[Zope3-checkins] CVS: Zope3/src/zope/products/securitypolicy -
configure.zcml:1.1.2.3 interfaces.py:1.1.2.2
permissionroles.py:1.1.2.2 principalpermission.py:1.1.2.2
principalrole.py:1.1.2.2 role.py:1.1.2.2
rolepermission.py:1.1.2.2 roleregistry.py:1.1.2.2
zopepolicy.py:1.1.2.2
Chris McDonough
chrism at plope.com
Wed Jan 14 01:07:19 EST 2004
Update of /cvs-repository/Zope3/src/zope/products/securitypolicy
In directory cvs.zope.org:/tmp/cvs-serv26777/src/zope/products/securitypolicy
Modified Files:
Tag: steveachrismcd-securitypolicy-branch
configure.zcml interfaces.py permissionroles.py
principalpermission.py principalrole.py role.py
rolepermission.py roleregistry.py zopepolicy.py
Log Message:
Move role-related interfaces to securitypolicy product.
=== Zope3/src/zope/products/securitypolicy/configure.zcml 1.1.2.2 => 1.1.2.3 ===
--- Zope3/src/zope/products/securitypolicy/configure.zcml:1.1.2.2 Tue Jan 13 20:31:37 2004
+++ Zope3/src/zope/products/securitypolicy/configure.zcml Wed Jan 14 01:06:48 2004
@@ -4,34 +4,34 @@
<require
permission="zope.Security"
attributes="roles rolesInfo"
- interface="zope.app.interfaces.security.IRegisteredObject" />
+ interface=".interfaces.IRegisteredObject" />
</content>
- <content class="zope.products.securitypolicy.rolepermission.RolePermissions">
+ <content class=".rolepermission.RolePermissions">
<require
permission="zope.Security"
attributes="permissions permissionsInfo"
- interface="zope.app.interfaces.security.IRegisteredObject" />
+ interface=".interfaces.IRegisteredObject" />
</content>
<adapter
factory=".rolepermission.AnnotationRolePermissionManager"
- provides="zope.app.interfaces.security.IRolePermissionManager"
+ provides=".interfaces.IRolePermissionManager"
for="zope.app.interfaces.annotation.IAnnotatable" />
<adapter
factory=".principalrole.AnnotationPrincipalRoleManager"
- provides="zope.app.interfaces.security.IPrincipalRoleManager"
+ provides=".interfaces.IPrincipalRoleManager"
for="zope.app.interfaces.annotation.IAnnotatable" />
<adapter
factory=".principalpermission.AnnotationPrincipalPermissionManager"
- provides="zope.app.interfaces.security.IPrincipalPermissionManager"
+ provides=".interfaces.IPrincipalPermissionManager"
for="zope.app.interfaces.annotation.IAnnotatable" />
<serviceType
id="Roles"
- interface="zope.app.interfaces.security.IRoleService" />
+ interface=".interfaces.IRoleService" />
<service
serviceType="Roles"
@@ -39,7 +39,7 @@
<!-- protect Roles and Permissions -->
<content class=".roleregistry.Role">
- <allow interface="zope.app.interfaces.security.IRegisteredObject" />
+ <allow interface=".interfaces.IRegisteredObject" />
</content>
<!-- XXX (this came out of services/configure.zcml) Role Templates -->
@@ -51,7 +51,7 @@
/>
<require
permission="zope.Security"
- interface="zope.app.interfaces.security.IRoleService"
+ interface=".interfaces.IRoleService"
/>
<require
permission="zope.ManageServices"
@@ -63,7 +63,7 @@
<factory />
<require
permission="zope.Security"
- interface="zope.app.interfaces.security.IRole"
+ interface=".interfaces.IRole"
/>
</content>
=== Zope3/src/zope/products/securitypolicy/interfaces.py 1.1.2.1 => 1.1.2.2 ===
--- Zope3/src/zope/products/securitypolicy/interfaces.py:1.1.2.1 Tue Jan 13 18:34:20 2004
+++ Zope3/src/zope/products/securitypolicy/interfaces.py Wed Jan 14 01:06:48 2004
@@ -14,7 +14,7 @@
"""Security map to hold matrix-like relationships."""
from zope.interface import Interface
-
+from zope.app.interfaces.security import IRegisteredObject
class ISecurityMap(Interface):
"""Security map to hold matrix-like relationships."""
@@ -37,3 +37,193 @@
def getAllCells():
" return a list of (rowentry, colentry, value) "
+
+class IRole(IRegisteredObject):
+ """A role object."""
+
+class IRoleService(Interface):
+ """Define roles
+
+ 'IRoleService' objects are used to implement role-definition
+ services. Because they implement services, they are expected to
+ collaborate with services in other contexts. Client code doesn't
+ sarch a context and call multiple services. Instead, client code
+ will call the most specific service in a place and rely on the
+ service to delegate to other services as necessary.
+
+ The interface doesn't include methods for data
+ management. Services may use external data and not allow
+ management in Zope. Simularly, the data to be managed may vary
+ with different implementations of a service.
+ """
+
+ def getRole(rid):
+ """Return an 'IRole' object for the given role id."""
+
+
+ def getRoles():
+ """Return a sequence of the roles (IRole objects)
+ defined in the place containing the service."""
+
+
+
+
+class IPrincipalRoleMap(Interface):
+ """Mappings between principals and roles."""
+
+ def getPrincipalsForRole(role_id):
+ """Get the principals that have been granted a role.
+
+ Return the list of (principal id, setting) who have been assigned or
+ removed from a role.
+
+ If no principals have been assigned this role,
+ then the empty list is returned.
+ """
+
+ def getRolesForPrincipal(principal_id):
+ """Get the roles granted to a principal.
+
+ Return the list of (role id, setting) assigned or removed from
+ this principal.
+
+ If no roles have been assigned to
+ this principal, then the empty list is returned.
+ """
+
+ def getSetting(role_id, principal_id):
+ """Return the setting for this principal, role combination
+ """
+
+ def getPrincipalsAndRoles():
+ """Get all settings.
+
+ Return all the principal/role combinations along with the
+ setting for each combination as a sequence of tuples with the
+ role id, principal id, and setting, in that order.
+ """
+
+
+class IPrincipalRoleManager(IPrincipalRoleMap):
+ """Management interface for mappings between principals and roles."""
+
+ def assignRoleToPrincipal(role_id, principal_id):
+ """Assign the role to the principal."""
+
+ def removeRoleFromPrincipal(role_id, principal_id):
+ """Remove a role from the principal."""
+
+ def unsetRoleForPrincipal(role_id, principal_id):
+ """Unset the role for the principal."""
+
+
+class IRolePermissionMap(Interface):
+ """Mappings between roles and permissions."""
+
+ def getPermissionsForRole(role_id):
+ """Get the premissions granted to a role.
+
+ Return a sequence of (permission id, setting) tuples for the given
+ role.
+
+ If no permissions have been granted to this
+ role, then the empty list is returned.
+ """
+
+ def getRolesForPermission(permission_id):
+ """Get the roles that have a permission.
+
+ Return a sequence of (role id, setting) tuples for the given
+ permission.
+
+ If no roles have been granted this permission, then the empty list is
+ returned.
+ """
+
+ def getSetting(permission_id, role_id):
+ """Return the setting for the given permission id and role id
+
+ If there is no setting, Unset is returned
+ """
+
+ def getRolesAndPermissions():
+ """Return a sequence of (permission_id, role_id, setting) here.
+
+ The settings are returned as a sequence of permission, role,
+ setting tuples.
+
+ If no principal/role assertions have been made here, then the empty
+ list is returned.
+ """
+
+
+class IRolePermissionManager(IRolePermissionMap):
+ """Management interface for mappings between roles and permissions."""
+
+ def grantPermissionToRole(permission_id, role_id):
+ """Bind the permission to the role.
+ """
+
+ def denyPermissionToRole(permission_id, role_id):
+ """Deny the permission to the role
+ """
+
+ def unsetPermissionFromRole(permission_id, role_id):
+ """Clear the setting of the permission to the role.
+ """
+
+
+class IPrincipalPermissionMap(Interface):
+ """Mappings between principals and permissions."""
+
+ def getPrincipalsForPermission(permission_id):
+ """Get the principas that have a permission.
+
+ Return the list of (principal_id, setting) tuples that describe
+ security assertions for this permission.
+
+ If no principals have been set for this permission, then the empty
+ list is returned.
+ """
+
+ def getPermissionsForPrincipal(principal_id):
+ """Get the permissions granted to a principal.
+
+ Return the list of (permission, setting) tuples that describe
+ security assertions for this principal.
+
+ If no permissions have been set for this principal, then the empty
+ list is returned.
+ """
+
+ def getSetting(permission_id, principal_id):
+ """Get the setting for a permission and principal.
+
+ Get the setting (Allow/Deny/Unset) for a given permission and
+ principal.
+ """
+
+ def getPrincipalsAndPermissions():
+ """Get all principal permission settings.
+
+ Get the principal security assertions here in the form
+ of a list of three tuple containing
+ (permission id, principal id, setting)
+ """
+
+
+class IPrincipalPermissionManager(IPrincipalPermissionMap):
+ """Management interface for mappings between principals and permissions."""
+
+ def grantPermissionToPrincipal(permission_id, principal_id):
+ """Assert that the permission is allowed for the principal.
+ """
+
+ def denyPermissionToPrincipal(permission_id, principal_id):
+ """Assert that the permission is denied to the principal.
+ """
+
+ def unsetPermissionForPrincipal(permission_id, principal_id):
+ """Remove the permission (either denied or allowed) from the
+ principal.
+ """
=== Zope3/src/zope/products/securitypolicy/permissionroles.py 1.1.2.1 => 1.1.2.2 ===
--- Zope3/src/zope/products/securitypolicy/permissionroles.py:1.1.2.1 Tue Jan 13 18:34:20 2004
+++ Zope3/src/zope/products/securitypolicy/permissionroles.py Wed Jan 14 01:06:48 2004
@@ -17,7 +17,7 @@
"""
from zope.component import getAdapter
-from zope.app.interfaces.security import IRolePermissionManager
+from zope.products.securitypolicy.interfaces import IRolePermissionManager
from zope.app.interfaces.security import IPermission
from zope.app.security.settings import Unset
from zope.interface import implements
=== Zope3/src/zope/products/securitypolicy/principalpermission.py 1.1.2.1 => 1.1.2.2 ===
--- Zope3/src/zope/products/securitypolicy/principalpermission.py:1.1.2.1 Tue Jan 13 18:34:20 2004
+++ Zope3/src/zope/products/securitypolicy/principalpermission.py Wed Jan 14 01:06:48 2004
@@ -17,7 +17,7 @@
from zope.interface import implements
from zope.app.interfaces.annotation import IAnnotations
-from zope.app.interfaces.security import IPrincipalPermissionManager
+from zope.products.securitypolicy.interfaces import IPrincipalPermissionManager
from zope.app.security.settings import Allow, Deny, Unset
from zope.app.security.principal import checkPrincipal
=== Zope3/src/zope/products/securitypolicy/principalrole.py 1.1.2.1 => 1.1.2.2 ===
--- Zope3/src/zope/products/securitypolicy/principalrole.py:1.1.2.1 Tue Jan 13 18:34:20 2004
+++ Zope3/src/zope/products/securitypolicy/principalrole.py Wed Jan 14 01:06:48 2004
@@ -19,8 +19,8 @@
from zope.security.proxy import trustedRemoveSecurityProxy
from zope.app.interfaces.annotation import IAnnotations
-from zope.app.interfaces.security import IPrincipalRoleManager
-from zope.app.interfaces.security import IPrincipalRoleMap
+from zope.products.securitypolicy.interfaces import IPrincipalRoleManager
+from zope.products.securitypolicy.interfaces import IPrincipalRoleMap
from zope.app.security.settings import Allow, Deny, Unset
from zope.products.securitypolicy.securitymap import SecurityMap
=== Zope3/src/zope/products/securitypolicy/role.py 1.1.2.1 => 1.1.2.2 ===
--- Zope3/src/zope/products/securitypolicy/role.py:1.1.2.1 Tue Jan 13 20:31:37 2004
+++ Zope3/src/zope/products/securitypolicy/role.py Wed Jan 14 01:06:48 2004
@@ -20,7 +20,7 @@
from persistence import Persistent
from zope.products.securitypolicy.roleregistry import Role
from zope.app.container.btree import BTreeContainer
-from zope.app.interfaces.security import IRoleService
+from zope.products.securitypolicy.interfaces import IRoleService
from zope.app.interfaces.container import IContainer
from zope.app.component.nextservice import getNextService
from zope.app.interfaces.services.service import ISimpleService
=== Zope3/src/zope/products/securitypolicy/rolepermission.py 1.1.2.1 => 1.1.2.2 ===
--- Zope3/src/zope/products/securitypolicy/rolepermission.py:1.1.2.1 Tue Jan 13 18:34:20 2004
+++ Zope3/src/zope/products/securitypolicy/rolepermission.py Wed Jan 14 01:06:48 2004
@@ -19,13 +19,14 @@
from zope.interface import implements
from zope.app.interfaces.annotation import IAnnotations
-from zope.app.interfaces.security import IRolePermissionMap
-from zope.app.interfaces.security import IRolePermissionManager
-from zope.app.interfaces.security import IRole
from zope.app.security.settings import Allow, Deny, Unset
from zope.app.security.role import checkRole
from zope.app.security.permission import checkPermission
+
+from zope.products.securitypolicy.interfaces import IRolePermissionManager
+from zope.products.securitypolicy.interfaces import IRole
+from zope.products.securitypolicy.interfaces import IRolePermissionMap
from zope.products.securitypolicy.securitymap import PersistentSecurityMap
from zope.products.securitypolicy.securitymap import SecurityMap
=== Zope3/src/zope/products/securitypolicy/roleregistry.py 1.1.2.1 => 1.1.2.2 ===
--- Zope3/src/zope/products/securitypolicy/roleregistry.py:1.1.2.1 Tue Jan 13 20:31:37 2004
+++ Zope3/src/zope/products/securitypolicy/roleregistry.py Wed Jan 14 01:06:48 2004
@@ -17,8 +17,8 @@
from zope.app.security.registries.registeredobject import RegisteredObject
from zope.app.security.registries.registry import Registry
-from zope.app.interfaces.security import IRole
-from zope.app.interfaces.security import IRoleService
+from zope.products.securitypolicy.interfaces import IRole
+from zope.products.securitypolicy.interfaces import IRoleService
from zope.app.interfaces.services.service import ISimpleService
from zope.interface import implements
=== Zope3/src/zope/products/securitypolicy/zopepolicy.py 1.1.2.1 => 1.1.2.2 ===
--- Zope3/src/zope/products/securitypolicy/zopepolicy.py:1.1.2.1 Tue Jan 13 18:34:20 2004
+++ Zope3/src/zope/products/securitypolicy/zopepolicy.py Wed Jan 14 01:06:48 2004
@@ -23,7 +23,7 @@
from zope.security.interfaces import ISecurityPolicy
from zope.security.management import system_user
-from zope.app.interfaces.security import \
+from zope.products.securitypolicy.interfaces import \
IRolePermissionMap, IPrincipalPermissionMap, IPrincipalRoleMap
from zope.products.securitypolicy.principalpermission \
import principalPermissionManager
More information about the Zope3-Checkins
mailing list