[Checkins] SVN: grok/trunk/src/grok/ implement *really* simple
support for security-aware environments (where
Philipp von Weitershausen
philikon at philikon.de
Mon Oct 16 12:17:10 EDT 2006
Log message for revision 70710:
implement *really* simple support for security-aware environments (where
objects are proxied) by specifying that models and views don't get any
proxies. This is, of course, temporary.
Also cleaned up some over-long lines.
Changed:
U grok/trunk/src/grok/_grok.py
A grok/trunk/src/grok/tests/security/
A grok/trunk/src/grok/tests/security/__init__.py
A grok/trunk/src/grok/tests/security/modeldefaultpublic.py
A grok/trunk/src/grok/tests/security/viewdefaultpublic.py
U grok/trunk/src/grok/tests/test_grok.py
-=-
Modified: grok/trunk/src/grok/_grok.py
===================================================================
--- grok/trunk/src/grok/_grok.py 2006-10-16 16:16:52 UTC (rev 70709)
+++ grok/trunk/src/grok/_grok.py 2006-10-16 16:17:09 UTC (rev 70710)
@@ -20,6 +20,7 @@
from zope.dottedname.resolve import resolve
from zope import component
from zope import interface
+from zope.security.checker import defineChecker, getCheckerForInstancesOf, NoProxy
from zope.publisher.browser import BrowserPage
from zope.publisher.interfaces.browser import IDefaultBrowserLayer
from zope.pagetemplate import pagetemplate
@@ -27,9 +28,9 @@
from grok import util
from grok.error import GrokError
-from grok.directive import (ClassDirectiveContext, ModuleDirectiveContext, ClassOrModuleDirectiveContext,
+from grok.directive import (ClassDirectiveContext, ModuleDirectiveContext,
+ ClassOrModuleDirectiveContext,
TextDirective, InterfaceOrClassDirective)
-
class Model(persistent.Persistent):
pass
@@ -80,6 +81,7 @@
module = resolve(dotted_name)
context = None
+ models = []
adapters = []
multiadapters = []
views = []
@@ -91,10 +93,7 @@
continue
if util.check_subclass(obj, Model):
- if context is None:
- context = obj
- else:
- context = AMBIGUOUS_CONTEXT
+ models.append(obj)
elif util.check_subclass(obj, Adapter):
adapters.append(obj)
elif util.check_subclass(obj, MultiAdapter):
@@ -113,19 +112,33 @@
if not resource.endswith(".pt"):
continue
- contents = resource_string(dotted_name, os.path.join(directory_name, resource))
+ contents = resource_string(dotted_name,
+ os.path.join(directory_name, resource))
template = PageTemplate(contents)
template_name = resource[:-3]
if templates.get(template_name):
- raise GrokError("Conflicting templates found for name '%s' in module %r, "
- "both inline and in resource directory '%s'."
+ raise GrokError("Conflicting templates found for name '%s' "
+ "in module %r, both inline and in resource "
+ "directory '%s'."
% (template_name, module, directory_name))
templates.register(template_name, template)
+ if len(models) == 0:
+ context = None
+ elif len(models) == 1:
+ context = models[0]
+ else:
+ context = AMBIGUOUS_CONTEXT
+
module_context = directive_annotation(module, 'grok.context', None)
if module_context:
context = module_context
+ for model in models:
+ # TODO minimal security here (read: everything is public)
+ if not getCheckerForInstancesOf(model):
+ defineChecker(model, NoProxy)
+
for factory in adapters:
adapter_context = determine_context(factory, context)
name = directive_annotation(factory, 'grok.name', '')
@@ -140,7 +153,8 @@
factory_name = factory.__name__.lower()
# find inline templates
- template_name = directive_annotation(factory, 'grok.template', factory_name)
+ template_name = directive_annotation(factory, 'grok.template',
+ factory_name)
template = templates.get(template_name)
if factory_name != template_name:
@@ -170,6 +184,9 @@
provides=interface.Interface,
name=view_name)
+ # TODO minimal security here (read: everything is public)
+ defineChecker(factory, NoProxy)
+
for name, unassociated in templates.listUnassociatedTemplates():
source = '<%s template in %s>' % (name, dotted_name)
check_context(source, context)
@@ -184,6 +201,9 @@
provides=interface.Interface,
name=name)
+ # TODO minimal security here (read: everything is public)
+ defineChecker(TemplateView, NoProxy)
+
class TemplateRegistry(object):
def __init__(self):
@@ -234,5 +254,6 @@
# directives
name = TextDirective('grok.name', ClassDirectiveContext())
template = TextDirective('grok.template', ClassDirectiveContext())
-context = InterfaceOrClassDirective('grok.context', ClassOrModuleDirectiveContext())
+context = InterfaceOrClassDirective('grok.context',
+ ClassOrModuleDirectiveContext())
resource = TextDirective('grok.resource', ModuleDirectiveContext())
Copied: grok/trunk/src/grok/tests/security/__init__.py (from rev 70696, grok/trunk/src/grok/tests/__init__.py)
Added: grok/trunk/src/grok/tests/security/modeldefaultpublic.py
===================================================================
--- grok/trunk/src/grok/tests/security/modeldefaultpublic.py 2006-10-16 16:16:52 UTC (rev 70709)
+++ grok/trunk/src/grok/tests/security/modeldefaultpublic.py 2006-10-16 16:17:09 UTC (rev 70710)
@@ -0,0 +1,24 @@
+"""
+Models are public by default:
+
+ >>> grok.grok(__name__)
+
+ >>> mammoth = Mammoth('manfred')
+
+ >>> from zope.security.proxy import ProxyFactory
+ >>> from zope.security.management import newInteraction, endInteraction
+ >>> mammoth = ProxyFactory(mammoth)
+ >>> newInteraction()
+
+ >>> mammoth.name
+ 'manfred'
+
+ >>> endInteraction()
+
+"""
+import grok
+
+class Mammoth(grok.Model):
+
+ def __init__(self, name):
+ self.name = name
Property changes on: grok/trunk/src/grok/tests/security/modeldefaultpublic.py
___________________________________________________________________
Name: svn:eol-style
+ native
Added: grok/trunk/src/grok/tests/security/viewdefaultpublic.py
===================================================================
--- grok/trunk/src/grok/tests/security/viewdefaultpublic.py 2006-10-16 16:16:52 UTC (rev 70709)
+++ grok/trunk/src/grok/tests/security/viewdefaultpublic.py 2006-10-16 16:17:09 UTC (rev 70710)
@@ -0,0 +1,43 @@
+"""
+Views are public by default:
+
+ >>> grok.grok(__name__)
+
+ >>> manfred = Mammoth()
+
+ >>> from zope.security.management import newInteraction, endInteraction
+ >>> newInteraction()
+
+ >>> from zope.publisher.browser import TestRequest
+ >>> request = TestRequest()
+ >>> from zope import component
+ >>> view = component.getMultiAdapter((manfred, request), name='cavepainting')
+
+ >>> from zope.security.proxy import ProxyFactory
+ >>> view = ProxyFactory(view)
+ >>> print view()
+ A cave painting of a mammoth
+
+Same goes for template-based views:
+
+ >>> view = component.getMultiAdapter((manfred, request), name='templatepainting')
+ >>> view = ProxyFactory(view)
+ >>> print view()
+ A template-based painting of a mammoth
+
+ >>> endInteraction()
+
+"""
+import grok
+
+class Mammoth(grok.Model):
+ pass
+
+class CavePainting(grok.View):
+
+ def render(self):
+ return 'A cave painting of a mammoth'
+
+templatepainting = grok.PageTemplate("""\
+A template-based painting of a mammoth
+""")
Property changes on: grok/trunk/src/grok/tests/security/viewdefaultpublic.py
___________________________________________________________________
Name: svn:eol-style
+ native
Modified: grok/trunk/src/grok/tests/test_grok.py
===================================================================
--- grok/trunk/src/grok/tests/test_grok.py 2006-10-16 16:16:52 UTC (rev 70709)
+++ grok/trunk/src/grok/tests/test_grok.py 2006-10-16 16:17:09 UTC (rev 70710)
@@ -26,7 +26,7 @@
def test_suite():
suite = unittest.TestSuite()
- for name in ['adapter', 'view']:
+ for name in ['adapter', 'view', 'security']:
suite.addTest(suiteFromPackage(name))
return suite
More information about the Checkins
mailing list