[Checkins] SVN: z3ext.security/tags/1.2.6/ release tag
Nikolay Kim
fafhrd at datacom.kz
Wed Mar 25 06:04:00 EDT 2009
Log message for revision 98359:
release tag
Changed:
A z3ext.security/tags/1.2.6/
D z3ext.security/tags/1.2.6/CHANGES.txt
A z3ext.security/tags/1.2.6/CHANGES.txt
U z3ext.security/tags/1.2.6/setup.py
D z3ext.security/tags/1.2.6/src/z3ext/security/interfaces.py
A z3ext.security/tags/1.2.6/src/z3ext/security/interfaces.py
D z3ext.security/tags/1.2.6/src/z3ext/security/securitypolicy.py
A z3ext.security/tags/1.2.6/src/z3ext/security/securitypolicy.py
D z3ext.security/tags/1.2.6/src/z3ext/security/utils.py
A z3ext.security/tags/1.2.6/src/z3ext/security/utils.py
-=-
Deleted: z3ext.security/tags/1.2.6/CHANGES.txt
===================================================================
--- z3ext.security/trunk/CHANGES.txt 2009-03-25 05:33:19 UTC (rev 98354)
+++ z3ext.security/tags/1.2.6/CHANGES.txt 2009-03-25 10:04:00 UTC (rev 98359)
@@ -1,60 +0,0 @@
-=======
-CHANGES
-=======
-
-1.2.5 (2009-03-15)
-------------------
-
-- Check IPrincipalRoleMap adapter last
-
-
-1.2.4 (2009-03-12)
-------------------
-
-- Fixed permissions/roles calculation in IExtendedGrantInfo
-
-
-1.2.3 (2009-01-19)
-------------------
-
-- Added 'getPrincipalsForPermission' to IExtendedGrantInfo interface
-
-
-1.2.2 (2009-01-09)
-------------------
-
-- Query all IPrincipalPermissionMap adapter for context
-
-
-1.2.1 (2008-09-02)
-------------------
-
-- Fixed bug in extended grant info
-
-
-1.2.0 (2008-03-21)
-------------------
-
-- Code cleanup
-
-- Move code to svn.zope.org
-
-
-1.1.1 (2008-02-16)
-------------------
-
-- Performance (Profiling)
-
-
-1.1.0 (2008-02-01)
-------------------
-
-- Code cleanup
-
-- Removed unused code
-
-
-1.0.0 (2007-12-08)
-------------------
-
-- Initial release.
Copied: z3ext.security/tags/1.2.6/CHANGES.txt (from rev 98358, z3ext.security/trunk/CHANGES.txt)
===================================================================
--- z3ext.security/tags/1.2.6/CHANGES.txt (rev 0)
+++ z3ext.security/tags/1.2.6/CHANGES.txt 2009-03-25 10:04:00 UTC (rev 98359)
@@ -0,0 +1,66 @@
+=======
+CHANGES
+=======
+
+1.2.6 (2009-03-25)
+------------------
+
+- Added 'checkPermissionForPrincipal' helper function
+
+
+1.2.5 (2009-03-15)
+------------------
+
+- Check IPrincipalRoleMap adapter last
+
+
+1.2.4 (2009-03-12)
+------------------
+
+- Fixed permissions/roles calculation in IExtendedGrantInfo
+
+
+1.2.3 (2009-01-19)
+------------------
+
+- Added 'getPrincipalsForPermission' to IExtendedGrantInfo interface
+
+
+1.2.2 (2009-01-09)
+------------------
+
+- Query all IPrincipalPermissionMap adapter for context
+
+
+1.2.1 (2008-09-02)
+------------------
+
+- Fixed bug in extended grant info
+
+
+1.2.0 (2008-03-21)
+------------------
+
+- Code cleanup
+
+- Move code to svn.zope.org
+
+
+1.1.1 (2008-02-16)
+------------------
+
+- Performance (Profiling)
+
+
+1.1.0 (2008-02-01)
+------------------
+
+- Code cleanup
+
+- Removed unused code
+
+
+1.0.0 (2007-12-08)
+------------------
+
+- Initial release.
Modified: z3ext.security/tags/1.2.6/setup.py
===================================================================
--- z3ext.security/trunk/setup.py 2009-03-25 05:33:19 UTC (rev 98354)
+++ z3ext.security/tags/1.2.6/setup.py 2009-03-25 10:04:00 UTC (rev 98359)
@@ -21,7 +21,7 @@
def read(*rnames):
return open(os.path.join(os.path.dirname(__file__), *rnames)).read()
-version = '1.2.6dev'
+version = '1.2.6'
setup(name='z3ext.security',
Deleted: z3ext.security/tags/1.2.6/src/z3ext/security/interfaces.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/interfaces.py 2009-03-25 05:33:19 UTC (rev 98354)
+++ z3ext.security/tags/1.2.6/src/z3ext/security/interfaces.py 2009-03-25 10:04:00 UTC (rev 98359)
@@ -1,43 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2007 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-""" z3ext.security interfaces
-
-$Id$
-"""
-from zope import interface
-
-
-class IPrincipalGroups(interface.Interface):
- """ principal groups """
-
- principal = interface.Attribute('Principal')
-
- def getGroups(type=None):
- """ get principal groups """
-
-
-class IExtendedGrantInfo(interface.Interface):
- """ similar to IGrantInfo but recursive """
-
- def getRolesForPermission(permission):
- """ roles with permission """
-
- def getRolesForPrincipal(principal):
- """ principal roles """
-
- def getPrincipalsForRole(role_id):
- """ Get the principals that have been granted a role. """
-
- def getPrincipalsForPermission(permission):
- """ Get principals for permission """
Copied: z3ext.security/tags/1.2.6/src/z3ext/security/interfaces.py (from rev 98358, z3ext.security/trunk/src/z3ext/security/interfaces.py)
===================================================================
--- z3ext.security/tags/1.2.6/src/z3ext/security/interfaces.py (rev 0)
+++ z3ext.security/tags/1.2.6/src/z3ext/security/interfaces.py 2009-03-25 10:04:00 UTC (rev 98359)
@@ -0,0 +1,47 @@
+##############################################################################
+#
+# Copyright (c) 2007 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" z3ext.security interfaces
+
+$Id$
+"""
+from zope import interface
+
+
+class IZ3extSecurityPolicy(interface.Interface):
+ """ z3ext security policy """
+
+
+class IPrincipalGroups(interface.Interface):
+ """ principal groups """
+
+ principal = interface.Attribute('Principal')
+
+ def getGroups(type=None):
+ """ get principal groups """
+
+
+class IExtendedGrantInfo(interface.Interface):
+ """ similar to IGrantInfo but recursive """
+
+ def getRolesForPermission(permission):
+ """ roles with permission """
+
+ def getRolesForPrincipal(principal):
+ """ principal roles """
+
+ def getPrincipalsForRole(role_id):
+ """ Get the principals that have been granted a role. """
+
+ def getPrincipalsForPermission(permission):
+ """ Get principals for permission """
Deleted: z3ext.security/tags/1.2.6/src/z3ext/security/securitypolicy.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/securitypolicy.py 2009-03-25 05:33:19 UTC (rev 98354)
+++ z3ext.security/tags/1.2.6/src/z3ext/security/securitypolicy.py 2009-03-25 10:04:00 UTC (rev 98359)
@@ -1,204 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2007 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""
-
-$Id$
-"""
-from zope.component import getAdapters
-from zope.security.proxy import removeSecurityProxy
-from zope.app.security.settings import Allow
-
-from zope.securitypolicy.interfaces import IPrincipalRoleMap
-from zope.securitypolicy.interfaces import IRolePermissionMap
-from zope.securitypolicy.interfaces import IPrincipalPermissionMap
-
-from zope.securitypolicy.zopepolicy import ZopeSecurityPolicy
-
-from zope.securitypolicy.zopepolicy import SettingAsBoolean
-from zope.securitypolicy.zopepolicy import globalRolesForPrincipal
-from zope.securitypolicy.zopepolicy import globalRolesForPermission
-from zope.securitypolicy.zopepolicy import globalPrincipalPermissionSetting
-
-
-class CacheEntry(object):
-
- prinper = None
- roles_adapters = None
- principal_roles_adapters = None
- principal_permission_adapters = None
-
- def __init__(self):
- self.prin = {}
- self.decision = {}
- self.roles = {}
- self.principal_roles = {}
-
-
-class SecurityPolicy(ZopeSecurityPolicy):
-
- def cache(self, parent):
- cache = self._cache
-
- if parent in cache:
- return cache[parent]
- else:
- cacheEntry = CacheEntry()
- cache[parent] = cacheEntry
- return cacheEntry
-
- def cached_roles(self, parent, permission, _allow=Allow):
- cache = self.cache(parent)
- cache_roles = cache.roles
- if permission in cache_roles:
- return cache_roles[permission]
-
- if parent is None:
- roles = dict(
- [(role, 1) for (role, setting) in globalRolesForPermission(permission)
- if setting is _allow])
- cache_roles[permission] = roles
- return roles
-
- roles = self.cached_roles(
- removeSecurityProxy(getattr(parent, '__parent__', None)), permission)
-
- # cache adaters
- rolepers = cache.roles_adapters
- if rolepers is None:
- rolepers = tuple(getAdapters((parent,), IRolePermissionMap))
- cache.roles_adapters = rolepers
-
- if rolepers:
- roles = roles.copy()
- for name, roleper in rolepers:
- for role, setting in roleper.getRolesForPermission(permission):
- if setting is _allow:
- roles[role] = 1
- elif role in roles:
- del roles[role]
-
- cache_roles[permission] = roles
- return roles
-
- def cached_principal_roles(self, parent, principal,
- SettingAsBoolean=SettingAsBoolean):
- cache = self.cache(parent)
- cache_principal_roles = cache.principal_roles
- if principal in cache_principal_roles:
- return cache_principal_roles[principal]
-
- if parent is None:
- roles = dict(
- [(role, SettingAsBoolean[setting])
- for (role, setting) in globalRolesForPrincipal(principal)]
- )
- roles['zope.Anonymous'] = True # Everybody has Anonymous
- cache_principal_roles[principal] = roles
- return roles
-
- roles = self.cached_principal_roles(
- removeSecurityProxy(getattr(parent, '__parent__', None)), principal)
-
- roles = roles.copy()
-
- # cache adaters
- adapters = cache.principal_roles_adapters
- if adapters is None:
- adapters = tuple(getAdapters((parent,), IPrincipalRoleMap))
- if adapters and adapters[0][0] == '':
- adapters = adapters[1:] + adapters[:1]
- cache.principal_roles_adapters = adapters
-
- for name, prinrole in adapters:
- for role, setting in prinrole.getRolesForPrincipal(principal):
- roles[role] = SettingAsBoolean[setting]
-
- cache_principal_roles[principal] = roles
- return roles
-
- def cached_prinper(self, parent, principal, groups, permission):
- # Compute the permission, if any, for the principal.
- cache = self.cache(parent)
- cache_prin = cache.prin
-
- if principal in cache_prin:
- cache_prin_per = cache_prin[principal]
- else:
- cache_prin_per = cache_prin[principal] = {}
-
- if permission in cache_prin_per:
- return cache_prin_per[permission]
-
- if parent is None:
- prinper = SettingAsBoolean[
- globalPrincipalPermissionSetting(permission, principal, None)
- ]
- cache_prin_per[permission] = prinper
- return prinper
-
- # cache adaters
- adapters = cache.principal_permission_adapters
- if adapters is None:
- adapters = tuple(getAdapters((parent,), IPrincipalPermissionMap))
- cache.principal_permission_adapters = adapters
-
- for name, prinper in adapters:
- prinper = SettingAsBoolean[
- prinper.getSetting(permission, principal, None)]
- if prinper is not None:
- cache_prin_per[permission] = prinper
- return prinper
-
- parent = removeSecurityProxy(getattr(parent, '__parent__', None))
- prinper = self.cached_prinper(parent, principal, groups, permission)
- cache_prin_per[permission] = prinper
- return prinper
-
- def cached_decision(self, parent, principal, groups, permission):
- # Return the decision for a principal and permission
- cache = self.cache(parent)
- cache_decision = cache.decision
-
- if principal in cache_decision:
- cache_decision_prin = cache_decision[principal]
- else:
- cache_decision_prin = cache_decision[principal] = {}
-
- if permission in cache_decision_prin:
- return cache_decision_prin[permission]
-
- # cache_decision_prin[permission] is the cached
- # decision for a principal and permission.
- decision = self.cached_prinper(parent, principal, groups, permission)
- if (decision is None) and groups:
- decision = self._group_based_cashed_prinper(
- parent, principal, groups, permission)
-
- if decision is not None:
- cache_decision_prin[permission] = decision
- return decision
-
- roles = self.cached_roles(parent, permission)
- if roles:
- prin_roles = self.cached_principal_roles(parent, principal)
- if groups:
- prin_roles = self.cached_principal_roles_w_groups(
- parent, principal, groups, prin_roles)
- for role, setting in prin_roles.items():
- if setting and (role in roles):
- cache_decision_prin[permission] = decision = True
- return decision
-
- cache_decision_prin[permission] = decision = False
- return decision
Copied: z3ext.security/tags/1.2.6/src/z3ext/security/securitypolicy.py (from rev 98358, z3ext.security/trunk/src/z3ext/security/securitypolicy.py)
===================================================================
--- z3ext.security/tags/1.2.6/src/z3ext/security/securitypolicy.py (rev 0)
+++ z3ext.security/tags/1.2.6/src/z3ext/security/securitypolicy.py 2009-03-25 10:04:00 UTC (rev 98359)
@@ -0,0 +1,208 @@
+##############################################################################
+#
+# Copyright (c) 2007 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+from zope import interface
+from zope.component import getAdapters
+from zope.security.proxy import removeSecurityProxy
+from zope.app.security.settings import Allow
+
+from zope.securitypolicy.interfaces import IPrincipalRoleMap
+from zope.securitypolicy.interfaces import IRolePermissionMap
+from zope.securitypolicy.interfaces import IPrincipalPermissionMap
+
+from zope.securitypolicy.zopepolicy import ZopeSecurityPolicy
+
+from zope.securitypolicy.zopepolicy import SettingAsBoolean
+from zope.securitypolicy.zopepolicy import globalRolesForPrincipal
+from zope.securitypolicy.zopepolicy import globalRolesForPermission
+from zope.securitypolicy.zopepolicy import globalPrincipalPermissionSetting
+
+from interfaces import IZ3extSecurityPolicy
+
+
+class CacheEntry(object):
+
+ prinper = None
+ roles_adapters = None
+ principal_roles_adapters = None
+ principal_permission_adapters = None
+
+ def __init__(self):
+ self.prin = {}
+ self.decision = {}
+ self.roles = {}
+ self.principal_roles = {}
+
+
+class SecurityPolicy(ZopeSecurityPolicy):
+ interface.implements(IZ3extSecurityPolicy)
+
+ def cache(self, parent):
+ cache = self._cache
+
+ if parent in cache:
+ return cache[parent]
+ else:
+ cacheEntry = CacheEntry()
+ cache[parent] = cacheEntry
+ return cacheEntry
+
+ def cached_roles(self, parent, permission, _allow=Allow):
+ cache = self.cache(parent)
+ cache_roles = cache.roles
+ if permission in cache_roles:
+ return cache_roles[permission]
+
+ if parent is None:
+ roles = dict(
+ [(role, 1) for (role, setting) in globalRolesForPermission(permission)
+ if setting is _allow])
+ cache_roles[permission] = roles
+ return roles
+
+ roles = self.cached_roles(
+ removeSecurityProxy(getattr(parent, '__parent__', None)), permission)
+
+ # cache adaters
+ rolepers = cache.roles_adapters
+ if rolepers is None:
+ rolepers = tuple(getAdapters((parent,), IRolePermissionMap))
+ cache.roles_adapters = rolepers
+
+ if rolepers:
+ roles = roles.copy()
+ for name, roleper in rolepers:
+ for role, setting in roleper.getRolesForPermission(permission):
+ if setting is _allow:
+ roles[role] = 1
+ elif role in roles:
+ del roles[role]
+
+ cache_roles[permission] = roles
+ return roles
+
+ def cached_principal_roles(self, parent, principal,
+ SettingAsBoolean=SettingAsBoolean):
+ cache = self.cache(parent)
+ cache_principal_roles = cache.principal_roles
+ if principal in cache_principal_roles:
+ return cache_principal_roles[principal]
+
+ if parent is None:
+ roles = dict(
+ [(role, SettingAsBoolean[setting])
+ for (role, setting) in globalRolesForPrincipal(principal)]
+ )
+ roles['zope.Anonymous'] = True # Everybody has Anonymous
+ cache_principal_roles[principal] = roles
+ return roles
+
+ roles = self.cached_principal_roles(
+ removeSecurityProxy(getattr(parent, '__parent__', None)), principal)
+
+ roles = roles.copy()
+
+ # cache adaters
+ adapters = cache.principal_roles_adapters
+ if adapters is None:
+ adapters = tuple(getAdapters((parent,), IPrincipalRoleMap))
+ if adapters and adapters[0][0] == '':
+ adapters = adapters[1:] + adapters[:1]
+ cache.principal_roles_adapters = adapters
+
+ for name, prinrole in adapters:
+ for role, setting in prinrole.getRolesForPrincipal(principal):
+ roles[role] = SettingAsBoolean[setting]
+
+ cache_principal_roles[principal] = roles
+ return roles
+
+ def cached_prinper(self, parent, principal, groups, permission):
+ # Compute the permission, if any, for the principal.
+ cache = self.cache(parent)
+ cache_prin = cache.prin
+
+ if principal in cache_prin:
+ cache_prin_per = cache_prin[principal]
+ else:
+ cache_prin_per = cache_prin[principal] = {}
+
+ if permission in cache_prin_per:
+ return cache_prin_per[permission]
+
+ if parent is None:
+ prinper = SettingAsBoolean[
+ globalPrincipalPermissionSetting(permission, principal, None)
+ ]
+ cache_prin_per[permission] = prinper
+ return prinper
+
+ # cache adaters
+ adapters = cache.principal_permission_adapters
+ if adapters is None:
+ adapters = tuple(getAdapters((parent,), IPrincipalPermissionMap))
+ cache.principal_permission_adapters = adapters
+
+ for name, prinper in adapters:
+ prinper = SettingAsBoolean[
+ prinper.getSetting(permission, principal, None)]
+ if prinper is not None:
+ cache_prin_per[permission] = prinper
+ return prinper
+
+ parent = removeSecurityProxy(getattr(parent, '__parent__', None))
+ prinper = self.cached_prinper(parent, principal, groups, permission)
+ cache_prin_per[permission] = prinper
+ return prinper
+
+ def cached_decision(self, parent, principal, groups, permission):
+ # Return the decision for a principal and permission
+ cache = self.cache(parent)
+ cache_decision = cache.decision
+
+ if principal in cache_decision:
+ cache_decision_prin = cache_decision[principal]
+ else:
+ cache_decision_prin = cache_decision[principal] = {}
+
+ if permission in cache_decision_prin:
+ return cache_decision_prin[permission]
+
+ # cache_decision_prin[permission] is the cached
+ # decision for a principal and permission.
+ decision = self.cached_prinper(parent, principal, groups, permission)
+ if (decision is None) and groups:
+ decision = self._group_based_cashed_prinper(
+ parent, principal, groups, permission)
+
+ if decision is not None:
+ cache_decision_prin[permission] = decision
+ return decision
+
+ roles = self.cached_roles(parent, permission)
+ if roles:
+ prin_roles = self.cached_principal_roles(parent, principal)
+ if groups:
+ prin_roles = self.cached_principal_roles_w_groups(
+ parent, principal, groups, prin_roles)
+ for role, setting in prin_roles.items():
+ if setting and (role in roles):
+ cache_decision_prin[permission] = decision = True
+ return decision
+
+ cache_decision_prin[permission] = decision = False
+ return decision
Deleted: z3ext.security/tags/1.2.6/src/z3ext/security/utils.py
===================================================================
--- z3ext.security/trunk/src/z3ext/security/utils.py 2009-03-25 05:33:19 UTC (rev 98354)
+++ z3ext.security/tags/1.2.6/src/z3ext/security/utils.py 2009-03-25 10:04:00 UTC (rev 98359)
@@ -1,36 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2007 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""
-
-$Id$
-"""
-from zope.component import getUtility
-from zope.security.management import queryInteraction
-from zope.app.security.interfaces import IAuthentication, PrincipalLookupError
-
-
-def getPrincipal(id=None):
- """ get current interaction principal """
- if id is None:
- interaction = queryInteraction()
-
- if interaction is not None:
- for participation in interaction.participations:
- if participation.principal is not None:
- return participation.principal
- else:
- try:
- return getUtility(IAuthentication).getPrincipal(id)
- except PrincipalLookupError:
- return None
Copied: z3ext.security/tags/1.2.6/src/z3ext/security/utils.py (from rev 98358, z3ext.security/trunk/src/z3ext/security/utils.py)
===================================================================
--- z3ext.security/tags/1.2.6/src/z3ext/security/utils.py (rev 0)
+++ z3ext.security/tags/1.2.6/src/z3ext/security/utils.py 2009-03-25 10:04:00 UTC (rev 98359)
@@ -0,0 +1,50 @@
+##############################################################################
+#
+# Copyright (c) 2007 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+from zope.component import getUtility
+from zope.security.proxy import removeSecurityProxy
+from zope.security.management import queryInteraction
+from zope.app.security.interfaces import IAuthentication, PrincipalLookupError
+
+from interfaces import IZ3extSecurityPolicy
+
+
+def getPrincipal(id=None):
+ """ get current interaction principal """
+ if id is None:
+ interaction = queryInteraction()
+
+ if interaction is not None:
+ for participation in interaction.participations:
+ if participation.principal is not None:
+ return participation.principal
+ else:
+ try:
+ return getUtility(IAuthentication).getPrincipal(id)
+ except PrincipalLookupError:
+ return None
+
+
+def checkPermissionForPrincipal(principal, permission, object):
+ interaction = queryInteraction()
+
+ if IZ3extSecurityPolicy.providedBy(interaction):
+ return interaction.cached_decision(
+ removeSecurityProxy(object), principal.id,
+ interaction._groupsFor(principal), permission)
+
+ return False
More information about the Checkins
mailing list