[zope2-tracker] [Bug 1169923] Re: ImplPython initialisation is also required for ImplC
Arnaud Fontaine
1169923 at bugs.launchpad.net
Tue Jun 11 10:56:48 UTC 2013
I have written two patches fixing this issue (FTR, with both patches
applied, all the tests from AccessControl are passing):
1) The main patch defines getattr() in C implementation of
ZopeSecurityPolicy. Thus, when checkPermission() (ImplPython) is called
(from ImplC.ZopeSecurityPolicy.checkPermission()) and access _ownerous
and _authenticated instance attributes, getattr() returns their expected
values from ImplC ownerous and authenticated static variables. Before,
it was just returning instance attributes set in ImplPython
ZopeSecurity() constructor, thus ignoring completely ImplC ones. This is
actually very similar to what is done with SecurityManager thread_id and
context for example.
Another different implementation could have been to use PyObject for
ownerous and authenticated (like C implementation of SecurityManager
does actually), but I don't think that's necessary and it makes things
more complicated.
I didn't define setattr() in C implementation of ZopeSecurityPolicy
because I don't think that's relevant, but I initially defined it, so
let me know if you want me to attach that patch as well.
2) The second smaller patch fixes a typo leading authenticated to never
be set from setDefaultBehaviors() parameter value.
In order to debug this issue, I created one Python Script whose owner is 'System Processes' and with 'Manager' as Proxy Roles. This script calls checkPermission() on an object where only Manager has 'Access contents information' permission. After setting 'skip-ownership-checking' to 'on' in zope.conf and trying to access the script as Anonymous user:
- Before: checkPermission() returns 1 with ImplPython and 0 with ImplC.
- After: checkPermission() returns 1 with both ImplPython and ImplC.
--
You received this bug notification because you are a member of Zope 2
Developers, which is subscribed to Zope 2.
https://bugs.launchpad.net/bugs/1169923
Title:
ImplPython initialisation is also required for ImplC
To manage notifications about this bug go to:
https://bugs.launchpad.net/zope2/+bug/1169923/+subscriptions
More information about the zope2-tracker
mailing list