[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - PermissionRegistry.py:1.1.2.10
Barry Warsaw
barry@wooz.org
Wed, 12 Dec 2001 17:36:28 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv16630/lib/python/Zope/App/Security
Modified Files:
Tag: Zope-3x-branch
PermissionRegistry.py
Log Message:
Refactor PermissionRegistry, moving role registry, and mapping of
roles to permissions to their own modules. Specifically,
class Role is moved to RoleRegistry.py
_roles: deleted.
class Permission implements IPermission interface, and defines
getTitle() and getDescription().
definedRole(), rolesForPermission(): Removed (or moved to
RoleRegistry.py).
getPermission(): Added.
definedPermission(): Rewritten, with a default argument added.
PublicPermission is a real Permission object now.
=== Zope3/lib/python/Zope/App/Security/PermissionRegistry.py 1.1.2.9 => 1.1.2.10 ===
# FOR A PARTICULAR PURPOSE.
-""" Global permission, role, and permission-role registries. """
+""" Global permission registry."""
-_permissions={}
-_roles={}
-
-PublicPermission = ""
+from IPermission import IPermission
-def definePermission(name):
- _permissions[name]=()
-
-definedPermission=_permissions.has_key
+class Permission:
+ __implements__ = IPermission
-class Role:
+ def __init__(self, title, description):
+ self._title = title
+ self._description = description
- _permissions = ()
+ def getTitle(self):
+ return self._title
- def __init__( self, name ):
- self._name = name
+ def getDescription(self):
+ return self._description
- def __call__(self):
- pass
- def includePermission( self, permission ):
+# Key is string naming permission, value is a permission object which
+# implements a IPermission interface.
+_permissions={}
- if self.hasPermission( permission ):
- raise KeyError, \
- ( 'Role %s already includes permission %s'
- % ( self._name, permission )
- )
+PublicPermission = Permission('Zope.Public', 'Anybody can do this')
- roles = list( rolesForPermission( permission ) )
- roles.append( self._name )
- roles.sort()
- _permissions[ permission ] = tuple( roles )
- self._permissions = self._permissions + ( permission, )
- def hasPermission( self, permission ):
- return permission in self._permissions
+def definePermission(name, title=None, description=None):
+ """Define a new permission object, register, and return it.
-def defineRole(name):
- result = _roles[ name ] = Role( name )
- return result
+ name is the permission name, must be globally unique
-definedRole = _roles.has_key
+ title (optional) is the permission title, human readable. If omitted then
+ the name is used as the title
-def rolesForPermission( permission ):
- if not definedPermission( permission ):
- raise KeyError, 'No such permission: %s' % permission
- return _permissions[ permission ]
+ description (optional) is human readable
+ """
+ _permissions[name] = perm = Permission(title or name, description or '')
+ return perm
+
+def definedPermission(name):
+ """Return true if named permission is registered, otherwise return false
+ """
+ return _permissions.has_key(name)
+
+_missing = []
+def getPermission(name, default=_missing):
+ """Return permission object registered as name.
+
+ If no named permission is registered, return optional default. If default
+ is not given, then KeyError is raised.
+ """
+ ret = _permissions.get(name, default)
+ if ret is _missing:
+ raise KeyError('No such permission: %s' % name)
+ return ret
def _clear(): # Reset, e.g., for unit testing antisepsis
_permissions.clear()
- _roles.clear()