[Checkins] SVN: grok/trunk/ grok.permissions() now can refer to grok.Permission classes not just permission ids

[Jan-Wijbrand Kolman]

Log message for revision 105036:
  grok.permissions() now can refer to grok.Permission classes not just permission ids

Changed:
  U   grok/trunk/CHANGES.txt
  U   grok/trunk/src/grok/directive.py
  A   grok/trunk/src/grok/tests/security/not_a_permission_class.py
  A   grok/trunk/src/grok/tests/security/not_a_permission_class_fixture.py
  A   grok/trunk/src/grok/tests/security/permissions.py

-=-
Modified: grok/trunk/CHANGES.txt
===================================================================
--- grok/trunk/CHANGES.txt	2009-10-13 10:00:42 UTC (rev 105035)
+++ grok/trunk/CHANGES.txt	2009-10-13 10:01:37 UTC (rev 105036)
@@ -4,6 +4,10 @@
 1.1 (unreleased)
 ================
 
+* The ``grok.permissions()``, that is used in the ``grok.Role`` component now
+  accepts references to ``grok.Permission`` class, not just permission ids.
+  This behaviour is now symetrical to the ``grok.require()`` directive.
+
 * Added an util function, ``create_application``, to create an
   application and trigger the correct events during the process.
 

Modified: grok/trunk/src/grok/directive.py
===================================================================
--- grok/trunk/src/grok/directive.py	2009-10-13 10:00:42 UTC (rev 105035)
+++ grok/trunk/src/grok/directive.py	2009-10-13 10:01:37 UTC (rev 105036)
@@ -30,7 +30,9 @@
 
 """
 
+import grok
 import martian
+import martian.util
 from grokcore.view.directive import TaggedValueStoreOnce
 
 
@@ -63,9 +65,25 @@
     store = martian.ONCE
     default = []
 
-    def factory(self, *args):
-        return args
+    def validate(self, *values):
+        for value in values:
+            if martian.util.check_subclass(value, grok.Permission):
+                continue
+            if martian.util.not_unicode_or_ascii(value):
+                raise grok.GrokImportError(
+                    "You can only pass unicode values, ASCII values, or "
+                    "subclasses of grok.Permission to the '%s' directive."
+                    % self.name)
 
+    def factory(self, *values):
+        permission_ids = []
+        for value in values:
+            if martian.util.check_subclass(value, grok.Permission):
+                permission_ids.append(grok.name.bind().get(value))
+            else:
+                permission_ids.append(value)
+        return permission_ids
+
 class traversable(martian.Directive):
     """The `grok.traversable()` directive.
 

Added: grok/trunk/src/grok/tests/security/not_a_permission_class.py
===================================================================
--- grok/trunk/src/grok/tests/security/not_a_permission_class.py	                        (rev 0)
+++ grok/trunk/src/grok/tests/security/not_a_permission_class.py	2009-10-13 10:01:37 UTC (rev 105036)
@@ -0,0 +1,11 @@
+"""
+The permissions() directive only accepts permission ids or permission classes:
+
+  >>> import grok
+  >>> grok.testing.grok('grok.tests.security.not_a_permission_class_fixture')
+  Traceback (most recent call last):
+  ...
+  GrokImportError: You can only pass unicode values, ASCII values, or
+  subclasses of grok.Permission to the 'permissions' directive.
+
+"""

Added: grok/trunk/src/grok/tests/security/not_a_permission_class_fixture.py
===================================================================
--- grok/trunk/src/grok/tests/security/not_a_permission_class_fixture.py	                        (rev 0)
+++ grok/trunk/src/grok/tests/security/not_a_permission_class_fixture.py	2009-10-13 10:01:37 UTC (rev 105036)
@@ -0,0 +1,8 @@
+import grok
+
+class NotAPermissionSubclass(object):
+    grok.name('not really a permission')
+
+class MyRole(grok.Role):
+    grok.name('MyRole')
+    grok.permissions(NotAPermissionSubclass)

Added: grok/trunk/src/grok/tests/security/permissions.py
===================================================================
--- grok/trunk/src/grok/tests/security/permissions.py	                        (rev 0)
+++ grok/trunk/src/grok/tests/security/permissions.py	2009-10-13 10:01:37 UTC (rev 105036)
@@ -0,0 +1,32 @@
+"""
+A Role component optionally defines what permission it comprises.
+
+The grok.permissions() directive is used to specify the set of permissions
+that are aggregated in the particular Role. The permissions can be referenced
+by "name" or by class.
+
+  >>> grok.testing.grok(__name__)
+"""
+
+import grok
+import zope.interface
+
+class FirstPermission(grok.Permission):
+    grok.name('first permission')
+
+class SecondPermission(grok.Permission):
+    grok.name('second permission')
+
+class RoleComprisingTwoPermissionsByName(grok.Role):
+    grok.name('ByName')
+    grok.permissions(
+        'first permission',
+        'second permission'
+        )
+
+class RoleComprisingTwoPermissionsByClass(grok.Role):
+    grok.name('ByClass')
+    grok.permissions(
+        FirstPermission,
+        SecondPermission
+        )