[Zope-Checkins] SVN: Zope/trunk/lib/python/AccessControl/ Add interface and tests for AccessControl.SecurityManager.

Tres Seaver tseaver at palladion.com
Tue Nov 29 22:40:59 EST 2005


Log message for revision 40420:
  Add interface and tests for AccessControl.SecurityManager.
    
  o The new tests are amphibious:  they exercise both the Python and the C
    implementations, ensuring that they remain in sync.
  

Changed:
  U   Zope/trunk/lib/python/AccessControl/ImplPython.py
  U   Zope/trunk/lib/python/AccessControl/interfaces.py
  A   Zope/trunk/lib/python/AccessControl/tests/testSecurityManager.py

-=-
Modified: Zope/trunk/lib/python/AccessControl/ImplPython.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/ImplPython.py	2005-11-30 00:55:24 UTC (rev 40419)
+++ Zope/trunk/lib/python/AccessControl/ImplPython.py	2005-11-30 03:40:57 UTC (rev 40420)
@@ -22,6 +22,7 @@
 from Acquisition import aq_acquire
 from ExtensionClass import Base
 from zLOG import LOG, BLATHER, PROBLEM
+from zope.interface import implements
 
 # This is used when a permission maps explicitly to no permission.  We
 # try and get this from cAccessControl first to make sure that if both
@@ -33,6 +34,7 @@
 
 from AccessControl import SecurityManagement
 from AccessControl import Unauthorized
+from AccessControl.interfaces import ISecurityManager
 from AccessControl.SimpleObjectPolicies import Containers, _noroles
 from AccessControl.ZopeGuards import guarded_getitem
 
@@ -491,7 +493,7 @@
     """A security manager provides methods for checking access and managing
     executable context and policies
     """
-
+    implements(ISecurityManager)
     __allow_access_to_unprotected_subobjects__ = {
         'validate': 1, 'checkPermission': 1,
         'getUser': 1, 'calledByExecutable': 1

Modified: Zope/trunk/lib/python/AccessControl/interfaces.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/interfaces.py	2005-11-30 00:55:24 UTC (rev 40419)
+++ Zope/trunk/lib/python/AccessControl/interfaces.py	2005-11-30 03:40:57 UTC (rev 40420)
@@ -15,6 +15,7 @@
 $Id$
 """
 
+from AccessControl.SimpleObjectPolicies import _noroles
 from zope.interface import Attribute
 from zope.interface import Interface
 
@@ -280,3 +281,104 @@
     def getUserNames():
         """Get a sequence of names of the users which reside in the user folder.
         """
+
+class ISecurityManager(Interface):
+    """Checks access and manages executable context and policies.
+    """
+    _policy = Attribute(u'Current Security Policy')
+
+    def validate(accessed=None,
+                 container=None,
+                 name=None,
+                 value=None,
+                 roles=_noroles,
+                ):
+        """Validate access.
+
+        Arguments:
+
+        accessed -- the object that was being accessed
+
+        container -- the object the value was found in
+
+        name -- The name used to access the value
+
+        value -- The value retrieved though the access.
+
+        roles -- The roles of the object if already known.
+
+        The arguments may be provided as keyword arguments. Some of these
+        arguments may be ommitted, however, the policy may reject access
+        in some cases when arguments are ommitted.  It is best to provide
+        all the values possible.
+        """
+
+    def DTMLValidate(accessed=None,
+                     container=None,
+                     name=None,
+                     value=None,
+                     md=None,
+                    ):
+        """Validate access.
+        * THIS EXISTS FOR DTML COMPATIBILITY *
+
+        Arguments:
+
+        accessed -- the object that was being accessed
+
+        container -- the object the value was found in
+
+        name -- The name used to access the value
+
+        value -- The value retrieved though the access.
+
+        md -- multidict for DTML (ignored)
+
+        The arguments may be provided as keyword arguments. Some of these
+        arguments may be ommitted, however, the policy may reject access
+        in some cases when arguments are ommitted.  It is best to provide
+        all the values possible.
+
+        """
+
+    def checkPermission(permission, object):
+        """Check whether the security context allows the given permission on
+        the given object.
+
+        Arguments:
+
+        permission -- A permission name
+
+        object -- The object being accessed according to the permission
+        """
+
+    def addContext(anExecutableObject):
+        """Add an ExecutableObject to the current security context.
+        
+        o If it declares a custom security policy,  make that policy
+          "current";  otherwise, make the "default" security policy
+          current.
+        """
+
+    def removeContext(anExecutableObject):
+        """Remove an ExecutableObject from the current security context.
+        
+        o Remove all objects from the top of the stack "down" to the
+          supplied object.
+
+        o If the top object on the stack declares a custom security policy,
+          make that policy "current".
+
+        o If the stack is empty, or if the top declares no custom security
+          policy, restore the 'default" security policy as current.
+        """
+
+    def getUser():
+        """Get the currently authenticated user
+        """
+
+    def calledByExecutable():
+        """Return a boolean value indicating whether this context was called
+           in the context of an by an executable (i.e., one added via
+           'addContext').
+        """

Copied: Zope/trunk/lib/python/AccessControl/tests/testSecurityManager.py (from rev 40419, Zope/branches/2.9/lib/python/AccessControl/tests/testSecurityManager.py)



More information about the Zope-Checkins mailing list