[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - _protections.py:1.1.2.1 __init__.py:1.1.2.4.6.1 metaConfigure.py:1.1.2.25.6.1 protectClass.py:1.1.2.12.6.2 security-meta.zcml:1.1.2.2.14.1 ISecurityContext.py:NONE ISecurityManagement.py:NONE ISecurityManager.py:NONE ISecurityPolicy.py:NONE SecurityContext.py:NONE SecurityManagement.py:NONE SecurityManager.py:NONE SimpleSecurityPolicies.py:NONE

Jim Fulton jim@zope.com
Sat, 27 Apr 2002 12:59:21 -0400


Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv26931/lib/python/Zope/App/Security

Modified Files:
      Tag: SecurityProxy-branch
	__init__.py metaConfigure.py protectClass.py 
	security-meta.zcml 
Added Files:
      Tag: SecurityProxy-branch
	_protections.py 
Removed Files:
      Tag: SecurityProxy-branch
	ISecurityContext.py ISecurityManagement.py ISecurityManager.py 
	ISecurityPolicy.py SecurityContext.py SecurityManagement.py 
	SecurityManager.py SimpleSecurityPolicies.py 
Log Message:
Moved security management modules to Zope.Security.

Added like_unto attribute to protect class so you can say that a class
has the same protections as another class::

  <security:protectClass name=".RootFolder." like_unto=".Folder." />

Added some additional calls to removeAllProxies in some component
lookup code while debugging integration of new security model.

Added protections for BTree types.


=== Added File Zope3/lib/python/Zope/App/Security/_protections.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
# 
##############################################################################
"""Register protection information for some standard low-level types

Revision information:
$Id: _protections.py,v 1.1.2.1 2002/04/27 16:58:50 jim Exp $
"""

def protect():
    from Zope.Security.Checker import \
         defineChecker, getCheckerForInstancesOf, NamesChecker
    import Persistence.BTrees


    def _protect(which):
        __import__('Persistence.BTrees.%sBTree' % which)
        module = getattr(Persistence.BTrees, "%sBTree" % which)
        
        defineChecker(getattr(module, '%sBTree' % which),
                      getCheckerForInstancesOf(dict))
        defineChecker(getattr(module, '%sBucket' % which),
                      getCheckerForInstancesOf(dict))
        defineChecker(getattr(module, '%sSet' % which),
                      NamesChecker(['__getitem__', '__len__', 'has_key',
                                    '__repr__', '__str__',
                                    'keys', 'maxKey', 'minKey']
                                   )
                      )
        defineChecker(getattr(module, '%sTreeSet' % which),
                      NamesChecker(['__len__', 'has_key',
                                   '__repr__', '__str__',
                                   'keys', 'maxKey', 'minKey']
                                   )
                      )
        items = getattr(module, '%sBTree' % which)().keys()
        defineChecker(type(items),
                      getCheckerForInstancesOf(tuple))
        
        
    for which in 'OO', 'II', 'OI', 'IO':
        _protect(which)

    
                      


=== Zope3/lib/python/Zope/App/Security/__init__.py 1.1.2.4 => 1.1.2.4.6.1 ===
 ##############################################################################
 """ Zope Security Architecture """
+
+# Register some standard types
+import _protections
+_protections.protect()
+del _protections


=== Zope3/lib/python/Zope/App/Security/metaConfigure.py 1.1.2.25 => 1.1.2.25.6.1 ===
 from PermissionRegistry import permissionRegistry as perm_reg
 from RoleRegistry import roleRegistry as role_reg
-from SecurityManager import setSecurityPolicy
+from Zope.Security.SecurityManager import setSecurityPolicy
 from PrincipalRegistry import principalRegistry
 from RolePermissionManager import rolePermissionManager as role_perm_mgr
 from PrincipalPermissionManager import principalPermissionManager \


=== Zope3/lib/python/Zope/App/Security/protectClass.py 1.1.2.12.6.1 => 1.1.2.12.6.2 ===
 from Zope.Configuration.ConfigurationDirectiveInterfaces \
      import INonEmptyDirective
+from Zope.Configuration.Action import Action
 
 from Zope.Security.Checker import defineChecker, getCheckerForInstancesOf
 from Zope.Security.Checker import Checker, CheckerPublic
@@ -34,12 +35,14 @@
     __class_implements__ = INonEmptyDirective    
     
     def __init__(self, _context, name, permission_id=None, interface=None,
-                 names=None):
+                 names=None, like_unto=None):
         self.__class = _context.resolve(name)
         self.__name = name
         self.__permission_id = permission_id
+        self.__like_unto = like_unto
         self.__context = _context
-        self.__r = self.protect(_context, permission_id, interface, names)
+        self.__r = self.protect(_context, permission_id, interface, names,
+                                like_unto)
 
     # ._getPermission() is handy for subclassing with different permission
     # policy, eg publicClass.
@@ -56,16 +59,19 @@
             return permission_id
 
     def protect(self, _context, permission_id=None, interface=None,
-                names=None):
+                names=None, like_unto=None):
         "Protect a specific aspect"
 
-        self.__empty = 0
+        r = []
+
+        if like_unto:
+            self.__protectLikeUnto(like_unto, r)
 
         if not (interface or names):
-            return []
+            return r
+        
         permission_id = self._getPermission(permission_id)
 
-        r = []
 
         if interface:
             self.__protectByInterface(interface, permission_id, r)
@@ -91,6 +97,16 @@
         for n, d in interface.namesAndDescriptions(1):
             self.__protectName(n, permission_id, r)
 
+    def __protectLikeUnto(self, like_unto, r):
+        "Set a permission on names in an interface."
+        like_unto = self.__context.resolve(like_unto)
+        r.append(
+            Action(discriminator=('protectLikeUnto', self.__class, object()),
+                   callable=protectLikeUnto,
+                   args=(self.__class, like_unto),
+                   )
+            )
+
     def __call__(self):
         "Handle empty/simple declaration."
         return self.__r
@@ -109,10 +125,31 @@
         checker = Checker({}.get)
         defineChecker(class_, checker)
 
-    # OK, so it's a hack.
-    names = checker.getPermission_func().__self__
     if permission_id == 'Zope.Public':
         # Translate public permission to CheckerPublic
         permission_id = CheckerPublic
+
+    # OK, so it's a hack.
+    protections = checker.getPermission_func().__self__    
+    protections[name] = permission_id
+
+def protectLikeUnto(class_, like_unto):
+    """Use the protections from like_unto for class_
+    """
     
-    names[name] = permission_id
+    unto_checker = getCheckerForInstancesOf(like_unto)
+    if unto_checker is None:
+        return
+
+    # OK, so it's a hack.
+    unto_protections = unto_checker.getPermission_func().__self__
+    
+    checker = getCheckerForInstancesOf(class_)
+    if checker is None:
+        checker = Checker({}.get)
+        defineChecker(class_, checker)
+
+    # OK, so it's a hack.
+    protections = checker.getPermission_func().__self__
+    for name in unto_protections:
+        protections[name] = unto_protections[name]


=== Zope3/lib/python/Zope/App/Security/security-meta.zcml 1.1.2.2 => 1.1.2.2.14.1 ===
       <subdirective name="protect"
                     attributes="permission_id, interface, methods" />
-      <subdirective name="instances" attributes="permission_id" />
       </directive>
     <directive name="publicClass" attributes="name, interface, methods"
                handler="Zope.App.Security.publicClass." />

=== Removed File Zope3/lib/python/Zope/App/Security/ISecurityContext.py ===

=== Removed File Zope3/lib/python/Zope/App/Security/ISecurityManagement.py ===

=== Removed File Zope3/lib/python/Zope/App/Security/ISecurityManager.py ===

=== Removed File Zope3/lib/python/Zope/App/Security/ISecurityPolicy.py ===

=== Removed File Zope3/lib/python/Zope/App/Security/SecurityContext.py ===

=== Removed File Zope3/lib/python/Zope/App/Security/SecurityManagement.py ===

=== Removed File Zope3/lib/python/Zope/App/Security/SecurityManager.py ===

=== Removed File Zope3/lib/python/Zope/App/Security/SimpleSecurityPolicies.py ===