[Zope-Checkins] CVS: Zope/lib/python/AccessControl -
ImplPython.py:1.3 cAccessControl.c:1.27
Brian Lloyd
brian at zope.com
Tue Jan 27 12:09:54 EST 2004
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv32295
Modified Files:
ImplPython.py cAccessControl.c
Log Message:
policy fixes
=== Zope/lib/python/AccessControl/ImplPython.py 1.2 => 1.3 ===
--- Zope/lib/python/AccessControl/ImplPython.py:1.2 Thu Jan 15 18:09:03 2004
+++ Zope/lib/python/AccessControl/ImplPython.py Tue Jan 27 12:09:53 2004
@@ -212,6 +212,13 @@
if name.startswith('aq_') and name not in valid_aq_:
raise Unauthorized(name, value)
+ containerbase = aq_base(container)
+ accessedbase = aq_base(accessed)
+ if accessedbase is accessed:
+ # accessed is not a wrapper, so assume that the
+ # value could not have been acquired.
+ accessedbase = container
+
############################################################
# If roles weren't passed in, we'll try to get them from the object
@@ -236,14 +243,16 @@
roles = getattr(container, '__roles__', roles)
if roles is _noroles:
- # Try to acquire __roles__. If __roles__ can't be
- # acquired, the value is unprotected and roles is
- # left set to _noroles.
- if aq_base(container) is not container:
- try:
- roles = container.aq_acquire('__roles__')
+ if containerbase is container:
+ # Container is not wrapped.
+ if containerbase is not accessedbase:
+ raise Unauthorized(name, value)
+ else:
+ # Try to acquire roles
+ try: roles = container.aq_acquire('__roles__')
except AttributeError:
- pass
+ if containerbase is not accessedbase:
+ raise Unauthorized(name, value)
# We need to make sure that we are allowed to
# get unprotected attributes from the container. We are
@@ -308,18 +317,15 @@
# in the context of the accessed item; users in subfolders
# should not be able to use proxy roles to access items
# above their subfolder!
- owner = eo.getOwner()
- # Sigh; the default userfolder doesn't return users wrapped
- if owner and not hasattr(owner, 'aq_parent'):
- udb = eo.getOwner(1)[0]
- root = container.getPhysicalRoot()
- udb = root.unrestrictedTraverse(udb)
- owner = owner.__of__(udb)
+ owner = eo.getWrappedOwner()
if owner is not None:
- if not owner._check_context(container):
- # container is higher up than the owner, deny access
- raise Unauthorized(name, value)
+ if container is not containerbase:
+ # Unwrapped objects don't need checking
+ if not owner._check_context(container):
+ # container is higher up than the owner,
+ # deny access
+ raise Unauthorized(name, value)
for r in proxy_roles:
if r in roles:
=== Zope/lib/python/AccessControl/cAccessControl.c 1.26 => 1.27 ===
--- Zope/lib/python/AccessControl/cAccessControl.c:1.26 Fri Jan 16 13:49:22 2004
+++ Zope/lib/python/AccessControl/cAccessControl.c Tue Jan 27 12:09:53 2004
@@ -675,6 +675,7 @@
static PyObject *aq_parent_str = NULL;
static PyObject *_check_context_str = NULL;
static PyObject *getRoles = NULL;
+static PyObject *getWrappedOwner_str = NULL;
static int ownerous = 1;
static int authenticated = 1;
@@ -710,6 +711,8 @@
return -1;
UNLESS (allowed_str = PyString_FromString("allowed")) return -1;
UNLESS (getOwner_str = PyString_FromString("getOwner")) return -1;
+ UNLESS (getWrappedOwner_str = PyString_FromString("getWrappedOwner"))
+ return -1;
UNLESS (getPhysicalRoot_str = PyString_FromString("getPhysicalRoot"))
return -1;
UNLESS (aq_parent_str = PyString_FromString("aq_parent")) return -1;
@@ -760,17 +763,15 @@
/* Import from SimpleObject Policy._noroles */
/* Note that _noroles means missing roles, spelled with a NULL in C.
Jim. */
+ PyObject *containerbase = NULL;
+ PyObject *accessedbase = NULL;
PyObject *p = NULL;
PyObject *rval = NULL;
PyObject *stack = NULL;
PyObject *user = NULL;
-
PyObject *method = NULL;
PyObject *tmp = NULL;
- PyObject *udb = NULL;
- PyObject *root = NULL;
- PyObject *item = NULL;
char *sname;
@@ -808,7 +809,23 @@
Py_XINCREF(roles); /* Convert the borrowed ref to a real one */
- /* new */
+ /*| containerbase = aq_base(container)
+ **| accessedbase = aq_base(accessed)
+ **| if accessedbase is accessed:
+ **| # accessed is not a wrapper, so assume that the
+ **| # value could not have been acquired.
+ **| accessedbase = container
+ */
+
+ containerbase = aq_base(container);
+ if (containerbase == NULL) goto err;
+
+ if (aq_isWrapper(accessed))
+ accessedbase = aq_base(accessed);
+ else {
+ Py_INCREF(container);
+ accessedbase = container;
+ }
/*| # If roles weren't passed in, we'll try to get them from
**| # the object
@@ -818,8 +835,6 @@
*/
if (roles == NULL) {
- /* Note that the '_noroles' arg is just a marker - our C version
- of _noroles is null */
roles = callfunction4(getRoles, container, name, value, getRoles);
if (roles == getRoles) {
Py_DECREF(roles);
@@ -829,26 +844,6 @@
PyErr_Clear();
}
-
- /* old */
-
- /*| # If roles weren't passed in, we'll try to get them from
- **| # the object
- **|
- **| if roles is _noroles:
- **| roles = getattr(value, "__roles__", _noroles)
- */
-
- if (roles == NULL) {
- roles = PyObject_GetAttr(value, __roles__);
- if (roles == NULL)
- PyErr_Clear();
- }
-
-
-
-
-
/*| # We still might not have any roles
**|
**| if roles is _noroles:
@@ -870,29 +865,46 @@
}
/*| roles = getattr(container, "__roles__", _noroles)
- **| if roles is _noroles:
- **| if aq_base(container) is not container:
- **| try:
- **| roles = container.aq_acquire('__roles__')
- **| except AttributeError:
- **| pass
+ **| if roles is _noroles:
+ **| if containerbase is container:
+ **| # Container is not wrapped.
+ **| if containerbase is not accessedbase:
+ **| raise Unauthorized(name, value)
+ **| else:
+ **| # Try to acquire roles
+ **| try: roles = container.aq_aquire('__roles__')
+ **| except AttributeError:
+ **| if containerbase is not accessedbase:
+ **| raise Unauthorized(name, value)
*/
+
roles = PyObject_GetAttr(container, __roles__);
if (roles == NULL) {
PyErr_Clear();
- if (aq_isWrapper(container)) {
+ if (!aq_isWrapper(container)) {
+ if (containerbase != accessedbase) {
+ unauthErr(name, value);
+ goto err;
+ }
+ }
+ else {
roles = aq_acquire(container, __roles__);
if (roles == NULL) {
if (PyErr_ExceptionMatches(
PyExc_AttributeError))
{
PyErr_Clear();
+ if (containerbase != accessedbase) {
+ unauthErr(name, value);
+ goto err;
+ }
}
else
goto err;
}
}
+
}
/*| # We need to make sure that we are allowed to get
@@ -1093,25 +1105,20 @@
**| # in the context of the accessed item; users in subfolders
**| # should not be able to use proxy roles to access items
**| # above their subfolder!
- **| owner = eo.getOwner()
- **| # Sigh; the default userfolder doesn't return users wrapped
- **| if owner and not hasattr(owner, 'aq_parent'):
- **| udb=eo.getOwner(1)[0]
- **| root=container.getPhysicalRoot()
- **| udb=root.unrestrictedTraverse(udb)
- **| owner=owner.__of__(udb)
+ **| owner = eo.getWrappedOwner()
**|
**| if owner is not None:
- **| if not owner._check_context(container):
- **| # container is higher up than the owner, deny
- **| # access
- **| raise Unauthorized(name, value)
+ **| if container is not containerbase:
+ **| if not owner._check_context(container):
+ **| # container is higher up than the owner,
+ **| # deny access
+ **| raise Unauthorized(name, value)
**|
**| for r in proxy_roles:
- **| if r in roles: return 1
+ **| if r in roles:
+ **| return 1
**|
- **| raise Unauthorized, ('You are not authorized to access'
- **| '<em>%s</em>.' % cleanupName(name, value))
+ **| raise Unauthorized(name, value)
*/
proxy_roles = PyObject_GetAttr(eo, _proxy_roles_str);
@@ -1123,9 +1130,7 @@
else if (PyObject_IsTrue(proxy_roles))
{
- /* patch!! -------------------------------- */
-
- method = PyObject_GetAttr(eo, getOwner_str);
+ method = PyObject_GetAttr(eo, getWrappedOwner_str);
if (method == NULL) {
Py_DECREF(eo);
Py_DECREF(proxy_roles);
@@ -1140,100 +1145,33 @@
goto err;
}
- if (PyObject_IsTrue(owner)) {
- if (!PyObject_HasAttr(owner, aq_parent_str)) {
- item = PyInt_FromLong(1);
- if (item == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
- goto err;
- }
-
- tmp = callmethod1(eo, getOwner_str, item);
- Py_DECREF(item);
- if (tmp == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
- goto err;
- }
+ Py_DECREF(eo);
- udb = PySequence_GetItem(tmp, 0);
- Py_DECREF(tmp);
- if (udb == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
- goto err;
- }
+ if (owner != Py_None) {
- method = PyObject_GetAttr(container,
- getPhysicalRoot_str);
- if (method == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
- Py_DECREF(udb);
- goto err;
- }
+ if (containerbase != container) {
- root = PyObject_CallObject(method, NULL);
- Py_DECREF(method);
- if (root == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
+ tmp = callmethod1(owner,_check_context_str,
+ container
+ );
+ if (tmp == NULL) {
+ Py_DECREF(proxy_roles);
Py_DECREF(owner);
- Py_DECREF(udb);
goto err;
}
- ASSIGN(udb, callmethod1(root, unrestrictedTraverse_str,
- udb));
- Py_DECREF(root);
- if (udb == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
+ if (!PyObject_IsTrue(tmp)) {
+ Py_DECREF(proxy_roles);
Py_DECREF(owner);
+ Py_DECREF(tmp);
+ unauthErr(name, value);
goto err;
}
-
- ASSIGN(owner, callmethod1(owner, __of__, udb));
- Py_DECREF(udb);
- if (owner == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
- goto err;
- }
-
- }
- }
-
- Py_DECREF(eo);
-
- if (owner != Py_None) {
- tmp = callmethod1(owner,_check_context_str,
- container
- );
- if (tmp == NULL) {
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
- goto err;
- }
-
- if (!PyObject_IsTrue(tmp)) {
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
Py_DECREF(tmp);
- unauthErr(name, value);
- goto err;
}
+
Py_DECREF(owner);
- Py_DECREF(tmp);
}
-
- /* ------------------------------------------- */
-
contains = 0;
@@ -1305,13 +1243,13 @@
}
} /* End of authentiction skip for public only access */
- /*| raise Unauthorizied, ("You are not authorized to access"
- **| "<em>%s</em>." % cleanupName(name, value))
+ /*| raise Unauthorized(name, value)
*/
unauthErr(name, value);
err:
-
+ Py_XDECREF(containerbase);
+ Py_XDECREF(accessedbase);
Py_XDECREF(stack);
Py_XDECREF(roles);
More information about the Zope-Checkins
mailing list