[Zope3-checkins] SVN: Zope3/trunk/src/zope/ Rearranged the security apis, largely combining security policies and

Jim Fulton jim at zope.com
Fri Jul 16 15:51:26 EDT 2004


Log message for revision 26591:
  Rearranged the security apis, largely combining security policies and
  interactions. Now security policies are just interaction factories --
  usually just the interaction class.  
  
  See:
  
    http://mail.zope.org/pipermail/zope3-dev/2004-July/011656.html
  


Changed:
  U   Zope3/trunk/src/zope/app/component/tests/test_contentdirective.py
  U   Zope3/trunk/src/zope/app/component/tests/test_factory.py
  U   Zope3/trunk/src/zope/app/component/tests/test_servicedirective.py
  U   Zope3/trunk/src/zope/app/dublincore/tests/test_creatorannotator.py
  U   Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py
  U   Zope3/trunk/src/zope/app/publisher/browser/tests/test_directives.py
  U   Zope3/trunk/src/zope/app/publisher/browser/tests/test_globalbrowsermenuservice.py
  U   Zope3/trunk/src/zope/app/publisher/browser/tests/test_menuaccessview.py
  U   Zope3/trunk/src/zope/app/schema/tests/test_field.py
  U   Zope3/trunk/src/zope/app/schema/tests/test_fieldfactory.py
  U   Zope3/trunk/src/zope/app/schema/tests/test_schemautility.py
  U   Zope3/trunk/src/zope/app/security/metaconfigure.py
  U   Zope3/trunk/src/zope/app/securitypolicy/configure.zcml
  U   Zope3/trunk/src/zope/app/securitypolicy/tests/test_zopepolicy.py
  U   Zope3/trunk/src/zope/app/securitypolicy/zopepolicy.py
  U   Zope3/trunk/src/zope/app/tests/placelesssetup.py
  U   Zope3/trunk/src/zope/app/traversing/tests/test_traverser.py
  U   Zope3/trunk/src/zope/app/workflow/stateful/tests/test_instance.py
  U   Zope3/trunk/src/zope/security/__init__.py
  U   Zope3/trunk/src/zope/security/_zope_security_checker.c
  U   Zope3/trunk/src/zope/security/checker.py
  U   Zope3/trunk/src/zope/security/examples/sandbox_security.py
  U   Zope3/trunk/src/zope/security/interfaces.py
  U   Zope3/trunk/src/zope/security/management.py
  D   Zope3/trunk/src/zope/security/simpleinteraction.py
  U   Zope3/trunk/src/zope/security/simplepolicies.py
  U   Zope3/trunk/src/zope/security/tests/test_checker.py
  U   Zope3/trunk/src/zope/security/tests/test_management.py
  U   Zope3/trunk/src/zope/security/tests/test_simpleinteraction.py


-=-
Modified: Zope3/trunk/src/zope/app/component/tests/test_contentdirective.py
===================================================================
--- Zope3/trunk/src/zope/app/component/tests/test_contentdirective.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/component/tests/test_contentdirective.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -26,8 +26,6 @@
 from zope.component.exceptions import ComponentLookupError
 from zope.configuration.xmlconfig import xmlconfig, XMLConfig
 from zope.app.tests.placelesssetup import PlacelessSetup
-from zope.security.management import system_user
-from zope.security.management import newInteraction
 from zope.app.component.interface import queryInterface
 
 # explicitly import ExampleClass and IExample using full paths
@@ -54,7 +52,6 @@
 class TestContentDirective(PlacelessSetup, unittest.TestCase):
     def setUp(self):
         super(TestContentDirective, self).setUp()
-        newInteraction(ParticipationStub(system_user))
         XMLConfig('meta.zcml', zope.app.component)()
         XMLConfig('meta.zcml', zope.app.security)()
 
@@ -141,7 +138,6 @@
 class TestFactorySubdirective(PlacelessSetup, unittest.TestCase):
     def setUp(self):
         super(TestFactorySubdirective, self).setUp()
-        newInteraction(ParticipationStub(system_user))
         XMLConfig('meta.zcml', zope.app.component)()
         XMLConfig('meta.zcml', zope.app.security)()
 

Modified: Zope3/trunk/src/zope/app/component/tests/test_factory.py
===================================================================
--- Zope3/trunk/src/zope/app/component/tests/test_factory.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/component/tests/test_factory.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -23,7 +23,6 @@
 from zope.component import createObject
 from zope.proxy import removeAllProxies
 from zope.app.tests.placelesssetup import PlacelessSetup
-from zope.security.management import newInteraction, system_user
 
 from zope.app import zapi
 import zope.app.security
@@ -50,7 +49,6 @@
 class Test(PlacelessSetup, unittest.TestCase):
     def setUp(self):
         super(Test, self).setUp()
-        newInteraction(ParticipationStub(system_user))
         XMLConfig('meta.zcml', zope.app.component)()
         XMLConfig('meta.zcml', zope.app.security)()
 

Modified: Zope3/trunk/src/zope/app/component/tests/test_servicedirective.py
===================================================================
--- Zope3/trunk/src/zope/app/component/tests/test_servicedirective.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/component/tests/test_servicedirective.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -176,7 +176,8 @@
             )))
 
         # Need to "log someone in" to turn on checks
-        from zope.security.management import newInteraction
+        from zope.security.management import newInteraction, endInteraction
+        endInteraction()
         newInteraction(ParticipationStub('someuser'))
 
         service = getService("Foo")

Modified: Zope3/trunk/src/zope/app/dublincore/tests/test_creatorannotator.py
===================================================================
--- Zope3/trunk/src/zope/app/dublincore/tests/test_creatorannotator.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/dublincore/tests/test_creatorannotator.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -94,7 +94,6 @@
                                     'this is a very bad author')
 
         # Check what happens if no user is there
-        newInteraction(None)
         CreatorAnnotator(event)
         self.assertEqual(data.creators,())
         endInteraction()

Modified: Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py
===================================================================
--- Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -112,10 +112,12 @@
 
     def setUp(self):
         super(BasePublicationTests, self).setUp()
+        from zope.security.management import endInteraction
+        endInteraction()
         ztapi.provideAdapter(IHTTPRequest, IUserPreferredCharsets,
                              HTTPCharsets)
         self.policy = setSecurityPolicy(
-            simplepolicies.PermissiveSecurityPolicy()
+            simplepolicies.PermissiveSecurityPolicy
             )
         self.storage = DemoStorage('test_storage')
         self.db = db = DB(self.storage)

Modified: Zope3/trunk/src/zope/app/publisher/browser/tests/test_directives.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/tests/test_directives.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/publisher/browser/tests/test_directives.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -28,6 +28,7 @@
 from zope.component import getDefaultViewName, getResource
 from zope.app.tests.placelesssetup import PlacelessSetup
 from zope.security.proxy import ProxyFactory
+import zope.security.management
 from zope.proxy import removeAllProxies
 
 from zope.app.publisher.browser.globalbrowsermenuservice import \
@@ -699,6 +700,7 @@
     def testProtectedPageViews(self):
         ztapi.provideUtility(IPermission, Permission('p', 'P'), 'p')
 
+        request = TestRequest()
         self.assertEqual(queryView(ob, 'test', request),
                          None)
 
@@ -722,6 +724,7 @@
 
         v = getView(ob, 'index.html', request)
         v = ProxyFactory(v)
+        zope.security.management.getInteraction().add(request)
         self.assertRaises(Exception, v)
         v = getView(ob, 'action.html', request)
         v = ProxyFactory(v)
@@ -879,6 +882,7 @@
 
         path = os.path.join(tests_path, 'testfiles', 'test.pt')
 
+        request = TestRequest()
         self.assertEqual(queryView(ob, 'test', request),
                          None)
 
@@ -908,6 +912,7 @@
 
         v = getView(ob, 'xxx.html', request)
         v = ProxyFactory(v)
+        zope.security.management.getInteraction().add(request)
         self.assertRaises(Exception, v)
 
         v = getView(ob, 'index.html', request)

Modified: Zope3/trunk/src/zope/app/publisher/browser/tests/test_globalbrowsermenuservice.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/tests/test_globalbrowsermenuservice.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/publisher/browser/tests/test_globalbrowsermenuservice.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -21,7 +21,6 @@
 from zope.publisher.browser import TestRequest
 from zope.publisher.interfaces.browser import IBrowserPublisher
 from zope.security.management import newInteraction, endInteraction
-from zope.security.management import system_user
 
 from zope.app import zapi
 from zope.app.tests import ztapi
@@ -113,6 +112,7 @@
         r.menuItem('test_id', I111, 'u8', 't8', 'd8')
         r.menuItem('test_id', I12, 'a9', 't9', 'd9')
 
+        endInteraction()
         newInteraction(ParticipationStub('test'))
 
         menu = r.getMenu('test_id', TestObject(), TestRequest())
@@ -120,9 +120,7 @@
         self.assertEqual(list(menu), [d(6), d(3), d(2), d(1)])
 
         endInteraction()
-
-        newInteraction(ParticipationStub(system_user))
-
+        newInteraction()
         menu = r.getMenu('test_id', TestObject(), TestRequest())
         self.assertEqual(list(menu), [d(5), d(6), d(3), d(2), d(1)])
 

Modified: Zope3/trunk/src/zope/app/publisher/browser/tests/test_menuaccessview.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/tests/test_menuaccessview.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/publisher/browser/tests/test_menuaccessview.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -95,6 +95,8 @@
                                       abad='waaa'))
 
     def test(self):
+        from zope.security.management import endInteraction
+        endInteraction()
         newInteraction(ParticipationStub('who'))
         v = MenuAccessView(ProxyFactory(ob), TestRequest())
         self.assertEqual(v['zmi_views'],

Modified: Zope3/trunk/src/zope/app/schema/tests/test_field.py
===================================================================
--- Zope3/trunk/src/zope/app/schema/tests/test_field.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/schema/tests/test_field.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -54,7 +54,6 @@
     def setUp(self):
         setup.placefulSetUp()
         self.context = xmlconfig.file("fields.zcml", zope.app.schema.tests)
-        newInteraction(ParticipationStub(system_user))
 
     def test_wrapped_field_checker(self):
         f1 = Text(title=u'alpha')

Modified: Zope3/trunk/src/zope/app/schema/tests/test_fieldfactory.py
===================================================================
--- Zope3/trunk/src/zope/app/schema/tests/test_fieldfactory.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/schema/tests/test_fieldfactory.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -23,7 +23,6 @@
 from zope.component.exceptions import ComponentLookupError
 from zope.component.interfaces import IFactory
 from zope.app.tests.placelesssetup import PlacelessSetup
-from zope.security.management import newInteraction, system_user
 from zope.schema.interfaces import IField, IText
 from zope.interface import Interface
 from zope.configuration import xmlconfig
@@ -41,7 +40,6 @@
 
     def setUp(self):
         super(TestFieldFactory, self).setUp()
-        newInteraction(ParticipationStub(system_user))
         context = xmlconfig.file('tests/test_fieldfactory.zcml',
                                  zope.app.schema)
 

Modified: Zope3/trunk/src/zope/app/schema/tests/test_schemautility.py
===================================================================
--- Zope3/trunk/src/zope/app/schema/tests/test_schemautility.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/schema/tests/test_schemautility.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -19,7 +19,6 @@
 
 from zope.configuration import xmlconfig
 from zope.schema import Text, getFieldNamesInOrder, getFieldsInOrder
-from zope.security.management import system_user, newInteraction
 from zope.security.checker import getChecker, _defaultChecker, ProxyFactory
 from zope.app.schema.schema import SchemaUtility
 from zope.app.tests import setup
@@ -190,7 +189,6 @@
         s = self.s
         s.addField(u'alpha', self.alpha)
         s = ProxyFactory(s)
-        newInteraction(ParticipationStub(system_user))
         f1 = ProxyFactory(s[u'alpha'])
         order = f1.order
         f1 = zapi.traverse(s, 'alpha')

Modified: Zope3/trunk/src/zope/app/security/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/security/metaconfigure.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/security/metaconfigure.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -28,9 +28,6 @@
 
 def securityPolicy(_context, component):
 
-    if callable(component):
-        component = component()
-
     _context.action(
             discriminator = 'defaultPolicy',
             callable = setSecurityPolicy,

Modified: Zope3/trunk/src/zope/app/securitypolicy/configure.zcml
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/configure.zcml	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/securitypolicy/configure.zcml	2004-07-16 19:51:26 UTC (rev 26591)
@@ -87,9 +87,7 @@
   <include package=".browser"/>
 
 
-  <securityPolicy
-      component=".zopepolicy.zopeSecurityPolicy"
-      />
+  <securityPolicy component=".zopepolicy.ZopeSecurityPolicy" />
 
   <role id="zope.Anonymous" title="Everybody" 
                  description="All users have this role implicitly" />

Modified: Zope3/trunk/src/zope/app/securitypolicy/tests/test_zopepolicy.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/tests/test_zopepolicy.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/securitypolicy/tests/test_zopepolicy.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -89,11 +89,13 @@
             AttributeAnnotations)
 
         # set up some principals
-        self.jim = principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
-                                                     'jim', '123')
+        self.jim = principalRegistry.definePrincipal(
+            'jim', 'Jim', 'Jim Fulton',
+            'jim', '123')
 
-        self.tim = principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
-                                                     'tim', '456')
+        self.tim = principalRegistry.definePrincipal(
+            'tim', 'Tim', 'Tim Peters',
+            'tim', '456')
 
         self.unknown = principalRegistry.defineDefaultPrincipal('unknown',
                     'Unknown', 'Nothing is known about this principal')
@@ -135,10 +137,10 @@
         principalRoleManager.assignRoleToPrincipal(self.peon, self.jim.id)
         principalRoleManager.assignRoleToPrincipal(self.manager, self.tim.id)
 
-        self.policy = self._makePolicy()
+        self.interaction = self._makeInteraction()
 
 
-    def _makePolicy(self):
+    def _makeInteraction(self):
         from zope.app.securitypolicy.zopepolicy import ZopeSecurityPolicy
         return ZopeSecurityPolicy()
 
@@ -154,38 +156,40 @@
     def testInterfaces(self):
         from zope.security.interfaces import ISecurityPolicy
         from zope.app.securitypolicy.zopepolicy import ZopeSecurityPolicy
-        verifyObject(ISecurityPolicy, ZopeSecurityPolicy())
+        verifyObject(ISecurityPolicy, ZopeSecurityPolicy)
 
     def testCreateInteraction(self):
         from zope.security.interfaces import IInteraction
         from zope.app.securitypolicy.zopepolicy import ZopeSecurityPolicy
-        i1 = ZopeSecurityPolicy().createInteraction(None)
+        i1 = ZopeSecurityPolicy()
         verifyObject(IInteraction, i1)
         self.assertEquals(list(i1.participations), [])
 
         user = object()
         rq = RequestStub(user)
-        i2 = ZopeSecurityPolicy().createInteraction(rq)
+        i2 = ZopeSecurityPolicy(rq)
         verifyObject(IInteraction, i2)
         self.assertEquals(list(i2.participations), [rq])
 
     def testGlobalCheckPermission(self):
-        self.failUnless(
-            self.policy.checkPermission(self.read, None, Interaction(self.jim)))
-        self.failUnless(
-            self.policy.checkPermission(self.read, None, Interaction(self.tim)))
-        self.failUnless(
-            self.policy.checkPermission(self.write, None, Interaction(self.tim)))
+        r = RequestStub(self.jim)
+        self.interaction.add(r)
+        self.failUnless(self.interaction.checkPermission(self.read, None))
+        self.interaction.remove(r)
 
-        self.failIf(self.policy.checkPermission(
-            self.read, None, Interaction(self.unknown)))
-        self.failIf(self.policy.checkPermission(
-            self.write, None, Interaction(self.unknown)))
+        r = RequestStub(self.tim)
+        self.interaction.add(r)
+        self.failUnless(self.interaction.checkPermission(self.read, None))
+        self.failUnless(self.interaction.checkPermission(self.write, None))
+        self.interaction.remove(r)
 
-        self.failIf(
-            self.policy.checkPermission(
-            self.read, None, Interaction(self.unknown)))
+        r = RequestStub(self.unknown)
+        self.interaction.add(r)
+        self.failIf(self.interaction.checkPermission(self.read, None))
+        self.failIf(self.interaction.checkPermission(self.write, None))
 
+        self.failIf(self.interaction.checkPermission(self.read, None))
+
         self.__assertPermissions(self.jim, ['create', 'read'])
         self.__assertPermissions(self.tim, ['read', 'write'])
         self.__assertPermissions(self.unknown, [])
@@ -193,30 +197,29 @@
         rolePermissionManager.grantPermissionToRole(
             self.read, 'zope.Anonymous')
 
-        self.failUnless(
-            self.policy.checkPermission(
-            self.read, None, Interaction(self.unknown)))
+        self.failUnless(self.interaction.checkPermission(self.read, None))
+        self.interaction.remove(r)
 
         self.__assertPermissions(self.unknown, ['read'])
 
         principalPermissionManager.grantPermissionToPrincipal(
             self.write, self.jim.id)
-        self.failUnless(
-            self.policy.checkPermission(self.write, None, Interaction(self.jim)))
+        r = RequestStub(self.jim)
+        self.interaction.add(r)
+        self.failUnless(self.interaction.checkPermission(self.write, None))
 
         self.__assertPermissions(self.jim, ['create', 'read', 'write'])
 
     def testPlaylessPrincipalRole(self):
-        self.failIf(self.policy.checkPermission(
-            self.write, None, Interaction(self.jim)))
+        r = RequestStub(self.jim)
+        self.interaction.add(r)
+        self.failIf(self.interaction.checkPermission(self.write, None))
         principalRoleManager.assignRoleToPrincipal(
             self.manager, self.jim.id)
-        self.failUnless(self.policy.checkPermission(
-            self.write, None, Interaction(self.jim)))
+        self.failUnless(self.interaction.checkPermission(self.write, None))
         principalRoleManager.removeRoleFromPrincipal(
             self.manager, self.jim.id)
-        self.failIf(self.policy.checkPermission(
-            self.write, None, Interaction(self.jim)))
+        self.failIf(self.interaction.checkPermission(self.write, None))
 
     def testPlayfulPrincipalRole(self):
         ztapi.provideAdapter(
@@ -227,16 +230,15 @@
         ob2 = TestClass(); ob2.__parent__ = ob1
         ob3 = TestClass(); ob3.__parent__ = ob2
 
-        self.failIf(self.policy.checkPermission(
-            self.write, ob3, Interaction(self.jim)))
+        r = RequestStub(self.jim)
+        self.interaction.add(r)
+        self.failIf(self.interaction.checkPermission(self.write, ob3))
         AnnotationPrincipalRoleManager(ob3).assignRoleToPrincipal(
             self.manager, self.jim.id)
-        self.failUnless(self.policy.checkPermission(
-            self.write, ob3, Interaction(self.jim)))
+        self.failUnless(self.interaction.checkPermission(self.write, ob3))
         AnnotationPrincipalRoleManager(ob3).removeRoleFromPrincipal(
             self.manager, self.jim.id)
-        self.failIf(self.policy.checkPermission(
-            self.write, ob3, Interaction(self.jim)))
+        self.failIf(self.interaction.checkPermission(self.write, ob3))
 
     def testPlayfulRolePermissions(self):
 
@@ -250,30 +252,33 @@
         ob2 = TestClass(); ob2.__parent__ = ob1
         ob3 = TestClass(); ob3.__parent__ = ob2
 
-        self.failIf(self.policy.checkPermission(test, ob3, Interaction(self.tim)))
+        r = RequestStub(self.tim)
+        self.interaction.add(r)
+        self.failIf(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(self.tim, ['read', 'write'], ob3)
 
         ARPM(ob2).grantPermissionToRole(test, self.manager)
-        self.failUnless(self.policy.checkPermission(test, ob3,
-                                                    Interaction(self.tim)))
+        self.failUnless(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
+        self.interaction.remove(r)
 
-        self.failIf(self.policy.checkPermission(test, ob3, Interaction(self.jim)))
+        r = RequestStub(self.jim)
+        self.interaction.add(r)
+        self.failIf(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(self.jim, ['create', 'read'], ob3)
 
 
         ARPM(ob3).grantPermissionToRole(test, self.peon)
-        self.failUnless(self.policy.checkPermission(
-            test, ob3, Interaction(self.jim)))
+        self.failUnless(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
 
 
 
         principalPermissionManager.denyPermissionToPrincipal(
             test, self.jim.id)
-        self.failIf(self.policy.checkPermission(
-            test, ob3, Interaction(self.jim)))
+        self.failIf(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(self.jim, ['create', 'read'], ob3)
+        self.interaction.remove(r)
 
         principalPermissionManager.unsetPermissionForPrincipal(
             test, self.jim.id)
@@ -286,11 +291,13 @@
         new = principalRegistry.definePrincipal('new', 'Newbie',
                                                 'Newbie User', 'new', '098')
         principalRoleManager.assignRoleToPrincipal(self.arole, new.id)
-        self.failUnless(self.policy.checkPermission(test, ob3, Interaction(new)))
+        r = RequestStub(new)
+        self.interaction.add(r)
+        self.failUnless(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(new, ['test'], ob3)
 
         principalRoleManager.assignRoleToPrincipal(self.peon, new.id)
-        self.failIf(self.policy.checkPermission(test, ob3, Interaction(new)))
+        self.failIf(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(new, ['read'], ob3)
 
     def testPlayfulPrinciplePermissions(self):
@@ -304,38 +311,41 @@
 
         test = definePermission('test', 'Test', '').id
 
-        self.failIf(self.policy.checkPermission(test, ob3, Interaction(self.tim)))
+        r = RequestStub(self.tim)
+        self.interaction.add(r)
+        self.failIf(self.interaction.checkPermission(test, ob3))
 
         self.__assertPermissions(self.tim, ['read', 'write'], ob3)
 
         APPM(ob2).grantPermissionToPrincipal(test, self.tim.id)
-        self.failUnless(self.policy.checkPermission(
-            test, ob3, Interaction(self.tim)))
+        self.failUnless(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
 
         APPM(ob3).denyPermissionToPrincipal(test, self.tim.id)
-        self.failIf(self.policy.checkPermission(
-            test, ob3, Interaction(self.tim)))
+        self.failIf(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(self.tim, ['read', 'write'], ob3)
+        self.interaction.remove(r)
 
+        r = RequestStub(self.jim)
+        self.interaction.add(r)
         APPM(ob1).denyPermissionToPrincipal(test, self.jim.id)
         APPM(ob3).grantPermissionToPrincipal(test, self.jim.id)
-        self.failUnless(self.policy.checkPermission(
-            test, ob3, Interaction(self.jim)))
+        self.failUnless(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
 
 
         APPM(ob3).unsetPermissionForPrincipal(test, self.jim.id)
-        self.failIf(self.policy.checkPermission(
-            test, ob3, Interaction(self.jim)))
+        self.failIf(self.interaction.checkPermission(test, ob3))
         self.__assertPermissions(self.jim, ['create', 'read'], ob3)
+        self.interaction.remove(r)
 
         # make sure placeless principal permissions override placeful ones
+        r = RequestStub(self.tim)
+        self.interaction.add(r)
         APPM(ob3).grantPermissionToPrincipal(test, self.tim.id)
         principalPermissionManager.denyPermissionToPrincipal(
             test, self.tim.id)
-        self.failIf(self.policy.checkPermission(
-            test, ob3, Interaction(self.tim)))
+        self.failIf(self.interaction.checkPermission(test, ob3))
 
         self.__assertPermissions(self.tim, ['read', 'write'], ob3)
 

Modified: Zope3/trunk/src/zope/app/securitypolicy/zopepolicy.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/zopepolicy.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/securitypolicy/zopepolicy.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -15,21 +15,18 @@
 
 $Id$
 """
-from zope.interface import implements
-from zope.security.interfaces import ISecurityPolicy
 from zope.security.management import system_user
-from zope.security.simpleinteraction import createInteraction \
-                                            as _createInteraction
+import zope.security.simplepolicies
+from zope.security.interfaces import ISecurityPolicy
 
 from zope.app.location import LocationIterator
-
+from zope.app.security.settings import Allow, Deny
 from zope.app.securitypolicy.interfaces import \
      IRolePermissionMap, IPrincipalPermissionMap, IPrincipalRoleMap
 from zope.app.securitypolicy.principalpermission \
      import principalPermissionManager
 from zope.app.securitypolicy.rolepermission import rolePermissionManager
 from zope.app.securitypolicy.principalrole import principalRoleManager
-from zope.app.security.settings import Allow, Deny
 
 getPermissionsForPrincipal = \
                 principalPermissionManager.getPermissionsForPrincipal
@@ -39,39 +36,13 @@
 globalContext = object()
 
 
-class ZopeSecurityPolicy(object):
-    implements(ISecurityPolicy)
+class ZopeSecurityPolicy(zope.security.simplepolicies.ParanoidSecurityPolicy):
+    zope.interface.classProvides(ISecurityPolicy)
 
-    def __init__(self, ownerous=True, authenticated=True):
-        """
-        Two optional keyword arguments may be provided:
-
-        ownerous -- Untrusted users can create code (e.g. Python
-            scripts or templates), so check that code owners can
-            access resources.  The argument must have a truth value.
-            The default is true.
-
-        authenticated -- Allow access to resources based on the
-
-            privileges of the authenticated user.  The argument must
-            have a truth value.  The default is true.
-
-            This (somewhat experimental) option can be set to false on
-            sites that allow only public (unauthenticated) access. An
-            anticipated scenario is a ZEO configuration in which some
-            clients allow only public access and other clients allow
-            full management.
-        """
-
-        self._ownerous = ownerous
-        self._authenticated = authenticated
-
-    createInteraction = staticmethod(_createInteraction)
-
-    def checkPermission(self, permission, object, interaction):
+    def checkPermission(self, permission, object):
         # XXX We aren't really handling multiple principals yet
-        assert len(interaction.participations) == 1 # XXX
-        user = interaction.participations[0].principal
+        assert len(self.participations) == 1 # XXX
+        user = self.participations[0].principal
 
         # mapping from principal to set of roles
         if user is system_user:
@@ -287,4 +258,3 @@
 
     return result
 
-zopeSecurityPolicy=ZopeSecurityPolicy()

Modified: Zope3/trunk/src/zope/app/tests/placelesssetup.py
===================================================================
--- Zope3/trunk/src/zope/app/tests/placelesssetup.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/tests/placelesssetup.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -49,6 +49,9 @@
         from zope.app.security.tests import addCheckerPublic
         addCheckerPublic()
 
+        from zope.security.management import newInteraction
+        newInteraction()
+
         setVocabularyRegistry(None)
 
 

Modified: Zope3/trunk/src/zope/app/traversing/tests/test_traverser.py
===================================================================
--- Zope3/trunk/src/zope/app/traversing/tests/test_traverser.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/traversing/tests/test_traverser.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -37,7 +37,7 @@
 from zope.app.site.tests.placefulsetup import PlacefulSetup
 from zope.security.checker \
     import ProxyFactory, defineChecker, CheckerPublic, Checker
-from zope.security.management import newInteraction
+from zope.security.management import newInteraction, endInteraction
 from zope.app.container.contained import Contained, contained
 
 class ParticipationStub(object):
@@ -178,6 +178,7 @@
         self.assertEquals(tr.traverse(('folder', 'item')), item)
 
     def testItemDenied(self):
+        endInteraction()
         newInteraction(ParticipationStub('no one'))
         defineChecker(C, Checker({'item': 'Waaaa', 'folder': CheckerPublic}))
         tr = Traverser(ProxyFactory(self.root))

Modified: Zope3/trunk/src/zope/app/workflow/stateful/tests/test_instance.py
===================================================================
--- Zope3/trunk/src/zope/app/workflow/stateful/tests/test_instance.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/app/workflow/stateful/tests/test_instance.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -26,7 +26,7 @@
 from zope.app.security.interfaces import IPermission
 from zope.app.security.permission import Permission
 from zope.security.checker import CheckerPublic
-from zope.security.management import newInteraction
+from zope.security.management import newInteraction, endInteraction
 
 from zope.app.annotation.interfaces import IAttributeAnnotatable
 from zope.app.registration.interfaces import IRegisterable
@@ -363,6 +363,7 @@
 
         ztapi.provideUtility(IPermission, Permission('deny', 'Deny'), 'deny')
 
+        endInteraction()
         newInteraction(ParticipationStub('test'))
 
         pd = TestProcessDefinition()

Modified: Zope3/trunk/src/zope/security/__init__.py
===================================================================
--- Zope3/trunk/src/zope/security/__init__.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/__init__.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -4,42 +4,21 @@
 # All Rights Reserved.
 #
 # This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
 # FOR A PARTICULAR PURPOSE.
 #
 ##############################################################################
-"""Security Package
+"""Base security system
 
 $Id$
+
 """
+
 # TODO: There's a circular import problem with the proxy package.
 # The proxy framework needs some refactoring, but not today.
 import zope.proxy
 
-from zope.security.checker import CheckerPublic as _CheckerPublic
-from zope.security.management import queryInteraction as _queryInteraction
-from zope.security.management import getSecurityPolicy as _getSecurityPolicy
-
-def checkPermission(permission, object, interaction=None):
-    """Return whether security policy allows permission on object.
-
-    Arguments:
-    permission -- A permission name
-    object -- The object being accessed according to the permission
-    interaction -- An interaction, which provides access to information
-        such as authenticated principals.  If it is None, the current
-        interaction is used.
-
-    checkPermission is guaranteed to return True if permission is
-    CheckerPublic or None.
-    """
-    if permission is None or permission is _CheckerPublic:
-        return True
-    if interaction is None:
-        interaction = _queryInteraction()
-    policy = _getSecurityPolicy()
-    return policy.checkPermission(permission, object, interaction)
-
+from zope.security.management import checkPermission

Modified: Zope3/trunk/src/zope/security/_zope_security_checker.c
===================================================================
--- Zope3/trunk/src/zope/security/_zope_security_checker.c	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/_zope_security_checker.c	2004-07-16 19:51:26 UTC (rev 26591)
@@ -14,13 +14,14 @@
 #include <Python.h>
 
 static PyObject *_checkers, *_defaultChecker, *_available_by_default, *NoProxy;
-static PyObject *Proxy, *getSecurityPolicy, *queryInteraction, *CheckerPublic;
+static PyObject *Proxy, *thread_local, *CheckerPublic;
 static PyObject *ForbiddenAttribute, *Unauthorized;
 
 #define DECLARE_STRING(N) static PyObject *str_##N
 
 DECLARE_STRING(checkPermission);
 DECLARE_STRING(__Security_checker__);
+DECLARE_STRING(interaction);
 
 #define CLEAR(O) if (O) {PyObject *t = O; O = 0; Py_DECREF(t); }
 
@@ -72,25 +73,16 @@
 static int
 checkPermission(PyObject *permission, PyObject *object, PyObject *name)
 {
-      PyObject *policy, *interaction, *r;
+      PyObject *interaction, *r;
       int i;
 
-/*             policy = getSecurityPolicy() */
-      policy = PyObject_CallObject(getSecurityPolicy, NULL);
-      if (policy == NULL)
-        return -1;
-/*             interaction = queryInteraction() */
-      interaction = PyObject_CallObject(queryInteraction, NULL);
-      if (interaction == NULL)
-        {
-          Py_DECREF(policy);
-          return -1;
-        }
-/*             if policy.checkPermission(permission, object, interaction): */
+/*          if thread_local.interaction.checkPermission(permission, object): */
 /*                 return */
-      r = PyObject_CallMethodObjArgs(policy, str_checkPermission,
-                                     permission, object, interaction, NULL);
-      Py_DECREF(policy);
+      interaction = PyObject_GetAttr(thread_local, str_interaction);
+      if (interaction == NULL)
+        return -1;
+      r = PyObject_CallMethodObjArgs(interaction, str_checkPermission,
+                                     permission, object, NULL);
       Py_DECREF(interaction);
       if (r == NULL)
         return -1;
@@ -550,6 +542,7 @@
 
   INIT_STRING(checkPermission);
   INIT_STRING(__Security_checker__);
+  INIT_STRING(interaction);
 
   if ((_checkers = PyDict_New()) == NULL) 
     return;
@@ -563,10 +556,8 @@
   Py_DECREF(m);
 
   if ((m = PyImport_ImportModule("zope.security.management")) == NULL) return;
-  getSecurityPolicy = PyObject_GetAttrString(m, "getSecurityPolicy");
-  if (getSecurityPolicy == NULL) return;
-  queryInteraction = PyObject_GetAttrString(m, "queryInteraction");
-  if (queryInteraction == NULL) return;
+  thread_local = PyObject_GetAttrString(m, "thread_local");
+  if (thread_local == NULL) return;
   Py_DECREF(m);
 
   if ((m = PyImport_ImportModule("zope.exceptions")) == NULL) return;

Modified: Zope3/trunk/src/zope/security/checker.py
===================================================================
--- Zope3/trunk/src/zope/security/checker.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/checker.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -39,7 +39,7 @@
 from zope.interface.interfaces import IInterface, IDeclaration
 from zope.security.interfaces import IChecker, INameBasedChecker
 from zope.security.interfaces import ISecurityProxyFactory
-from zope.security.management import getSecurityPolicy, queryInteraction
+from zope.security.management import thread_local
 from zope.security._proxy import _Proxy as Proxy, getChecker
 from zope.exceptions import Unauthorized, ForbiddenAttribute, DuplicationError
 
@@ -130,10 +130,8 @@
         if permission is not None:
             if permission is CheckerPublic:
                 return # Public
-            policy = getSecurityPolicy()
-            interaction = queryInteraction()
-            if policy.checkPermission(permission, object, interaction):
-                return
+            if thread_local.interaction.checkPermission(permission, object):
+                return # allowed
             else:
                 __traceback_supplement__ = (TracebackSupplement, object)
                 raise Unauthorized(name, permission)
@@ -147,9 +145,7 @@
         if permission is not None:
             if permission is CheckerPublic:
                 return # Public
-            policy = getSecurityPolicy()
-            interaction = queryInteraction()
-            if policy.checkPermission(permission, object, interaction):
+            if thread_local.interaction.checkPermission(permission, object):
                 return
             else:
                 __traceback_supplement__ = (TracebackSupplement, object)

Modified: Zope3/trunk/src/zope/security/examples/sandbox_security.py
===================================================================
--- Zope3/trunk/src/zope/security/examples/sandbox_security.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/examples/sandbox_security.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -30,7 +30,7 @@
 """
 import sandbox
 from zope.security.interfaces import ISecurityPolicy, IParticipation
-from zope.security import checker, management, simpleinteraction
+from zope.security import checker, management, simplepolicies
 from zope.interface import implements
 
 
@@ -73,17 +73,13 @@
         }
 
 
-class SimulationSecurityPolicy(object):
+class SimulationSecurityPolicy(simplepolicies.ParanoidSecurityPolicy):
     """Security Policy during the Simulation.
 
     A very simple security policy that is specific to the simulations.
     """
 
-    implements(ISecurityPolicy)
-
-    createInteraction = staticmethod(simpleinteraction.createInteraction)
-
-    def checkPermission(self, permission, object, interaction):
+    def checkPermission(self, permission, object):
         """See zope.security.interfaces.ISecurityPolicy"""
         home = object.getHome()
         db = getattr(SimulationSecurityDatabase, home.getId(), None)
@@ -95,11 +91,10 @@
         if permission in allowed or ALL in allowed:
             return True
 
-        if interaction is None:
+        if not self.participations:
             return False
-        if not interaction.participations:
-            return False
-        for participation in interaction.participations:
+
+        for participation in self.participations:
             token = participation.principal.getAuthenticationToken()
             allowed = db.get(token, ())
             if permission not in allowed:
@@ -159,7 +154,7 @@
 
 def wire_security():
 
-    management.setSecurityPolicy(SimulationSecurityPolicy())
+    management.setSecurityPolicy(SimulationSecurityPolicy)
 
     checker.defineChecker(sandbox.Sandbox, sandbox_checker)
     checker.defineChecker(sandbox.TimeService, time_service_checker)

Modified: Zope3/trunk/src/zope/security/interfaces.py
===================================================================
--- Zope3/trunk/src/zope/security/interfaces.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/interfaces.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -135,27 +135,13 @@
 
 class ISecurityPolicy(Interface):
 
-    def createInteraction(participation=None):
+    def __call__(participation=None):
         """Creates a new interaction for a given request.
 
         If participation is not None, it is added to the new interaction.
-
-        TODO: perhaps this should be a separate interface IInteractionFactory,
-              and the factory registered by calling
-              ISecurityManagement.global setInteractionFactory(factory).
         """
 
-    def checkPermission(permission, object, interaction):
-        """Return whether security context allows permission on object.
 
-        Arguments:
-        permission -- A permission name
-        object -- The object being accessed according to the permission
-        interaction -- An interaction, which provides access to information
-            such as authenticated principals.
-        """
-
-
 class IInteraction(Interface):
     """A representation of an interaction between some actors and the system.
     """
@@ -168,13 +154,25 @@
     def remove(participation):
         """Remove a participation."""
 
+    def checkPermission(permission, object):
+        """Return whether security context allows permission on object.
 
+        Arguments:
+        permission -- A permission name
+        object -- The object being accessed according to the permission
+        """
+
+
 class IParticipation(Interface):
 
     interaction = Attribute("The interaction")
     principal = Attribute("The authenticated principal")
 
 
+class NoInteraction(Exception):
+    """No interaction started
+    """
+
 class IInteractionManagement(Interface):
     """Interaction management API.
 
@@ -192,9 +190,15 @@
     def queryInteraction():
         """Return the current interaction.
 
-        Returns None if there is no interaction.
+        Return None if there is no interaction.
         """
 
+    def getInteraction():
+        """Return the current interaction.
+
+        Raise NoInteraction if there isn't a current interaction.
+        """
+
     def endInteraction():
         """End the current interaction.
 

Modified: Zope3/trunk/src/zope/security/management.py
===================================================================
--- Zope3/trunk/src/zope/security/management.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/management.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -24,6 +24,7 @@
 from zope.interface import moduleProvides
 from zope.security.interfaces import ISecurityManagement
 from zope.security.interfaces import IInteractionManagement
+from zope.security.interfaces import NoInteraction
 from zope.testing.cleanup import addCleanUp
 import zope.thread
 
@@ -34,7 +35,7 @@
 
 def _clear():
     global _defaultPolicy
-    _defaultPolicy = ParanoidSecurityPolicy()
+    _defaultPolicy = ParanoidSecurityPolicy
 
 addCleanUp(_clear)
 
@@ -66,28 +67,60 @@
 #
 
 def queryInteraction():
-    """Get the current interaction."""
     return getattr(thread_local, 'interaction', None)
 
-def newInteraction(participation=None, _policy=None):
+def getInteraction():
+    """Get the current interaction."""
+    try:
+        return thread_local.interaction
+    except AttributeError:
+        raise NoInteraction
+
+def newInteraction(*participations):
     """Start a new interaction."""
+    
+    
     if queryInteraction() is not None:
         stack = queryInteraction()._newInteraction_called_from
         raise AssertionError("newInteraction called"
                              " while another interaction is active:\n%s"
                              % "".join(traceback.format_list(stack)))
-    interaction = getSecurityPolicy().createInteraction(participation)
+
+    interaction = getSecurityPolicy()(*participations)
+
     interaction._newInteraction_called_from = traceback.extract_stack()
     thread_local.interaction = interaction
 
 def endInteraction():
     """End the current interaction."""
-    thread_local.interaction = None
 
+    try:
+        del thread_local.interaction
+    except AttributeError:
+        pass
+
+
+def checkPermission(permission, object, interaction=None):
+    """Return whether security policy allows permission on object.
+
+    Arguments:
+    permission -- A permission name
+    object -- The object being accessed according to the permission
+    interaction -- An interaction, which provides access to information
+        such as authenticated principals.  If it is None, the current
+        interaction is used.
+
+    checkPermission is guaranteed to return True if permission is
+    CheckerPublic or None.
+    """
+    if interaction is None:
+        interaction = thread_local.interaction
+    return interaction.checkPermission(permission, object)
+
 addCleanUp(endInteraction)
 
 
 # circular imports are not fun
 
 from zope.security.simplepolicies import ParanoidSecurityPolicy
-_defaultPolicy = ParanoidSecurityPolicy()
+_defaultPolicy = ParanoidSecurityPolicy

Deleted: Zope3/trunk/src/zope/security/simpleinteraction.py
===================================================================
--- Zope3/trunk/src/zope/security/simpleinteraction.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/simpleinteraction.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -1,50 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Define Zope's default interaction class
-
-$Id$
-"""
-import sets
-
-from zope.interface import implements
-from zope.security.interfaces import IInteraction
-
-class Interaction(object):
-    implements(IInteraction)
-
-    def __init__(self):
-        self.participations = []
-
-    def add(self, participation):
-        if participation.interaction is not None:
-            raise ValueError("%r already belongs to an interaction"
-                             % participation)
-        participation.interaction = self
-        self.participations.append(participation)
-
-    def remove(self, participation):
-        if participation.interaction is not self:
-            raise ValueError("%r does not belong to this interaction"
-                             % participation)
-        self.participations.remove(participation)
-        participation.interaction = None
-
-
-def createInteraction(participation=None):
-    """A helper for implementing ISecurityPolicy.createInteraction"""
-    interaction = Interaction()
-    if participation is not None:
-        interaction.add(participation)
-    return interaction
-

Modified: Zope3/trunk/src/zope/security/simplepolicies.py
===================================================================
--- Zope3/trunk/src/zope/security/simplepolicies.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/simplepolicies.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -15,39 +15,47 @@
 
 $Id$
 """
-from zope.interface import implements
-from zope.security.interfaces import ISecurityPolicy
+import zope.interface
+from zope.security.checker import CheckerPublic
+from zope.security.interfaces import IInteraction, ISecurityPolicy
 from zope.security.management import system_user
-from zope.security.simpleinteraction import createInteraction \
-                                            as _createInteraction
-import zope.security.checker
 
 class ParanoidSecurityPolicy(object):
-    """Deny all access."""
-    implements(ISecurityPolicy)
+    zope.interface.implements(IInteraction)
+    zope.interface.classProvides(ISecurityPolicy)
 
-    createInteraction = staticmethod(_createInteraction)
+    def __init__(self, *participations):
+        self.participations = []
+        for participation in participations:
+            self.add(participation)
 
-    def checkPermission(self, permission, object, interaction):
-        if permission is zope.security.checker.CheckerPublic:
-            return True
+    def add(self, participation):
+        if participation.interaction is not None:
+            raise ValueError("%r already belongs to an interaction"
+                             % participation)
+        participation.interaction = self
+        self.participations.append(participation)
 
-        if interaction is None:
-            return False
+    def remove(self, participation):
+        if participation.interaction is not self:
+            raise ValueError("%r does not belong to this interaction"
+                             % participation)
+        self.participations.remove(participation)
+        participation.interaction = None
 
-        users = [p.principal for p in interaction.participations]
-        if len(users) == 1 and users[0] is system_user:
-            return True # Nobody not to trust!
+    def checkPermission(self, permission, object):
+        if permission is CheckerPublic:
+            return True
 
-        return False
+        users = [p.principal
+                 for p in self.participations
+                 if p.principal is not system_user]
 
+        return not users
 
-class PermissiveSecurityPolicy(object):
+class PermissiveSecurityPolicy(ParanoidSecurityPolicy):
     """Allow all access."""
-    implements(ISecurityPolicy)
+    zope.interface.classProvides(ISecurityPolicy)
 
-    createInteraction = staticmethod(_createInteraction)
-
-    def checkPermission(self, permission, object, interaction):
+    def checkPermission(self, permission, object):
         return True
-

Modified: Zope3/trunk/src/zope/security/tests/test_checker.py
===================================================================
--- Zope3/trunk/src/zope/security/tests/test_checker.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/tests/test_checker.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -22,7 +22,7 @@
 from zope.testing.cleanup import CleanUp
 from zope.security.interfaces import ISecurityPolicy
 from zope.exceptions import Forbidden, Unauthorized, ForbiddenAttribute
-from zope.security.management import setSecurityPolicy
+from zope.security.management import setSecurityPolicy, newInteraction, endInteraction, getInteraction
 from zope.proxy import getProxiedObject
 from zope.security.proxy import getChecker
 from zope.security.checker import defineChecker, ProxyFactory
@@ -32,7 +32,7 @@
 class SecurityPolicy(object):
     implements(ISecurityPolicy)
 
-    def checkPermission(self, permission, object, interaction):
+    def checkPermission(self, permission, object):
         'See ISecurityPolicy'
         return permission == 'test_allowed'
 
@@ -43,7 +43,7 @@
         self._checked = []
         self.permissions = {}
 
-    def checkPermission(self, permission, object, interaction):
+    def checkPermission(self, permission, object):
         'See ISecurityPolicy'
         self._checked.append(permission)
         return self.permissions.get(permission, True)
@@ -98,9 +98,11 @@
 
     def setUp(self):
         CleanUp.setUp(self)
-        self.__oldpolicy = setSecurityPolicy(SecurityPolicy())
+        self.__oldpolicy = setSecurityPolicy(SecurityPolicy)
+        newInteraction()
 
     def tearDown(self):
+        endInteraction()
         setSecurityPolicy(self.__oldpolicy)
         CleanUp.tearDown(self)
 
@@ -378,36 +380,39 @@
 class TestMixinDecoratedChecker(TestCase):
 
     def decoratedSetUp(self):
-        self.policy = RecordedSecurityPolicy()
+        self.policy = RecordedSecurityPolicy
         self._oldpolicy = setSecurityPolicy(self.policy)
+        newInteraction()
+        self.interaction = getInteraction()
         self.obj = object()
 
     def decoratedTearDown(self):
+        endInteraction()
         setSecurityPolicy(self._oldpolicy)
 
     def check_checking_impl(self, checker):
         o = self.obj
         checker.check_getattr(o, 'both_get_set')
-        self.assert_(self.policy.checkChecked(['dc_get_permission']))
+        self.assert_(self.interaction.checkChecked(['dc_get_permission']))
         checker.check_getattr(o, 'c_only')
-        self.assert_(self.policy.checkChecked(['get_permission']))
+        self.assert_(self.interaction.checkChecked(['get_permission']))
         checker.check_getattr(o, 'd_only')
-        self.assert_(self.policy.checkChecked(['dc_get_permission']))
+        self.assert_(self.interaction.checkChecked(['dc_get_permission']))
         self.assertRaises(ForbiddenAttribute,
                           checker.check_getattr, o,
                           'completely_different_attr')
-        self.assert_(self.policy.checkChecked([]))
+        self.assert_(self.interaction.checkChecked([]))
         checker.check(o, '__str__')
-        self.assert_(self.policy.checkChecked(['get_permission']))
+        self.assert_(self.interaction.checkChecked(['get_permission']))
 
         checker.check_setattr(o, 'both_get_set')
-        self.assert_(self.policy.checkChecked(['dc_set_permission']))
+        self.assert_(self.interaction.checkChecked(['dc_set_permission']))
         self.assertRaises(ForbiddenAttribute,
                           checker.check_setattr, o, 'c_only')
-        self.assert_(self.policy.checkChecked([]))
+        self.assert_(self.interaction.checkChecked([]))
         self.assertRaises(ForbiddenAttribute,
                           checker.check_setattr, o, 'd_only')
-        self.assert_(self.policy.checkChecked([]))
+        self.assert_(self.interaction.checkChecked([]))
 
     originalChecker = NamesChecker(['both_get_set', 'c_only', '__str__'],
                                    'get_permission')
@@ -437,10 +442,10 @@
         # When a permission is not authorized by the security policy,
         # the policy is queried twice per check_getattr -- once for each
         # checker.
-        self.policy.permissions['dc_get_permission'] = False
+        self.interaction.permissions['dc_get_permission'] = False
         cc.check_getattr(self.obj, 'both_get_set')
         self.assert_(
-            self.policy.checkChecked(['dc_get_permission', 'get_permission'])
+            self.interaction.checkChecked(['dc_get_permission', 'get_permission'])
             )
 
         # This should raise Unauthorized instead of ForbiddenAttribute, since

Modified: Zope3/trunk/src/zope/security/tests/test_management.py
===================================================================
--- Zope3/trunk/src/zope/security/tests/test_management.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/tests/test_management.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -37,7 +37,7 @@
         from zope.security.management import getSecurityPolicy
         from zope.security.simplepolicies import PermissiveSecurityPolicy
 
-        policy = PermissiveSecurityPolicy()
+        policy = PermissiveSecurityPolicy
         setSecurityPolicy(policy)
         self.assert_(getSecurityPolicy() is policy)
 
@@ -47,11 +47,10 @@
 
         from zope.security.management import newInteraction
 
-        rq = None
-        newInteraction(rq)
+        newInteraction()
 
         self.assert_(queryInteraction() is not None)
-        self.assertRaises(AssertionError, newInteraction, rq)
+        self.assertRaises(AssertionError, newInteraction)
 
         from zope.security.management import endInteraction
 
@@ -68,25 +67,22 @@
 
         permission = 'zope.Test'
         obj = object()
-        interaction = object()
 
         class InteractionStub(object):
             pass
 
         class PolicyStub(object):
-            def createInteraction(s, r):
-                return InteractionStub()
 
-            def checkPermission(s, p, o, i):
+            def checkPermission(s, p, o,):
                 self.assert_(p is permission)
                 self.assert_(o is obj)
-                self.assert_(i is queryInteraction() or i is interaction)
-                return i is interaction
+                self.assert_(s is queryInteraction() or s is interaction)
+                return s is interaction
 
-        setSecurityPolicy(PolicyStub())
-        newInteraction(None)
-        self.assertEquals(checkPermission(permission, obj), False)
-        self.assertEquals(checkPermission(permission, obj, interaction), True)
+        setSecurityPolicy(PolicyStub)
+        newInteraction()
+        interaction = queryInteraction()
+        self.assertEquals(checkPermission(permission, obj), True)
 
 
 def test_suite():

Modified: Zope3/trunk/src/zope/security/tests/test_simpleinteraction.py
===================================================================
--- Zope3/trunk/src/zope/security/tests/test_simpleinteraction.py	2004-07-16 19:35:39 UTC (rev 26590)
+++ Zope3/trunk/src/zope/security/tests/test_simpleinteraction.py	2004-07-16 19:51:26 UTC (rev 26591)
@@ -18,8 +18,9 @@
 import unittest
 
 from zope.interface.verify import verifyObject
+from zope.security.interfaces import IInteraction
+from zope.security.simplepolicies import ParanoidSecurityPolicy
 
-
 class RequestStub(object):
 
     def __init__(self, principal=None):
@@ -30,15 +31,12 @@
 class TestInteraction(unittest.TestCase):
 
     def test(self):
-        from zope.security.interfaces import IInteraction
-        from zope.security.simpleinteraction import Interaction
-        interaction = Interaction()
+        interaction = ParanoidSecurityPolicy()
         verifyObject(IInteraction, interaction)
 
     def test_add(self):
-        from zope.security.simpleinteraction import Interaction
         rq = RequestStub()
-        interaction = Interaction()
+        interaction = ParanoidSecurityPolicy()
         interaction.add(rq)
         self.assert_(rq in interaction.participations)
         self.assert_(rq.interaction is interaction)
@@ -46,13 +44,12 @@
         # rq already added
         self.assertRaises(ValueError, interaction.add, rq)
 
-        interaction2 = Interaction()
+        interaction2 = ParanoidSecurityPolicy()
         self.assertRaises(ValueError, interaction2.add, rq)
 
     def test_remove(self):
-        from zope.security.simpleinteraction import Interaction
         rq = RequestStub()
-        interaction = Interaction()
+        interaction = ParanoidSecurityPolicy()
 
         self.assertRaises(ValueError, interaction.remove, rq)
 
@@ -63,15 +60,13 @@
         self.assert_(rq.interaction is None)
 
     def testCreateInteraction(self):
-        from zope.security.interfaces import IInteraction
-        from zope.security.simpleinteraction import createInteraction
-        i1 = createInteraction()
+        i1 = ParanoidSecurityPolicy()
         verifyObject(IInteraction, i1)
         self.assertEquals(list(i1.participations), [])
 
         user = object()
         request = RequestStub(user)
-        i2 = createInteraction(request)
+        i2 = ParanoidSecurityPolicy(request)
         verifyObject(IInteraction, i2)
         self.assertEquals(list(i2.participations), [request])
 



More information about the Zope3-Checkins mailing list