[Checkins] SVN: z3ext.security/tags/1.2.1/ tag for release

Nikolay Kim fafhrd at datacom.kz
Tue Sep 2 04:04:59 EDT 2008


Log message for revision 90672:
  tag for release

Changed:
  A   z3ext.security/tags/1.2.1/
  D   z3ext.security/tags/1.2.1/CHANGES.txt
  A   z3ext.security/tags/1.2.1/CHANGES.txt
  U   z3ext.security/tags/1.2.1/setup.py
  D   z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.py
  A   z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.py
  D   z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.txt
  A   z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.txt
  D   z3ext.security/tags/1.2.1/src/z3ext/security/securitypolicy.py
  A   z3ext.security/tags/1.2.1/src/z3ext/security/securitypolicy.py

-=-
Copied: z3ext.security/tags/1.2.1 (from rev 90379, z3ext.security/trunk)

Deleted: z3ext.security/tags/1.2.1/CHANGES.txt
===================================================================
--- z3ext.security/trunk/CHANGES.txt	2008-08-27 04:40:41 UTC (rev 90379)
+++ z3ext.security/tags/1.2.1/CHANGES.txt	2008-09-02 08:04:59 UTC (rev 90672)
@@ -1,30 +0,0 @@
-=======
-CHANGES
-=======
-
-1.2.0 (2008-03-21)
-------------------
-
-- Code cleanup
-
-- Move code to svn.zope.org
-
-
-1.1.1 (2008-02-16)
-------------------
-
-- Performance (Profiling)
-
-
-1.1.0 (2008-02-01)
-------------------
-
-- Code cleanup
-
-- Removed unused code
-
-
-1.0.0 (2007-12-08)
-------------------
-
-- Initial release.

Copied: z3ext.security/tags/1.2.1/CHANGES.txt (from rev 90671, z3ext.security/trunk/CHANGES.txt)
===================================================================
--- z3ext.security/tags/1.2.1/CHANGES.txt	                        (rev 0)
+++ z3ext.security/tags/1.2.1/CHANGES.txt	2008-09-02 08:04:59 UTC (rev 90672)
@@ -0,0 +1,36 @@
+=======
+CHANGES
+=======
+
+1.2.1 (2008-09-02)
+------------------
+
+- Fixed bug in extended grant info
+
+
+1.2.0 (2008-03-21)
+------------------
+
+- Code cleanup
+
+- Move code to svn.zope.org
+
+
+1.1.1 (2008-02-16)
+------------------
+
+- Performance (Profiling)
+
+
+1.1.0 (2008-02-01)
+------------------
+
+- Code cleanup
+
+- Removed unused code
+
+
+1.0.0 (2007-12-08)
+------------------
+
+- Initial release.

Modified: z3ext.security/tags/1.2.1/setup.py
===================================================================
--- z3ext.security/trunk/setup.py	2008-08-27 04:40:41 UTC (rev 90379)
+++ z3ext.security/tags/1.2.1/setup.py	2008-09-02 08:04:59 UTC (rev 90672)
@@ -21,7 +21,7 @@
 def read(*rnames):
     return open(os.path.join(os.path.dirname(__file__), *rnames)).read()
 
-version = '1.2.1dev'
+version = '1.2.1'
 
 
 setup(name='z3ext.security',

Deleted: z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/grantinfo.py	2008-08-27 04:40:41 UTC (rev 90379)
+++ z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.py	2008-09-02 08:04:59 UTC (rev 90672)
@@ -1,104 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2007 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-""" IExtendedGrantInfo implmentation, extended version of IGrantInfo
-
-$Id$
-"""
-
-from zope import interface, component
-from zope.component import getAdapters
-from zope.security.proxy import removeSecurityProxy
-
-from zope.securitypolicy.interfaces import IPrincipalRoleMap
-from zope.securitypolicy.interfaces import IRolePermissionMap
-
-from zope.securitypolicy.principalrole import principalRoleManager
-globalPrincipalsForRole = principalRoleManager.getPrincipalsForRole
-
-from interfaces import IExtendedGrantInfo
-from securitypolicy import globalRolesForPrincipal, globalRolesForPermission
-
-
-class ExtendedGrantInfo(object):
-    component.adapts(interface.Interface)
-    interface.implements(IExtendedGrantInfo)
-
-    def __init__(self, context):
-        self.context = context
-
-    def getRolesForPermission(self, permission):
-        context = removeSecurityProxy(self.context)
-
-        roles = {}
-        for name, roleperm in getAdapters((context,), IRolePermissionMap):
-            for role, setting in roleperm.getRolesForPermission(permission):
-                if role not in roles:
-                    roles[role] = setting
-
-        parent = getattr(context, '__parent__', None)
-        if parent is None:
-            for name, setting in globalRolesForPermission(permission):
-                if name not in roles:
-                    roles[name] = setting
-        else:
-            info = IExtendedGrantInfo(parent)
-            for role, setting in info.getRolesForPermission(permission):
-                if role not in roles:
-                    roles[role] = setting
-
-        return roles.items()
-
-    def getRolesForPrincipal(self, principal):
-        context = removeSecurityProxy(self.context)
-
-        roles = {}
-        for name, prinrole in getAdapters((context,), IPrincipalRoleMap):
-            for role, setting in prinrole.getRolesForPrincipal(principal):
-                if role not in roles:
-                    roles[role] = setting
-
-        parent = getattr(context, '__parent__', None)
-        if parent is None:
-            for role, setting in globalRolesForPrincipal(principal):
-                if role not in roles:
-                    roles[role] = setting
-        else:
-            info = IExtendedGrantInfo(parent)
-            for role, setting in info.getRolesForPrincipal(principal):
-                if role not in roles:
-                    roles[role] = setting
-
-        return roles.items()
-
-    def getPrincipalsForRole(self, role):
-        context = removeSecurityProxy(self.context)
-
-        principals = {}
-        for name, prinrole in getAdapters((context,), IPrincipalRoleMap):
-            for principal, setting in prinrole.getPrincipalsForRole(role):
-                if principal not in principals:
-                    principals[principal] = setting
-
-        parent = getattr(context, '__parent__', None)
-        if parent is None:
-            for principal, setting in globalPrincipalsForRole(role):
-                if principal not in principals:
-                    principal[role] = setting
-        else:
-            info = IExtendedGrantInfo(parent)
-            for principal, setting in info.getPrincipalsForRole(role):
-                if principal not in principals:
-                    principals[principal] = setting
-
-        return principals.items()

Copied: z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.py (from rev 90671, z3ext.security/trunk/src/z3ext/security/grantinfo.py)
===================================================================
--- z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.py	                        (rev 0)
+++ z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.py	2008-09-02 08:04:59 UTC (rev 90672)
@@ -0,0 +1,104 @@
+##############################################################################
+#
+# Copyright (c) 2007 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" IExtendedGrantInfo implmentation, extended version of IGrantInfo
+
+$Id$
+"""
+
+from zope import interface, component
+from zope.component import getAdapters
+from zope.security.proxy import removeSecurityProxy
+
+from zope.securitypolicy.interfaces import IPrincipalRoleMap
+from zope.securitypolicy.interfaces import IRolePermissionMap
+
+from zope.securitypolicy.principalrole import principalRoleManager
+globalPrincipalsForRole = principalRoleManager.getPrincipalsForRole
+
+from interfaces import IExtendedGrantInfo
+from securitypolicy import globalRolesForPrincipal, globalRolesForPermission
+
+
+class ExtendedGrantInfo(object):
+    component.adapts(interface.Interface)
+    interface.implements(IExtendedGrantInfo)
+
+    def __init__(self, context):
+        self.context = context
+
+    def getRolesForPermission(self, permission):
+        context = removeSecurityProxy(self.context)
+
+        roles = {}
+        for name, roleperm in getAdapters((context,), IRolePermissionMap):
+            for role, setting in roleperm.getRolesForPermission(permission):
+                if role not in roles:
+                    roles[role] = setting
+
+        parent = getattr(context, '__parent__', None)
+        if parent is None:
+            for name, setting in globalRolesForPermission(permission):
+                if name not in roles:
+                    roles[name] = setting
+        else:
+            info = IExtendedGrantInfo(parent)
+            for role, setting in info.getRolesForPermission(permission):
+                if role not in roles:
+                    roles[role] = setting
+
+        return roles.items()
+
+    def getRolesForPrincipal(self, principal):
+        context = removeSecurityProxy(self.context)
+
+        roles = {}
+        for name, prinrole in getAdapters((context,), IPrincipalRoleMap):
+            for role, setting in prinrole.getRolesForPrincipal(principal):
+                if role not in roles:
+                    roles[role] = setting
+
+        parent = getattr(context, '__parent__', None)
+        if parent is None:
+            for role, setting in globalRolesForPrincipal(principal):
+                if role not in roles:
+                    roles[role] = setting
+        else:
+            info = IExtendedGrantInfo(parent)
+            for role, setting in info.getRolesForPrincipal(principal):
+                if role not in roles:
+                    roles[role] = setting
+
+        return roles.items()
+
+    def getPrincipalsForRole(self, role):
+        context = removeSecurityProxy(self.context)
+
+        principals = {}
+        for name, prinrole in getAdapters((context,), IPrincipalRoleMap):
+            for principal, setting in prinrole.getPrincipalsForRole(role):
+                if principal not in principals:
+                    principals[principal] = setting
+
+        parent = getattr(context, '__parent__', None)
+        if parent is None:
+            for principal, setting in globalPrincipalsForRole(role):
+                if principal not in principals:
+                    principals[principal] = setting
+        else:
+            info = IExtendedGrantInfo(parent)
+            for principal, setting in info.getPrincipalsForRole(role):
+                if principal not in principals:
+                    principals[principal] = setting
+
+        return principals.items()

Deleted: z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.txt
===================================================================
--- z3ext.security/trunk/src/z3ext/security/grantinfo.txt	2008-08-27 04:40:41 UTC (rev 90379)
+++ z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.txt	2008-09-02 08:04:59 UTC (rev 90672)
@@ -1,141 +0,0 @@
-==================
-IExtendedGrantInfo
-==================
-
-IExtendedGrantInfo interface is extended version of IGrantInfo
-from zope/securitypolicy but it runs for each parent and
-uses all available IRolePermissionMap and IPrincipalRoleMap adapters
-for object.
-
-initialization:
-
-   >>> from zope import interface
-   >>> from zope.component import provideAdapter
-   >>> from zope.securitypolicy import interfaces
-   >>> from z3ext.security.grantinfo import ExtendedGrantInfo
-   >>> from z3ext.security.interfaces import IExtendedGrantInfo
-
-   >>> provideAdapter(ExtendedGrantInfo, (interface.Interface,), IExtendedGrantInfo)
-
-   >>> import zope.interface
-   >>> from zope.annotation.interfaces import IAttributeAnnotatable
-
-   >>> class IMyObject(zope.interface.Interface):
-   ...   pass
-
-   >>> class Ob:
-   ...    __parent__ = None
-   ...    zope.interface.implements(IAttributeAnnotatable, IMyObject)
-
-   >>> ob1 = Ob()
-   >>> ob2 = Ob()
-   >>> ob3 = Ob()
-   >>> ob4 = Ob()
-
-Let's build parents dependencies: ob1->ob2->ob3, ob1->ob4
-
-   >>> ob2.__parent__ = ob1
-   >>> ob3.__parent__ = ob2
-   >>> ob4.__parent__ = ob1
-
-   >>> grantinfo = IExtendedGrantInfo(ob3)
-   >>> IExtendedGrantInfo.providedBy(grantinfo)
-   True
-
-   >>> grantinfo.getRolesForPermission('P1')
-   []
-
-This is standard behaviour:
-
-   >>> roleper  = interfaces.IRolePermissionManager(ob3)
-   >>> roleper.grantPermissionToRole('P1', 'role1')
-
-   >>> grantinfo.getRolesForPermission('P1')
-   [('role1', PermissionSetting: Allow)]
-
-Now let's set permission in parent:
-
-   >>> roleper  = interfaces.IRolePermissionManager(ob2)
-   >>> roleper.grantPermissionToRole('P1', 'role2')
-
-   >>> grantinfo.getRolesForPermission('P1')
-   [('role1', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
-
-   >>> roleper  = interfaces.IRolePermissionManager(ob1)
-   >>> roleper.grantPermissionToRole('P1', 'role3')
-
-   >>> grantinfo.getRolesForPermission('P1')
-   [('role1', PermissionSetting: Allow), ('role3', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
-
-   >>> roleper.denyPermissionToRole('P1', 'role3')
-
-   >>> grantinfo.getRolesForPermission('P1')
-   [('role1', PermissionSetting: Allow), ('role3', PermissionSetting: Deny), ('role2', PermissionSetting: Allow)]
-
-But lower object permissions/role has more weight, now we 
-have role3 denied for P1 permission on ob1, we can allow permission 
-on ob2 so ob3 should have allow for P1 permission on role role3
-
-   >>> roleper  = interfaces.IRolePermissionManager(ob2)
-   >>> roleper.grantPermissionToRole('P1', 'role3')
-
-   >>> grantinfo.getRolesForPermission('P1')
-   [('role1', PermissionSetting: Allow), ('role3', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
-
-   >>> grantinfo = IExtendedGrantInfo(ob4)
-   >>> grantinfo.getRolesForPermission('P1')
-   [('role3', PermissionSetting: Deny)]
-
-
-getRolesForPrincipal
---------------------
-
-   >>> grantinfo = IExtendedGrantInfo(ob3)
-   >>> grantinfo.getRolesForPrincipal('bob')
-   []
-
-   >>> prinrole  = interfaces.IPrincipalRoleManager(ob3)
-   >>> prinrole.assignRoleToPrincipal('role1', 'bob')
-
-   >>> grantinfo.getRolesForPrincipal('bob')
-   [('role1', PermissionSetting: Allow)]
-
-   >>> prinrole  = interfaces.IPrincipalRoleManager(ob2)
-   >>> prinrole.assignRoleToPrincipal('role2', 'bob')
-
-   >>> grantinfo.getRolesForPrincipal('bob')
-   [('role1', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
-
-   >>> prinrole  = interfaces.IPrincipalRoleManager(ob1)
-   >>> prinrole.assignRoleToPrincipal('role3', 'bob')
-
-   >>> grantinfo.getRolesForPrincipal('bob')
-   [('role1', PermissionSetting: Allow), ('role3', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
-
-role3 role allowed for principal 'bob' on ob1, we can deny this role on object ob2
-and on ob3 role3 should be denied
-
-   >>> prinrole  = interfaces.IPrincipalRoleManager(ob2)
-   >>> prinrole.removeRoleFromPrincipal('role3', 'bob')
-
-   >>> grantinfo.getRolesForPrincipal('bob')
-   [('role1', PermissionSetting: Allow), ('role3', PermissionSetting: Deny), ('role2', PermissionSetting: Allow)]
-
-
-getPrincipalsForRole
---------------------
-
-This is new method in extended version, it usefull when we need get all
-principals that have role, for example for cataloging.
-
-   >>> grantinfo = IExtendedGrantInfo(ob3)
-   >>> grantinfo.getPrincipalsForRole('role1')
-   [('bob', PermissionSetting: Allow)]
-
-We can get info about other principals with same role
-
-   >>> prinrole  = interfaces.IPrincipalRoleManager(ob1)
-   >>> prinrole.assignRoleToPrincipal('role1', 'bob1')
-
-   >>> grantinfo.getPrincipalsForRole('role1')
-   [('bob', PermissionSetting: Allow), ('bob1', PermissionSetting: Allow)]

Copied: z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.txt (from rev 90671, z3ext.security/trunk/src/z3ext/security/grantinfo.txt)
===================================================================
--- z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.txt	                        (rev 0)
+++ z3ext.security/tags/1.2.1/src/z3ext/security/grantinfo.txt	2008-09-02 08:04:59 UTC (rev 90672)
@@ -0,0 +1,152 @@
+==================
+IExtendedGrantInfo
+==================
+
+IExtendedGrantInfo interface is extended version of IGrantInfo
+from zope/securitypolicy but it runs for each parent and
+uses all available IRolePermissionMap and IPrincipalRoleMap adapters
+for object.
+
+initialization:
+
+   >>> from zope import interface
+   >>> from zope.component import provideAdapter
+   >>> from zope.securitypolicy import interfaces
+   >>> from z3ext.security.grantinfo import ExtendedGrantInfo
+   >>> from z3ext.security.interfaces import IExtendedGrantInfo
+
+   >>> provideAdapter(ExtendedGrantInfo, (interface.Interface,), IExtendedGrantInfo)
+
+   >>> import zope.interface
+   >>> from zope.annotation.interfaces import IAttributeAnnotatable
+
+   >>> class IMyObject(zope.interface.Interface):
+   ...   pass
+
+   >>> class Ob:
+   ...     __name__ = u''
+   ...     __parent__ = None
+   ...     zope.interface.implements(IAttributeAnnotatable, IMyObject)
+   ...     
+   ...     def __init__(self, name):
+   ...         self.__name__ = name
+   ...     def __repr__(self):
+   ...         return '<Ob "%s">'%self.__name__
+
+   >>> ob1 = Ob('ob1')
+   >>> ob2 = Ob('ob2')
+   >>> ob3 = Ob('ob3')
+   >>> ob4 = Ob('ob4')
+
+Let's build parents dependencies: ob1->ob2->ob3, ob1->ob4
+
+   >>> ob2.__parent__ = ob1
+   >>> ob3.__parent__ = ob2
+   >>> ob4.__parent__ = ob1
+
+   >>> grantinfo = IExtendedGrantInfo(ob3)
+   >>> IExtendedGrantInfo.providedBy(grantinfo)
+   True
+
+   >>> grantinfo.getRolesForPermission('P1')
+   []
+
+This is standard behaviour:
+
+   >>> roleper  = interfaces.IRolePermissionManager(ob3)
+   >>> roleper.grantPermissionToRole('P1', 'role1')
+
+   >>> grantinfo.getRolesForPermission('P1')
+   [('role1', PermissionSetting: Allow)]
+
+Now let's set permission in parent:
+
+   >>> roleper  = interfaces.IRolePermissionManager(ob2)
+   >>> roleper.grantPermissionToRole('P1', 'role2')
+
+   >>> grantinfo.getRolesForPermission('P1')
+   [('role1', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
+
+   >>> roleper  = interfaces.IRolePermissionManager(ob1)
+   >>> roleper.grantPermissionToRole('P1', 'role3')
+
+   >>> grantinfo.getRolesForPermission('P1')
+   [('role1', PermissionSetting: Allow), ('role3', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
+
+   >>> roleper.denyPermissionToRole('P1', 'role3')
+
+   >>> grantinfo.getRolesForPermission('P1')
+   [('role1', PermissionSetting: Allow), ('role3', PermissionSetting: Deny), ('role2', PermissionSetting: Allow)]
+
+But lower object permissions/role has more weight, now we 
+have role3 denied for P1 permission on ob1, we can allow permission 
+on ob2 so ob3 should have allow for P1 permission on role role3
+
+   >>> roleper  = interfaces.IRolePermissionManager(ob2)
+   >>> roleper.grantPermissionToRole('P1', 'role3')
+
+   >>> grantinfo.getRolesForPermission('P1')
+   [('role1', PermissionSetting: Allow), ('role3', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
+
+   >>> grantinfo = IExtendedGrantInfo(ob4)
+   >>> grantinfo.getRolesForPermission('P1')
+   [('role3', PermissionSetting: Deny)]
+
+
+getRolesForPrincipal
+--------------------
+
+   >>> from zope.securitypolicy.principalrole import principalRoleManager
+   >>> principalRoleManager.assignRoleToPrincipal('role10', 'bob', False)
+
+   >>> grantinfo = IExtendedGrantInfo(ob3)
+   >>> grantinfo.getRolesForPrincipal('bob')
+   [('role10', PermissionSetting: Allow)]
+
+   >>> prinrole  = interfaces.IPrincipalRoleManager(ob3)
+   >>> prinrole.assignRoleToPrincipal('role1', 'bob')
+
+   >>> grantinfo.getRolesForPrincipal('bob')
+   [('role1', PermissionSetting: Allow), ('role10', PermissionSetting: Allow)]
+
+   >>> prinrole  = interfaces.IPrincipalRoleManager(ob2)
+   >>> prinrole.assignRoleToPrincipal('role2', 'bob')
+
+   >>> grantinfo.getRolesForPrincipal('bob')
+   [('role1', PermissionSetting: Allow), ('role10', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
+
+   >>> prinrole  = interfaces.IPrincipalRoleManager(ob1)
+   >>> prinrole.assignRoleToPrincipal('role3', 'bob')
+
+   >>> grantinfo.getRolesForPrincipal('bob')
+   [('role1', PermissionSetting: Allow), ('role10', PermissionSetting: Allow), ('role3', PermissionSetting: Allow), ('role2', PermissionSetting: Allow)]
+
+role3 role allowed for principal 'bob' on ob1, we can deny this role on object ob2
+and on ob3 role3 should be denied
+
+   >>> prinrole  = interfaces.IPrincipalRoleManager(ob2)
+   >>> prinrole.removeRoleFromPrincipal('role3', 'bob')
+
+   >>> grantinfo.getRolesForPrincipal('bob')
+   [('role1', PermissionSetting: Allow), ('role10', PermissionSetting: Allow), ('role3', PermissionSetting: Deny), ('role2', PermissionSetting: Allow)]
+
+
+getPrincipalsForRole
+--------------------
+
+   >>> principalRoleManager.assignRoleToPrincipal('role1', 'bob2', False)
+
+This is new method in extended version, it usefull when we need get all
+principals that have role, for example for cataloging.
+
+   >>> grantinfo = IExtendedGrantInfo(ob3)
+   >>> grantinfo.getPrincipalsForRole('role1')
+   [('bob', PermissionSetting: Allow), ('bob2', PermissionSetting: Allow)]
+
+We can get info about other principals with same role
+
+   >>> prinrole  = interfaces.IPrincipalRoleManager(ob1)
+   >>> prinrole.assignRoleToPrincipal('role1', 'bob1')
+
+   >>> grantinfo.getPrincipalsForRole('role1')
+   [('bob', PermissionSetting: Allow), ('bob2', PermissionSetting: Allow), ('bob1', PermissionSetting: Allow)]

Deleted: z3ext.security/tags/1.2.1/src/z3ext/security/securitypolicy.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/securitypolicy.py	2008-08-27 04:40:41 UTC (rev 90379)
+++ z3ext.security/tags/1.2.1/src/z3ext/security/securitypolicy.py	2008-09-02 08:04:59 UTC (rev 90672)
@@ -1,202 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2007 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""
-
-$Id$
-"""
-from zope.component import getAdapters
-from zope.security.proxy import removeSecurityProxy
-from zope.app.security.settings import Allow
-
-from zope.securitypolicy.interfaces import IPrincipalRoleMap
-from zope.securitypolicy.interfaces import IRolePermissionMap
-from zope.securitypolicy.interfaces import IPrincipalPermissionMap
-
-from zope.securitypolicy.zopepolicy import ZopeSecurityPolicy
-
-from zope.securitypolicy.zopepolicy import SettingAsBoolean
-from zope.securitypolicy.zopepolicy import globalRolesForPrincipal
-from zope.securitypolicy.zopepolicy import globalRolesForPermission
-from zope.securitypolicy.zopepolicy import globalPrincipalPermissionSetting
-
-
-class CacheEntry(object):
-
-    prinper = None
-    roles_adapters = None
-    principal_roles_adapters = None
-
-    def __init__(self):
-        self.prin = {}
-        self.decision = {}
-        self.roles = {}
-        self.principal_roles = {}
-
-
-class SecurityPolicy(ZopeSecurityPolicy):
-
-    def cache(self, parent):
-        cache = self._cache
-
-        if parent in cache:
-            return cache[parent]
-        else:
-            cacheEntry = CacheEntry()
-            cache[parent] = cacheEntry
-            return cacheEntry
-
-    def cached_roles(self, parent, permission, _allow=Allow):
-        cache = self.cache(parent)
-        cache_roles = cache.roles
-        if permission in cache_roles:
-            return cache_roles[permission]
-
-        if parent is None:
-            roles = dict(
-                [(role, 1) for (role, setting) in globalRolesForPermission(permission)
-                 if setting is _allow])
-            cache_roles[permission] = roles
-            return roles
-
-        roles = self.cached_roles(
-            removeSecurityProxy(getattr(parent, '__parent__', None)), permission)
-
-        # cache adaters
-        rolepers = cache.roles_adapters
-        if rolepers is None:
-            rolepers = tuple(getAdapters((parent,), IRolePermissionMap))
-            cache.roles_adapters = rolepers
-
-        if rolepers:
-            roles = roles.copy()
-            for name, roleper in rolepers:
-                for role, setting in roleper.getRolesForPermission(permission):
-                    if setting is _allow:
-                        roles[role] = 1
-                    elif role in roles:
-                        del roles[role]
-
-        cache_roles[permission] = roles
-        return roles
-
-    def cached_principal_roles(self, parent, principal, 
-                               SettingAsBoolean=SettingAsBoolean):
-        cache = self.cache(parent)
-        cache_principal_roles = cache.principal_roles
-        if principal in cache_principal_roles:
-            return cache_principal_roles[principal]
-
-        if parent is None:
-            roles = dict(
-                [(role, SettingAsBoolean[setting])
-                 for (role, setting) in globalRolesForPrincipal(principal)]
-                 )
-            roles['zope.Anonymous'] = True # Everybody has Anonymous
-            cache_principal_roles[principal] = roles
-            return roles
-
-        roles = self.cached_principal_roles(
-            removeSecurityProxy(getattr(parent, '__parent__', None)), principal)
-
-        roles = roles.copy()
-
-        # cache adaters
-        adapters = cache.principal_roles_adapters
-        if adapters is None:
-            adapters = tuple(getAdapters((parent,), IPrincipalRoleMap))
-            cache.principal_roles_adapters = adapters
-
-        for name, prinrole in adapters:
-            for role, setting in prinrole.getRolesForPrincipal(principal):
-                roles[role] = SettingAsBoolean[setting]
-
-        cache_principal_roles[principal] = roles
-        return roles
-
-        
-    def cached_prinper(self, parent, principal, groups, permission):
-        # Compute the permission, if any, for the principal.
-        cache = self.cache(parent)
-        cache_prin = cache.prin
-
-        if principal in cache_prin:
-            cache_prin_per = cache_prin[principal]
-        else:
-            cache_prin_per = cache_prin[principal] = {}
-        
-        if permission in cache_prin_per:
-            return cache_prin_per[permission]
-
-        if parent is None:
-            prinper = SettingAsBoolean[
-                globalPrincipalPermissionSetting(permission, principal, None)
-                ]
-            cache_prin_per[permission] = prinper
-            return prinper
-
-        prinper = cache.prinper
-        if prinper is None:
-            cache.prinper = prinper = IPrincipalPermissionMap(parent, None)
-
-        if prinper is not None:
-            prinper = SettingAsBoolean[
-                prinper.getSetting(permission, principal, None)
-                ]
-            if prinper is not None:
-                cache_prin_per[permission] = prinper
-                return prinper
-
-        parent = removeSecurityProxy(getattr(parent, '__parent__', None))
-        prinper = self.cached_prinper(parent, principal, groups, permission)
-        cache_prin_per[permission] = prinper
-        return prinper
-
-    def cached_decision(self, parent, principal, groups, permission):
-        # Return the decision for a principal and permission
-        cache = self.cache(parent)
-        cache_decision = cache.decision
-
-        if principal in cache_decision:
-            cache_decision_prin = cache_decision[principal]
-        else:
-            cache_decision_prin = cache_decision[principal] = {}
-
-        if permission in cache_decision_prin:
-            return cache_decision_prin[permission]
-
-        # cache_decision_prin[permission] is the cached decision for a
-        # principal and permission.
-            
-        decision = self.cached_prinper(parent, principal, groups, permission)
-        if (decision is None) and groups:
-            decision = self._group_based_cashed_prinper(
-                parent, principal, groups, permission)
-
-        if decision is not None:
-            cache_decision_prin[permission] = decision
-            return decision
-
-        roles = self.cached_roles(parent, permission)
-        if roles:
-            prin_roles = self.cached_principal_roles(parent, principal)
-            if groups:
-                prin_roles = self.cached_principal_roles_w_groups(
-                    parent, principal, groups, prin_roles)
-            for role, setting in prin_roles.items():
-                if setting and (role in roles):
-                    cache_decision_prin[permission] = decision = True
-                    return decision
-
-        cache_decision_prin[permission] = decision = False
-        return decision

Copied: z3ext.security/tags/1.2.1/src/z3ext/security/securitypolicy.py (from rev 90671, z3ext.security/trunk/src/z3ext/security/securitypolicy.py)
===================================================================
--- z3ext.security/tags/1.2.1/src/z3ext/security/securitypolicy.py	                        (rev 0)
+++ z3ext.security/tags/1.2.1/src/z3ext/security/securitypolicy.py	2008-09-02 08:04:59 UTC (rev 90672)
@@ -0,0 +1,200 @@
+##############################################################################
+#
+# Copyright (c) 2007 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+from zope.component import getAdapters
+from zope.security.proxy import removeSecurityProxy
+from zope.app.security.settings import Allow
+
+from zope.securitypolicy.interfaces import IPrincipalRoleMap
+from zope.securitypolicy.interfaces import IRolePermissionMap
+from zope.securitypolicy.interfaces import IPrincipalPermissionMap
+
+from zope.securitypolicy.zopepolicy import ZopeSecurityPolicy
+
+from zope.securitypolicy.zopepolicy import SettingAsBoolean
+from zope.securitypolicy.zopepolicy import globalRolesForPrincipal
+from zope.securitypolicy.zopepolicy import globalRolesForPermission
+from zope.securitypolicy.zopepolicy import globalPrincipalPermissionSetting
+
+
+class CacheEntry(object):
+
+    prinper = None
+    roles_adapters = None
+    principal_roles_adapters = None
+
+    def __init__(self):
+        self.prin = {}
+        self.decision = {}
+        self.roles = {}
+        self.principal_roles = {}
+
+
+class SecurityPolicy(ZopeSecurityPolicy):
+
+    def cache(self, parent):
+        cache = self._cache
+
+        if parent in cache:
+            return cache[parent]
+        else:
+            cacheEntry = CacheEntry()
+            cache[parent] = cacheEntry
+            return cacheEntry
+
+    def cached_roles(self, parent, permission, _allow=Allow):
+        cache = self.cache(parent)
+        cache_roles = cache.roles
+        if permission in cache_roles:
+            return cache_roles[permission]
+
+        if parent is None:
+            roles = dict(
+                [(role, 1) for (role, setting) in globalRolesForPermission(permission)
+                 if setting is _allow])
+            cache_roles[permission] = roles
+            return roles
+
+        roles = self.cached_roles(
+            removeSecurityProxy(getattr(parent, '__parent__', None)), permission)
+
+        # cache adaters
+        rolepers = cache.roles_adapters
+        if rolepers is None:
+            rolepers = tuple(getAdapters((parent,), IRolePermissionMap))
+            cache.roles_adapters = rolepers
+
+        if rolepers:
+            roles = roles.copy()
+            for name, roleper in rolepers:
+                for role, setting in roleper.getRolesForPermission(permission):
+                    if setting is _allow:
+                        roles[role] = 1
+                    elif role in roles:
+                        del roles[role]
+
+        cache_roles[permission] = roles
+        return roles
+
+    def cached_principal_roles(self, parent, principal, 
+                               SettingAsBoolean=SettingAsBoolean):
+        cache = self.cache(parent)
+        cache_principal_roles = cache.principal_roles
+        if principal in cache_principal_roles:
+            return cache_principal_roles[principal]
+
+        if parent is None:
+            roles = dict(
+                [(role, SettingAsBoolean[setting])
+                 for (role, setting) in globalRolesForPrincipal(principal)]
+                 )
+            roles['zope.Anonymous'] = True # Everybody has Anonymous
+            cache_principal_roles[principal] = roles
+            return roles
+
+        roles = self.cached_principal_roles(
+            removeSecurityProxy(getattr(parent, '__parent__', None)), principal)
+
+        roles = roles.copy()
+
+        # cache adaters
+        adapters = cache.principal_roles_adapters
+        if adapters is None:
+            adapters = tuple(getAdapters((parent,), IPrincipalRoleMap))
+            cache.principal_roles_adapters = adapters
+
+        for name, prinrole in adapters:
+            for role, setting in prinrole.getRolesForPrincipal(principal):
+                roles[role] = SettingAsBoolean[setting]
+
+        cache_principal_roles[principal] = roles
+        return roles
+        
+    def cached_prinper(self, parent, principal, groups, permission):
+        # Compute the permission, if any, for the principal.
+        cache = self.cache(parent)
+        cache_prin = cache.prin
+
+        if principal in cache_prin:
+            cache_prin_per = cache_prin[principal]
+        else:
+            cache_prin_per = cache_prin[principal] = {}
+        
+        if permission in cache_prin_per:
+            return cache_prin_per[permission]
+
+        if parent is None:
+            prinper = SettingAsBoolean[
+                globalPrincipalPermissionSetting(permission, principal, None)
+                ]
+            cache_prin_per[permission] = prinper
+            return prinper
+
+        prinper = cache.prinper
+        if prinper is None:
+            cache.prinper = prinper = IPrincipalPermissionMap(parent, None)
+
+        if prinper is not None:
+            prinper = SettingAsBoolean[
+                prinper.getSetting(permission, principal, None)
+                ]
+            if prinper is not None:
+                cache_prin_per[permission] = prinper
+                return prinper
+
+        parent = removeSecurityProxy(getattr(parent, '__parent__', None))
+        prinper = self.cached_prinper(parent, principal, groups, permission)
+        cache_prin_per[permission] = prinper
+        return prinper
+
+    def cached_decision(self, parent, principal, groups, permission):
+        # Return the decision for a principal and permission
+        cache = self.cache(parent)
+        cache_decision = cache.decision
+
+        if principal in cache_decision:
+            cache_decision_prin = cache_decision[principal]
+        else:
+            cache_decision_prin = cache_decision[principal] = {}
+
+        if permission in cache_decision_prin:
+            return cache_decision_prin[permission]
+
+        # cache_decision_prin[permission] is the cached
+        # decision for a principal and permission.
+        decision = self.cached_prinper(parent, principal, groups, permission)
+        if (decision is None) and groups:
+            decision = self._group_based_cashed_prinper(
+                parent, principal, groups, permission)
+
+        if decision is not None:
+            cache_decision_prin[permission] = decision
+            return decision
+
+        roles = self.cached_roles(parent, permission)
+        if roles:
+            prin_roles = self.cached_principal_roles(parent, principal)
+            if groups:
+                prin_roles = self.cached_principal_roles_w_groups(
+                    parent, principal, groups, prin_roles)
+            for role, setting in prin_roles.items():
+                if setting and (role in roles):
+                    cache_decision_prin[permission] = decision = True
+                    return decision
+
+        cache_decision_prin[permission] = decision = False
+        return decision



More information about the Checkins mailing list