[Zope3-dev] Backward-incompatible to security-management API

[Jim Fulton]

I'd like to change part of the security-management API.
I'm pretty sure it's change that won't impact anyone, but
I want to double check my assumption.

Currently, we have security policies and interactions:

   class ISecurityPolicy(Interface):

     def createInteraction(participation=None):
         """Creates a new interaction for a given request.

         If participation is not None, it is added to the new interaction.

         XXX perhaps this should be a separate interface IInteractionFactory,
             and the factory registered by calling
             ISecurityManagement.global setInteractionFactory(factory).
         """

     def checkPermission(permission, object, interaction):
         """Return whether security context allows permission on object.

         Arguments:
         permission -- A permission name
         object -- The object being accessed according to the permission
         interaction -- An interaction, which provides access to information
             such as authenticated principals.
         """


   class IInteraction(Interface):
     """A representation of an interaction between some actors and the system.
     """

     participations = Attribute("""An iterable of participations.""")

     def add(participation):
         """Add a participation."""

     def remove(participation):
         """Remove a participation."""

I'd like to combine these by moving the checkPermission method to interactions:

   class IInteraction(Interface):
     """A representation of an interaction between some actors and the system.
     """

     participations = Attribute("""An iterable of participations.""")

     def add(participation):
         """Add a participation."""

     def remove(participation):
         """Remove a participation."""

     def checkPermission(permission, object):
         """Return whether security context allows permission on object.

         Arguments:
         permission -- A permission name
         object -- The object being accessed according to the permission
         """

There will still be an ISecurityPolicy:

   class ISecurityPolicy(Interface):

     def __call__(participation=None):
         """Creates a new interaction.

         If participation is not None, it is added to the new interaction.
         """

But it will be soley responsible for creating interactions and will
be provided by the interaction class supplied by a security-policy
implementation.

Aside from the obvious impact on alternative security policy implementations,
the only impact of this will be on checkers. I'm not aware of any alternative
security-polict implementations outside of the core.

Does anyone think this would affect them?

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org