[Checkins] SVN: z3ext.ownership/trunk/ Added special IOwnership adapter for IInheritOwnership objects
Nikolay Kim
fafhrd at datacom.kz
Mon Jan 26 21:11:59 EST 2009
Log message for revision 95061:
Added special IOwnership adapter for IInheritOwnership objects
Changed:
U z3ext.ownership/trunk/CHANGES.txt
U z3ext.ownership/trunk/src/z3ext/ownership/README.txt
U z3ext.ownership/trunk/src/z3ext/ownership/configure.zcml
U z3ext.ownership/trunk/src/z3ext/ownership/localroles.py
U z3ext.ownership/trunk/src/z3ext/ownership/owner.py
U z3ext.ownership/trunk/src/z3ext/ownership/tests.py
-=-
Modified: z3ext.ownership/trunk/CHANGES.txt
===================================================================
--- z3ext.ownership/trunk/CHANGES.txt 2009-01-27 01:05:48 UTC (rev 95060)
+++ z3ext.ownership/trunk/CHANGES.txt 2009-01-27 02:11:58 UTC (rev 95061)
@@ -2,6 +2,12 @@
CHANGES
=======
+1.1.0 (2009-01-27)
+------------------
+
+- Added special IOwnership adapter for IInheritOwnership objects
+
+
1.0.1 (2008-05-19)
------------------
Modified: z3ext.ownership/trunk/src/z3ext/ownership/README.txt
===================================================================
--- z3ext.ownership/trunk/src/z3ext/ownership/README.txt 2009-01-27 01:05:48 UTC (rev 95060)
+++ z3ext.ownership/trunk/src/z3ext/ownership/README.txt 2009-01-27 02:11:58 UTC (rev 95061)
@@ -9,7 +9,7 @@
>>> from zope import interface, component, event
>>> import zope.security.management
- >>> from z3ext.ownership import tests
+ >>> from z3ext.ownership import tests, interfaces
>>> from z3ext.ownership.interfaces import IOwnership
>>> from z3ext.ownership.interfaces import IOwnerAware, IOwnerGroupAware
@@ -36,15 +36,18 @@
>>> zope.security.management.newInteraction(participation)
>>> interaction = zope.security.management.getInteraction()
+ >>> from zope.location import Location
>>> from zope.lifecycleevent import ObjectCreatedEvent
>>> from zope.annotation.interfaces import IAttributeAnnotatable
>>> class IMyObject(IOwnerAware):
... pass
- >>> class Content:
- ... __parent__ = None
+ >>> class Content(Location):
... interface.implements(IAttributeAnnotatable, IMyObject)
+ ...
+ ... def __init__(self, parent=None):
+ ... self.__parent__ = parent
>>> content = Content()
>>> event.notify(ObjectCreatedEvent(content))
@@ -114,7 +117,9 @@
>>> grantinfo.getRolesForPrincipal('bob')
[]
+ >>> interface.noLongerProvides(content, IInheritOwnership)
+
We can assign only IPrincipal object
>>> owner.owner = object()
@@ -123,7 +128,93 @@
ValueError: IPrincipal object is required.
+Chain owner
+-----------
+
+let's create content chain, content -> content1 -> content2
+
+ >>> content1 = Content(content)
+ >>> content2 = Content(content1)
+
+ >>> grantinfo = IExtendedGrantInfo(content1)
+ >>> grantinfo.getRolesForPrincipal('meg')
+ [('content.Owner', PermissionSetting: Deny)]
+ >>> grantinfo.getRolesForPrincipal('bob')
+ [('content.Owner', PermissionSetting: Deny)]
+
+now mark content1 as IInheritOwnership
+
+ >>> interface.directlyProvides(content1, IInheritOwnership)
+
+ >>> grantinfo = IExtendedGrantInfo(content1)
+ >>> grantinfo.getRolesForPrincipal('meg')
+ [('content.Owner', PermissionSetting: Allow)]
+
+ >>> ownership = IOwnership(content1)
+ >>> ownership.ownerId
+ 'meg'
+
+ >>> interfaces.IUnchangeableOwnership.providedBy(ownership)
+ True
+
+ >>> ownership.ownerId = 'bob'
+ Traceback (most recent call last):
+ ...
+ AttributeError: can't set attribute
+
+content2
+
+ >>> grantinfo = IExtendedGrantInfo(content2)
+ >>> grantinfo.getRolesForPrincipal('meg')
+ [('content.Owner', PermissionSetting: Deny)]
+
+ >>> interface.directlyProvides(content2, IInheritOwnership)
+ >>> grantinfo.getRolesForPrincipal('meg')
+ [('content.Owner', PermissionSetting: Allow)]
+
+ >>> IOwnership(content2).ownerId
+ 'meg'
+ >>> IOwnership(content2).owner
+ <Principal 'meg'>
+
+ >>> IOwnership(content).ownerId = 'bob'
+ >>> IOwnership(content1).ownerId
+ 'bob'
+ >>> IOwnership(content2).ownerId
+ 'bob'
+
+ >>> IExtendedGrantInfo(content1).getRolesForPrincipal('meg')
+ [('content.Owner', PermissionSetting: Deny)]
+ >>> IExtendedGrantInfo(content1).getRolesForPrincipal('bob')
+ [('content.Owner', PermissionSetting: Allow)]
+ >>> IExtendedGrantInfo(content2).getRolesForPrincipal('meg')
+ [('content.Owner', PermissionSetting: Deny)]
+ >>> IExtendedGrantInfo(content2).getRolesForPrincipal('bob')
+ [('content.Owner', PermissionSetting: Allow)]
+
+We need IOwnerAware parent for IInheritOwnership objects
+
+ >>> content4 = Content()
+ >>> interface.directlyProvides(content4, IInheritOwnership)
+ >>> IOwnership(content4)
+ Traceback (most recent call last):
+ ...
+ ComponentLookupError
+
+just tests
+
+ >>> from zope.securitypolicy.interfaces import IPrincipalRoleMap
+ >>> map = component.getAdapter(content, IPrincipalRoleMap, 'z3ext.ownership-owner')
+ >>> map.getRolesForPrincipal('bob')
+ (('content.Owner', PermissionSetting: Allow),)
+ >>> map.getSetting('content.Owner', 'bob')
+ PermissionSetting: Allow
+ >>> map.getSetting('content.Owner', 'meg')
+ PermissionSetting: Deny
+
+
Group owner
+-----------
>>> from zope.security.interfaces import IGroup
>>> interface.directlyProvides(principal1, IGroup)
@@ -150,6 +241,13 @@
>>> grantinfo.getRolesForPrincipal('meg')
[('content.GroupOwner', PermissionSetting: Deny)]
- >>> interface.alsoProvides(content, IInheritOwnership)
- >>> grantinfo.getRolesForPrincipal('meg')
- []
+
+just tests
+
+ >>> map = component.getAdapter(content, IPrincipalRoleMap, 'z3ext.ownership-groupowner')
+ >>> map.getRolesForPrincipal('bob')
+ (('content.GroupOwner', PermissionSetting: Allow),)
+ >>> map.getSetting('content.GroupOwner', 'bob')
+ PermissionSetting: Allow
+ >>> map.getSetting('content.GroupOwner', 'meg')
+ PermissionSetting: Deny
Modified: z3ext.ownership/trunk/src/z3ext/ownership/configure.zcml
===================================================================
--- z3ext.ownership/trunk/src/z3ext/ownership/configure.zcml 2009-01-27 01:05:48 UTC (rev 95060)
+++ z3ext.ownership/trunk/src/z3ext/ownership/configure.zcml 2009-01-27 02:11:58 UTC (rev 95061)
@@ -1,6 +1,6 @@
<configure
xmlns="http://namespaces.zope.org/zope"
- i18n_domain="z3ext">
+ i18n_domain="z3ext.ownership">
<includeDependencies package="z3ext.ownership" />
@@ -19,6 +19,10 @@
<adapter factory=".owner.Ownership" />
+ <adapter
+ provides=".interfaces.IOwnership"
+ factory=".owner.InheritedOwnership" />
+
<class class=".owner.Ownership">
<require
permission="zope.View"
Modified: z3ext.ownership/trunk/src/z3ext/ownership/localroles.py
===================================================================
--- z3ext.ownership/trunk/src/z3ext/ownership/localroles.py 2009-01-27 01:05:48 UTC (rev 95060)
+++ z3ext.ownership/trunk/src/z3ext/ownership/localroles.py 2009-01-27 02:11:58 UTC (rev 95061)
@@ -26,18 +26,21 @@
@component.adapter(IOwnerAware)
@interface.implementer(IPrincipalRoleMap)
def getLocalRoles(context):
+ if IInheritOwnership.providedBy(context):
+ return
+
owner = IOwnership(context)
if owner.isGroup and IOwnerGroupAware.providedBy(context):
return
return LocalRoles(context, owner)
-
+
+
class LocalRoles(object):
interface.implements(IPrincipalRoleMap)
def __init__(self, context, owner):
self.owner = owner
self.ownerId = owner.ownerId
- self.inherit = IInheritOwnership.providedBy(context)
def getPrincipalsForRole(self, role_id):
if (role_id == 'content.Owner'):
@@ -50,16 +53,12 @@
allow = (('content.Owner', Allow),)):
if principal_id == self.ownerId:
return allow
- elif self.inherit:
- return ()
else:
return deny
def getSetting(self, role_id, principal_id):
if (principal_id == self.ownerId) and (role_id == 'content.Owner'):
return Allow
- if self.inherit:
- return Unset
else:
return Deny
@@ -70,17 +69,20 @@
@component.adapter(IOwnerGroupAware)
@interface.implementer(IPrincipalRoleMap)
def getGroupLocalRoles(context):
+ if IInheritOwnership.providedBy(context):
+ return
+
owner = IOwnership(context)
if owner.isGroup:
return GroupLocalRoles(context, owner)
+
class GroupLocalRoles(object):
interface.implements(IPrincipalRoleMap)
def __init__(self, context, owner):
self.owner = owner
self.ownerId = owner.ownerId
- self.inherit = IInheritOwnership.providedBy(context)
def getPrincipalsForRole(self, role_id):
if role_id == 'content.GroupOwner':
@@ -93,17 +95,12 @@
allow = (('content.GroupOwner', Allow),)):
if principal_id == self.ownerId:
return allow
- elif self.inherit:
- return ()
else:
return deny
def getSetting(self, role_id, principal_id):
if (principal_id == self.ownerId) and (role_id == 'content.GroupOwner'):
return Allow
-
- if self.inherit:
- return Unset
else:
return Deny
Modified: z3ext.ownership/trunk/src/z3ext/ownership/owner.py
===================================================================
--- z3ext.ownership/trunk/src/z3ext/ownership/owner.py 2009-01-27 01:05:48 UTC (rev 95060)
+++ z3ext.ownership/trunk/src/z3ext/ownership/owner.py 2009-01-27 02:11:58 UTC (rev 95061)
@@ -19,6 +19,7 @@
from zope import event, interface, component
from zope.annotation.interfaces import IAnnotations
+from zope.component.interfaces import ComponentLookupError
from zope.lifecycleevent.interfaces import IObjectCreatedEvent
from zope.security.proxy import removeSecurityProxy
@@ -27,6 +28,7 @@
from z3ext.security.utils import getPrincipal
from z3ext.ownership import interfaces
+from z3ext.ownership.interfaces import IOwnership
from z3ext.ownership.interfaces import IInheritOwnership
from z3ext.ownership.interfaces import IUnchangeableOwnership
from z3ext.ownership.interfaces import OwnerChangedEvent
@@ -36,7 +38,7 @@
class Ownership(object):
component.adapts(interfaces.IOwnerAware)
- interface.implements(interfaces.IOwnership)
+ interface.implements(IOwnership)
_ownerId = ''
isGroup = False
@@ -86,6 +88,29 @@
self.owner = getPrincipal(pid)
+class InheritedOwnership(object):
+ component.adapts(interfaces.IInheritOwnership)
+ interface.implements(IOwnership, IUnchangeableOwnership)
+
+ def __init__(self, context):
+ parent = context
+
+ while IInheritOwnership.providedBy(parent):
+ parent = getattr(parent, '__parent__', None)
+ if parent is None:
+ raise ComponentLookupError()
+
+ self._owner = IOwnership(parent)
+
+ @property
+ def owner(self):
+ return self._owner.owner
+
+ @property
+ def ownerId(self):
+ return self._owner.ownerId
+
+
@component.adapter(interfaces.IOwnerAware, IObjectCreatedEvent)
def initObjectOwnership(object, event):
if interfaces.IUnchangeableOwnership.providedBy(object) or \
Modified: z3ext.ownership/trunk/src/z3ext/ownership/tests.py
===================================================================
--- z3ext.ownership/trunk/src/z3ext/ownership/tests.py 2009-01-27 01:05:48 UTC (rev 95060)
+++ z3ext.ownership/trunk/src/z3ext/ownership/tests.py 2009-01-27 02:11:58 UTC (rev 95061)
@@ -25,8 +25,10 @@
from z3ext.security import tests as sectests
from z3ext.security.securitypolicy import SecurityPolicy
-from z3ext.ownership.owner import Ownership, initObjectOwnership
+from z3ext.ownership.owner import initObjectOwnership
+from z3ext.ownership.owner import Ownership, InheritedOwnership
from z3ext.ownership.localroles import getLocalRoles, getGroupLocalRoles
+from z3ext.ownership.interfaces import IOwnership, IInheritOwnership
class Principal:
@@ -45,14 +47,14 @@
def setUp(test):
- #placelesssetup.setUp(test)
sectests.setUp(test)
zope.security.management.setSecurityPolicy(SecurityPolicy)
sm = component.getSiteManager()
sm.registerAdapter(Ownership)
+ sm.registerAdapter(InheritedOwnership, (IInheritOwnership,), IOwnership)
sm.registerAdapter(getLocalRoles, name="z3ext.ownership-owner")
- sm.registerAdapter(getGroupLocalRoles, name="z3ext.ownership-group")
+ sm.registerAdapter(getGroupLocalRoles, name="z3ext.ownership-groupowner")
sm.registerAdapter(AttributeAnnotations)
sm.registerHandler(initObjectOwnership)
More information about the Checkins
mailing list