[Checkins] SVN: z3ext.permissionsmap/ initial import
Nikolay Kim
fafhrd at datacom.kz
Fri Mar 21 02:20:53 EDT 2008
Log message for revision 84815:
initial import
Changed:
A z3ext.permissionsmap/
A z3ext.permissionsmap/branches/
A z3ext.permissionsmap/tags/
A z3ext.permissionsmap/trunk/
A z3ext.permissionsmap/trunk/AUTHOR.txt
A z3ext.permissionsmap/trunk/CHANGES.txt
A z3ext.permissionsmap/trunk/LICENSE.txt
A z3ext.permissionsmap/trunk/bootstrap.py
A z3ext.permissionsmap/trunk/buildout.cfg
A z3ext.permissionsmap/trunk/setup.py
A z3ext.permissionsmap/trunk/src/
A z3ext.permissionsmap/trunk/src/z3ext/
A z3ext.permissionsmap/trunk/src/z3ext/__init__.py
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/README.txt
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/__init__.py
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/configure.zcml
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/interfaces.py
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/manager.py
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/meta.zcml
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/support.py
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/tests.py
A z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py
-=-
Added: z3ext.permissionsmap/trunk/AUTHOR.txt
===================================================================
--- z3ext.permissionsmap/trunk/AUTHOR.txt (rev 0)
+++ z3ext.permissionsmap/trunk/AUTHOR.txt 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1 @@
+Nikolay Kim (fafhrd91 <at> gmail <dot> com)
Added: z3ext.permissionsmap/trunk/CHANGES.txt
===================================================================
--- z3ext.permissionsmap/trunk/CHANGES.txt (rev 0)
+++ z3ext.permissionsmap/trunk/CHANGES.txt 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,42 @@
+=======
+CHANGES
+=======
+
+1.2.0 (2008-03-21)
+------------------
+
+- Move code to svn.zope.org
+
+
+1.1.2 (2008-03-19)
+------------------
+
+- 100% tests coverage
+
+- Code cleanup
+
+- Minor performance seepdup
+
+
+1.1.1 (2008-02-16)
+------------------
+
+- Performance (profiling)
+
+
+1.1.0 (2008-01-31)
+------------------
+
+- Fixed: Do not use IRolePermissionMap as base interface
+ because z3ext.security policy use object permission map
+ and PermissionsManManager at the same time
+
+- Added license information
+
+- Fixed rest format in README.txt
+
+
+1.0.0 (2007-12-08)
+------------------
+
+- Initial release.
Added: z3ext.permissionsmap/trunk/LICENSE.txt
===================================================================
--- z3ext.permissionsmap/trunk/LICENSE.txt (rev 0)
+++ z3ext.permissionsmap/trunk/LICENSE.txt 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,54 @@
+Zope Public License (ZPL) Version 2.1
+-------------------------------------
+
+A copyright notice accompanies this license document that
+identifies the copyright holders.
+
+This license has been certified as open source. It has also
+been designated as GPL compatible by the Free Software
+Foundation (FSF).
+
+Redistribution and use in source and binary forms, with or
+without modification, are permitted provided that the
+following conditions are met:
+
+1. Redistributions in source code must retain the
+ accompanying copyright notice, this list of conditions,
+ and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the accompanying
+ copyright notice, this list of conditions, and the
+ following disclaimer in the documentation and/or other
+ materials provided with the distribution.
+
+3. Names of the copyright holders must not be used to
+ endorse or promote products derived from this software
+ without prior written permission from the copyright
+ holders.
+
+4. The right to distribute this software or to use it for
+ any purpose does not give you the right to use
+ Servicemarks (sm) or Trademarks (tm) of the copyright
+ holders. Use of them is covered by separate agreement
+ with the copyright holders.
+
+5. If any files are modified, you must cause the modified
+ files to carry prominent notices stating that you changed
+ the files and the date of any change.
+
+Disclaimer
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ``AS IS''
+ AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
+ NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
+ NO EVENT SHALL THE COPYRIGHT HOLDERS BE
+ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ DAMAGE.
Added: z3ext.permissionsmap/trunk/bootstrap.py
===================================================================
--- z3ext.permissionsmap/trunk/bootstrap.py (rev 0)
+++ z3ext.permissionsmap/trunk/bootstrap.py 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,52 @@
+##############################################################################
+#
+# Copyright (c) 2006 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Bootstrap a buildout-based project
+
+Simply run this script in a directory containing a buildout.cfg.
+The script accepts buildout command-line options, so you can
+use the -c option to specify an alternate configuration file.
+
+$Id$
+"""
+
+import os, shutil, sys, tempfile, urllib2
+
+tmpeggs = tempfile.mkdtemp()
+
+ez = {}
+exec urllib2.urlopen('http://peak.telecommunity.com/dist/ez_setup.py'
+ ).read() in ez
+ez['use_setuptools'](to_dir=tmpeggs, download_delay=0)
+
+import pkg_resources
+
+cmd = 'from setuptools.command.easy_install import main; main()'
+if sys.platform == 'win32':
+ cmd = '"%s"' % cmd # work around spawn lamosity on windows
+
+ws = pkg_resources.working_set
+assert os.spawnle(
+ os.P_WAIT, sys.executable, sys.executable,
+ '-c', cmd, '-mqNxd', tmpeggs, 'zc.buildout',
+ dict(os.environ,
+ PYTHONPATH=
+ ws.find(pkg_resources.Requirement.parse('setuptools')).location
+ ),
+ ) == 0
+
+ws.add_entry(tmpeggs)
+ws.require('zc.buildout')
+import zc.buildout.buildout
+zc.buildout.buildout.main(sys.argv[1:] + ['bootstrap'])
+shutil.rmtree(tmpeggs)
Property changes on: z3ext.permissionsmap/trunk/bootstrap.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3ext.permissionsmap/trunk/buildout.cfg
===================================================================
--- z3ext.permissionsmap/trunk/buildout.cfg (rev 0)
+++ z3ext.permissionsmap/trunk/buildout.cfg 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,18 @@
+[buildout]
+develop = .
+parts = test coverage-test coverage-report
+
+[test]
+recipe = zc.recipe.testrunner
+eggs = z3ext.permissionsmap [test]
+
+[coverage-test]
+recipe = zc.recipe.testrunner
+eggs = z3ext.permissionsmap [test]
+defaults = ['--coverage', '../../coverage']
+
+[coverage-report]
+recipe = zc.recipe.egg
+eggs = z3c.coverage
+scripts = coverage=coverage-report
+arguments = ('coverage', 'coverage/report')
Added: z3ext.permissionsmap/trunk/setup.py
===================================================================
--- z3ext.permissionsmap/trunk/setup.py (rev 0)
+++ z3ext.permissionsmap/trunk/setup.py 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,72 @@
+##############################################################################
+#
+# Copyright (c) 2007 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Setup for z3ext.permissionsmap package
+
+$Id$
+"""
+import sys, os
+from setuptools import setup, find_packages
+
+def read(*rnames):
+ return open(os.path.join(os.path.dirname(__file__), *rnames)).read()
+
+version = '1.2.0'
+
+
+setup(name='z3ext.permissionsmap',
+ version=version,
+ description="Permissions maps for Zope3",
+ long_description=(
+ 'Detailed Documentation\n' +
+ '======================\n'
+ + '\n\n' +
+ read('src', 'z3ext', 'permissionsmap', 'README.txt')
+ + '\n\n' +
+ read('CHANGES.txt')
+ ),
+ classifiers=[
+ 'Development Status :: 5 - Production/Stable',
+ 'Environment :: Web Environment',
+ 'Intended Audience :: Developers',
+ 'License :: OSI Approved :: Zope Public License',
+ 'Programming Language :: Python',
+ 'Natural Language :: English',
+ 'Operating System :: OS Independent',
+ 'Topic :: Internet :: WWW/HTTP',
+ 'Framework :: Zope3'],
+ author='Nikolay Kim',
+ author_email='fafhrd91 at gmail.com',
+ url='http://z3ext.net/',
+ license='ZPL 2.1',
+ packages=find_packages('src'),
+ package_dir = {'':'src'},
+ namespace_packages=['z3ext'],
+ install_requires = ['setuptools',
+ 'zope.event',
+ 'zope.schema',
+ 'zope.interface',
+ 'zope.component',
+ 'zope.location',
+ 'zope.annotation',
+ 'zope.security',
+ 'zope.securitypolicy',
+ 'zope.configuration',
+ 'z3ext.security',
+ ],
+ extras_require = dict(test=['zope.app.testing',
+ 'zope.testing',
+ ]),
+ include_package_data = True,
+ zip_safe = False
+ )
Property changes on: z3ext.permissionsmap/trunk/setup.py
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:keywords
+ Id
Added: z3ext.permissionsmap/trunk/src/z3ext/__init__.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/__init__.py (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/__init__.py 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,6 @@
+# namespace package boilerplate
+try:
+ __import__('pkg_resources').declare_namespace(__name__)
+except ImportError, e:
+ from pkgutil import extend_path
+ __path__ = extend_path(__path__, __name__)
Property changes on: z3ext.permissionsmap/trunk/src/z3ext/__init__.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/README.txt
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/README.txt (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/README.txt 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,183 @@
+===============
+Permissions map
+===============
+
+Package that allow group permissions and manage object grants by
+group. This package will only work with z3ext.security securitypolicy.
+
+Permissionsmap implements zcml directive `zope:permissions` that allow
+manage permissions maps with zcml.
+
+ >>> from zope import interface, component
+ >>> from zope.interface.verify import verifyObject
+
+ >>> import z3ext.permissionsmap
+ >>> from z3ext.permissionsmap import interfaces, tests
+
+ >>> from zope.configuration import xmlconfig
+ >>> context = xmlconfig.file('meta.zcml', z3ext.permissionsmap)
+
+We can register new permissions maps with <zope:permissions /> directive,
+We can use following subdirectives: grant, deny, unset, grantAll,
+denyAll, unsetAll
+
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns="http://namespaces.zope.org/zope">
+ ... <permissions name="myPermissions" title="My Permissions">
+ ... <unsetAll permission="my.p1" />
+ ... <unset permission="my.p1" role="r1" />
+ ... <grantAll permission="my.p1" />
+ ... <grant permission="my.p1" role="r1 r2 r3" />
+ ... <deny permission="my.p2" role="r1 r3" />
+ ... <denyAll permission="my.p3" />
+ ... </permissions>
+ ... </configure>""", context)
+
+ >>> permissions = component.getUtility(
+ ... interfaces.IPermissionsMap, 'myPermissions')
+
+ >>> verifyObject(interfaces.IPermissionsMap, permissions)
+ True
+
+ >>> for p, settings in permissions.getPermissionsForRole('r1'):
+ ... print p, settings.getName()
+ my.p1 Allow
+ my.p3 Deny
+ my.p2 Deny
+
+ >>> for p, settings in permissions.getPermissionsForRole('r2'):
+ ... print p, settings.getName()
+ my.p1 Allow
+ my.p3 Deny
+
+ >>> for p, settings in permissions.getPermissionsForRole('r3'):
+ ... print p, settings.getName()
+ my.p1 Allow
+ my.p3 Deny
+ my.p2 Deny
+
+We can add permissions later
+
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns="http://namespaces.zope.org/zope">
+ ... <permissions name="myPermissions" title="My Permissions">
+ ... <unsetAll permission="my.p1" />
+ ... </permissions>
+ ... </configure>""", context)
+
+
+We can create permissions map for class or interface
+
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns="http://namespaces.zope.org/zope">
+ ...
+ ... <permissions for="z3ext.permissionsmap.tests.TestContent1"
+ ... name="myPermissions1">
+ ...
+ ... <grant permission="my.p1" role="r1 r2 r3" />
+ ... <deny permission="my.p2" role="r1 r3" />
+ ... <denyAll permission="my.p3" />
+ ... </permissions>
+ ... </configure>""", context)
+
+ >>> content = tests.TestContent1()
+
+ >>> perms = component.getAdapter(content, \
+ ... interfaces.IPermissionsMap, 'myPermissions1')
+
+ >>> verifyObject(interfaces.IDefaultPermissionsMap, perms)
+ True
+
+
+We can assign permissions map to any annotatable content
+
+ >>> from zope.annotation.interfaces import IAttributeAnnotatable
+ >>> interface.directlyProvides(content, IAttributeAnnotatable)
+
+ >>> objectmaps = interfaces.IObjectPermissionsMaps(content)
+ >>> verifyObject(interfaces.IObjectPermissionsMaps, objectmaps)
+ True
+
+ >>> list(objectmaps.get())
+ []
+
+ >>> objectmanager = interfaces.IObjectPermissionsMapsManager(content)
+ >>> verifyObject(interfaces.IObjectPermissionsMapsManager, objectmanager)
+ True
+
+We can assign any permissions map to object
+
+ >>> objectmanager.set(('myPermissions',))
+
+When we set permissions map we can get notification
+
+ >>> from zope.component.eventtesting import getEvents
+ >>> event = getEvents()[-1]
+ >>> interfaces.IObjectPermissionsMapsModifiedEvent.providedBy(event)
+ True
+
+ >>> event.object is content
+ True
+
+ >>> event.maps
+ ('myPermissions',)
+
+Now we can get object permissions map
+
+ >>> objectmaps = interfaces.IObjectPermissionsMaps(content)
+ >>> list(objectmaps.get())
+ [PermissionsMap(u'myPermissions')]
+
+To remove permissions maps simply set empty tuple
+
+ >>> objectmanager.set(())
+ >>> objectmaps = interfaces.IObjectPermissionsMaps(content)
+ >>> list(objectmaps.get())
+ []
+
+We can't set unregistered permissions maps
+
+ >>> objectmanager.set(('unknown',))
+ Traceback (most recent call last):
+ ...
+ UnknownPermissionsMap: ...
+
+
+PermissionsMap access
+---------------------
+
+ >>> from zope.securitypolicy.interfaces import IRolePermissionMap
+ >>> map = component.getAdapter(
+ ... content, IRolePermissionMap, 'z3ext.permissionsmap')
+ >>> map.getPermissionsForRole('r1')
+ [('my.p1', PermissionSetting: Allow), ('my.p3', PermissionSetting: Deny), ('my.p2', PermissionSetting: Deny)]
+
+ >>> map.getRolesForPermission('my.p3')
+ [(u'r1', PermissionSetting: Deny), (u'r2', PermissionSetting: Deny), (u'r3', PermissionSetting: Deny)]
+
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns="http://namespaces.zope.org/zope">
+ ... <permissions name="myPermissions2" title="My Permissions2">
+ ... <grant permission="my.p3" role="r1" />
+ ... <grant permission="my.p2" role="r2" />
+ ... </permissions>
+ ... </configure>""", context)
+
+ >>> objectmanager = interfaces.IObjectPermissionsMapsManager(content)
+ >>> objectmanager.set(('myPermissions2', 'myPermissions1'))
+
+ >>> map = component.getAdapter(
+ ... content, IRolePermissionMap, 'z3ext.permissionsmap')
+ >>> map.getPermissionsForRole('r1')
+ [('my.p1', PermissionSetting: Allow), ('my.p3', PermissionSetting: Allow), ('my.p2', PermissionSetting: Deny)]
+
+ >>> map.getRolesForPermission('my.p3')
+ [(u'r1', PermissionSetting: Allow), (u'r2', PermissionSetting: Deny), (u'r3', PermissionSetting: Deny)]
+
+getSetting and getRolesAndPermissions methods are not implemented
+
+ >>> map.getSetting('', '')
+ ()
+
+ >>> map.getRolesAndPermissions()
+ ()
Added: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/__init__.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/__init__.py (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/__init__.py 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1 @@
+# This file is necessary to make this directory a package.
Property changes on: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/__init__.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/configure.zcml
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/configure.zcml (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/configure.zcml 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,31 @@
+<configure xmlns="http://namespaces.zope.org/zope">
+
+ <adapter factory=".support.ObjectPermissionsMaps" />
+ <adapter factory=".support.ObjectPermissionsMapsManager" />
+
+ <class class=".support.ObjectPermissionsMaps">
+ <allow interface=".interfaces.IObjectPermissionsMaps" />
+ </class>
+
+ <adapter
+ name="z3ext.permissionsmap"
+ factory=".manager.PermissionsMapManager" />
+
+ <class class=".permissionsmap.PermissionsMap">
+ <allow interface="zope.securitypolicy.interfaces.IRolePermissionMap" />
+ </class>
+
+ <!-- Registering documentation with API doc -->
+ <configure
+ xmlns:zcml="http://namespaces.zope.org/zcml"
+ xmlns:apidoc="http://namespaces.zope.org/apidoc"
+ zcml:condition="have apidoc">
+
+ <apidoc:bookchapter
+ id="z3ext-permissionsmap"
+ title="z3ext.permissionsmap - Permissions map"
+ doc_path="README.txt"
+ parent="z3ext" />
+ </configure>
+
+</configure>
Added: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/interfaces.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/interfaces.py (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/interfaces.py 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,72 @@
+##############################################################################
+#
+# Copyright (c) 2008 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" z3ext.permissionsmap interfaces
+
+$Id$
+"""
+from zope import schema, interface
+from zope.component.interfaces import IObjectEvent
+
+
+class UnknownPermissionsMap(Exception):
+ """ Unknown permissions map """
+
+
+class IPermissionsMap(interface.Interface):
+ """ named IRolePermissionMap object """
+
+ name = schema.TextLine(
+ title=u"Name",
+ description=u"Permissions map identifier.",
+ required=True)
+
+ title = schema.TextLine(
+ title=u"Title",
+ description=u"Permissions map title.",
+ required=True)
+
+ description = schema.TextLine(
+ title=u"Description",
+ description=u"Permissions map description.",
+ required=False)
+
+
+class IDefaultPermissionsMap(interface.Interface):
+ """ marker interface for default class/interface permissions map """
+
+
+class IObjectPermissionsMaps(interface.Interface):
+
+ def get():
+ """ return object permissions maps """
+
+
+class IObjectPermissionsMapsManager(interface.Interface):
+
+ def set(maps):
+ """ set object permissions maps """
+
+
+class IObjectPermissionsMapsModifiedEvent(IObjectEvent):
+ """ object permissions maps modified """
+
+ maps = interface.Attribute('Mew maps list')
+
+
+class ObjectPermissionsMapsModifiedEvent(object):
+ interface.implements(IObjectPermissionsMapsModifiedEvent)
+
+ def __init__(self, object, maps):
+ self.object = object
+ self.maps = maps
Property changes on: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/interfaces.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/manager.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/manager.py (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/manager.py 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,67 @@
+##############################################################################
+#
+# Copyright (c) 2008 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+from zope import interface, component
+from zope.component import getAdapters
+from zope.location.interfaces import ILocation
+from zope.securitypolicy.interfaces import IRolePermissionMap
+
+from interfaces import IPermissionsMap, IObjectPermissionsMaps
+
+
+class PermissionsMapManager(object):
+ component.adapts(ILocation)
+ interface.implements(IRolePermissionMap)
+
+ def __init__(self, context):
+ perms = []
+
+ # first get object permissionsmap
+ supp = IObjectPermissionsMaps(context, None)
+ if supp is not None:
+ perms.extend(supp.get())
+
+ # then get adapted permissionsmap
+ for name, permissions in getAdapters((context,), IPermissionsMap):
+ perms.append(permissions)
+
+ self.perms = perms
+
+ def getPermissionsForRole(self, role_id):
+ permissions = {}
+ for perm in self.perms:
+ for permission, setting in perm.getPermissionsForRole(role_id):
+ if permission not in permissions:
+ permissions[permission] = setting
+
+ return permissions.items()
+
+ def getRolesForPermission(self, permission_id):
+ """ check permissions in order """
+ roles = {}
+ for perm in self.perms:
+ for role, setting in perm.getRolesForPermission(permission_id):
+ if role not in roles:
+ roles[role] = setting
+
+ return roles.items()
+
+ def getSetting(self, permission_id, role_id):
+ return ()
+
+ def getRolesAndPermissions(self):
+ return ()
Property changes on: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/manager.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/meta.zcml
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/meta.zcml (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/meta.zcml 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,39 @@
+<configure
+ xmlns="http://namespaces.zope.org/zope"
+ xmlns:meta="http://namespaces.zope.org/meta">
+
+ <meta:directives namespace="http://namespaces.zope.org/zope">
+
+ <meta:complexDirective
+ name="permissions"
+ schema=".zcml.IPermissionsMapDirective"
+ handler=".zcml.permissionsMapDirective">
+
+ <meta:subdirective
+ name="grant"
+ schema=".zcml.IGrantDirective" />
+
+ <meta:subdirective
+ name="deny"
+ schema=".zcml.IDenyDirective" />
+
+ <meta:subdirective
+ name="unset"
+ schema=".zcml.IUnsetDirective" />
+
+ <meta:subdirective
+ name="grantAll"
+ schema=".zcml.IGrantAllDirective" />
+
+ <meta:subdirective
+ name="denyAll"
+ schema=".zcml.IDenyAllDirective" />
+
+ <meta:subdirective
+ name="unsetAll"
+ schema=".zcml.IUnsetAllDirective" />
+ </meta:complexDirective>
+
+ </meta:directives>
+
+</configure>
Added: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,35 @@
+##############################################################################
+#
+# Copyright (c) 2008 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+from zope import interface
+from zope.securitypolicy.securitymap import PersistentSecurityMap
+from zope.securitypolicy.rolepermission import RolePermissionManager
+
+from interfaces import IPermissionsMap
+
+
+class PermissionsMap(PersistentSecurityMap, RolePermissionManager):
+ interface.implements(IPermissionsMap)
+
+ def __init__(self, name, title, description=''):
+ super(PermissionsMap, self).__init__()
+ self.name = name
+ self.title = title
+ self.description = description
+
+ def __repr__(self):
+ return 'PermissionsMap(%r)' % self.name
Property changes on: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/support.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/support.py (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/support.py 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,68 @@
+##############################################################################
+#
+# Copyright (c) 2008 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+from zope import event, interface, component
+from zope.component import queryUtility
+from zope.annotation.interfaces import IAnnotations, IAnnotatable
+
+from interfaces import UnknownPermissionsMap
+from interfaces import IPermissionsMap, ObjectPermissionsMapsModifiedEvent
+from interfaces import IObjectPermissionsMaps, IObjectPermissionsMapsManager
+
+KEY = 'z3ext.permissionsmap'
+
+
+class ObjectPermissionsMaps(object):
+ component.adapts(IAnnotatable)
+ interface.implements(IObjectPermissionsMaps)
+
+ def __init__(self, context):
+ annotations = IAnnotations(context)
+ self.data = annotations.get(KEY, ())
+
+ def get(self):
+ perms = []
+ for name in self.data:
+ perm = queryUtility(IPermissionsMap, name=name)
+ if perm is not None:
+ yield perm
+
+
+class ObjectPermissionsMapsManager(object):
+ component.adapts(IAnnotatable)
+ interface.implements(IObjectPermissionsMapsManager)
+
+ def __init__(self, context):
+ self.context = context
+ self.annotations = IAnnotations(context)
+ self.data = self.annotations.get(KEY, ())
+
+ def set(self, perms):
+ for name in perms:
+ perm = queryUtility(IPermissionsMap, name=name)
+ if perm is None:
+ raise UnknownPermissionsMap(
+ "Undefined permissions map id", name)
+
+ if perms:
+ self.data = tuple(perms)
+ self.annotations[KEY] = self.data
+ else:
+ if KEY in self.annotations:
+ del self.annotations[KEY]
+
+ event.notify(ObjectPermissionsMapsModifiedEvent(self.context, self.data))
Property changes on: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/support.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/tests.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/tests.py (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/tests.py 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,82 @@
+##############################################################################
+#
+# Copyright (c) 2008 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" z3ext.permissionsmap tests
+
+$Id$
+"""
+__docformat__ = "reStructuredText"
+
+import unittest, doctest
+from zope import interface
+from zope.component import provideAdapter, provideUtility
+from zope.app.testing import setup
+
+from zope.securitypolicy.role import Role
+from zope.security.permission import Permission
+from zope.annotation.attribute import AttributeAnnotations
+
+from manager import PermissionsMapManager
+from support import ObjectPermissionsMaps, ObjectPermissionsMapsManager
+
+
+r1 = Role('r1', 'Role1')
+r2 = Role('r2', 'Role2')
+r3 = Role('r3', 'Role3')
+
+p1 = Permission('my.p1')
+p2 = Permission('my.p2')
+p3 = Permission('my.p3')
+
+
+class ITestContent1(interface.Interface):
+ pass
+
+class ITestContent2(interface.Interface):
+ pass
+
+class TestContent1(object):
+ interface.implements(ITestContent1)
+
+class TestContent2(object):
+ interface.implements(ITestContent2)
+
+
+def setUp(test):
+ setup.placelessSetUp()
+
+ provideUtility(r1, name='r1')
+ provideUtility(r2, name='r2')
+ provideUtility(r3, name='r3')
+
+ provideUtility(p1, name='my.p1')
+ provideUtility(p2, name='my.p2')
+ provideUtility(p3, name='my.p3')
+
+ provideAdapter(AttributeAnnotations)
+ provideAdapter(ObjectPermissionsMaps)
+ provideAdapter(ObjectPermissionsMapsManager)
+ provideAdapter(PermissionsMapManager,
+ (interface.Interface,), name='z3ext.permissionsmap')
+
+def tearDown(test):
+ setup.placelessTearDown()
+
+
+def test_suite():
+ return unittest.TestSuite((
+ doctest.DocFileSuite(
+ 'README.txt',
+ setUp=setUp, tearDown=tearDown,
+ optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
+ ))
Property changes on: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/tests.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py (rev 0)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py 2008-03-21 06:20:52 UTC (rev 84815)
@@ -0,0 +1,247 @@
+##############################################################################
+#
+# Copyright (c) 2008 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" zcml directive
+
+$Id$
+"""
+from zope.component import globalregistry
+from zope.component import getUtility, queryUtility, getUtilitiesFor
+
+from zope import schema, interface, component
+from zope.security.zcml import Permission
+from zope.configuration.fields import Tokens, GlobalObject
+from zope.securitypolicy.interfaces import IRole
+
+from interfaces import IPermissionsMap
+from interfaces import IDefaultPermissionsMap
+from permissionsmap import PermissionsMap
+
+
+class IPermissionsMapDirective(interface.Interface):
+ """ define permissions map directive"""
+
+ name = schema.TextLine(
+ title=u"Name",
+ description=u"Permissions map identifier.",
+ required=True)
+
+ for_ = GlobalObject(
+ title=u"For",
+ required=False)
+
+ title = schema.TextLine(
+ title=u"Title",
+ description=u"Permissions map title.",
+ required=False)
+
+ description = schema.TextLine(
+ title=u"Description",
+ description=u"Permissions map description.",
+ required=False)
+
+ override = schema.Bool(
+ title=u"Override",
+ description=u"Allow override sub directives for this declaration.",
+ required=False,
+ default=True)
+
+
+class IGrantDirective(interface.Interface):
+
+ role = Tokens(
+ title=u"Role",
+ description=u"Specifies the role.",
+ required=True,
+ value_type=schema.TextLine())
+
+ permission = Tokens(
+ title=u"Permission",
+ description=u"Specifies the permission to be mapped.",
+ required=True,
+ value_type=Permission())
+
+
+class IDenyDirective(interface.Interface):
+
+ role = Tokens(
+ title=u"Role",
+ description=u"Specifies the role.",
+ required=True,
+ value_type=schema.TextLine())
+
+ permission = Tokens(
+ title=u"Permission",
+ description=u"Specifies the permission to be mapped.",
+ required=True,
+ value_type=Permission())
+
+
+class IUnsetDirective(interface.Interface):
+
+ role = Tokens(
+ title=u"Role",
+ description=u"Specifies the role.",
+ required=True,
+ value_type=schema.TextLine())
+
+ permission = Tokens(
+ title=u"Permission",
+ description=u"Specifies the permission to be mapped.",
+ required=True,
+ value_type=Permission())
+
+
+class IGrantAllDirective(interface.Interface):
+
+ permission = Tokens(
+ title=u"Permission",
+ description=u"Specifies the permission to be mapped.",
+ required=True,
+ value_type=Permission())
+
+
+class IDenyAllDirective(interface.Interface):
+
+ permission = Tokens(
+ title=u"Permission",
+ description=u"Specifies the permission to be mapped.",
+ required=True,
+ value_type=Permission())
+
+
+class IUnsetAllDirective(interface.Interface):
+
+ permission = Tokens(
+ title=u"Permission",
+ description=u"Specifies the permission to be mapped.",
+ required=True,
+ value_type=Permission())
+
+
+class ClassPermissionsFactory(object):
+
+ def __init__(self, permissionsmap):
+ self.permissionsmap = permissionsmap
+
+ def __call__(self, context):
+ return self.permissionsmap
+
+
+def permissionsHandler(name, for_, title, description):
+ # check if map already exists
+ sm = globalregistry.globalSiteManager
+
+ perms = sm.queryUtility(IPermissionsMap, name)
+ if perms is not None:
+ return
+
+ # register map as utility
+ perms = PermissionsMap(name, title, description)
+ sm.registerUtility(perms, IPermissionsMap, name)
+
+ if for_ is not None:
+ # register map as adapter for for_
+ interface.alsoProvides(perms, IDefaultPermissionsMap)
+ factory = ClassPermissionsFactory(perms)
+ sm.registerAdapter(factory, (for_,), IPermissionsMap, name)
+
+
+def directiveHandler(name, method, permissions, roles, check=False):
+ sm = globalregistry.globalSiteManager
+
+ permissionmap = sm.getUtility(IPermissionsMap, name)
+
+ for role in roles:
+ for permission in permissions:
+ if not check:
+ getattr(permissionmap, method)(permission, role, False)
+ else:
+ getattr(permissionmap, method)(permission, role)
+
+
+def directiveHandlerAll(name, method, permissions):
+ sm = globalregistry.globalSiteManager
+
+ permissionmap = sm.getUtility(IPermissionsMap, name)
+
+ for role_id, role in getUtilitiesFor(IRole):
+ for permission in permissions:
+ getattr(permissionmap, method)(permission, role_id)
+
+
+class permissionsMapDirective(object):
+
+ def __init__(self, _context, name, for_=None,
+ title='', description='', override=True):
+ self.name = name
+ self.override = override
+
+ _context.action(
+ discriminator = ('z3ext.permissions', name, hash(self)),
+ callable = permissionsHandler,
+ args = (name, for_, title, description))
+
+ def discriminator(self, data):
+ if self.override:
+ data = data + (object(),)
+ return data
+
+ def grant(self, _context, role, permission):
+ _context.action(
+ discriminator = self.discriminator(
+ ('z3ext.permissions.grant',
+ self.name, tuple(role), tuple(permission))),
+ callable = directiveHandler,
+ args = (self.name, 'grantPermissionToRole', permission, role))
+
+ def deny(self, _context, role, permission):
+ _context.action(
+ discriminator = self.discriminator(
+ ('z3ext.permissions.deny',
+ self.name, tuple(role), tuple(permission))),
+ callable = directiveHandler,
+ args = (self.name, 'denyPermissionToRole', permission, role))
+
+ def unset(self, _context, role, permission):
+ _context.action(
+ discriminator = self.discriminator(
+ ('z3ext.permissions.unset',
+ self.name, tuple(role), tuple(permission))),
+ callable = directiveHandler,
+ args = (self.name, 'unsetPermissionFromRole',
+ permission, role, True))
+
+ def grantAll(self, _context, permission):
+ _context.action(
+ discriminator = self.discriminator(
+ ('z3ext.permissions.grantAll',
+ self.name, tuple(permission))),
+ callable = directiveHandlerAll,
+ args = (self.name, 'grantPermissionToRole', permission))
+
+ def denyAll(self, _context, permission):
+ _context.action(
+ discriminator = self.discriminator(
+ ('z3ext.permissions.denyAll',
+ self.name, tuple(permission))),
+ callable = directiveHandlerAll,
+ args = (self.name, 'denyPermissionToRole', permission))
+
+ def unsetAll(self, _context, permission):
+ _context.action(
+ discriminator = self.discriminator(
+ ('z3ext.permissions.unsetAll',
+ self.name, tuple(permission))),
+ callable = directiveHandlerAll,
+ args = (self.name, 'unsetPermissionFromRole', permission))
Property changes on: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py
___________________________________________________________________
Name: svn:keywords
+ Id
More information about the Checkins
mailing list