[Checkins] SVN: z3c.securitytool/trunk/src/z3c/securitytool/README.txt Updating README.txt

Daniel Blackburn blackburnd at gmail.com
Sat May 24 14:14:13 EDT 2008 

Log message for revision 86930:
  Updating README.txt

Changed:
  U   z3c.securitytool/trunk/src/z3c/securitytool/README.txt

-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/README.txt
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/README.txt	2008-05-24 17:25:52 UTC (rev 86929)
+++ z3c.securitytool/trunk/src/z3c/securitytool/README.txt	2008-05-24 18:14:13 UTC (rev 86930)
@@ -27,19 +27,24 @@
     >>> from z3c.securitytool.interfaces import IPermissionDetails
     >>> root = getRootFolder()
 
-Several things are added to the database on the IDatabaseOpenedEvent when
-starting the demo or running the tests. These settings are used to test
-the functionality in the tests as well as populate a matrix for the demo.
-Lets make sure the items were added with demoSetup.py
+    Several things are added to the database on the IDatabaseOpenedEvent when
+    starting the demo or running the tests. These settings are used to test
+    the functionality in the tests as well as populate a matrix for the demo.
+    Lets make sure the items were added with demoSetup.py, We will assume
+    that if Folder1 exists in the root folder then demoSetup.py was executed.
 
     >>> sorted(root.keys())
     [u'Folder1']
 
-To retrieve the permission settings for the folder we must first adapt the
-context to a SecurityChecker Object.
+    To retrieve the permission settings for the folder we must first adapt the
+    context to a SecurityChecker Object.
 
     >>> folder1 = ISecurityChecker(root['Folder1'])
 
+    >>> print folder1.__class__.__name__
+    SecurityChecker
+    
+    Lets introspect the object.
     >>> pprint(dir(folder1))
     ['__class__',
      '__component_adapts__',
@@ -53,48 +58,55 @@
      'updateRolePermissionSetting']
         
 
-Ok. Lets now see how the security tool represents the permissions for
-a certain context level and Interface.
+    To get all the security settings for particular context level the
+    getPermissionSettingsForAllViews is called with a tuple of interfaces.
+    All the views registered for the interfaces passed will be inspected.
 
-The 'getPermissionSettingsForAllViews' method takes a tuple of interfaces
-as an argument to determine what views registered at this context level.
+    
+    Since nothing should be registerd for only zope.interface.Interface we
+    should recieve an empty set, of permissions, roles and groups.
 
-Since nothing should be registerd for only zope.interface.Interface we
-should recieve an empty set, of permissions, roles and groups.
-
     >>> folder1.getPermissionSettingsForAllViews(zope.interface.Interface)
     [{}, {}, set([])]
 
-
-We first get the interfaces registered for this context
-level and then list all the view names that are registered for this context
-and Interface.
-
-Now lets see what the actual securityMatrix looks like in the context level
-of folder1.
-
+    A realistic test would be to get all the interfaces provieded by a specific
+    context level like `folder1`.
     >>> ifaces = tuple(providedBy(folder1))
     >>> pprint(ifaces)
     (<InterfaceClass z3c.securitytool.interfaces.ISecurityChecker>,)
 
-    >>> pprint(sorted([x.name for x in getViews(ifaces[0])]))
-    [u'acquire',
-     u'adapter',
-     u'attribute',
-     u'etc',
-     u'item',
-     u'lang',
-     u'resource',
-     u'skin',
-     u'vh',
-     u'view']
+    `getViews` gets all the registered views for this interface. This
+    is refined later to the views that are only accessable in this context.
+    >>> pprint(sorted([x for x in getViews(ifaces[0])]))
+    [AdapterRegistration... ITraversable, u'acquire', ...
+     AdapterRegistration... ITraversable, u'adapter', ...
+     AdapterRegistration... ITraversable, u'attribute', ...
+     AdapterRegistration... ITraversable, u'etc', ...
+     AdapterRegistration... ITraversable, u'item', ...
+     AdapterRegistration... ITraversable, u'lang', ...
+     AdapterRegistration... ITraversable, u'resource', ...
+     AdapterRegistration... ITraversable, u'skin', ...
+     AdapterRegistration... ITraversable, u'vh', ...
+     AdapterRegistration... ITraversable, u'view', ...
 
-The following data structure returned from getPermissionSettingsForAllViews
-is used to populate the main securitytool page.
-
+    The following data structure returned from getPermissionSettingsForAllViews
+    is used to populate the main securitytool page.
     >>> permDetails = folder1.getPermissionSettingsForAllViews(ifaces)
 
-Here we just print a subset of the structure, to make sure the data is sane
+    As you can see below the `zope.anybody` has the 'Allow' permission
+    for all four views registered for this context level.
+    >>> pprint(permDetails)
+    ...
+    [{'zope.anybody': {u'<i>no name</i>': 'Allow',
+                      u'DELETE': 'Allow',
+                      u'OPTIONS': 'Allow',
+                      u'PUT': 'Allow',
+                      u'absolute_url': 'Allow'},
+    ...
+
+    For every user in the system the all permissions are listed for
+    this context level ('folder1').
+    Here we just print a subset of the structure, to make sure the data is sane
     >>> pprint(sorted(permDetails[0].keys()))
     ['zope.anybody',
      'zope.daniel',
@@ -107,8 +119,8 @@
      'zope.sample_manager',
      'zope.stephan']
 
-This of course should be identical to the users on the system from zapi
-without (zope.anybody)
+    This of course should be identical to the users on the system from zapi
+    without (zope.anybody)
     >>> from zope.app import zapi
     >>> sysPrincipals = zapi.principals()
     >>> principals = [x.id for x in sysPrincipals.getPrincipals('')]
@@ -131,23 +143,23 @@
 Lets see what the principalDetails look like for the principal Daniel
 and the context of 'Folder1'.
 
-First we retrieve the principalDetails for Folder1:
+    First we retrieve the principalDetails for Folder1:
     >>> prinDetails = PrincipalDetails(root[u'Folder1'])
 
-Then we filter out the uninteresting information for the user being inspected.
+    Then we filter out the uninteresting information for the user being inspected.
     >>> matrix = prinDetails('zope.daniel')
 
-Below we check to make sure the groups data structure from the user daniel
-is returned as expected. This is the data used to populate the groups
-section on the User Details page.
+    Below we check to make sure the groups data structure from the user daniel
+    is returned as expected. This is the data used to populate the groups
+    section on the User Details page.
 
     >>> pprint(matrix['groups'].keys())
     ['zope.group1']
 
-Here we check to make sure the permission tree is created
-properly. The permission tree is used to display the levels of
-inheritance that were traversed to attain the permission displayed.
-
+    Here we check to make sure the permission tree is created
+    properly. The permission tree is used to display the levels of
+    inheritance that were traversed to attain the permission displayed.
+    
     >>> pprint(matrix['permissionTree'][0])
     {u'Folder1_2': {'name': None,
                      'parentList': [u'Folder1', 'Root Folder'],
@@ -176,8 +188,8 @@
                                         'setting': PermissionSetting: Deny}]}}
 
 
-The permissions section of the matrix displays the final say on
-whether or not the user has permissions at this context level.
+    The permissions section of the matrix displays the final say on
+    whether or not the user has permissions at this context level.
 
     >>> pprint(matrix['permissions'])
     [{'setting': PermissionSetting: Allow, 'permission': 'concord.CreateArticle'},
@@ -185,18 +197,18 @@
      {'setting': PermissionSetting: Allow, 'permission': 'concord.DeleteIssue'},
      {'setting': PermissionSetting: Deny,  'permission': 'concord.DeleteArticle'}]
 
-The roles section of the matrix displays the final say on whether or
-not the user has the role assigned at this context level.
-
+    The roles section of the matrix displays the final say on whether or
+    not the user has the role assigned at this context level.
+    
     >>> pprint(matrix['roles'])
     {'zope.Janitor': [{'setting': 'Allow', 'permission': 'concord.ReadIssue'}],
      'zope.Writer':  [{'setting': 'Allow', 'permission': 'concord.DeleteArticle'},
                       {'setting': 'Allow', 'permission': 'concord.CreateArticle'},
                       {'setting': 'Allow', 'permission': 'concord.ReadIssue'}]}
 
-The roleTree structure is used to display the roles attained at each
-level of traversal. The roleTree is stored as a list so to consistently test the data
-properly we will create a dictionary out of it.    
+    The roleTree structure is used to display the roles attained at each
+    level of traversal. The roleTree is stored as a list so to consistently test the data
+    properly we will create a dictionary out of it.    
 
     >>> tmpDict = {}
     >>> keys = matrix['roleTree']

More information about the Checkins mailing list