[Checkins] SVN: z3ext.security/trunk/ Fixed bug in extended grant info
Nikolay Kim
fafhrd at datacom.kz
Tue Sep 2 03:58:54 EDT 2008
Log message for revision 90671:
Fixed bug in extended grant info
Changed:
U z3ext.security/trunk/CHANGES.txt
U z3ext.security/trunk/src/z3ext/security/grantinfo.py
U z3ext.security/trunk/src/z3ext/security/grantinfo.txt
U z3ext.security/trunk/src/z3ext/security/securitypolicy.py
-=-
Modified: z3ext.security/trunk/CHANGES.txt
===================================================================
--- z3ext.security/trunk/CHANGES.txt 2008-09-01 21:19:55 UTC (rev 90670)
+++ z3ext.security/trunk/CHANGES.txt 2008-09-02 07:58:50 UTC (rev 90671)
@@ -2,6 +2,12 @@
CHANGES
=======
+1.2.1 (2008-09-02)
+------------------
+
+- Fixed bug in extended grant info
+
+
1.2.0 (2008-03-21)
------------------
Modified: z3ext.security/trunk/src/z3ext/security/grantinfo.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/grantinfo.py 2008-09-01 21:19:55 UTC (rev 90670)
+++ z3ext.security/trunk/src/z3ext/security/grantinfo.py 2008-09-02 07:58:50 UTC (rev 90671)
@@ -94,7 +94,7 @@
if parent is None:
for principal, setting in globalPrincipalsForRole(role):
if principal not in principals:
- principal[role] = setting
+ principals[principal] = setting
else:
info = IExtendedGrantInfo(parent)
for principal, setting in info.getPrincipalsForRole(role):
Modified: z3ext.security/trunk/src/z3ext/security/grantinfo.txt
===================================================================
--- z3ext.security/trunk/src/z3ext/security/grantinfo.txt 2008-09-01 21:19:55 UTC (rev 90670)
+++ z3ext.security/trunk/src/z3ext/security/grantinfo.txt 2008-09-02 07:58:50 UTC (rev 90671)
@@ -24,13 +24,19 @@
... pass
>>> class Ob:
- ... __parent__ = None
- ... zope.interface.implements(IAttributeAnnotatable, IMyObject)
+ ... __name__ = u''
+ ... __parent__ = None
+ ... zope.interface.implements(IAttributeAnnotatable, IMyObject)
+ ...
+ ... def __init__(self, name):
+ ... self.__name__ = name
+ ... def __repr__(self):
+ ... return '<Ob "%s">'%self.__name__
- >>> ob1 = Ob()
- >>> ob2 = Ob()
- >>> ob3 = Ob()
- >>> ob4 = Ob()
+ >>> ob1 = Ob('ob1')
+ >>> ob2 = Ob('ob2')
+ >>> ob3 = Ob('ob3')
+ >>> ob4 = Ob('ob4')
Let's build parents dependencies: ob1->ob2->ob3, ob1->ob4
@@ -90,27 +96,30 @@
getRolesForPrincipal
--------------------
+ >>> from zope.securitypolicy.principalrole import principalRoleManager
+ >>> principalRoleManager.assignRoleToPrincipal('role10', 'bob', False)
+
>>> grantinfo = IExtendedGrantInfo(ob3)
>>> grantinfo.getRolesForPrincipal('bob')
- []
+ [('role10', PermissionSetting: Allow)]
>>> prinrole = interfaces.IPrincipalRoleManager(ob3)
>>> prinrole.assignRoleToPrincipal('role1', 'bob')
>>> grantinfo.getRolesForPrincipal('bob')
- [('role1', PermissionSetting: Allow)]
+ [('role1', PermissionSetting: Allow), ('role10', PermissionSetting: Allow)]
>>> prinrole = interfaces.IPrincipalRoleManager(ob2)
>>> prinrole.assignRoleToPrincipal('role2', 'bob')
>>> grantinfo.getRolesForPrincipal('bob')
- [('role1', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
+ [('role1', PermissionSetting: Allow), ('role10', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
>>> prinrole = interfaces.IPrincipalRoleManager(ob1)
>>> prinrole.assignRoleToPrincipal('role3', 'bob')
>>> grantinfo.getRolesForPrincipal('bob')
- [('role1', PermissionSetting: Allow), ('role3', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
+ [('role1', PermissionSetting: Allow), ('role10', PermissionSetting: Allow), ('role3', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
role3 role allowed for principal 'bob' on ob1, we can deny this role on object ob2
and on ob3 role3 should be denied
@@ -119,18 +128,20 @@
>>> prinrole.removeRoleFromPrincipal('role3', 'bob')
>>> grantinfo.getRolesForPrincipal('bob')
- [('role1', PermissionSetting: Allow), ('role3', PermissionSetting: Deny), ('role2', PermissionSetting: Allow)]
+ [('role1', PermissionSetting: Allow), ('role10', PermissionSetting: Allow), ('role3', PermissionSetting: Deny), ('role2', PermissionSetting: Allow)]
getPrincipalsForRole
--------------------
+ >>> principalRoleManager.assignRoleToPrincipal('role1', 'bob2', False)
+
This is new method in extended version, it usefull when we need get all
principals that have role, for example for cataloging.
>>> grantinfo = IExtendedGrantInfo(ob3)
>>> grantinfo.getPrincipalsForRole('role1')
- [('bob', PermissionSetting: Allow)]
+ [('bob', PermissionSetting: Allow), ('bob2', PermissionSetting: Allow)]
We can get info about other principals with same role
@@ -138,4 +149,4 @@
>>> prinrole.assignRoleToPrincipal('role1', 'bob1')
>>> grantinfo.getPrincipalsForRole('role1')
- [('bob', PermissionSetting: Allow), ('bob1', PermissionSetting: Allow)]
+ [('bob', PermissionSetting: Allow), ('bob2', PermissionSetting: Allow), ('bob1', PermissionSetting: Allow)]
Modified: z3ext.security/trunk/src/z3ext/security/securitypolicy.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/securitypolicy.py 2008-09-01 21:19:55 UTC (rev 90670)
+++ z3ext.security/trunk/src/z3ext/security/securitypolicy.py 2008-09-02 07:58:50 UTC (rev 90671)
@@ -123,7 +123,6 @@
cache_principal_roles[principal] = roles
return roles
-
def cached_prinper(self, parent, principal, groups, permission):
# Compute the permission, if any, for the principal.
@@ -175,9 +174,8 @@
if permission in cache_decision_prin:
return cache_decision_prin[permission]
- # cache_decision_prin[permission] is the cached decision for a
- # principal and permission.
-
+ # cache_decision_prin[permission] is the cached
+ # decision for a principal and permission.
decision = self.cached_prinper(parent, principal, groups, permission)
if (decision is None) and groups:
decision = self._group_based_cashed_prinper(
More information about the Checkins
mailing list