[Checkins]
SVN: z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
- Various refactoring for clarity
Daniel Blackburn
blackburnd at gmail.com
Wed Feb 20 20:32:30 EST 2008
Log message for revision 84099:
- Various refactoring for clarity
- updated code to make the securityMatrix page accurate
permisison settings were backwards
Changed:
U z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py 2008-02-20 23:41:01 UTC (rev 84098)
+++ z3c.securitytool/trunk/src/z3c/securitytool/securitytool.py 2008-02-21 01:32:25 UTC (rev 84099)
@@ -14,8 +14,6 @@
from zope.securitypolicy.principalrole import principalRoleManager
from zope.securitypolicy.rolepermission import rolePermissionManager
-from zope.app.container.interfaces import IContainer
-
from z3c.securitytool import interfaces
class SecurityChecker(object):
@@ -31,9 +29,9 @@
selectedPermission=None):
""" retrieves permission settings for all views"""
request = TestRequest()
+ self.selectedPermission = selectedPermission
self.skin = skin
- self.selectedPermission = selectedPermission
-
+
applySkin(request, self.skin)
self.viewMatrix = {}
@@ -43,8 +41,8 @@
self.permissions = set()
for iface in interfaces:
- for view_reg in getViews(iface, self.skin):
- viewInstance = getView(self.context, view_reg, self.skin)
+ for view_reg in getViews(iface, skin):
+ viewInstance = getView(self.context, view_reg, skin)
if viewInstance:
self.populateMatrix(viewInstance,view_reg)
@@ -83,6 +81,7 @@
read_perm = info['read_perm']
if read_perm == None:
read_perm = 'zope.Public'
+
self.permissions.add(read_perm)
name = info['name']
@@ -132,36 +131,53 @@
role['role'],
self.name)
- principalPermissions = allSettings.get('principalPermissions',[])
- self.populatePermissionMatrix(read_perm,principalPermissions)
+ prinPermissions = allSettings.get('principalPermissions',[])
+ self.populatePermissionMatrix(read_perm,prinPermissions)
def updateRolePermissionSetting(self,permSetting,principal,role,name):
- """ Updates permission setting for current role if necessary"""
+ """
+ Updates permission setting for current role if necessary this
+ populates the viewRoleMatrix which is used with viewPermMatrix to
+ determine the objects permission for the securityMatrix.html page
+
+ """
if permSetting != 'Deny':
- if not self.viewRoleMatrix[principal].has_key(name):
- self.viewRoleMatrix[principal][name] = {}
+ self.viewRoleMatrix[principal].setdefault(name,{})
self.viewRoleMatrix[principal][name].update({role:permSetting})
def populatePermissionMatrix(self,read_perm,principalPermissions):
""" This method populates the principal permission section of
- the view matrix
+ the view matrix, it is half responsible for the 'Allow' and
+ 'Deny' on the securityMatrix.html page. The other half belongs
+ to the role permissions (viewRoleMatrix).
"""
- for principalPermission in principalPermissions:
- if principalPermission['permission'] == read_perm:
- principal = principalPermission['principal']
- permSetting = principalPermission['setting'].getName()
- if self.viewPermMatrix.has_key(principal):
- if self.viewPermMatrix[principal].has_key(self.name):
- if self.viewPermMatrix[principal][self.name] != 'Deny':
- self.viewPermMatrix[principal].update(
- {self.name: permSetting}
- )
- else:
- self.viewPermMatrix[principal][self.name] = permSetting
- else:
- self.viewPermMatrix[principal] = {self.name: permSetting}
+ matrix = self.viewPermMatrix
+ principalPermissions.reverse()
+ for prinPerm in principalPermissions:
+ if prinPerm['permission'] != read_perm:
+ #If it is not the read_perm it is uninteresting
+ continue
+ principal = prinPerm['principal']
+ setting = prinPerm['setting'].getName()
+
+ if matrix.setdefault(principal,{self.name:setting}) == \
+ {self.name:setting}:
+ #If the prin is not in the matrix add it
+ continue
+
+ elif matrix[principal].setdefault(
+ self.name,setting) == setting:
+ #If the permisison does not exist for the prin add it
+ continue
+
+ elif matrix[principal][self.name] != 'test':
+ #If the permission is not Deny update it.
+ #why do we only do this if it is not deny?
+ matrix[principal].update({self.name: setting})
+
+
class PermissionDetails(object):
"""Get permission details for a given principal and view.
Includes the permissions set by the groups the principal belongs to.
@@ -190,18 +206,16 @@
if view_reg.name == view_name:
view = getView(self.context, view_reg, skin)
settings = settingsForObject(view)
- read_perm = getViewInfoDictionary(view_reg)['read_perm'] or 'zope.Public'
+ read_perm = getViewInfoDictionary(view_reg)['read_perm']\
+ or 'zope.Public'
break
-
if settings:
for name,setting in settings:
if setting.get('rolePermissions',''):
rolePermissions.extend(setting['rolePermissions'])
- prinPermSettings = self.permissionDetails(principal,
- read_perm,
- settings,
- rolePermissions)
+ prinPermSettings = self.permissionDetails(principal, read_perm,
+ settings, rolePermissions)
prinPermSettings['read_perm'] = read_perm
More information about the Checkins
mailing list