[Checkins] SVN: zope.app.security/trunk/ Remove protections patching, because zope.security knows about them itself now.

Dan Korostelev nadako at gmail.com
Wed Mar 11 23:14:02 EDT 2009


Log message for revision 97950:
  Remove protections patching, because zope.security knows about them itself now.

Changed:
  U   zope.app.security/trunk/CHANGES.txt
  U   zope.app.security/trunk/src/zope/app/security/__init__.py
  U   zope.app.security/trunk/src/zope/app/security/_protections.py

-=-
Modified: zope.app.security/trunk/CHANGES.txt
===================================================================
--- zope.app.security/trunk/CHANGES.txt	2009-03-12 03:09:05 UTC (rev 97949)
+++ zope.app.security/trunk/CHANGES.txt	2009-03-12 03:14:02 UTC (rev 97950)
@@ -25,6 +25,10 @@
 - The registration of the "zope.Public" permission has been moved to
   ``zope.security``. Its configure.zcml is now included by this package.
 
+- The "protect" function is now a no-op and is not needed anymore, because
+  zope.security now knows about i18n messages and __name__ and __parent__
+  attributes and won't protect them by default.
+
 - The ``LocalPermission`` class is now moved to new ``zope.localpermission``
   package. This package now only has backward-compatibility imports and browser
   views and menu items for ZMI.

Modified: zope.app.security/trunk/src/zope/app/security/__init__.py
===================================================================
--- zope.app.security/trunk/src/zope/app/security/__init__.py	2009-03-12 03:09:05 UTC (rev 97949)
+++ zope.app.security/trunk/src/zope/app/security/__init__.py	2009-03-12 03:14:02 UTC (rev 97950)
@@ -15,10 +15,5 @@
 
 $Id$
 """
-# Register some standard types
-import _protections
-_protections.protect()
-del _protections
-
 # BBB: the code was moved to zope.authentication
 from zope.authentication.logout import LogoutSupported, NoLogout

Modified: zope.app.security/trunk/src/zope/app/security/_protections.py
===================================================================
--- zope.app.security/trunk/src/zope/app/security/_protections.py	2009-03-12 03:09:05 UTC (rev 97949)
+++ zope.app.security/trunk/src/zope/app/security/_protections.py	2009-03-12 03:14:02 UTC (rev 97950)
@@ -11,26 +11,9 @@
 # FOR A PARTICULAR PURPOSE
 #
 ##############################################################################
-"""Register protection information for some standard low-level types
-
+"""
 $Id$
 """
 
-# XXX this will be moved
 def protect():
-    # Add message id types to the basic types, so their setting cannot be
-    # overridden, once set. `protect()` was not guranteed to run after
-    # zope.security.checker._clear, so that sometimes the proxies were not set.
-    # This is not the ideal solution, but it is effective.
-
-    # Make sure the message id gets never proxied.  This is not a
-    # security hole because Messages are immutable.
-    import zope.security.checker
-    from zope.security.checker import NoProxy
-    from zope.i18nmessageid import Message
-    zope.security.checker.BasicTypes[Message] = NoProxy
-
-    # add __parent__ and __name__ to always available names
-    for name in ['__name__', '__parent__']:
-        if name not in zope.security.checker._available_by_default:
-            zope.security.checker._available_by_default.append(name)
+    pass # this function is not needed anymore



More information about the Checkins mailing list