[Zope-Checkins] CVS: Zope/lib/python/AccessControl -
DTML.py:1.10.94.1 Owned.py:1.19.70.1
PermissionRole.py:1.19.6.1 SecurityInfo.py:1.18.6.1
SecurityManager.py:1.13.94.1 ZopeSecurityPolicy.py:1.24.6.1
__init__.py:1.15.94.1 cAccessControl.c:1.22.6.1
Jim Fulton
cvs-admin at zope.org
Tue Nov 25 15:17:51 EST 2003
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv24052/lib/python/AccessControl
Modified Files:
Tag: Zope-2_8-devel-branch
DTML.py Owned.py PermissionRole.py SecurityInfo.py
SecurityManager.py ZopeSecurityPolicy.py __init__.py
cAccessControl.c
Log Message:
merged everything but ZODB and ZEO from zodb33-devel-branch
=== Zope/lib/python/AccessControl/DTML.py 1.10 => 1.10.94.1 ===
--- Zope/lib/python/AccessControl/DTML.py:1.10 Wed Aug 14 17:29:07 2002
+++ Zope/lib/python/AccessControl/DTML.py Tue Nov 25 15:17:19 2003
@@ -86,14 +86,6 @@
.validate(inst, parent, name, value)
)
- def SecurityValidateValue(md, value):
- """Convenience for common case of simple value validation.
- """
- return (SecurityManagement
- .getSecurityManager()
- .validateValue(value)
- )
-
def SecurityCheckPermission(md, permission, object):
"""Check whether the security context allows the given permission on
the given object.
@@ -126,4 +118,6 @@
if r > 0: return r-1
return r
-DT_Util.TemplateDict.__dict__.update(DTMLSecurityAPI.__dict__)
+for name, v in DTMLSecurityAPI.__dict__.items():
+ if name[0] != '_':
+ setattr(DT_Util.TemplateDict, name, v)
=== Zope/lib/python/AccessControl/Owned.py 1.19 => 1.19.70.1 ===
--- Zope/lib/python/AccessControl/Owned.py:1.19 Tue Oct 1 10:09:46 2002
+++ Zope/lib/python/AccessControl/Owned.py Tue Nov 25 15:17:19 2003
@@ -34,7 +34,7 @@
__ac_permissions__=(
('View management screens',
- ('manage_owner', 'owner_info', 'userCanChangeOwnershipType')),
+ ('manage_owner', 'owner_info')),
('Take ownership',
('manage_takeOwnership','manage_changeOwnershipType'),
("Owner",)),
=== Zope/lib/python/AccessControl/PermissionRole.py 1.19 => 1.19.6.1 ===
--- Zope/lib/python/AccessControl/PermissionRole.py:1.19 Thu Oct 23 21:21:48 2003
+++ Zope/lib/python/AccessControl/PermissionRole.py Tue Nov 25 15:17:19 2003
@@ -30,7 +30,7 @@
_use_python_impl = 1
-if _use_python_impl:
+if 1 or _use_python_impl:
import sys
@@ -38,18 +38,59 @@
import string
- name_trans=filter(lambda c, an=string.letters+string.digits+'_': c not in an,
+ name_trans=filter((lambda c, an=string.letters+string.digits+'_':
+ c not in an
+ ),
map(chr,range(256)))
name_trans=string.maketrans(''.join(name_trans), '_'*len(name_trans))
- def rolesForPermissionOn(perm, object, default=('Manager',)):
+ def rolesForPermissionOn(perm, obj, default=('Manager',), n=None):
"""Return the roles that have the given permission on the given object
"""
- im=imPermissionRole()
- im._p='_'+string.translate(perm, name_trans)+"_Permission"
- im._d=default
- return im.__of__(object)
+ n = n or '_'+string.translate(perm, name_trans)+"_Permission"
+ r = None
+
+ while 1:
+ if hasattr(obj, n):
+ roles = getattr(obj, n)
+ if roles is None:
+ return 'Anonymous',
+
+ t = type(roles)
+ if t is tuple:
+ # If we get a tuple, then we don't acquire
+ if r is None:
+ return roles
+ return r+list(roles)
+
+ if t is str:
+ # We found roles set to a name. Start over
+ # with the new permission name. If the permission
+ # name is '', then treat as private!
+ if roles:
+ if roles != n:
+ n = roles
+ # If we find a name that is the same as the
+ # current name, we just ignore it.
+ roles = None
+ else:
+ return _what_not_even_god_should_do
+
+ elif roles:
+ if r is None:
+ r = list(roles)
+ else: r = r + list(roles)
+
+ obj = getattr(obj, 'aq_inner', None)
+ if obj is None:
+ break
+ obj = obj.aq_parent
+
+ if r is None:
+ return default
+
+ return r
class PermissionRole(Base):
"""Implement permission-based roles.
@@ -77,6 +118,8 @@
else:
return r
+ def rolesForPermissionOn(self, value):
+ return rolesForPermissionOn(None, value, self._d, self._p)
# This is used when a permission maps explicitly to no permission.
_what_not_even_god_should_do=[]
@@ -85,51 +128,13 @@
"""Implement permission-based roles
"""
- def __of__(self, parent,tt=type(()),st=type(''),ut=type(u''),
- getattr=getattr):
- obj=parent
- n=self._p
- r=None
- while 1:
- if hasattr(obj,n):
- roles=getattr(obj, n)
-
- if roles is None: return 'Anonymous',
-
- t=type(roles)
-
- if t is tt:
- # If we get a tuple, then we don't acquire
- if r is None: return roles
- return r+list(roles)
-
- if t in (st, ut):
- # We found roles set to a name. Start over
- # with the new permission name. If the permission
- # name is '', then treat as private!
- if roles:
- if roles != n:
- n=roles
- # If we find a name that is the same as the
- # current name, we just ignore it.
- roles=None
- else:
- return _what_not_even_god_should_do
-
- elif roles:
- if r is None: r=list(roles)
- else: r=r+list(roles)
-
- obj=getattr(obj, 'aq_inner', None)
- if obj is None: break
- obj=obj.aq_parent
-
- if r is None: r=self._d
-
- return r
-
- # The following methods are needed in the unlikely case that an unwrapped
- # object is accessed:
+ def __of__(self, value):
+ return rolesForPermissionOn(None, value, self._d, self._p)
+ rolesForPermissionOn = __of__
+
+ # The following methods are needed in the unlikely case that
+ # an unwrapped object is accessed:
+
def __getitem__(self, i):
try:
v=self._v
=== Zope/lib/python/AccessControl/SecurityInfo.py 1.18 => 1.18.6.1 ===
--- Zope/lib/python/AccessControl/SecurityInfo.py:1.18 Tue Oct 21 09:41:34 2003
+++ Zope/lib/python/AccessControl/SecurityInfo.py Tue Nov 25 15:17:19 2003
@@ -162,7 +162,7 @@
ac_permissions = {}
for name, access in self.names.items():
if access in (ACCESS_PRIVATE, ACCESS_PUBLIC, ACCESS_NONE):
- dict['%s__roles__' % name] = access
+ setattr(classobj, '%s__roles__' % name, access)
else:
if not ac_permissions.has_key(access):
ac_permissions[access] = []
@@ -182,12 +182,13 @@
else:
entry = (permission_name, tuple(names))
__ac_permissions__.append(entry)
- dict['__ac_permissions__'] = tuple(__ac_permissions__)
+ setattr(classobj, '__ac_permissions__', tuple(__ac_permissions__))
# Take care of default attribute access policy
access = getattr(self, 'access', _marker)
if access is not _marker:
- dict['__allow_access_to_unprotected_subobjects__'] = access
+ setattr(classobj, '__allow_access_to_unprotected_subobjects__',
+ access)
if getattr(self, '_warnings', None):
LOG('SecurityInfo', WARNING, 'Class "%s" had conflicting '
=== Zope/lib/python/AccessControl/SecurityManager.py 1.13 => 1.13.94.1 ===
--- Zope/lib/python/AccessControl/SecurityManager.py:1.13 Wed Aug 14 17:29:07 2002
+++ Zope/lib/python/AccessControl/SecurityManager.py Tue Nov 25 15:17:19 2003
@@ -47,7 +47,7 @@
"""
__allow_access_to_unprotected_subobjects__ = {
- 'validate': 1, 'validateValue': 1, 'checkPermission': 1,
+ 'validate': 1, 'checkPermission': 1,
'getUser': 1, 'calledByExecutable': 1
}
@@ -112,17 +112,6 @@
policy=self._policy
return policy.validate(accessed, container, name, value,
self._context)
-
- def validateValue(self, value, roles=_noroles):
- """Convenience for common case of simple value validation.
- """
- policy=self._policy
- if roles is _noroles:
- return policy.validate(None, None, None, value,
- self._context)
- else:
- return policy.validate(None, None, None, value,
- self._context, roles)
def checkPermission(self, permission, object):
"""Check whether the security context allows the given permission on
=== Zope/lib/python/AccessControl/ZopeSecurityPolicy.py 1.24 => 1.24.6.1 ===
--- Zope/lib/python/AccessControl/ZopeSecurityPolicy.py:1.24 Thu Oct 23 21:21:48 2003
+++ Zope/lib/python/AccessControl/ZopeSecurityPolicy.py Tue Nov 25 15:17:19 2003
@@ -31,7 +31,7 @@
_use_python_impl = 1
-if _use_python_impl:
+if 1 or _use_python_impl:
from types import StringType, UnicodeType
@@ -44,6 +44,32 @@
from PermissionRole import _what_not_even_god_should_do, \
rolesForPermissionOn
+ tuple_or_list = tuple, list
+ def getRoles(container, name, value, default):
+ roles = getattr(value, '__roles__', _noroles)
+ if roles is _noroles:
+ if not name or not isinstance(name, basestring):
+ return default
+
+ cls = getattr(container, '__class__', None)
+ if cls is None:
+ return default
+
+ roles = getattr(cls, name+'__roles__', _noroles)
+ if roles is _noroles:
+ return default
+
+ value = container
+
+ if roles is None or isinstance(roles, tuple_or_list):
+ return roles
+
+ rolesForPermissionOn = getattr(roles, 'rolesForPermissionOn', None)
+ if rolesForPermissionOn is not None:
+ roles = rolesForPermissionOn(value)
+
+ return roles
+
class ZopeSecurityPolicy:
@@ -93,7 +119,7 @@
# If roles weren't passed in, we'll try to get them from the object
if roles is _noroles:
- roles=getattr(value, '__roles__', _noroles)
+ roles = getRoles(container, name, value, _noroles)
############################################################
# We still might not have any roles
=== Zope/lib/python/AccessControl/__init__.py 1.15 => 1.15.94.1 ===
--- Zope/lib/python/AccessControl/__init__.py:1.15 Wed Aug 14 17:29:07 2002
+++ Zope/lib/python/AccessControl/__init__.py Tue Nov 25 15:17:19 2003
@@ -13,9 +13,6 @@
from unauthorized import Unauthorized
-import DTML
-del DTML
-
from SecurityManagement import getSecurityManager, setSecurityPolicy
from SecurityInfo import ClassSecurityInfo, ModuleSecurityInfo
from SecurityInfo import ACCESS_PRIVATE
@@ -26,3 +23,6 @@
from ZopeGuards import full_read_guard, full_write_guard, safe_builtins
ModuleSecurityInfo('AccessControl').declarePublic('getSecurityManager')
+
+import DTML
+del DTML
=== Zope/lib/python/AccessControl/cAccessControl.c 1.22 => 1.22.6.1 ===
--- Zope/lib/python/AccessControl/cAccessControl.c:1.22 Thu Oct 23 21:21:48 2003
+++ Zope/lib/python/AccessControl/cAccessControl.c Tue Nov 25 15:17:19 2003
@@ -449,7 +449,7 @@
NULL, /* tp_next */
#endif
METHOD_CHAIN(ZopeSecurityPolicy_methods),/* methods */
- EXTENSIONCLASS_BINDABLE_FLAG, /* flags */
+ (void*)(EXTENSIONCLASS_BINDABLE_FLAG), /* flags */
};
@@ -567,11 +567,8 @@
NULL, /* tp_next */
#endif
METHOD_CHAIN(PermissionRole_methods), /* methods */
- EXTENSIONCLASS_BINDABLE_FLAG/*|
+ (void*)(EXTENSIONCLASS_BINDABLE_FLAG) /*|
EXTENSIONCLASS_INSTDICT_FLAG*/, /* flags */
- NULL, /* Class dict */
- NULL, /* bases */
- NULL, /* reserved */
};
static char imPermissionRole__doc__[] = "imPermissionRole C implementation";
@@ -632,7 +629,7 @@
NULL, /* tp_next */
#endif
METHOD_CHAIN(imPermissionRole_methods), /* methods */
- EXTENSIONCLASS_BINDABLE_FLAG, /* flags */
+ (void*)(EXTENSIONCLASS_BINDABLE_FLAG), /* flags */
};
@@ -2073,13 +2070,8 @@
if (ZopeSecurityPolicy_setup() < 0) return;
- ZopeSecurityPolicyType.tp_getattro =
- (getattrofunc) PyExtensionClassCAPI->getattro;
- ExtensionClassGetattro= PyExtensionClassCAPI->getattro;
-
- imPermissionRoleType.tp_getattro =
- (getattrofunc) PyExtensionClassCAPI->getattro;
+ ExtensionClassGetattro= Py_FindAttr;
module = Py_InitModule3("cAccessControl",
cAccessControl_methods,
More information about the Zope-Checkins
mailing list