[Checkins] SVN: z3ext.permissionsmap/trunk/ - Allow empty permissionsmap name registered for 'class' or 'interface'
Nikolay Kim
fafhrd91 at gmail.com
Sat Nov 21 19:39:01 EST 2009
Log message for revision 105953:
- Allow empty permissionsmap name registered for 'class' or 'interface'
- Tests updated, 100% coverage
Changed:
U z3ext.permissionsmap/trunk/CHANGES.txt
U z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/README.txt
U z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py
U z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py
-=-
Modified: z3ext.permissionsmap/trunk/CHANGES.txt
===================================================================
--- z3ext.permissionsmap/trunk/CHANGES.txt 2009-11-22 00:19:49 UTC (rev 105952)
+++ z3ext.permissionsmap/trunk/CHANGES.txt 2009-11-22 00:39:01 UTC (rev 105953)
@@ -2,10 +2,14 @@
CHANGES
=======
-1.3.1 (Unreleased)
+1.3.1 (2009-11-21)
------------------
+- Allow empty permissionsmap name registered for 'class' or 'interface'
+- Tests updated, 100% coverage
+
+
1.3.0 (2009-08-11)
------------------
Modified: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/README.txt
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/README.txt 2009-11-22 00:19:49 UTC (rev 105952)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/README.txt 2009-11-22 00:39:01 UTC (rev 105953)
@@ -75,7 +75,7 @@
... name="myPermissions1">
...
... <grant permission="my.p1" role="r1 r2 r3" />
- ... <deny permission="my.p2" role="r1 r3" />
+ ... <deny permission="my.p2" role="r2" />
... <denyAll permission="my.p3" />
... </permissions>
... </configure>""", context)
@@ -85,10 +85,76 @@
>>> perms = component.getAdapter(content, \
... interfaces.IPermissionsMap, 'myPermissions1')
+ >>> print perms.getPermissionsForRole('r1')
+ [('my.p1', PermissionSetting: Allow), ('my.p3', PermissionSetting: Deny)]
+
+We can define permissionsmap with same name and for multple times
+
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns="http://namespaces.zope.org/zope">
+ ... <permissions for="z3ext.permissionsmap.tests.TestContent1"
+ ... name="myPermissions1">
+ ... <deny permission="my.p2" role="r1" />
+ ... </permissions>
+ ... </configure>""", context)
+
+ >>> print perms.getPermissionsForRole('r1')
+ [('my.p1', PermissionSetting: Allow), ('my.p3', PermissionSetting: Deny), ('my.p2', PermissionSetting: Deny)]
+
>>> verifyObject(interfaces.IDefaultPermissionsMap, perms)
True
+We can create permissionsmap without name, but in this case '__default_class__'
+name will be used.
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns="http://namespaces.zope.org/zope">
+ ... <permissions for="z3ext.permissionsmap.tests.TestContent1">
+ ... <grant permission="my.p1" role="r1 r2 r3" />
+ ... <deny permission="my.p2" role="r1 r3" />
+ ... <grantAll permission="my.p3" />
+ ... </permissions>
+ ... </configure>""", context)
+
+ >>> perms = component.getAdapter(content, \
+ ... interfaces.IPermissionsMap, '__default_class__')
+
+ >>> verifyObject(interfaces.IDefaultPermissionsMap, perms)
+ True
+
+ >>> perms.getRolesForPermission('my.p3')
+ [(u'r1', PermissionSetting: Allow), (u'r2', PermissionSetting: Allow), (u'r3', PermissionSetting: Allow)]
+
+DenyAll is higher than GrantAll
+
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns="http://namespaces.zope.org/zope">
+ ... <permissions for="z3ext.permissionsmap.tests.TestContent1"
+ ... name="myPermissions1">
+ ... <denyAll permission="my.p3" />
+ ... <grantAll permission="my.p3" />
+ ... </permissions>
+ ... </configure>""", context)
+
+ >>> perms = component.getAdapter(
+ ... content, interfaces.IPermissionsMap, 'myPermissions1')
+
+ >>> perms.getRolesForPermission('my.p3')
+ [(u'r1', PermissionSetting: Deny), (u'r2', PermissionSetting: Deny), (u'r3', PermissionSetting: Deny)]
+
+ >>> context = xmlconfig.string("""
+ ... <configure xmlns="http://namespaces.zope.org/zope">
+ ...
+ ... <permissions>
+ ... <grant permission="my.p1" role="r1 r2 r3" />
+ ... <deny permission="my.p2" role="r1 r3" />
+ ... <denyAll permission="my.p3" />
+ ... </permissions>
+ ... </configure>""", context)
+ Traceback (most recent call last):
+ ...
+ ZopeXMLConfigurationError: ...
+
We can assign permissions map to any annotatable content
>>> from zope.annotation.interfaces import IAttributeAnnotatable
Modified: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py 2009-11-22 00:19:49 UTC (rev 105952)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/permissionsmap.py 2009-11-22 00:39:01 UTC (rev 105953)
@@ -54,7 +54,7 @@
if settings:
settings.update(
[(pid, setting) for pid, setting in \
- super(PermissionsMap, self).getPermissionsForRole(role_id)])
+ super(PermissionsMap,self).getPermissionsForRole(role_id)])
return settings.items()
@@ -75,7 +75,8 @@
settings.update(
[(rid, setting) for rid, setting in \
- super(PermissionsMap, self).getRolesForPermission(permission_id)])
+ super(PermissionsMap, self).getRolesForPermission(
+ permission_id)])
return settings.items()
else:
Modified: z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py
===================================================================
--- z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py 2009-11-22 00:19:49 UTC (rev 105952)
+++ z3ext.permissionsmap/trunk/src/z3ext/permissionsmap/zcml.py 2009-11-22 00:39:01 UTC (rev 105953)
@@ -21,6 +21,7 @@
from zope import schema, interface, component
from zope.security.zcml import Permission
from zope.configuration.fields import Tokens, GlobalObject
+from zope.configuration.exceptions import ConfigurationError
from zope.securitypolicy.interfaces import IRole
from interfaces import IPermissionsMap
@@ -34,7 +35,7 @@
name = schema.TextLine(
title=u"Name",
description=u"Permissions map identifier.",
- required=True)
+ required=False)
for_ = GlobalObject(
title=u"For",
@@ -147,12 +148,12 @@
if for_ is not None:
global classPermissions
- perms = classPermissions.get(for_)
+ perms = classPermissions.get((for_, name))
if perms is not None:
return
perms = PermissionsMap(name, title, description)
- classPermissions[for_] = perms
+ classPermissions[(for_, name)] = perms
interface.alsoProvides(perms, IDefaultPermissionsMap)
# register map as adapter for for_
@@ -173,7 +174,7 @@
sm = globalregistry.globalSiteManager
if for_ is not None:
- permissionmap = classPermissions[for_]
+ permissionmap = classPermissions[(for_, name)]
else:
permissionmap = sm.getUtility(IPermissionsMap, name)
@@ -189,7 +190,7 @@
sm = globalregistry.globalSiteManager
if for_ is not None:
- permissionmap = classPermissions[for_]
+ permissionmap = classPermissions[(for_, name)]
else:
permissionmap = sm.getUtility(IPermissionsMap, name)
@@ -206,8 +207,16 @@
class permissionsMapDirective(object):
- def __init__(self, _context, name, for_=None,
+ def __init__(self, _context, name=None, for_=None,
title='', description='', override=True):
+
+ if for_ is None and not name:
+ raise ConfigurationError(
+ "'for' or 'name' should be provided for permissionsmap declaration")
+
+ if not name:
+ name = '__default_class__'
+
self.for_ = for_
self.name = name
self.override = override
More information about the checkins
mailing list