml
D zope.app.security/trunk/src/zope/app/security/tests/perm_duplicate.zcml
D zope.app.security/trunk/src/zope/app/security/tests/principal.zcml
U zope.app.security/trunk/src/zope/app/security/tests/test_principalregistry.py
D zope.app.security/trunk/src/zope/app/security/tests/test_securitydirectives.py
-=-
Modified: zope.app.security/trunk/CHANGES.txt
===================================================================
--- zope.app.security/trunk/CHANGES.txt 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/CHANGES.txt 2009-03-12 02:31:26 UTC (rev 97947)
@@ -10,6 +10,10 @@
into the new ``zope.authentication`` package. Backward-compatibility imports
are provided.
+- The "global principal registry" along with its zcml directives was moved into
+ new "zope.principalregistry" package. Backward-compatibility imports are
+ provided.
+
- The IPrincipal -> zope.publisher.interfaces.logginginfo.ILoggingInfo
adapter was moved to ``zope.publisher``. Backward-compatibility import
is provided.
Modified: zope.app.security/trunk/buildout.cfg
===================================================================
--- zope.app.security/trunk/buildout.cfg 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/buildout.cfg 2009-03-12 02:31:26 UTC (rev 97947)
@@ -4,6 +4,7 @@
../zope.authentication
../zope.localpermission
../zope.publisher
+ ../zope.principalregistry
../zope.security
../zope.component
Modified: zope.app.security/trunk/setup.py
===================================================================
--- zope.app.security/trunk/setup.py 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/setup.py 2009-03-12 02:31:26 UTC (rev 97947)
@@ -72,6 +72,7 @@
'zope.i18nmessageid',
'zope.interface',
'zope.localpermission',
+ 'zope.principalregistry',
'zope.password',
'zope.publisher',
'zope.schema',
Modified: zope.app.security/trunk/src/zope/app/security/_protections.py
===================================================================
--- zope.app.security/trunk/src/zope/app/security/_protections.py 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/_protections.py 2009-03-12 02:31:26 UTC (rev 97947)
@@ -16,6 +16,7 @@
$Id$
"""
+# XXX this will be moved
def protect():
# Add message id types to the basic types, so their setting cannot be
# overridden, once set. `protect()` was not guranteed to run after
Modified: zope.app.security/trunk/src/zope/app/security/configure.zcml
===================================================================
--- zope.app.security/trunk/src/zope/app/security/configure.zcml 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/configure.zcml 2009-03-12 02:31:26 UTC (rev 97947)
@@ -4,76 +4,12 @@
>
<include package="zope.security" />
- <include package="zope.localpermission" />
<include package="zope.authentication" />
+ <include package="zope.principalregistry" />
+ <include package="zope.localpermission" />
<include file="globalmodules.zcml" />
<include file="_protections.zcml" />
+ <include file="standardpermissions.zcml" />
- <utility
- provides=".interfaces.IAuthentication"
- component=".principalregistry.principalRegistry"
- />
-
- <class class=".principalregistry.Principal">
- <allow
- interface=".interfaces.IPrincipal"
- />
- </class>
-
- <!-- Standard Permissions -->
-
- <permission
- id="zope.View"
- title="[view-permission] View"
- />
-
- <permission
- id="zope.Security"
- title="[change-security-settings-permission] Change security settings"
- />
-
- <permission
- id="zope.ManageContent"
- title="[manage-content-permission] Manage Content"
- />
-
- <permission
- id="zope.ManageBindings"
- title="[manage-service-bindings-permission] Manage Service Bindings"
- />
-
- <permission
- id="zope.ManageCode"
- title="[manage-code-permission] Manage Code"
- description="Manage executable code, including Python, SQL, ZPT, etc."
- />
-
- <permission
- id="zope.ManageServices"
- title="[manage-services-permission] Manage Services"
- />
-
- <permission
- id="zope.ManageSite"
- title="[manage-site-permission] Manage Site"
- />
-
- <permission
- id="zope.ManagePrincipals"
- title="[manage-principal-permission] Manage Principals"
- />
-
- <permission
- id="zope.ManageApplication"
- title="[manage-application-permission] Manage Application"
- description="Manage the Zope Application, such as Restart/Shutdown or
- packing the ZODB."
- />
-
- <utility
- component=".principalregistry.fallback_unauthenticated_principal"
- provides=".interfaces.IFallbackUnauthenticatedPrincipal"
- />
-
</configure>
Deleted: zope.app.security/trunk/src/zope/app/security/globalprincipals.txt
===================================================================
--- zope.app.security/trunk/src/zope/app/security/globalprincipals.txt 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/globalprincipals.txt 2009-03-12 02:31:26 UTC (rev 97947)
@@ -1,294 +0,0 @@
-===========================
-Global principal definition
-===========================
-
-Global principals are defined via ZCML. There are several kinds of
-principals that can be defined.
-
-Authenticated Users
--------------------
-
-There are principals that can log in:
-
- >>> zcml("""
- ... <configure
- ... xmlns="http://namespaces.zope.org/zope"
- ... >
- ...
- ... <principal
- ... id="zope.manager"
- ... title="Manager"
- ... description="System Manager"
- ... login="admin"
- ... password_manager="SHA1"
- ... password="40bd001563085fc35165329ea1ff5c5ecbdbbeef"
- ... />
- ...
- ... </configure>
- ... """)
-
- >>> import pprint
- >>> from zope.app.security.principalregistry import principalRegistry
- >>> [p] = principalRegistry.getPrincipals('')
- >>> p.id, p.title, p.description, p.getLogin(), p.validate('123')
- ('zope.manager', u'Manager', u'System Manager', u'admin', True)
-
-The unauthenticated principal
------------------------------
-
-There is the unauthenticated principal:
-
- >>> zcml("""
- ... <configure
- ... xmlns="http://namespaces.zope.org/zope"
- ... >
- ...
- ... <unauthenticatedPrincipal
- ... id="zope.unknown"
- ... title="Anonymous user"
- ... description="A person we don't know"
- ... />
- ...
- ... </configure>
- ... """)
-
- >>> p = principalRegistry.unauthenticatedPrincipal()
- >>> p.id, p.title, p.description
- ('zope.unknown', u'Anonymous user', u"A person we don't know")
-
-The unauthenticated principal will also be registered as a utility.
-This is to provide easy access to the data defined for the principal so
-that other (more featureful) principal objects can be created for the
-same principal.
-
- >>> from zope import component
- >>> from zope.app.security import interfaces
- >>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
- >>> p.id, p.title, p.description
- ('zope.unknown', u'Anonymous user', u"A person we don't know")
-
-The unauthenticated group
--------------------------
-
-An unauthenticated group can also be defined in ZCML:
-
- >>> zcml("""
- ... <configure
- ... xmlns="http://namespaces.zope.org/zope"
- ... >
- ...
- ... <unauthenticatedGroup
- ... id="zope.unknowngroup"
- ... title="Anonymous users"
- ... description="People we don't know"
- ... />
- ...
- ... </configure>
- ... """)
-
-This directive creates a group and registers it as a utility providing
-IUnauthenticatedGroup:
-
- >>> g = component.getUtility(interfaces.IUnauthenticatedGroup)
- >>> g.id, g.title, g.description
- ('zope.unknowngroup', u'Anonymous users', u"People we don't know")
-
-The unauthenticatedGroup directive also updates the group of the
-unauthenticated principal:
-
- >>> p = principalRegistry.unauthenticatedPrincipal()
- >>> g.id in p.groups
- True
- >>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
- >>> g.id in p.groups
- True
-
-If the unauthenticated principal is defined after the unauthenticated
-group, it will likewise have the group added to it:
-
- >>> reset()
- >>> zcml("""
- ... <configure
- ... xmlns="http://namespaces.zope.org/zope"
- ... >
- ...
- ... <unauthenticatedGroup
- ... id="zope.unknowngroup2"
- ... title="Anonymous users"
- ... description="People we don't know"
- ... />
- ... <unauthenticatedPrincipal
- ... id="zope.unknown2"
- ... title="Anonymous user"
- ... description="A person we don't know"
- ... />
- ...
- ... </configure>
- ... """)
-
- >>> g = component.getUtility(interfaces.IUnauthenticatedGroup)
- >>> g.id, g.title, g.description
- ('zope.unknowngroup2', u'Anonymous users', u"People we don't know")
- >>> p = principalRegistry.unauthenticatedPrincipal()
- >>> p.id, g.id in p.groups
- ('zope.unknown2', True)
- >>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
- >>> p.id, g.id in p.groups
- ('zope.unknown2', True)
-
-The unauthenticated group shows up as a principal in the principal
-registry:
-
- >>> principalRegistry.getPrincipal(g.id) == g
- True
-
- >>> list(principalRegistry.getPrincipals("Anonymous")) == [g]
- True
-
-The authenticated group
------------------------
-
-There is an authenticated group:
-
- >>> reset()
- >>> zcml("""
- ... <configure
- ... xmlns="http://namespaces.zope.org/zope"
- ... >
- ...
- ... <unauthenticatedPrincipal
- ... id="zope.unknown3"
- ... title="Anonymous user"
- ... description="A person we don't know"
- ... />
- ... <principal
- ... id="zope.manager2"
- ... title="Manager"
- ... description="System Manager"
- ... login="admin"
- ... password="123"
- ... />
- ... <authenticatedGroup
- ... id="zope.authenticated"
- ... title="Authenticated users"
- ... description="People we know"
- ... />
- ... <principal
- ... id="zope.manager3"
- ... title="Manager 3"
- ... login="admin3"
- ... password="123"
- ... />
- ...
- ... </configure>
- ... """)
-
-It defines an IAuthenticatedGroup utility:
-
- >>> g = component.getUtility(interfaces.IAuthenticatedGroup)
- >>> g.id, g.title, g.description
- ('zope.authenticated', u'Authenticated users', u'People we know')
-
-It also adds it self to the groups of any non-group principals already
-defined, and, when non-group principals are defined, they put
-themselves in the group if it's defined:
-
- >>> principals = list(principalRegistry.getPrincipals(''))
- >>> principals.sort(lambda p1, p2: cmp(p1.id, p2.id))
- >>> for p in principals:
- ... print p.id, p.groups == [g.id]
- zope.authenticated False
- zope.manager2 True
- zope.manager3 True
-
-Excluding unauthenticated principals, of course:
-
- >>> p = principalRegistry.unauthenticatedPrincipal()
- >>> p.id, g.id in p.groups
- ('zope.unknown3', False)
- >>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
- >>> p.id, g.id in p.groups
- ('zope.unknown3', False)
-
-
-The everybody group
--------------------
-
-Finally, there is an everybody group:
-
- >>> reset()
- >>> zcml("""
- ... <configure
- ... xmlns="http://namespaces.zope.org/zope"
- ... >
- ...
- ... <unauthenticatedPrincipal
- ... id="zope.unknown4"
- ... title="Anonymous user"
- ... description="A person we don't know"
- ... />
- ... <principal
- ... id="zope.manager4"
- ... title="Manager"
- ... description="System Manager"
- ... login="admin"
- ... password="123"
- ... />
- ... <everybodyGroup
- ... id="zope.everybody"
- ... title="Everybody"
- ... description="All People"
- ... />
- ... <principal
- ... id="zope.manager5"
- ... title="Manager 5"
- ... login="admin5"
- ... password="123"
- ... />
- ...
- ... </configure>
- ... """)
-
-The everybodyGroup directive defines an IEveryoneGroup utility:
-
- >>> g = component.getUtility(interfaces.IEveryoneGroup)
- >>> g.id, g.title, g.description
- ('zope.everybody', u'Everybody', u'All People')
-
-It also adds it self to the groups of any non-group principals already
-defined, and, when non-group principals are defined, they put
-themselves in the group if it's defined:
-
- >>> principals = list(principalRegistry.getPrincipals(''))
- >>> principals.sort(lambda p1, p2: cmp(p1.id, p2.id))
- >>> for p in principals:
- ... print p.id, p.groups == [g.id]
- zope.everybody False
- zope.manager4 True
- zope.manager5 True
-
-Including unauthenticated principals, of course:
-
- >>> p = principalRegistry.unauthenticatedPrincipal()
- >>> p.id, g.id in p.groups
- ('zope.unknown4', True)
- >>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
- >>> p.id, g.id in p.groups
- ('zope.unknown4', True)
-
-Note that it is up to IAuthentication implementations to associate
-these groups with their principals, as appropriate.
-
-
-The system_user
----------------
-
-There is also a system_user that is defined in the code. It will be returned
-from the getPrincipal method of the registry.
-
- >>> import zope.security.management
- >>> import zope.app.security.principalregistry
- >>> auth = zope.app.security.principalregistry.PrincipalRegistry()
- >>> system_user = auth.getPrincipal(u'zope.security.management.system_user')
- >>> system_user is zope.security.management.system_user
- True
Modified: zope.app.security/trunk/src/zope/app/security/meta.zcml
===================================================================
--- zope.app.security/trunk/src/zope/app/security/meta.zcml 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/meta.zcml 2009-03-12 02:31:26 UTC (rev 97947)
@@ -1,37 +1,6 @@
-<configure
- xmlns="http://namespaces.zope.org/zope"
- xmlns:meta="http://namespaces.zope.org/meta">
+<configure xmlns="http://namespaces.zope.org/zope">
<include package="zope.security" file="meta.zcml" />
+ <include package="zope.principalregistry" file="meta.zcml" />
- <meta:directive
- namespace="http://namespaces.zope.org/zope"
- name="principal"
- schema=".metadirectives.IDefinePrincipalDirective"
- handler=".metaconfigure.principal" />
-
- <meta:directive
- name="unauthenticatedPrincipal"
- namespace="http://namespaces.zope.org/zope"
- schema=".metadirectives.IDefineUnauthenticatedPrincipalDirective"
- handler=".metaconfigure.unauthenticatedPrincipal" />
-
- <meta:directive
- name="unauthenticatedGroup"
- namespace="http://namespaces.zope.org/zope"
- schema=".metadirectives.IDefineUnauthenticatedGroupDirective"
- handler=".metaconfigure.unauthenticatedGroup" />
-
- <meta:directive
- name="authenticatedGroup"
- namespace="http://namespaces.zope.org/zope"
- schema=".metadirectives.IDefineAuthenticatedGroupDirective"
- handler=".metaconfigure.authenticatedGroup" />
-
- <meta:directive
- name="everybodyGroup"
- namespace="http://namespaces.zope.org/zope"
- schema=".metadirectives.IDefineEverybodyGroupDirective"
- handler=".metaconfigure.everybodyGroup" />
-
</configure>
Modified: zope.app.security/trunk/src/zope/app/security/metaconfigure.py
===================================================================
--- zope.app.security/trunk/src/zope/app/security/metaconfigure.py 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/metaconfigure.py 2009-03-12 02:31:26 UTC (rev 97947)
@@ -11,119 +11,14 @@
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
-"""Register security related configuration directives.
+"""Backward-compatibility imports for the global principal registry directives
$Id$
"""
-from zope import component
-from zope.component.zcml import utility
-
-from zope.app.security import principalregistry
-from zope.app.security import interfaces
-
-
-def _principal():
- group = component.queryUtility(interfaces.IAuthenticatedGroup)
- if group is not None:
- _authenticatedGroup(group.id)
- group = component.queryUtility(interfaces.IEveryoneGroup)
- if group is not None:
- _everybodyGroup(group.id)
-
-def principal(_context, id, title, login,
- password, description='', password_manager="Plain Text"):
- _context.action(
- discriminator = ('principal', id),
- callable = principalregistry.principalRegistry.definePrincipal,
- args = (id, title, description, login, password, password_manager) )
- _context.action(discriminator = None, callable = _principal, args = ())
-
-
-def _unauthenticatedPrincipal():
- group = component.queryUtility(interfaces.IUnauthenticatedGroup)
- if group is not None:
- _unauthenticatedGroup(group.id)
- group = component.queryUtility(interfaces.IEveryoneGroup)
- if group is not None:
- _everybodyGroup(group.id)
-
-def unauthenticatedPrincipal(_context, id, title, description=''):
- principal = principalregistry.UnauthenticatedPrincipal(
- id, title, description)
- _context.action(
- discriminator = 'unauthenticatedPrincipal',
- callable = principalregistry.principalRegistry.defineDefaultPrincipal,
- args = (id, title, description, principal) )
- utility(_context, interfaces.IUnauthenticatedPrincipal, principal)
- _context.action(
- discriminator = None,
- callable = _unauthenticatedPrincipal,
- args = (),
- )
-
-def _unauthenticatedGroup(group):
- p = principalregistry.principalRegistry.unauthenticatedPrincipal()
- if p is not None:
- p.groups.append(group)
-
-def unauthenticatedGroup(_context, id, title, description=''):
- principal = principalregistry.UnauthenticatedGroup(
- id, title, description)
- utility(_context, interfaces.IUnauthenticatedGroup, principal)
- _context.action(
- discriminator = None,
- callable = _unauthenticatedGroup,
- args = (principal.id, ),
- )
- _context.action(
- discriminator = None,
- callable = principalregistry.principalRegistry.registerGroup,
- args = (principal, ),
- )
-
-def _authenticatedGroup(group):
- for p in principalregistry.principalRegistry.getPrincipals(''):
- if not isinstance(p, principalregistry.Principal):
- continue
- if group not in p.groups:
- p.groups.append(group)
-
-def authenticatedGroup(_context, id, title, description=''):
- principal = principalregistry.AuthenticatedGroup(
- id, title, description)
- utility(_context, interfaces.IAuthenticatedGroup, principal)
- _context.action(
- discriminator = None,
- callable = _authenticatedGroup,
- args = (principal.id, ),
- )
- _context.action(
- discriminator = None,
- callable = principalregistry.principalRegistry.registerGroup,
- args = (principal, ),
- )
-
-def _everybodyGroup(group):
- for p in principalregistry.principalRegistry.getPrincipals(''):
- if not isinstance(p, principalregistry.Principal):
- continue
- if group not in p.groups:
- p.groups.append(group)
- p = principalregistry.principalRegistry.unauthenticatedPrincipal()
- if p is not None:
- p.groups.append(group)
-
-def everybodyGroup(_context, id, title, description=''):
- principal = principalregistry.EverybodyGroup(
- id, title, description)
- utility(_context, interfaces.IEveryoneGroup, principal)
- _context.action(
- discriminator = None,
- callable = _everybodyGroup,
- args = (principal.id, ),
- )
- _context.action(
- discriminator = None,
- callable = principalregistry.principalRegistry.registerGroup,
- args = (principal, ),
- )
+from zope.principalregistry.metaconfigure import (
+ principal,
+ unauthenticatedPrincipal,
+ unauthenticatedGroup,
+ authenticatedGroup,
+ everybodyGroup,
+ )
Modified: zope.app.security/trunk/src/zope/app/security/metadirectives.py
===================================================================
--- zope.app.security/trunk/src/zope/app/security/metadirectives.py 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/metadirectives.py 2009-03-12 02:31:26 UTC (rev 97947)
@@ -11,60 +11,17 @@
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
-"""securityPolicy Directive Schema
+"""Backward-compatibility imports for the global principal registry directives
$Id$
"""
-from zope.interface import Interface
-from zope.schema import Id, TextLine
-
-class IBasePrincipalDirective(Interface):
- """Base interface for principal definition directives."""
-
- id = Id(
- title=u"Id",
- description=u"Id as which this object will be known and used.",
- required=True)
-
- title = TextLine(
- title=u"Title",
- description=u"Provides a title for the object.",
- required=True)
-
- description = TextLine(
- title=u"Title",
- description=u"Provides a description for the object.",
- required=False)
-
-class IDefinePrincipalDirective(IBasePrincipalDirective):
- """Define a new principal."""
-
- login = TextLine(
- title=u"Username/Login",
- description=u"Specifies the Principal's Username/Login.",
- required=True)
-
- password = TextLine(
- title=u"Password",
- description=u"Specifies the Principal's Password.",
- required=True)
-
- password_manager = TextLine(
- title=u"Password Manager Name",
- description=(u"Name of the password manager will be used"
- " for encode/check the password"),
- default=u"Plain Text"
- )
-
-class IDefineUnauthenticatedPrincipalDirective(IBasePrincipalDirective):
- """Define a new unauthenticated principal."""
-
-class IDefineUnauthenticatedGroupDirective(IBasePrincipalDirective):
- """Define the unauthenticated group."""
-
-class IDefineAuthenticatedGroupDirective(IBasePrincipalDirective):
- """Define the authenticated group."""
-
-class IDefineEverybodyGroupDirective(IBasePrincipalDirective):
- """Define the everybody group."""
+# BBB: these were moved to zope.principalregistry
+from zope.principalregistry.metadirectives import (
+ IBasePrincipalDirective,
+ IDefinePrincipalDirective,
+ IDefineUnauthenticatedPrincipalDirective,
+ IDefineUnauthenticatedGroupDirective,
+ IDefineAuthenticatedGroupDirective,
+ IDefineEverybodyGroupDirective,
+ )
Modified: zope.app.security/trunk/src/zope/app/security/principalregistry.py
===================================================================
--- zope.app.security/trunk/src/zope/app/security/principalregistry.py 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/principalregistry.py 2009-03-12 02:31:26 UTC (rev 97947)
@@ -11,194 +11,23 @@
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
-"""Global Authentication Utility or Principal Registry
+"""Backward-compatibility imports for the global principal registry
$Id$
"""
-from zope.component import getUtility
-from zope.interface import implements
-from zope.container.contained import Contained, contained
-import zope.security.management
-from zope.security.interfaces import IGroupAwarePrincipal
-from zope.password.interfaces import IPasswordManager
-
-from zope.app.security import interfaces
-
-
-class DuplicateLogin(Exception):
- pass
-
-class DuplicateId(Exception):
- pass
-
-class PrincipalRegistry(object):
-
- implements(interfaces.IAuthentication, interfaces.ILogout)
-
- # Methods implementing IAuthentication
-
- def authenticate(self, request):
- a = interfaces.ILoginPassword(request, None)
- if a is not None:
- login = a.getLogin()
- if login is not None:
- p = self.__principalsByLogin.get(login, None)
- if p is not None:
- password = a.getPassword()
- if p.validate(password):
- return p
- return None
-
- __defaultid = None
- __defaultObject = None
-
- def defineDefaultPrincipal(self, id, title, description='',
- principal=None):
- if id in self.__principalsById:
- raise DuplicateId(id)
- self.__defaultid = id
- if principal is None:
- principal = UnauthenticatedPrincipal(id, title, description)
- self.__defaultObject = contained(principal, self, id)
- return principal
-
- def unauthenticatedPrincipal(self):
- return self.__defaultObject
-
- def unauthorized(self, id, request):
- if id is None or id is self.__defaultid:
- a = interfaces.ILoginPassword(request)
- a.needLogin(realm="Zope")
-
- def getPrincipal(self, id):
- r = self.__principalsById.get(id)
- if r is None:
- if id == self.__defaultid:
- return self.__defaultObject
- if id == zope.security.management.system_user.id:
- return zope.security.management.system_user
- raise interfaces.PrincipalLookupError(id)
- return r
-
- def getPrincipalByLogin(self, login):
- return self.__principalsByLogin[login]
-
- def getPrincipals(self, name):
- name = name.lower()
- return [p for p in self.__principalsById.itervalues()
- if p.title.lower().startswith(name) or
- p.getLogin().lower().startswith(name)]
-
- def logout(self, request):
- # not supporting basic auth logout -- no such thing
- pass
-
- # Management methods
-
- def __init__(self):
- self.__principalsById = {}
- self.__principalsByLogin = {}
-
- def definePrincipal(self, principal, title, description='',
- login='', password='', passwordManagerName='Plain Text'):
- id=principal
- if login in self.__principalsByLogin:
- raise DuplicateLogin(login)
-
- if id in self.__principalsById or id == self.__defaultid:
- raise DuplicateId(id)
-
- p = Principal(id, title, description,
- login, password, passwordManagerName)
- p = contained(p, self, id)
-
- self.__principalsByLogin[login] = p
- self.__principalsById[id] = p
-
- return p
-
- def registerGroup(self, group):
- id = group.id
- if id in self.__principalsById or id == self.__defaultid:
- raise DuplicateId(id)
-
- self.__principalsById[group.id] = group
-
- def _clear(self):
- self.__init__()
- self.__defaultid = None
- self.__defaultObject = None
-
-principalRegistry = PrincipalRegistry()
-
-# Register our cleanup with Testing.CleanUp to make writing unit tests
-# simpler.
-try:
- from zope.testing.cleanup import addCleanUp
-except ImportError:
- pass
-else:
- addCleanUp(principalRegistry._clear)
- del addCleanUp
-
-class PrincipalBase(Contained):
-
- def __init__(self, id, title, description):
- self.id = id
- self.title = title
- self.description = description
- self.groups = []
-
-class Group(PrincipalBase):
-
- def getLogin(self):
- return '' # to make registry search happy
-
-class Principal(PrincipalBase):
-
- implements(IGroupAwarePrincipal)
-
- def __init__(self, id, title, description, login,
- pw, pwManagerName="Plain Text"):
- super(Principal, self).__init__(id, title, description)
- self.__login = login
- self.__pwManagerName = pwManagerName
- self.__pw = pw
-
- def __getPasswordManager(self):
- return getUtility(IPasswordManager, self.__pwManagerName)
-
- def getLogin(self):
- return self.__login
-
- def validate(self, pw):
- pwManager = self.__getPasswordManager()
- return pwManager.checkPassword(self.__pw, pw)
-
-
-class UnauthenticatedPrincipal(PrincipalBase):
-
- implements(interfaces.IUnauthenticatedPrincipal)
-
-
-fallback_unauthenticated_principal = (
- UnauthenticatedPrincipal(
- __name__+'.fallback_unauthenticated_principal',
- 'Fallback unauthenticated principal',
- 'The default unauthenticated principal. Used as a fallback to '
- 'allow challenging for a user even if the IAuthentication returned '
- 'None as the unauthenticated principal.'))
-
-
-class UnauthenticatedGroup(Group):
-
- implements(interfaces.IUnauthenticatedGroup)
-
-class AuthenticatedGroup(Group):
-
- implements(interfaces.IAuthenticatedGroup)
-
-class EverybodyGroup(Group):
-
- implements(interfaces.IEveryoneGroup)
+# BBB: these were moved to zope.principalregistry
+from zope.principalregistry.principalregistry import (
+ DuplicateLogin,
+ DuplicateId,
+ PrincipalRegistry,
+ principalRegistry,
+ PrincipalBase,
+ Group,
+ Principal,
+ UnauthenticatedPrincipal,
+ fallback_unauthenticated_principal,
+ UnauthenticatedGroup,
+ AuthenticatedGroup,
+ EverybodyGroup,
+ )
Added: zope.app.security/trunk/src/zope/app/security/standardpermissions.zcml
===================================================================
--- zope.app.security/trunk/src/zope/app/security/standardpermissions.zcml (rev 0)
+++ zope.app.security/trunk/src/zope/app/security/standardpermissions.zcml 2009-03-12 02:31:26 UTC (rev 97947)
@@ -0,0 +1,56 @@
+<configure
+ xmlns="http://namespaces.zope.org/zope"
+ i18n_domain="zope"
+ >
+
+ <!-- XXX: this will be moved -->
+
+ <permission
+ id="zope.View"
+ title="[view-permission] View"
+ />
+
+ <permission
+ id="zope.Security"
+ title="[change-security-settings-permission] Change security settings"
+ />
+
+ <permission
+ id="zope.ManageContent"
+ title="[manage-content-permission] Manage Content"
+ />
+
+ <permission
+ id="zope.ManageBindings"
+ title="[manage-service-bindings-permission] Manage Service Bindings"
+ />
+
+ <permission
+ id="zope.ManageCode"
+ title="[manage-code-permission] Manage Code"
+ description="Manage executable code, including Python, SQL, ZPT, etc."
+ />
+
+ <permission
+ id="zope.ManageServices"
+ title="[manage-services-permission] Manage Services"
+ />
+
+ <permission
+ id="zope.ManageSite"
+ title="[manage-site-permission] Manage Site"
+ />
+
+ <permission
+ id="zope.ManagePrincipals"
+ title="[manage-principal-permission] Manage Principals"
+ />
+
+ <permission
+ id="zope.ManageApplication"
+ title="[manage-application-permission] Manage Application"
+ description="Manage the Zope Application, such as Restart/Shutdown or
+ packing the ZODB."
+ />
+
+</configure>
Modified: zope.app.security/trunk/src/zope/app/security/tests/__init__.py
===================================================================
--- zope.app.security/trunk/src/zope/app/security/tests/__init__.py 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/tests/__init__.py 2009-03-12 02:31:26 UTC (rev 97947)
@@ -19,6 +19,7 @@
from zope.security.interfaces import IPermission
from zope.security.permission import Permission
+# XXX: move this to zope.security.testing
def addCheckerPublic():
"""Add the CheckerPublic permission as 'zope.Public'"""
Deleted: zope.app.security/trunk/src/zope/app/security/tests/perm.zcml
===================================================================
--- zope.app.security/trunk/src/zope/app/security/tests/perm.zcml 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/tests/perm.zcml 2009-03-12 02:31:26 UTC (rev 97947)
@@ -1,13 +0,0 @@
-<configure
- xmlns="http://namespaces.zope.org/zope"
- i18n_domain="zope"
- >
-
- <include package="zope.app.security" file="meta.zcml"/>
-
- <permission
- id="Can.Do.It"
- title="A Permissive Permission"
- description="This permission lets you do anything" />
-
-</configure>
Deleted: zope.app.security/trunk/src/zope/app/security/tests/perm_duplicate.zcml
===================================================================
--- zope.app.security/trunk/src/zope/app/security/tests/perm_duplicate.zcml 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/tests/perm_duplicate.zcml 2009-03-12 02:31:26 UTC (rev 97947)
@@ -1,17 +0,0 @@
-<configure
- xmlns="http://namespaces.zope.org/zope"
- i18n_domain="zope">
-
- <include package="zope.app.security" file="meta.zcml"/>
-
- <permission
- id="Can.Do.It"
- title="A Permissive Permission"
- description="This permission lets you do anything" />
-
- <permission
- id="Can.Do.It"
- title="A Permissive Permission"
- description="This permission lets you do anything" />
-
-</configure>
Deleted: zope.app.security/trunk/src/zope/app/security/tests/principal.zcml
===================================================================
--- zope.app.security/trunk/src/zope/app/security/tests/principal.zcml 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/tests/principal.zcml 2009-03-12 02:31:26 UTC (rev 97947)
@@ -1,25 +0,0 @@
-<configure
- xmlns="http://namespaces.zope.org/zope"
- i18n_domain="zope"
- >
-
- <include package="zope.app.security" file="meta.zcml"/>
-
- <principal
- id="zope.p1"
- title="Sir Tim Peters"
- description="Tim Peters"
- login="tim"
- password_manager="SHA1"
- password="40bd001563085fc35165329ea1ff5c5ecbdbbeef"
- />
-
- <principal
- id="zope.p2"
- title="Sir Jim Fulton"
- description="Jim Fulton"
- login="jim"
- password="123"
- />
-
-</configure>
Modified: zope.app.security/trunk/src/zope/app/security/tests/test_principalregistry.py
===================================================================
--- zope.app.security/trunk/src/zope/app/security/tests/test_principalregistry.py 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/tests/test_principalregistry.py 2009-03-12 02:31:26 UTC (rev 97947)
@@ -16,141 +16,74 @@
$Id$
"""
import unittest
-from zope.interface import implements
-from zope.app.security.interfaces import PrincipalLookupError
-from zope.publisher.interfaces.http import IHTTPCredentials
+from zope.testing import doctest
-from zope.app.testing import ztapi
-from zope.app.component.testing import PlacefulSetup
+def test_bbb_imports():
+ """
+ Let's check that principal registry that was moved to
+ zope.principalregistry is still importable from original places.
+
+ >>> import zope.app.security.principalregistry as old
+ >>> import zope.principalregistry.principalregistry as new
+
+ >>> old.DuplicateLogin is new.DuplicateLogin
+ True
+ >>> old.DuplicateId is new.DuplicateId
+ True
+ >>> old.PrincipalRegistry is new.PrincipalRegistry
+ True
+ >>> old.principalRegistry is new.principalRegistry
+ True
+ >>> old.PrincipalBase is new.PrincipalBase
+ True
+ >>> old.Group is new.Group
+ True
+ >>> old.Principal is new.Principal
+ True
+ >>> old.UnauthenticatedPrincipal is new.UnauthenticatedPrincipal
+ True
+ >>> old.fallback_unauthenticated_principal is new.fallback_unauthenticated_principal
+ True
+ >>> old.UnauthenticatedGroup is new.UnauthenticatedGroup
+ True
+ >>> old.AuthenticatedGroup is new.AuthenticatedGroup
+ True
+ >>> old.EverybodyGroup is new.EverybodyGroup
+ True
-from zope.app.security.basicauthadapter import BasicAuthAdapter
-from zope.app.security.interfaces import ILoginPassword
-from zope.app.security.principalregistry import PrincipalRegistry
-from zope.app.security.principalregistry import DuplicateLogin, DuplicateId
+ >>> import zope.app.security.metadirectives as old
+ >>> import zope.principalregistry.metadirectives as new
+ >>> old.IBasePrincipalDirective is new.IBasePrincipalDirective
+ True
+ >>> old.IDefinePrincipalDirective is new.IDefinePrincipalDirective
+ True
+ >>> old.IDefineUnauthenticatedPrincipalDirective is new.IDefineUnauthenticatedPrincipalDirective
+ True
+ >>> old.IDefineUnauthenticatedGroupDirective is new.IDefineUnauthenticatedGroupDirective
+ True
+ >>> old.IDefineAuthenticatedGroupDirective is new.IDefineAuthenticatedGroupDirective
+ True
+ >>> old.IDefineEverybodyGroupDirective is new.IDefineEverybodyGroupDirective
+ True
-class Request(object):
+ >>> import zope.app.security.metaconfigure as old
+ >>> import zope.principalregistry.metaconfigure as new
+
+ >>> old.principal is new.principal
+ True
+ >>> old.unauthenticatedPrincipal is new.unauthenticatedPrincipal
+ True
+ >>> old.unauthenticatedGroup is new.unauthenticatedGroup
+ True
+ >>> old.authenticatedGroup is new.authenticatedGroup
+ True
+ >>> old.everybodyGroup is new.everybodyGroup
+ True
- implements(IHTTPCredentials)
+ """
- def __init__(self, lpw):
- self.__lpw = lpw
-
- def _authUserPW(self):
- return self.__lpw
-
- challenge = None
- def unauthorized(self, challenge):
- self.challenge = challenge
-
-
-class Test(PlacefulSetup, unittest.TestCase):
-
- def setUp(self):
- PlacefulSetup.setUp(self)
-
- ztapi.provideAdapter(
- IHTTPCredentials, ILoginPassword, BasicAuthAdapter)
-
- self.reg = PrincipalRegistry()
-
- self.reg.definePrincipal('1', 'Tim Peters', 'Sir Tim Peters',
- 'tim', '123')
- self.reg.definePrincipal('2', 'Jim Fulton', 'Sir Jim Fulton',
- 'jim', '456')
-
- def testRegistered(self):
- p = self.reg.getPrincipal('1')
- self.assertEqual(p.id, '1')
- self.assertEqual(p.title, 'Tim Peters')
- self.assertEqual(p.description, 'Sir Tim Peters')
- p = self.reg.getPrincipal('2')
- self.assertEqual(p.id, '2')
- self.assertEqual(p.title, 'Jim Fulton')
- self.assertEqual(p.description, 'Sir Jim Fulton')
-
- self.assertEqual(len(self.reg.getPrincipals('')), 2)
-
- def testUnRegistered(self):
- self.assertRaises(PrincipalLookupError, self.reg.getPrincipal, '3')
-
- def testDup(self):
- self.assertRaises(DuplicateId,
- self.reg.definePrincipal,
- '1', 'Tim Peters', 'Sir Tim Peters',
- 'tim2', '123')
- self.assertRaises(DuplicateLogin,
- self.reg.definePrincipal,
- '3', 'Tim Peters', 'Sir Tim Peters',
- 'tim', '123')
- self.assertRaises(PrincipalLookupError, self.reg.getPrincipal, '3')
- self.assertEqual(len(self.reg.getPrincipals('')), 2)
-
- def testSearch(self):
- r = self.reg.getPrincipals('J')
- self.assertEquals(len(r), 1)
- self.failUnless(r[0] is self.reg.getPrincipal('2'))
-
- def testByLogin(self):
- tim = self.reg.getPrincipalByLogin('tim')
- self.assertEquals(tim.getLogin(), 'tim')
- jim = self.reg.getPrincipalByLogin('jim')
- self.assertEquals(jim.getLogin(), 'jim')
- self.assertRaises(KeyError,
- self.reg.getPrincipalByLogin, 'kim')
-
- def testValidation(self):
- tim = self.reg.getPrincipalByLogin('tim')
- self.assert_(tim.validate('123'))
- self.failIf(tim.validate('456'))
- self.failIf(tim.validate(''))
- self.failIf(tim.validate('1234'))
- self.failIf(tim.validate('12'))
-
- def testAuthenticate(self):
- req = Request(('tim', '123'))
- pid = self.reg.authenticate(req).id
- self.assertEquals(pid, '1')
- req = Request(('tim', '1234'))
- p = self.reg.authenticate(req)
- self.assertEquals(p, None)
- req = Request(('kim', '123'))
- p = self.reg.authenticate(req)
- self.assertEquals(p, None)
-
- def testUnauthorized(self):
- request = Request(None)
- self.reg.unauthorized(self.reg.unauthenticatedPrincipal(), request)
- self.assertEquals(request.challenge, 'basic realm="Zope"')
- request = Request(None)
- self.reg.unauthorized(None, request)
- self.assertEquals(request.challenge, 'basic realm="Zope"')
- request = Request(None)
- self.reg.unauthorized("1", request)
- self.assertEquals(request.challenge, None)
-
- def testDefaultPrincipal(self):
- self.assertEquals(self.reg.unauthenticatedPrincipal(), None)
- self.assertRaises(DuplicateId, self.reg.defineDefaultPrincipal,
- "1", "tim")
- self.reg.defineDefaultPrincipal("everybody", "Default Principal")
- self.assertEquals(self.reg.unauthenticatedPrincipal().id, "everybody")
- self.reg.defineDefaultPrincipal("anybody", "Default Principal",
- "This is the default headmaster")
- self.assertEquals(self.reg.unauthenticatedPrincipal().id, "anybody")
- self.assertRaises(PrincipalLookupError,
- self.reg.getPrincipal, "everybody")
- p = self.reg.getPrincipal("anybody")
- self.assertEquals(p.id, "anybody")
- self.assertEquals(p.title, "Default Principal")
- self.assertRaises(DuplicateId, self.reg.definePrincipal,
- "anybody", "title")
-
-
def test_suite():
return unittest.TestSuite((
- unittest.makeSuite(Test),
+ doctest.DocTestSuite(),
))
-
-if __name__=='__main__':
- unittest.main(defaultTest='test_suite')
Deleted: zope.app.security/trunk/src/zope/app/security/tests/test_securitydirectives.py
===================================================================
--- zope.app.security/trunk/src/zope/app/security/tests/test_securitydirectives.py 2009-03-12 02:11:13 UTC (rev 97946)
+++ zope.app.security/trunk/src/zope/app/security/tests/test_securitydirectives.py 2009-03-12 02:31:26 UTC (rev 97947)
@@ -1,79 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Security Directives Tests
-
-$Id$
-"""
-import unittest
-from zope.configuration.config import ConfigurationConflictError
-from zope.configuration import xmlconfig
-
-from zope.component import getUtility
-from zope.app.testing import ztapi
-from zope.app.testing.placelesssetup import PlacelessSetup
-
-from zope.security.interfaces import IPermission
-from zope.app.security.interfaces import IAuthentication
-from zope.app.security.principalregistry import principalRegistry
-import zope.app.security.tests
-
-
-class TestBase(PlacelessSetup):
-
- def setUp(self):
- super(TestBase, self).setUp()
- ztapi.provideUtility(IAuthentication, principalRegistry)
-
-
-class TestPrincipalDirective(TestBase, unittest.TestCase):
-
- def testRegister(self):
- context = xmlconfig.file("principal.zcml", zope.app.security.tests)
- reg=principalRegistry
-
- p = reg.getPrincipal('zope.p1')
- self.assertEqual(p.id, 'zope.p1')
- self.assertEqual(p.title, 'Sir Tim Peters')
- self.assertEqual(p.description, 'Tim Peters')
- p = reg.getPrincipal('zope.p2')
- self.assertEqual(p.id, 'zope.p2')
- self.assertEqual(p.title, 'Sir Jim Fulton')
- self.assertEqual(p.description, 'Jim Fulton')
-
- self.assertEqual(len(reg.getPrincipals('')), 2)
-
-
-class TestPermissionDirective(TestBase, unittest.TestCase):
-
- def testRegister(self):
- context = xmlconfig.file("perm.zcml", zope.app.security.tests)
- perm = getUtility(IPermission, "Can.Do.It")
- self.failUnless(perm.id.endswith('Can.Do.It'))
- self.assertEqual(perm.title, 'A Permissive Permission')
- self.assertEqual(perm.description,
- 'This permission lets you do anything')
-
- def testDuplicationRegistration(self):
- self.assertRaises(ConfigurationConflictError, xmlconfig.file,
- "perm_duplicate.zcml", zope.app.security.tests)
-
-
-def test_suite():
- return unittest.TestSuite((
- unittest.makeSuite(TestPrincipalDirective),
- unittest.makeSuite(TestPermissionDirective),
- ))
-
-if __name__ == '__main__':
- unittest.main()
More information about the Checkins
mailing list