[Checkins] SVN: AccessControl/trunk/src/AccessControl/ - added IUser interface (based on docstrings and PluggableAuthService's IBasicUser interface)
Yvo Schubbe
y.2010 at wcm-solutions.de
Mon Dec 27 06:04:12 EST 2010
Log message for revision 119158:
- added IUser interface (based on docstrings and PluggableAuthService's IBasicUser interface)
- synced docstrings and method order with IUser interface
Changed:
UU AccessControl/trunk/src/AccessControl/interfaces.py
UU AccessControl/trunk/src/AccessControl/tests/test_users.py
UU AccessControl/trunk/src/AccessControl/users.py
-=-
Modified: AccessControl/trunk/src/AccessControl/interfaces.py
===================================================================
--- AccessControl/trunk/src/AccessControl/interfaces.py 2010-12-27 10:41:47 UTC (rev 119157)
+++ AccessControl/trunk/src/AccessControl/interfaces.py 2010-12-27 11:04:11 UTC (rev 119158)
@@ -89,6 +89,7 @@
class IRoleManager(IPermissionMappingSupport):
+
"""An object that has configurable permissions"""
permissionMappingPossibleValues = Attribute("""Acquired attribute""")
@@ -215,9 +216,50 @@
"""
+class IUser(Interface):
+
+ """Public User object interface.
+
+ This interface needs to be supported by objects that are returned by user
+ validation and used for access control.
+ """
+
+ def getId():
+ """Get the ID of the user.
+
+ The ID can be used from Python to get the user from the user's
+ UserDatabase.
+ """
+
+ def getUserName():
+ """Get the name used by the user to log into the system.
+
+ Note that this may not be identical to the user's 'getId' (to allow
+ users to change their login names without changing their identity).
+ """
+
+ def getRoles():
+ """Get a sequence of the global roles assigned to the user.
+ """
+
+ def getRolesInContext(object):
+ """Get a sequence of the roles assigned to the user in a context.
+
+ Roles include both global roles (ones assigned to the user directly
+ inside the user folder) and local roles (assigned in context of the
+ passed in object).
+ """
+
+ def getDomains():
+ """Get a sequence of the domain restrictions for the user.
+ """
+
+
class ISecurityPolicy(Interface):
+
"""Plug-in policy for checking access to objects within untrusted code.
"""
+
def validate(accessed, container, name, value, context, roles=_noroles):
"""Check that the current user (from context) has access.
@@ -244,9 +286,12 @@
"""Check whether the current user has a permission w.r.t. an object.
"""
+
class ISecurityManager(Interface):
+
"""Check access and manages executable context and policies.
"""
+
_policy = Attribute(u'Current Security Policy')
def validate(accessed=None,
Property changes on: AccessControl/trunk/src/AccessControl/interfaces.py
___________________________________________________________________
Deleted: svn:keywords
- Id
Modified: AccessControl/trunk/src/AccessControl/tests/test_users.py
===================================================================
--- AccessControl/trunk/src/AccessControl/tests/test_users.py 2010-12-27 10:41:47 UTC (rev 119157)
+++ AccessControl/trunk/src/AccessControl/tests/test_users.py 2010-12-27 11:04:11 UTC (rev 119158)
@@ -24,6 +24,12 @@
def _makeOne(self, name, password, roles, domains):
return self._getTargetClass()(name, password, roles, domains)
+ def test_interfaces(self):
+ from AccessControl.interfaces import IUser
+ from zope.interface.verify import verifyClass
+
+ verifyClass(IUser, self._getTargetClass())
+
def _makeDerived(self, **kw):
class Derived(self._getTargetClass()):
def __init__(self, **kw):
@@ -80,6 +86,12 @@
domains = []
return self._getTargetClass()(name, password, roles, domains)
+ def test_interfaces(self):
+ from AccessControl.interfaces import IUser
+ from zope.interface.verify import verifyClass
+
+ verifyClass(IUser, self._getTargetClass())
+
def test_overrides(self):
simple = self._makeOne()
self.assertEqual(simple.getUserName(), 'admin')
@@ -113,6 +125,12 @@
domains = []
return self._getTargetClass()(name, password, roles, domains)
+ def test_interfaces(self):
+ from AccessControl.interfaces import IUser
+ from zope.interface.verify import verifyClass
+
+ verifyClass(IUser, self._getTargetClass())
+
def test_overrides(self):
special = self._makeOne()
self.assertEqual(special.getUserName(), 'admin')
@@ -138,6 +156,12 @@
domains = []
return self._getTargetClass()(name, password, roles, domains)
+ def test_interfaces(self):
+ from AccessControl.interfaces import IUser
+ from zope.interface.verify import verifyClass
+
+ verifyClass(IUser, self._getTargetClass())
+
def test_allowed__what_not_even_god_should_do(self):
from AccessControl.PermissionRole import _what_not_even_god_should_do
unrestricted = self._makeOne()
@@ -182,6 +206,12 @@
def _makeOne(self):
return self._getTargetClass()()
+ def test_interfaces(self):
+ from AccessControl.interfaces import IUser
+ from zope.interface.verify import verifyClass
+
+ verifyClass(IUser, self._getTargetClass())
+
def test_overrides(self):
simple = self._makeOne()
self.assertEqual(simple.getUserName(), (None, None))
Property changes on: AccessControl/trunk/src/AccessControl/tests/test_users.py
___________________________________________________________________
Deleted: svn:keywords
- Id
Modified: AccessControl/trunk/src/AccessControl/users.py
===================================================================
--- AccessControl/trunk/src/AccessControl/users.py 2010-12-27 10:41:47 UTC (rev 119157)
+++ AccessControl/trunk/src/AccessControl/users.py 2010-12-27 11:04:11 UTC (rev 119158)
@@ -17,13 +17,15 @@
import re
import socket
+from Acquisition import aq_inContextOf
from Acquisition import aq_parent
-from Acquisition import aq_inContextOf
from Acquisition import Implicit
from Persistence import Persistent
+from zope.interface import implements
from AccessControl import AuthEncoding
from AccessControl import SpecialUsers
+from .interfaces import IUser
from .PermissionRole import _what_not_even_god_should_do
from .PermissionRole import rolesForPermissionOn
@@ -32,8 +34,11 @@
class BasicUser(Implicit):
+
"""Base class for all User objects"""
+ implements(IUser)
+
# ----------------------------
# Public User object interface
# ----------------------------
@@ -58,28 +63,24 @@
def __init__(self, name, password, roles, domains):
raise NotImplementedError
- def getUserName(self):
- """Return the username of a user"""
- raise NotImplementedError
-
def getId(self):
- """Get the ID of the user. The ID can be used, at least from
- Python, to get the user from the user's
- UserDatabase"""
+ """Get the ID of the user.
+ """
return self.getUserName()
- def _getPassword(self):
- """Return the password of the user."""
+ def getUserName(self):
+ """Get the name used by the user to log into the system.
+ """
raise NotImplementedError
def getRoles(self):
- """Return the list of roles assigned to a user."""
+ """Get a sequence of the global roles assigned to the user.
+ """
raise NotImplementedError
def getRolesInContext(self, object):
- """Return the list of roles assigned to the user,
- including local roles assigned in context of
- the passed in object."""
+ """Get a sequence of the roles assigned to the user in a context.
+ """
userid=self.getId()
roles=self.getRoles()
local={}
@@ -106,13 +107,19 @@
return roles
def getDomains(self):
- """Return the list of domain restrictions for a user"""
+ """Get a sequence of the domain restrictions for the user.
+ """
raise NotImplementedError
# ------------------------------
# Internal User object interface
# ------------------------------
+ def _getPassword(self):
+ """Return the password of the user.
+ """
+ raise NotImplementedError
+
def authenticate(self, password, request):
passwrd=self._getPassword()
result = AuthEncoding.pw_validate(passwrd, password)
@@ -121,7 +128,6 @@
return result and domainSpecMatch(domains, request)
return result
-
def _shared_roles(self, parent):
r=[]
while 1:
@@ -232,7 +238,10 @@
domains=[]
def has_role(self, roles, object=None):
- """Check to see if a user has a given role or roles."""
+ """Check if the user has at least one role from a list of roles.
+
+ If object is specified, check in the context of the passed in object.
+ """
if isinstance(roles, str):
roles=[roles]
if object is not None:
@@ -246,7 +255,11 @@
return 0
def has_permission(self, permission, object):
- """Check to see if a user has a given permission on an object."""
+ """Check if the user has a permission on an object.
+
+ This method is just for inspecting permission settings. For access
+ control use getSecurityManager().checkPermission() instead.
+ """
roles=rolesForPermissionOn(permission, object)
if isinstance(roles, str):
roles=[roles]
@@ -274,25 +287,29 @@
self.domains = domains
def getUserName(self):
- """Return the username of a user"""
+ """Get the name used by the user to log into the system.
+ """
return self.name
- def _getPassword(self):
- """Return the password of the user."""
- return self.__
-
def getRoles(self):
- """Return the list of roles assigned to a user."""
+ """Get a sequence of the global roles assigned to the user.
+ """
if self.name == 'Anonymous User':
return tuple(self.roles)
else:
return tuple(self.roles) + ('Authenticated', )
def getDomains(self):
- """Return the list of domain restrictions for a user"""
+ """Get a sequence of the domain restrictions for the user.
+ """
return tuple(self.domains)
+ def _getPassword(self):
+ """Return the password of the user.
+ """
+ return self.__
+
class SpecialUser(SimpleUser):
"""Class for special users, like emergency user and nobody"""
Property changes on: AccessControl/trunk/src/AccessControl/users.py
___________________________________________________________________
Deleted: svn:keywords
- Id
More information about the checkins
mailing list