[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - AnnotationPrincipalPermissionManager.py:1.2 AnnotationPrincipalRoleManager.py:1.2 AnnotationRolePermissionManager.py:1.2 BasicAuthAdapter.py:1.2 BasicVFSAuthAdapter.py:1.2 Exceptions.py:1.2 IAuthenticationService.py:1.2 ILoginPassword.py:1.2 IPermission.py:1.2 IPermissionGroup.py:1.2 IPermissionGroupService.py:1.2 IPermissionService.py:1.2 IPrincipal.py:1.2 IPrincipalPermissionManager.py:1.2 IPrincipalPermissionMap.py:1.2 IPrincipalRoleManager.py:1.2 IPrincipalRoleMap.py:1.2 IRegisteredObject.py:1.2 IRole.py:1.2 IRolePermissionManager.py:1.2 IRolePermissionMap.py:1.2 IRoleService.py:1.2 LocalSecurityMap.py:1.2 LoginPassword.py:1.2 PermissionRegistry.py:1.2 PrincipalPermissionManager.py:1.2 PrincipalPermissionView.py:1.2 PrincipalRegistry.py:1.2 PrincipalRoleManager.py:1.2 PrincipalRoleView.py:1.2 RegisteredObject.py:1.2 Registry.py:1.2 RolePermissionManager.py:1.2 RolePermissionView.py:1.2 RoleRegistry.py:1.2 SecurityMap.py:! 1.2 Settings.py:1.2 Zope3RoleManagement.py:1.2 ZopeSecurityPolicy.py:1.2 __init__.py:1.2 _protections.py:1.2 metaConfigure.py:1.2 protectClass.py:1.2 security-meta.zcml:1.2 security.zcml:1.2

Jim Fulton jim@zope.com
Mon, 10 Jun 2002 19:28:51 -0400


Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv17445/lib/python/Zope/App/Security

Added Files:
	AnnotationPrincipalPermissionManager.py 
	AnnotationPrincipalRoleManager.py 
	AnnotationRolePermissionManager.py BasicAuthAdapter.py 
	BasicVFSAuthAdapter.py Exceptions.py IAuthenticationService.py 
	ILoginPassword.py IPermission.py IPermissionGroup.py 
	IPermissionGroupService.py IPermissionService.py IPrincipal.py 
	IPrincipalPermissionManager.py IPrincipalPermissionMap.py 
	IPrincipalRoleManager.py IPrincipalRoleMap.py 
	IRegisteredObject.py IRole.py IRolePermissionManager.py 
	IRolePermissionMap.py IRoleService.py LocalSecurityMap.py 
	LoginPassword.py PermissionRegistry.py 
	PrincipalPermissionManager.py PrincipalPermissionView.py 
	PrincipalRegistry.py PrincipalRoleManager.py 
	PrincipalRoleView.py RegisteredObject.py Registry.py 
	RolePermissionManager.py RolePermissionView.py RoleRegistry.py 
	SecurityMap.py Settings.py Zope3RoleManagement.py 
	ZopeSecurityPolicy.py __init__.py _protections.py 
	metaConfigure.py protectClass.py security-meta.zcml 
	security.zcml 
Log Message:
Merged Zope-3x-branch into newly forked Zope3 CVS Tree.


=== Zope3/lib/python/Zope/App/Security/AnnotationPrincipalPermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Mappings between principals and permissions, stored in an object locally."""
+
+from Zope.ComponentArchitecture import getAdapter
+from Zope.App.OFS.Annotation.IAnnotations import IAnnotations
+from Zope.App.Security.IPrincipalPermissionManager \
+     import IPrincipalPermissionManager
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny, Unset
+
+annotation_key = 'Zope.App.Security.AnnotationPrincipalPermissionManager'
+
+class AnnotationPrincipalPermissionManager:
+    """Mappings between principals and permissions."""
+
+    __implements__ = IPrincipalPermissionManager
+
+    def __init__(self, context):
+        self._context = context
+
+    def grantPermissionToPrincipal(self, permission_id, principal_id):
+        ''' See the interface IPrincipalPermissionManager '''
+        pp = self._getPrincipalPermissions(create=1)
+        pp.addCell(permission_id, principal_id, Allow)
+        self._context._p_changed = 1
+
+    def denyPermissionToPrincipal(self, permission_id, principal_id):
+        ''' See the interface IPrincipalPermissionManager '''
+        pp = self._getPrincipalPermissions(create=1)
+        pp.addCell(permission_id, principal_id, Deny)
+        self._context._p_changed = 1
+
+    def unsetPermissionForPrincipal(self, permission_id, principal_id):
+        ''' See the interface IPrincipalPermissionManager '''
+        pp = self._getPrincipalPermissions()
+        # Only unset if there is a security map, otherwise, we're done
+        if pp:
+            pp.delCell(permission_id, principal_id)
+            self._context._p_changed = 1
+
+    def getPrincipalsForPermission(self, permission_id):
+        ''' See the interface IPrincipalPermissionManager '''
+        pp = self._getPrincipalPermissions()
+        if pp: 
+            return pp.getRow(permission_id)
+        return []
+
+    def getPermissionsForPrincipal(self, principal_id):
+        ''' See the interface IPrincipalPermissionManager '''
+        pp = self._getPrincipalPermissions()
+        if pp: 
+            return pp.getCol(principal_id)
+        return []
+
+    def getSetting(self, permission_id, principal_id):
+        ''' See the interface IPrincipalPermissionManager '''
+        pp = self._getPrincipalPermissions()
+        if pp: 
+            return pp.getCell(permission_id, principal_id, default=Unset)
+        return []
+
+    def getPrincipalsAndPermissions(self):
+        ''' See the interface IPrincipalPermissionManager '''
+        pp = self._getPrincipalPermissions()
+        if pp: 
+            return pp.getAllCells()
+        return []
+
+    # Implementation helpers
+
+    def _getPrincipalPermissions(self, create=0):
+        """ Get the principal permission map stored in the context, optionally
+            creating one if necessary """
+        # need to remove security proxies here, otherwise we enter
+        # an infinite loop, becuase checking security depends on
+        # getting PrincipalPermissions.
+        from Zope.Proxy.ProxyIntrospection import removeAllProxies
+        context = removeAllProxies(self._context)
+        annotations = getAdapter(context, IAnnotations)
+        try:
+            return annotations[annotation_key]
+        except KeyError:
+            if create:
+                rp = annotations[annotation_key] = LocalSecurityMap()
+                return rp
+        return None


=== Zope3/lib/python/Zope/App/Security/AnnotationPrincipalRoleManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Mappings between principals and roles, stored in an object locally."""
+
+from Zope.ComponentArchitecture import getAdapter
+from Zope.App.OFS.Annotation.IAnnotations import IAnnotations
+from Zope.App.Security.IPrincipalRoleManager \
+     import IPrincipalRoleManager
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Assign, Remove, Unset
+
+annotation_key = 'Zope.App.Security.AnnotationPrincipalRoleManager'
+
+class AnnotationPrincipalRoleManager:
+    """Mappings between principals and roles."""
+
+    __implements__ = IPrincipalRoleManager
+
+    def __init__(self, context):
+        self._context = context
+
+    def assignRoleToPrincipal(self, role_id, principal_id):
+        ''' See the interface IPrincipalRoleManager '''
+        pp = self._getPrincipalRoles(create=1)
+        pp.addCell(role_id, principal_id, Assign)
+        self._context._p_changed = 1
+
+    def removeRoleFromPrincipal(self, role_id, principal_id):
+        ''' See the interface IPrincipalRoleManager '''
+        pp = self._getPrincipalRoles(create=1)
+        pp.addCell(role_id, principal_id, Remove)
+        self._context._p_changed = 1
+
+    def unsetRoleForPrincipal(self, role_id, principal_id):
+        ''' See the interface IPrincipalRoleManager '''
+        pp = self._getPrincipalRoles()
+        # Only unset if there is a security map, otherwise, we're done
+        if pp:
+            pp.delCell(role_id, principal_id)
+            self._context._p_changed = 1
+
+    def getPrincipalsForRole(self, role_id):
+        ''' See the interface IPrincipalRoleManager '''
+        pp = self._getPrincipalRoles()
+        if pp: 
+            return pp.getRow(role_id)
+        return []
+
+    def getRolesForPrincipal(self, principal_id):
+        ''' See the interface IPrincipalRoleManager '''
+        pp = self._getPrincipalRoles()
+        if pp: 
+            return pp.getCol(principal_id)
+        return []
+
+    def getSetting(self, role_id, principal_id):
+        ''' See the interface IPrincipalRoleManager '''
+        pp = self._getPrincipalRoles()
+        if pp: 
+            return pp.getCell(role_id, principal_id, default=Unset)
+        return Unset
+
+    def getPrincipalsAndRoles(self):
+        ''' See the interface IPrincipalRoleManager '''
+        pp = self._getPrincipalRoles()
+        if pp:
+            return pp.getAllCells()
+        return []
+
+    # Implementation helpers
+
+    def _getPrincipalRoles(self, create=0):
+        """ Get the principal role map stored in the context, optionally
+            creating one if necessary """
+        annotations = getAdapter(self._context, IAnnotations)
+        try:
+            return annotations[annotation_key]
+        except KeyError:
+            if create:
+                rp = annotations[annotation_key] = LocalSecurityMap()
+                return rp
+        return None


=== Zope3/lib/python/Zope/App/Security/AnnotationRolePermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""
+
+$Id$
+"""
+
+from Zope.ComponentArchitecture import getAdapter
+from Zope.App.OFS.Annotation.IAnnotations import IAnnotations
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny, Unset
+
+annotation_key = 'Zope.App.Security.AnnotationRolePermissionManager'
+
+class AnnotationRolePermissionManager:
+    """
+    provide adapter that manages role permission data in an object attribute
+    """
+
+    __implements__ = IRolePermissionManager
+
+    def __init__(self, context):
+        self._context = context
+
+    def grantPermissionToRole(self, permission_id, role_id):
+        ''' See the interface IRolePermissionManager '''
+        rp = self._getRolePermissions(create=1)
+        rp.addCell(permission_id, role_id, Allow)
+        # probably not needed, as annotations should manage
+        # their own persistence
+        #self._context._p_changed = 1
+
+    def denyPermissionToRole(self, permission_id, role_id):
+        ''' See the interface IRolePermissionManager '''
+        rp = self._getRolePermissions(create=1)
+        rp.addCell(permission_id, role_id, Deny)
+        # probably not needed, as annotations should manage
+        # their own persistence
+        #self._context._p_changed = 1
+
+    def unsetPermissionFromRole(self, permission_id, role_id):
+        ''' See the interface IRolePermissionManager '''
+        rp = self._getRolePermissions()
+        # Only unset if there is a security map, otherwise, we're done
+        if rp:
+            rp.delCell(permission_id, role_id)
+            # probably not needed, as annotations should manage
+            # their own persistence
+            #self._context._p_changed = 1
+
+    def getRolesForPermission(self, permission_id):
+        '''See interface IRolePermissionMap'''
+        rp = self._getRolePermissions()
+        if rp:
+            return rp.getRow(permission_id)
+        else:
+            return []
+
+    def getPermissionsForRole(self, role_id):
+        '''See interface IRolePermissionMap'''
+        rp = self._getRolePermissions()
+        if rp:
+            return rp.getCol(role_id)
+        else:
+            return []
+
+    def getRolesAndPermissions(self):
+        '''See interface IRolePermissionMap'''
+        rp = self._getRolePermissions()
+        if rp:
+            return rp.getAllCells(role_id)
+        else:
+            return []
+
+    def getSetting(self, permission_id, role_id):
+        '''See interface IRolePermissionMap'''
+        rp = self._getRolePermissions()
+        if rp:
+            return rp.getCell(permission_id, role_id)
+        else:
+            return Unset
+
+    def _getRolePermissions(self, create=0):
+        """Get the role permission map stored in the context, optionally
+           creating one if necessary"""
+        # need to remove security proxies here, otherwise we enter
+        # an infinite loop, becuase checking security depends on
+        # getting RolePermissions.
+        from Zope.Proxy.ProxyIntrospection import removeAllProxies
+        context = removeAllProxies(self._context)
+        annotations = getAdapter(context, IAnnotations)
+        try:
+            return annotations[annotation_key]
+        except KeyError:
+            if create:
+                rp = annotations[annotation_key] = LocalSecurityMap()
+                return rp
+        return None
+


=== Zope3/lib/python/Zope/App/Security/BasicAuthAdapter.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+# HTTP Basic Authentication adapter
+
+from Zope.Publisher.HTTP.IHTTPCredentials import IHTTPCredentials
+from LoginPassword import LoginPassword
+
+class BasicAuthAdapter(LoginPassword):
+
+    __used_for__ = IHTTPCredentials
+
+    __request = None
+
+    def __init__(self, request):
+        self.__request = request
+        # XXX base64 decoding should be done here, not in request
+        lpw = request._authUserPW()
+        if lpw is None:
+            login, password = None, None
+        else:
+            login, password = lpw
+        LoginPassword.__init__(self, login, password)
+
+    def needLogin(self, realm):
+        self.__request.unauthorized("basic realm=%s" % realm)


=== Zope3/lib/python/Zope/App/Security/BasicVFSAuthAdapter.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+# HTTP Basic Authentication adapter
+
+from Zope.Publisher.VFS.IVFSCredentials import IVFSCredentials
+from LoginPassword import LoginPassword
+
+class BasicVFSAuthAdapter(LoginPassword):
+
+    __used_for__ = IVFSCredentials
+
+    __request = None
+
+    def __init__(self, request):
+        self.__request = request
+        # XXX base64 decoding should be done here, not in request
+        lpw = request._authUserPW()
+        if lpw is None:
+            login, password = None, None
+        else:
+            login, password = lpw
+        LoginPassword.__init__(self, login, password)
+
+    def needLogin(self, realm):
+        self.__request.unauthorized("Did not work")


=== Zope3/lib/python/Zope/App/Security/Exceptions.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""
+
+Revision information:
+$Id$
+"""
+
+class UndefinedPermissionError(Exception):
+    """Somebody tried to use a permission before it was defined.
+    """


=== Zope3/lib/python/Zope/App/Security/IAuthenticationService.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""
+
+$Id$
+"""
+
+from Interface import Interface
+
+class IAuthenticationService(Interface):
+    """
+    Provide support for establishing principals for requests and for
+    performing protocol-specific actions, such as issuing challenges
+    or providing login interfaces.
+    
+    IAuthenticationService objects are used to implement
+    authentication services. Because they implement services, they are
+    expected to collaborate with services in other contexts. Client
+    code doesn't sarch a context and call multiple services. Instead,
+    client code will call the most specific service in a place and
+    rely on the service to delegate to other services as necessary.
+    
+    The interface doesn't include methods for data
+    management. Services may use external data and not allow
+    management in Zope. Simularly, the data to be managed may vary
+    with different implementations of a service.
+    """    
+
+    def authenticate(request):
+        """
+        
+        Indentify a principal for a request
+
+        If a principal can be identified, then return the
+        principal id. Otherwise, return None.
+
+        The request object is fairly opaque. We may decide
+        that it implements some generic request interface.
+
+        Implementation note
+
+        It is likely that the component will dispatch
+        to another component based on the actual
+        request interface. This will allow different
+        kinds of requests to be handled correctly.
+
+        For example, a component that authenticates
+        based on user names and passwords might request
+        an adapter for the request as in::
+
+          getpw=getAdapter(request,
+                       ILoginPassword, place=self)
+
+        The place keyword argument is used to control
+        where the ILoginPassword component is
+        searched for. This is necessary because
+        requests are placeless.
+        """
+
+    def defaultPrincipal():
+        """
+        Return the id of the default principal, if one is defined;
+        return None if no default principal is defined.
+        """
+        
+    def unauthorized(id, request):
+        """
+        Signal an authorization failure
+        
+        This method is called when an auhorization problem
+        occurs. It can perform a variety of actions, such
+        as issuing an HTTP authentication challenge or
+        displaying a login interface.
+        
+        Note that the authentication service nearest to the
+        requested resource is called. It is up to
+        authentication service implementations to
+        colaborate with services higher in the object
+        hierarchy.
+        
+        If no principal has been identified, id will be
+        None.
+        """
+
+    def getPrincipal(id):
+        """
+        Get principal meta-data
+
+        Returns an object of type IPrincipal for the given principal
+        id. A NotFoundErrorx is raised if the principal cannot be
+        found.
+
+        Note that the authentication service nearest to the requested
+        resource is called. It is up to authentication service
+        implementations to colaborate with services higher in the
+        object hierarchy.
+        """
+
+    def getPrincipals(name):
+        """
+        Get principals with matching names.
+
+        Get a iterable object with the principals with names that are
+        similar to (e.g. contain) the given name.
+        """
+


=== Zope3/lib/python/Zope/App/Security/ILoginPassword.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+from Interface import Interface
+
+class ILoginPassword(Interface):
+
+    def getLogin():
+        """Return login name, or None if no login name found."""
+
+    def getPassword():
+        """Return password, or None if no login name found.
+        If there's a login but no password, return empty string."""
+
+    def needLogin(realm):
+        """Indicate that a login is needed.  The realm argument
+        is the name of the principal registry."""


=== Zope3/lib/python/Zope/App/Security/IPermission.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+from Zope.App.Security.IRegisteredObject import IRegisteredObject
+
+class IPermission(IRegisteredObject):
+    """A permission object."""


=== Zope3/lib/python/Zope/App/Security/IPermissionGroup.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+""" Permission Group Object Interface """
+
+from Zope.App.Security.IRegisteredObject import IRegisteredObject
+
+class IPermissionGroup(IRegisteredObject):
+    """ A class for grouping permissions for managment """
+
+    def getPermissions():
+        """ Return a sequence of IPermissions in this group """
+


=== Zope3/lib/python/Zope/App/Security/IPermissionGroupService.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Permission grouping service for security managment"""
+
+from Interface import Interface
+
+class IPermissionGroupService(Interface):
+    """Permission grouping service used to organize permissions in security
+       managment
+    """
+
+    def getGroupsForPermission(permission):
+        """Return a seq of IPermissionGroup objects that contain the
+           specified permission, which must be an IPermission.
+           An empty seq is returned if there are no groups containing that
+           permission.
+        """
+
+    def getGroups():
+        """Return a seq of all IPermissionGroups, or an empty seq if there are
+           none"""
+
+    def getGroup(gid):
+        """Return the IPermissionGroup with the id gid. Raise NotFoundError
+           if no such group exists"""
+
+    


=== Zope3/lib/python/Zope/App/Security/IPermissionService.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""
+
+$Id$
+"""
+
+from Interface import Interface
+
+class IPermissionService(Interface):
+
+    """
+     'IPermissionService' objects are used to implement
+     permission-definition services. Because they implement services,
+     they are expected to collaborate with services in other
+     contexts. Client code doesn't search a context and call multiple
+     services. Instead, client code will call the most specific
+     service in a place and rely on the service to delegate to other
+     services as necessary.
+
+     The interface doesn't include methods for data
+     management. Services may use external data and not allow
+     management in Zope. Similarly, the data to be managed may vary
+     with different implementations of a service.
+     """
+
+    def getPermission(permission_id):
+        """Return an 'IPermission' object for the
+         given permission id.  Return None if there is no permission defined"""
+
+    def getPermissions():
+        """Return a sequence of the permissions
+         (IPermission objects) defined in the place containing the
+         service."""


=== Zope3/lib/python/Zope/App/Security/IPrincipal.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""
+
+$Id$
+"""
+
+from Interface import Interface
+
+class IPrincipal(Interface):
+    """Provide information about principals.
+
+    It is likely that IPrincipal objects will have associated
+    views used to list principals in management
+    interfaces. For example, a system in which other meta-data are
+    provided for principals might extend IPrincipal and register a
+    view for the extended interface that displays the extended
+    information. We'll probably want to define a standard view
+    name (e.g.  "inline_summary") for this purpose.
+    """
+
+    def getId():
+        """Return a unique id string for the principal.
+        """
+
+    def getTitle():
+        """Return a label for the principal
+
+        The label will be used in interfaces to allow users to make
+        security assertions (e.g. role or permission
+        assignments) about principals.
+        """
+    def getDescription():
+        """Return a description of the principal."""


=== Zope3/lib/python/Zope/App/Security/IPrincipalPermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Management interface for mappings between principals and permissions."""
+
+from Zope.App.Security.IPrincipalPermissionMap import IPrincipalPermissionMap
+
+
+class IPrincipalPermissionManager(IPrincipalPermissionMap):
+    """Management interface for mappings between principals and permissions."""
+
+    def grantPermissionToPrincipal(permission_id, principal_id):
+        """Assert that the permission is allowed for the principal.
+        """
+
+    def denyPermissionToPrincipal(permission_id, principal_id):
+        """Assert that the permission is denied to the principal.
+        """
+
+    def unsetPermissionForPrincipal(permission_id, principal_id):
+        """Remove the permission (either denied or allowed) from the
+        principal.
+        """


=== Zope3/lib/python/Zope/App/Security/IPrincipalPermissionMap.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Query interface for mappings between principals and permissions."""
+
+
+from Interface import Interface
+
+class IPrincipalPermissionMap(Interface):
+    """Mappings between principals and permissions."""
+
+    def getPrincipalsForPermission(permission_id):
+        """Return the list of (principal_id, setting) tuples that describe
+        security assertions for this permission.
+
+        If no principals have been set for this permission, then the empty
+        list is returned. 
+        """
+
+    def getPermissionsForPrincipal(principal_id):
+        """Return the list of (permission, setting) tuples that describe
+        security assertions for this principal.
+
+        If no permissions have been set for this principal, then the empty
+        list is returned. 
+        """
+        
+    def getSetting(permission_id, principal_id): 
+        """Get the setting (Allow/Deny/Unset) for a given permission and
+        principal. 
+        """
+
+    def getPrincipalsAndPermissions():
+        """Get the principal security assertions here in the form
+        of a list of three tuple containing 
+        (permission id, principal id, setting)
+        """


=== Zope3/lib/python/Zope/App/Security/IPrincipalRoleManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Management interface for mappings between principals and roles."""
+
+from Zope.App.Security.IPrincipalRoleMap import IPrincipalRoleMap
+
+
+class IPrincipalRoleManager(IPrincipalRoleMap):
+    """Management interface for mappings between principals and roles."""
+
+    def assignRoleToPrincipal(role_id, principal_id):
+        """Assign the role to the principal.
+        """
+
+    def removeRoleFromPrincipal(role_id, principal_id):
+        """ remove a role from the principal """
+
+    def unsetRoleForPrincipal(role_id, principal_id):
+        """ unset the role for the principal 
+        """ 


=== Zope3/lib/python/Zope/App/Security/IPrincipalRoleMap.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Query interface for mappings between principals and roles."""
+
+
+from Interface import Interface
+
+class IPrincipalRoleMap(Interface):
+    """Mappings between principals and roles."""
+
+    def getPrincipalsForRole(role_id):
+        """Return the list of (principal, setting) who have been assigned or 
+        removed from a role.
+
+        If no principals have been assigned this role,
+        then the empty list is returned.
+        """
+
+    def getRolesForPrincipal(principal_id):
+        """Return the list of (role, setting) assigned or removed from 
+        this principal.
+
+        If no roles have been assigned to
+        this principal, then the empty list is returned.
+        """
+
+    def getSetting(role_id, principal_id):
+        """Return the setting for this principal, role combination
+        """
+
+    def getPrincipalsAndRoles():
+        """Return all the principal/role combinations along with the
+        setting for each combination.
+        """
+        


=== Zope3/lib/python/Zope/App/Security/IRegisteredObject.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Things that can be registered in a Registry."""
+
+from Interface import Interface
+
+class IRegisteredObject(Interface):
+    def getId():
+        """Get the id of the registered object."""
+
+    def getTitle():
+        """Get the human readable title of the registered object.
+        Must be a string, but it may be empty.
+        """
+
+    def getDescription():
+        """Get the human readable description of the registered object.
+        Must be a string, but it may be empty.
+        """


=== Zope3/lib/python/Zope/App/Security/IRole.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+from Zope.App.Security.IRegisteredObject import IRegisteredObject
+
+class IRole(IRegisteredObject):
+    """A role object."""


=== Zope3/lib/python/Zope/App/Security/IRolePermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Management interface for mappings between roles and permissions."""
+
+from Zope.App.Security.IRolePermissionMap import IRolePermissionMap
+
+
+class IRolePermissionManager(IRolePermissionMap):
+    """Management interface for mappings between roles and permissions."""
+
+    def grantPermissionToRole(permission_id, role_id):
+        """Bind the permission to the role.
+        """
+
+    def denyPermissionToRole(permission_id, role_id):
+        """Deny the permission to the role
+        """
+
+    def unsetPermissionFromRole(permission_id, role_id):
+        """Clear the setting of the permission to the role.
+        """


=== Zope3/lib/python/Zope/App/Security/IRolePermissionMap.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Query interface for mappings between roles and permissions."""
+
+
+from Interface import Interface
+
+
+class IRolePermissionMap(Interface):
+    """Mappings between roles and permissions."""
+
+    def getPermissionsForRole(role_id):
+        """Return a sequence of (permission id, setting) tuples for the given
+        role.
+
+        If no permissions have been granted to this
+        role, then the empty list is returned.
+        """
+
+    def getRolesForPermission(permission_id):
+        """Return a sequence of (role id, setting) tuples for the given
+        permission.
+
+        If no roles have been granted this permission, then the empty list is
+        returned.  
+        """
+
+    def getSetting(permission_id, role_id):
+        """Return the setting for the given permission id and role id
+
+        If there is no setting, Unset is returned
+        """
+
+    def getPrincipalsAndRoles():
+        """Return a sequence of (principal_id, role_id, setting) here.
+
+        If no principal/role assertions have been made here, then the empty 
+        list is returned.
+        """


=== Zope3/lib/python/Zope/App/Security/IRoleService.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""
+
+$Id$
+"""
+
+from Interface import Interface
+
+class IRoleService(Interface):
+    """Define roles
+
+     'IRoleService' objects are used to implement role-definition
+     services. Because they implement services, they are expected to
+     collaborate with services in other contexts. Client code doesn't
+     sarch a context and call multiple services. Instead, client code
+     will call the most specific service in a place and rely on the
+     service to delegate to other services as necessary.
+
+     The interface doesn't include methods for data
+     management. Services may use external data and not allow
+     management in Zope. Simularly, the data to be managed may vary
+     with different implementations of a service.
+     """
+
+    def getRole(rid):
+        """Return an 'IRole' object for the given role id."""
+
+
+    def getRoles():
+        """Return a sequence of the roles (IRole objects)
+        defined in the place containing the service."""
+
+


=== Zope3/lib/python/Zope/App/Security/LocalSecurityMap.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+""" Generic three dimensional array type """
+
+
+class LocalSecurityMap(object):
+   
+    def __init__(self):
+        self._clear()
+
+    def _clear(self):
+        self._byrow = {}
+        self._bycol = {}
+
+    def addCell(self, rowentry, colentry, value):
+        row = self._byrow.setdefault(rowentry, {})
+        row[colentry] = value
+
+        col = self._bycol.setdefault(colentry, {})
+        col[rowentry] = value
+
+    def delCell(self, rowentry, colentry):
+        row = self._byrow.get(rowentry)
+        if row and (colentry in row):
+            del self._byrow[rowentry][colentry]
+            del self._bycol[colentry][rowentry]
+
+    def getCell(self, rowentry, colentry, default=None):
+        " return the value of a cell by row, entry "
+        row = self._byrow.get(rowentry)
+        if row: return row.get(colentry, default)
+        else: return default
+
+    def getRow(self, rowentry):
+        " return a list of (colentry, value) tuples from a row "
+        row = self._byrow.get(rowentry)
+        if row:
+            return row.items()
+        else: return []
+
+    def getCol(self, colentry):
+        " return a list of (rowentry, value) tuples from a col "
+        col = self._bycol.get(colentry)
+        if col:
+            return col.items()
+        else: return []
+
+    def getAllCells(self):
+        " return a list of (rowentry, colentry, value) "
+        res = []
+        for r in self._byrow.keys():
+            for c in self._byrow[r].items():
+                res.append((r,) + c)
+        return res


=== Zope3/lib/python/Zope/App/Security/LoginPassword.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+from ILoginPassword import ILoginPassword
+
+class LoginPassword:
+
+    __implements__ = ILoginPassword
+
+    def __init__(self, login, password):
+        self.__login = login
+        if login is None:
+            self.__password = None
+        else:
+            self.__password = password or ""
+
+    def getLogin(self):
+        return self.__login
+
+    def getPassword(self):
+        return self.__password
+
+    def needLogin(self, realm):
+        pass


=== Zope3/lib/python/Zope/App/Security/PermissionRegistry.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+""" Global permission registry."""
+
+PREFIX = 'Global Permission'
+SUFFIX = 'Zope.Public'
+DESCRIP = 'Anybody can do this'
+
+from Zope.App.Security.RegisteredObject import RegisteredObject
+from Zope.App.Security.Registry import Registry
+from IPermission import IPermission
+from IPermissionService import IPermissionService
+
+
+class Permission(RegisteredObject):
+    __implements__ = IPermission
+
+
+class PermissionRegistry(Registry):
+    __implements__ = IPermissionService
+    
+    def __init__(self, prefix=PREFIX):
+        Registry.__init__(self, Permission)
+        self._prefix = prefix
+
+    def definePermission(self, permission, title, description=''):
+        """Define a new permission object, register, and return it.
+
+        permission is the permission name, must be globally unique
+
+        title is the permission title, human readable.
+
+        description (optional) is human readable
+        """
+        if permission.startswith('.'):
+            raise ValueError("permissions must not start with a '.'")
+        return self.register(permission, title, description)
+
+    def definedPermission(self, permission_id):
+        """Return true if named permission is registered, otherwise return
+        false
+        """
+        return self.is_registered(permission_id)
+
+    def getPermission(self, permission_id):
+        """Return permission object registered as permission_id.
+
+        If no named permission is registered KeyError is raised.
+
+        """
+        return self.getRegisteredObject(permission_id)
+
+    def getPermissions(self):
+        """Return all registered permission objects.
+        """
+        return self.getRegisteredObjects()
+
+    def _clear(self):
+        Registry._clear(self)
+        self.definePermission(
+            'Zope.Public', 'Public',
+            """Special permission used for resources that are always public
+
+            The public permission is effectively an optimization, sine
+            it allows security computation to be bypassed.
+            """
+            )
+
+permissionRegistry = PermissionRegistry()
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(permissionRegistry._clear)
+del addCleanUp


=== Zope3/lib/python/Zope/App/Security/PrincipalPermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Mappings between principals and permissions."""
+
+from Zope.App.Security.IPrincipalPermissionManager \
+     import IPrincipalPermissionManager
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny, Unset
+
+
+class PrincipalPermissionManager(LocalSecurityMap):
+    """Mappings between principals and permissions."""
+
+    __implements__ = IPrincipalPermissionManager
+
+    def grantPermissionToPrincipal( self, permission_id, principal_id ):
+        ''' See the interface IPrincipalPermissionManager '''
+        self.addCell( permission_id, principal_id, Allow )
+
+    def denyPermissionToPrincipal( self, permission_id, principal_id ):
+        ''' See the interface IPrincipalPermissionManager '''
+        self.addCell( permission_id, principal_id, Deny )
+
+    def unsetPermissionForPrincipal( self, permission_id, principal_id ):
+        ''' See the interface IPrincipalPermissionManager '''
+        self.delCell( permission_id, principal_id )
+
+    def getPrincipalsForPermission( self, permission_id ):
+        ''' See the interface IPrincipalPermissionManager '''
+        return self.getRow( permission_id )
+
+    def getPermissionsForPrincipal( self, principal_id ):
+        ''' See the interface IPrincipalPermissionManager '''
+        return self.getCol( principal_id )
+
+    def getSetting( self, permission_id, principal_id ):
+        ''' See the interface IPrincipalPermissionManager '''
+        return self.getCell( permission_id, principal_id, default=Unset )
+
+    def getPrincipalsAndPermissions( self ):
+        ''' See the interface IPrincipalPermissionManager '''
+        return self.getAllCells()
+
+
+# Permissions are our rows, and principals are our columns
+principalPermissionManager = PrincipalPermissionManager()
+
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(principalPermissionManager._clear)
+del addCleanUp


=== Zope3/lib/python/Zope/App/Security/PrincipalPermissionView.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""
+
+$Id$
+"""
+import time
+
+from Zope.App.PageTemplate import ViewPageTemplateFile
+from Zope.Publisher.Browser.BrowserView import BrowserView
+from Zope.ComponentArchitecture.ContextDependent import ContextDependent
+from Zope.ComponentArchitecture import getService, getAdapter
+from IPrincipalPermissionMap import IPrincipalPermissionMap
+from IPrincipalPermissionManager import IPrincipalPermissionManager
+from Settings import Allow, Deny, Unset
+
+class PrincipalPermissionView(BrowserView):
+
+    index = ViewPageTemplateFile('pt/principal_permission_edit.pt')
+
+    def get_permission_service(self):
+        return getService(self.context, 'PermissionService')
+
+    def get_principal(self, principal_id):
+        return getService(self.context,
+                          'AuthenticationService'
+                          ).getPrincipal(principal_id)
+
+    def unsetPermissions(self, principal_id, permission_ids, REQUEST=None):
+        """Form action unsetting a principals permissions"""
+        permission_service = self.get_permission_service()
+        principal = self.get_principal(principal_id)
+        ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+        for perm_id in permission_ids:
+            permission = permission_service.getPermission(perm_id)
+            ppm.unsetPermissionForPrincipal(permission , principal)
+
+        if REQUEST is not None:
+            return self.index(message="Settings changed at %s"
+                                        % time.ctime(time.time()))
+
+    def grantPermissions(self, principal_id, permission_ids, REQUEST=None):
+        """Form action granting a list of permissions to a principal"""
+        permission_service = self.get_permission_service()
+        principal = self.get_principal(principal_id)
+        ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+        for perm_id in permission_ids:
+            permission = permission_service.getPermission(perm_id)
+            ppm.grantPermissionToPrincipal(permission , principal)
+        if REQUEST is not None:
+            return self.index(message="Settings changed at %s"
+                                        % time.ctime(time.time()))
+
+    def denyPermissions(self, principal_id, permission_ids, REQUEST=None):
+        """Form action denying a list of permissions for a principal"""
+        permission_service = self.get_permission_service()
+        principal = self.get_principal(principal_id)
+        ppm = getAdapter(self.context, IPrincipalPermissionManager)
+
+        for perm_id in permission_ids:
+            permission = permission_service.getPermission(perm_id)
+            ppm.denyPermissionToPrincipal(permission , principal)
+        if REQUEST is not None:
+            return self.index(message="Settings changed at %s"
+                                        % time.ctime(time.time()))
+
+    # Methods only called from the zpt view
+    def getUnsetPermissionsForPrincipal(self, principal_id):
+        """Returns all unset permissions for this principal"""
+
+        ppmap = getAdapter(self.context, IPrincipalPermissionMap)
+        principal = self.get_principal(principal_id)
+        perm_serv = getService(self.context, 'PermissionService')
+        result = []
+        for perm in perm_serv.getPermissions():
+            if ppmap.getSetting(perm, principal) == Unset:
+                result.append(perm)
+
+        return result
+        
+    def getPermissionsForPrincipal(self, principal_id, setting_name):
+        """Return a list of permissions with the given setting_name
+           string for the principal.
+           
+           Return empty list if there are no permissions.
+        """
+    
+        ppmap = getAdapter(self.context, IPrincipalPermissionMap)
+        principal = self.get_principal(principal_id)
+        
+        permission_settings = ppmap.getPermissionsForPrincipal(principal)
+        setting_map = {'Deny': Deny, 'Allow':Allow}
+        asked_setting = setting_map[setting_name]
+
+        result = []
+        for permission, setting in permission_settings:
+            if asked_setting == setting:
+                result.append(permission)
+            
+        return result


=== Zope3/lib/python/Zope/App/Security/PrincipalRegistry.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""
+
+$Id$
+"""
+
+from IAuthenticationService import IAuthenticationService
+from IPrincipal import IPrincipal
+from Zope.Exceptions import NotFoundError
+from ILoginPassword import ILoginPassword
+from Zope.ComponentArchitecture import getAdapter, queryAdapter
+
+class DuplicateLogin(Exception): pass
+class DuplicateId(Exception): pass
+
+# XXX why isn't this subclassing 'Registry' ? ? ?
+class PrincipalRegistry:
+
+    __implements__ = IAuthenticationService
+
+    # Methods implementing IAuthenticationService
+    
+    def authenticate(self, request):
+        a = queryAdapter(request, ILoginPassword, None)
+        if a is not None:
+            login = a.getLogin()
+            if login is not None:
+                p = self.__principalsByLogin.get(login, None)
+                if p is not None:
+                    password = a.getPassword()
+                    if p.validate(password):
+                        return p.getId()
+        return None
+
+    __defaultid = None
+    __defaultObject = None
+
+    def defineDefaultPrincipal(self, principal, title, description=''):
+        id = principal
+        if id in self.__principalsById:
+            raise DuplicateId(id)
+        self.__defaultid = id
+        p = Principal(principal, title, description, '', '')
+        self.__defaultObject = p
+        return p
+
+    def defaultPrincipal(self):
+        return self.__defaultid
+
+    def unauthorized(self, id, request):
+        # XXX This is a mess. request has no place here!
+        if id is None or id is self.__defaultid:
+            a = getAdapter(request, ILoginPassword)
+            a.needLogin(realm="zope")
+
+    def getPrincipal(self, id):
+        r = self.__principalsById.get(id)
+        if r is None:
+            if id == self.__defaultid:
+                return self.__defaultObject
+            raise NotFoundError(id)
+        return r
+
+    def getPrincipalByLogin(self, login):
+        r = self.__principalsByLogin.get(login)
+        if r is None: raise NotFoundError(login)
+        return r
+
+    def getPrincipals(self, name):
+        name = name.lower()
+        return [p for p in self.__principalsById.itervalues()
+                  if p.getTitle().lower().startswith(name) or
+                     p.getLogin().lower().startswith(name)]
+
+    # Management methods
+
+    def __init__(self):
+        self.__principalsById={}
+        self.__principalsByLogin = {}
+
+    def definePrincipal(self, principal, title, description='',
+                        login='', password=''):
+        id=principal
+        if login in self.__principalsByLogin:
+            raise DuplicateLogin(login)
+
+        if id in self.__principalsById or id == self.__defaultid:
+            raise DuplicateId(id)
+        
+        p = Principal(id, title, description, login, password)
+        
+        self.__principalsByLogin[login]=p
+        self.__principalsById[id]=p
+
+        return p
+
+    def _clear(self):
+        self.__init__()
+
+principalRegistry=PrincipalRegistry()
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(principalRegistry._clear)
+del addCleanUp
+
+class Principal:
+
+    __implements__ = IPrincipal
+
+    def __init__(self, id, title, description, login, pw):
+        self.__id = id
+        self.__title = title
+        self.__description = description
+        self.__login = login
+        self.__pw = pw
+
+    def getId(self):
+        return self.__id
+
+    def getTitle(self):
+        return self.__title
+
+    def getDescription(self):
+        return self.__description
+
+    def getLogin(self):
+        return self.__login
+
+    def validate(self, pw):
+        return pw == self.__pw


=== Zope3/lib/python/Zope/App/Security/PrincipalRoleManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Mappings between principals and roles."""
+
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Assign, Remove, Unset
+from Zope.App.Security.IPrincipalRoleManager import IPrincipalRoleManager
+from Zope.App.Security.IPrincipalRoleMap import IPrincipalRoleMap
+
+
+
+class PrincipalRoleManager(LocalSecurityMap):
+    """Mappings between principals and roles."""
+
+    __implements__ = ( IPrincipalRoleManager, IPrincipalRoleMap )
+
+    def assignRoleToPrincipal( self, role_id, principal_id ):
+        ''' See the interface IPrincipalRoleManager '''
+        self.addCell( role_id, principal_id, Assign )
+
+    def removeRoleFromPrincipal( self, role_id, principal_id ):
+        ''' See the interface IPrincipalRoleManager '''
+        self.addCell( role_id, principal_id, Remove )
+
+    def unsetRoleForPrincipal( self, role_id, principal_id ):
+        ''' See the interface IPrincipalRoleManager '''
+        self.delCell( role_id, principal_id )
+
+    def getPrincipalsForRole( self, role_id ):
+        ''' See the interface IPrincipalRoleMap '''
+        return self.getRow( role_id )
+
+    def getRolesForPrincipal( self, principal_id ):
+        ''' See the interface IPrincipalRoleMap '''
+        return self.getCol( principal_id )
+
+    def getSetting( self, role_id, principal_id ):
+        ''' See the interface IPrincipalRoleMap '''
+        return self.getCell( role_id, principal_id, default=Unset )
+
+    def getPrincipalsAndRoles( self ):
+        ''' See the interface IPrincipalRoleMap '''
+        return self.getAllCells()
+
+# Roles are our rows, and principals are our columns
+principalRoleManager = PrincipalRoleManager()
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(principalRoleManager._clear)
+del addCleanUp


=== Zope3/lib/python/Zope/App/Security/PrincipalRoleView.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+""" Management view component for principal-role management (Zope2's
+    "local roles").
+
+$Id$
+"""
+
+import time
+from Zope.App.PageTemplate import ViewPageTemplateFile
+from Zope.Publisher.Browser.BrowserView import BrowserView
+from Zope.ComponentArchitecture.ContextDependent import ContextDependent
+from Zope.ComponentArchitecture import getService, getAdapter
+
+from Zope.App.Security.IPrincipalRoleManager import IPrincipalRoleManager
+from Zope.App.Security.IPrincipalRoleMap import IPrincipalRoleMap
+
+from Zope.App.Security.IPermission import IPermission
+from Zope.App.Security.IRole import IRole
+
+class PrincipalRoleView(BrowserView):
+
+    index = ViewPageTemplateFile('pt/principal_role_association.pt')
+
+    def getAllPrincipals(self):
+
+        principals = getattr(self, '_principals', None)
+
+        if principals is None:
+            principals = self._principals = getService(
+                self.context, 'AuthenticationService'
+                ).getPrincipals()
+
+        return principals
+    
+    def getAllRoles(self):
+
+        roles = getattr(self, '_roles', None)
+
+        if roles is None:
+            roles = self._roles = getService(self.context, 'RoleService'
+                ).getRoles()
+
+        return roles
+
+    def createGrid( self, principals=None, roles=None ):
+
+        if not principals:
+            principals = self.getAllPrincipals()
+
+        if not roles:
+            roles = self.getAllRoles()
+
+        return PrincipalRoleGrid( principals, roles, self.context )
+        
+    def action(self, principals, roles, mapping, testing=None):
+
+        for row in mapping:
+            pid = row.permission_id
+            roles = row.role_ids
+
+        if not testing:
+            return self.index( 
+                message="Settings changed at %s" % time.ctime(time.time())
+                )
+
+
+class PrincipalRoleGrid:
+
+    def __init__( self, principals, roles, context ):    
+
+        self._principals = principals
+        self._roles = roles
+        self._grid = {}
+
+        map = getAdapter( context, IPrincipalRoleMap )
+
+        for role in roles:
+            for principal in principals:
+                setting = map.getSetting( role, principal )
+                self._grid[ ( role, principal ) ] = setting
+
+    def principals( self ):
+        return self._principals
+
+    def roles( self ):
+        return self._roles
+
+    def getValue( self, role, principal ):
+        return self._grid[ ( role, principal ) ]
+
+    def listAvailableValues( self ):
+        return ( 'Unset', 'Assigned', 'Removed' )
+


=== Zope3/lib/python/Zope/App/Security/RegisteredObject.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""An implementation of things that can be registered in a Registry."""
+
+from Zope.App.Security.IRegisteredObject import IRegisteredObject
+
+class RegisteredObject(object):
+    __implements__ = IRegisteredObject
+
+    def __init__(self, id, title, description):
+        self._id = id
+        self._title = title
+        self._description = description
+
+    def getId(self):
+        return self._id
+
+    def getTitle(self):
+        return self._title
+
+    def getDescription(self):
+        return self._description


=== Zope3/lib/python/Zope/App/Security/Registry.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Generic registry of ids to objects."""
+
+from Interface.Verify import verifyClass
+from Zope.App.Security.IRegisteredObject import IRegisteredObject
+from Zope.Exceptions import ZopeError
+
+
+class AlreadyRegisteredError(ZopeError, ValueError):
+    """An attempt was made to register an object with an already registered id.
+    """
+
+
+class Registry:
+    def __init__(self, class_):
+        """Instantiate a generic registry.
+
+        class_ is the class of the thing that we're going to instantiate.
+        """
+        assert verifyClass(IRegisteredObject, class_)
+        self._class = class_
+        self._clear()
+
+    def register(self, id, title='', description=''):
+        """Create a registered object with the given id, title, and description
+
+        Register and return the object.  The empty string will be used if
+        either the optional title or description is omitted.  The id must be
+        unique.
+
+        If the id is already registered, an AlreadyRegisteredError is raised.
+        """
+        if id in self._byid:
+            raise AlreadyRegisteredError('Id is not unique: %s' % id)
+        obj = self._class(id, title, description)
+        self._byid[id] = obj
+        return obj
+
+    def is_registered(self, id):
+        """Return true if an object is registered with the given id.
+        Otherwise false is returned.
+        """
+        return id in self._byid
+
+    def getRegisteredObject(self, id):
+        """Return the object registered under the given id.
+        """
+        return self._byid.get(id)
+
+    def getRegisteredObjects(self):
+        """Return all registered objects.
+        """
+        return self._byid.values()
+
+    def _clear(self):
+        # Map ids to instantiated objects
+        self._byid = {}


=== Zope3/lib/python/Zope/App/Security/RolePermissionManager.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Mappings between roles and permissions."""
+
+from Zope.App.Security.LocalSecurityMap import LocalSecurityMap
+from Zope.App.Security.Settings import Allow, Deny
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+
+
+class RolePermissionManager(LocalSecurityMap):
+    """Mappings between roles and permissions."""
+
+    __implements__ = IRolePermissionManager
+
+    # Implementation methods for interface
+    # Zope.App.Security.IRolePermissionManager
+
+    def grantPermissionToRole( self, permission_id, role_id ):
+        '''See interface IRolePermissionMap'''
+        self.addCell( permission_id, role_id, Allow )
+
+    def denyPermissionToRole( self, permission_id, role_id ):
+        '''See interface IRolePermissionMap'''
+        self.addCell( permission_id, role_id, Deny )
+
+    def unsetPermissionFromRole( self, permission_id, role_id ):
+        '''See interface IRolePermissionMap'''
+        self.delCell( permission_id, role_id )
+
+    def getRolesForPermission( self, permission_id ):
+        '''See interface IRolePermissionMap'''
+        return self.getRow( permission_id )
+
+    def getPermissionsForRole( self, role_id ):
+        '''See interface IRolePermissionMap'''
+        return self.getCol( role_id )
+
+    def getSetting( self, permission_id, role_id ):
+        '''See interface IRolePermissionMap'''
+        return self.getCell( permission_id, role_id )
+
+    def getRolesAndPermissions( self ):
+        '''See interface IRolePermissionMap'''
+        return self.getAllCells()
+
+# Permissions are our rows, and roles are our columns
+rolePermissionManager = RolePermissionManager()
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(rolePermissionManager._clear)
+del addCleanUp


=== Zope3/lib/python/Zope/App/Security/RolePermissionView.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""
+
+$Id$
+"""
+
+import os, time
+from Zope.App.PageTemplate import ViewPageTemplateFile
+from Zope.Publisher.Browser.BrowserView import BrowserView
+from Zope.ComponentArchitecture.ContextDependent import ContextDependent
+from Zope.ComponentArchitecture import getService, getAdapter
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+from Zope.App.Security.IPermission import IPermission
+from Zope.App.Security.IRole import IRole
+from Zope.App.Security.Settings import Allow, Assign
+
+class RolePermissionView(BrowserView):
+
+    index = ViewPageTemplateFile('pt/manage_access.pt')
+    manage_permissionForm = ViewPageTemplateFile('pt/manage_permissionForm.pt')
+    manage_roleForm = ViewPageTemplateFile('pt/manage_roleForm.pt')
+    
+    def roles(self):
+        roles = getattr(self, '_roles', None)
+        if roles is None:
+            roles = self._roles = getService(
+                self.context, 'RoleService'
+                ).getRoles()
+        return roles
+
+    def permissions(self):
+        permissions = getattr(self, '_permissions', None)
+        if permissions is None:
+            permissions = self._permissions = getService(
+                self.context, 'PermissionService'
+                ).getPermissions()
+        return permissions
+
+        
+    def permissionRoles(self):
+        context = self.context
+        roles = self.roles()
+        return [PermissionRoles(permission, context, roles)
+                for permission in self.permissions()]
+
+    def permissionForID(self, pid):
+        context = self.context
+        roles = self.roles()
+        perm = getService(context, 'PermissionService'
+                          ).getPermission(pid)
+        return PermissionRoles(perm, context, roles)
+
+    def roleForID(self, rid):
+        context = self.context
+        permissions = self.permissions()
+        role = getService(context, 'RoleService'
+                          ).getRole(rid)
+        return RolePermissions(role, context, permissions)
+
+
+    def action(self, REQUEST, testing=None):
+        roles       = [r.getId() for r in self.roles()]
+        permissions = [p.getId() for p in self.permissions()]
+        prm         = getAdapter(self.context, IRolePermissionManager)
+        for ip in range(len(permissions)):
+            rperm = REQUEST.get("p%s" % ip)
+            if rperm not in permissions: continue
+            for ir in range(len(roles)):
+                rrole = REQUEST.get("r%s" % ir)
+                if rrole not in roles: continue
+                if ("p%sr%s" % (ip, ir))  in REQUEST:
+                    prm.grantPermissionToRole(rperm, rrole)
+                else:
+                    prm.unsetPermissionFromRole(rperm, rrole)
+
+        if not testing:
+            return self.index( REQUEST,
+                message="Settings changed at %s" % time.ctime(time.time())
+                )
+
+    def update_permission(self, REQUEST, permission_id,
+                          roles=(), testing=None):
+        prm = getAdapter(self.context, IRolePermissionManager)
+
+        for ir in [r.getId() for r in self.roles()]:
+            if ir in roles:
+                prm.grantPermissionToRole(permission_id, ir)
+            else:
+                prm.unsetPermissionFromRole(permission_id, ir)
+        if not testing:
+            return self.index(REQUEST,
+                              message="Settings changed at %s"
+                                  % time.ctime(time.time())
+                              )
+
+    def update_role(self, REQUEST, role_id,
+                    permissions=(), testing=None):
+        prm = getAdapter(self.context, IRolePermissionManager)
+
+        for ip in [p.getId() for p in self.permissions()]:
+            if ip in permissions:
+                prm.grantPermissionToRole(ip, role_id)
+            else:
+                prm.unsetPermissionFromRole(ip, role_id)
+        if not testing:
+            return self.index(REQUEST,
+                              message="Settings changed at %s"
+                                  % time.ctime(time.time())
+                              )        
+
+class PermissionRoles:
+
+    __implements__ = IPermission
+
+    def __init__(self, permission, context, roles):
+        self._permission = permission
+        self._context    = context
+        self._roles      = roles
+
+    def getId(self):
+        return self._permission.getId()
+
+    def getTitle(self):
+        return self._permission.getTitle()
+
+    def getDescription(self):
+        return self._permission.getDescription()
+
+    def roles(self):
+        prm = getAdapter(self._context, IRolePermissionManager)
+        proles = prm.getRolesForPermission(self._permission.getId())
+        proles = [role for role,setting in proles if setting==Allow]
+        return [((role.getId() in proles) and '1' or None)
+                for role in self._roles]
+        
+    def rolesInfo(self):
+        prm = getAdapter(self._context, IRolePermissionManager)
+        proles = prm.getRolesForPermission(self._permission.getId())
+        proles = [role for role,setting in proles if setting==Allow]
+        return [{'id': role.getId(),
+                 'title': role.getTitle(),
+                 'checked': ((role.getId() in proles) and '1' or None)}
+                for role in self._roles]
+
+class RolePermissions:
+
+    __implements__ = IRole
+
+    def __init__(self, role, context, permissions):
+        self._role = role
+        self._context = context
+        self._permissions = permissions
+
+    def getId(self):
+        return self._role.getId()
+
+    def getTitle(self):
+        return self._role.getTitle()
+
+    def getDescription(self):
+        return self._role.getDescription()
+
+    def permissionsInfo(self):
+        prm = getAdapter(self._context, IRolePermissionManager)
+        rperms = prm.getPermissionsForRole(self._role.getId())
+        rperms = [permission
+                  for permission,setting in rperms
+                  if setting==Allow]
+        return [{'id': permission.getId(),
+                 'title': permission.getTitle(),
+                 'checked': ((permission.getId() in rperms) and '1' or None)}
+                for permission in self._permissions]        
+        
+    


=== Zope3/lib/python/Zope/App/Security/RoleRegistry.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Global role registry."""
+
+PREFIX = 'Global Role'
+
+from Zope.App.Security.RegisteredObject import RegisteredObject
+from Zope.App.Security.Registry import Registry
+from IRole import IRole
+from IRoleService import IRoleService
+
+class Role(RegisteredObject):
+    __implements__ = IRole
+
+
+class RoleRegistry(Registry):
+    __implements__ = IRoleService
+
+    def __init__(self, prefix=PREFIX):
+        Registry.__init__(self, Role)
+        self._prefix = prefix
+
+    def _make_global_id(self, suffix):
+        return self._prefix + '.' + suffix
+
+    def defineRole(self, role, title, description=None):
+        """Define a new role object, register, and return it.
+
+        role is the role name.
+
+        title is the role title, human readable.
+
+        description (optional) is human readable
+        """
+        if description is None:
+            description = ''
+        id = role
+        return self.register(id, title, description)
+
+    def definedRole(self, id):
+        """Return true if named role is registered, otherwise return false
+        """
+        return self.is_registered(id)
+
+    def getRole(self, id):
+        """Return role object registered as name.
+
+        If no named role is registered KeyError is raised.
+        """
+        return self.getRegisteredObject(id)
+
+    def getRoles(self):
+        """Return all registered role objects.
+        """
+        return self.getRegisteredObjects()
+
+    def _clear(self):
+        # Standard roles
+        Registry._clear(self)
+        self.register("Anonymous", "Everybody",
+                      "All users have this role implicitly")
+
+roleRegistry = RoleRegistry()
+
+
+# Register our cleanup with Testing.CleanUp to make writing unit tests simpler.
+from Zope.Testing.CleanUp import addCleanUp
+addCleanUp(roleRegistry._clear)
+del addCleanUp


=== Zope3/lib/python/Zope/App/Security/SecurityMap.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Generic symmetric one-to-many id map."""
+
+
+class SecurityMap:
+    def __init__(self):
+        self._clear()
+
+    def delCell(self, rowentry, colentry):
+        row = self._byrow.get(rowentry, ())
+        if colentry in row:
+            row.remove(colentry)
+
+        col = self._bycol.get(colentry, ())
+        if rowentry in col:
+            col.remove(rowentry)
+            
+    def addCell(self, rowentry, colentry):
+        """Add a cell to the table."""
+        row = self._byrow.get(rowentry)
+        if row is None:
+            self._byrow[rowentry] = [colentry]
+        else:
+            if colentry not in row:
+                row.append(colentry)
+
+        col = self._bycol.get(colentry)
+        if col is None:
+            self._bycol[colentry] = [rowentry]
+        else:
+            if rowentry not in col:
+                col.append(rowentry)
+
+    def getColumnsForRow(self, rowentry):
+        """Return a list of column entries for a given row entry.
+
+        If the row entry is not in the table, return an empty list.
+        """
+        return self._byrow.get(rowentry, [])
+
+    def getRowsForColumn(self, colentry):
+        """Return a list of row entries for a given column entry.
+
+        If the column entry is not in the table, return an empty list.
+        """
+        return self._bycol.get(colentry, [])
+
+    def _clear(self):
+        self._byrow = {}
+        self._bycol = {}        


=== Zope3/lib/python/Zope/App/Security/Settings.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+""" Security setting constants """
+
+
+class PermissionSetting(object):
+    """PermissionSettings should be considered as immutable.
+    They can be compared by identity. They are identified by
+    their name.
+    """
+
+    def __new__(cls, name, description=None):
+        """Keep a dict of PermissionSetting instances, indexed by
+        name. If the name already exists in the dict, return that
+        instance rather than creating a new one.
+        """
+        instances = cls.__dict__.get('__instances__')
+        if instances is None:
+            cls.__instances__ = instances = {}
+        it = instances.get(name)
+        if it is None:
+            instances[name] = it = object.__new__(cls)
+            it._init(name, description)
+        return it
+                
+    def _init(self, name, description):
+        self.__name = name
+        self.__description = description    
+    
+    def getDescription(self):
+        return self.__description
+        
+    def getName(self):
+        return self.__name
+        
+    def __str__(self):
+        return "PermissionSetting: %s" % self.__name
+
+# register PermissionSettings to be symbolic constants by identity, 
+# even when pickled and unpickled.
+import copy_reg
+copy_reg.constructor(PermissionSetting)
+copy_reg.pickle(PermissionSetting,
+                PermissionSetting.getName,
+                PermissionSetting)
+
+
+        
+Allow = PermissionSetting('Allow',
+    'Explicit allow setting for permissions')
+
+Deny = PermissionSetting('Deny',
+    'Explicit deny setting for permissions')
+
+Unset = PermissionSetting('Unset',
+    'Unset constant that denotes no setting for permission and role')
+
+Assign = PermissionSetting('Assign',
+    'Explicit assign setting for roles')
+
+Remove = PermissionSetting('Remove',
+    'Explicit remove setting for roles')


=== Zope3/lib/python/Zope/App/Security/Zope3RoleManagement.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+from IRoleManagement import IRoleManagement
+from IZope3RoleManageable import IZope3RoleManageable
+from IZope3RoleManageable import SPECIAL_ATTRIBUTE_NAME
+
+class _PermissionRoleBindings:
+    def __init__( self ):
+        self._permissions = {}
+        self._roles = {}
+
+class Zope3RoleManagement:
+    """
+        Implement IRoleManagement for new-style objects.
+    """
+
+    __implements__ = (IRoleManagement, )
+
+    def __init__(self, context):
+        self.context = context
+
+
+    def _getContextBindings( self ):
+        """
+            Find or create the permission-role bindings for our context.
+        """
+        bindings = getattr( self.context, SPECIAL_ATTRIBUTE_NAME, None )
+
+        if bindings is None:
+            bindings = _PermissionRoleBindings()
+            setattr( self.context, SPECIAL_ATTRIBUTE_NAME, bindings )
+
+        return bindings
+
+    #
+    #   IRoleManagement implementation
+    #
+    def listAvailableRoles( self ):
+        """
+            What roles are available at our context?
+        """
+        roles = self._getContextBindings()._roles
+        return tuple( roles.keys() )
+
+    def addRole( self, role_name ):
+        """
+            Create a new, empty role.
+        """
+        roles = self._getContextBindings()._roles
+
+        if role_name in roles:
+            raise KeyError, 'Role %s already defined.' % role_name
+
+        roles[ role_name ] = ()
+
+    def removeRole( self, role_name ):
+        """
+            Remove a role, and any associated permission bindings.
+        """
+        roles = self._getContextBindings()._roles
+
+        if not (role_name in roles):
+            raise KeyError, 'Role %s not defined.' % role_name
+
+        self.clearPermissionsOfRole( role_name )
+        del roles[ role_name ]
+
+    def listPermissionsOfRole( self, role_name ):
+        """
+            What permissions does the 'role_name' have?
+        """
+
+    def clearPermissionsOfRole( self, role_name ):
+        """
+            Remove all permissions from 'role_name'.
+        """
+
+    def addPermissionToRole( self, role_name, permission ):
+        """
+            Add 'permission' to 'role_name'.
+        """
+
+    def listRolesWithPermission( self, permission ):
+        """
+            Which roles have 'permission' in our context?
+        """


=== Zope3/lib/python/Zope/App/Security/ZopeSecurityPolicy.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+""" Define Zope\'s default security policy
+
+$Id$
+"""
+__version__='$Revision$'[11:-2]
+
+from Zope.ComponentArchitecture import queryAdapter
+from Zope.Proxy.ContextWrapper import ContainmentIterator
+from Zope.Exceptions import Unauthorized, Forbidden
+from Zope.Security.ISecurityPolicy import ISecurityPolicy
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+from Zope.App.Security.IPrincipalPermissionManager \
+    import IPrincipalPermissionManager
+from Zope.App.Security.IPrincipalRoleManager \
+    import IPrincipalRoleManager
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
+from Zope.App.Security.PermissionRegistry import permissionRegistry 
+from Zope.App.Security.PrincipalRegistry import principalRegistry 
+from Zope.App.Security.RoleRegistry import roleRegistry
+from Zope.App.Security.PrincipalPermissionManager \
+     import principalPermissionManager 
+from Zope.App.Security.RolePermissionManager import rolePermissionManager 
+from Zope.App.Security.PrincipalRoleManager import principalRoleManager
+from Zope.App.Security.Settings import Allow, Deny, Assign, Remove, Unset
+
+from types import StringType, StringTypes, TupleType, ListType, IntType, MethodType, NoneType
+
+getPermissionsForPrincipal = \
+                principalPermissionManager.getPermissionsForPrincipal
+getPermissionsForRole      = rolePermissionManager.getPermissionsForRole
+getRolesForPrincipal       = principalRoleManager.getRolesForPrincipal
+
+globalContext=object()
+
+class ZopeSecurityPolicy:
+
+    __implements__ = ISecurityPolicy
+
+    def __init__(self, ownerous=1, authenticated=1):
+        """
+            Two optional keyword arguments may be provided:
+
+            ownerous -- Untrusted users can create code
+                (e.g. Python scripts or templates),
+                so check that code owners can access resources.
+                The argument must have a truth value.
+                The default is true.
+
+            authenticated -- Allow access to resources based on the
+                privaledges of the authenticated user.  
+                The argument must have a truth value.
+                The default is true.
+
+                This (somewhat experimental) option can be set
+                to false on sites that allow only public
+                (unauthenticated) access. An anticipated
+                scenario is a ZEO configuration in which some
+                clients allow only public access and other
+                clients allow full management.
+        """
+        
+        self._ownerous=ownerous
+        self._authenticated=authenticated
+
+    def checkPermission(self, permission, object, context):
+        # XXX We aren't really handling multiple principals yet
+
+        principals = { context.user : 1 }
+        assigned_roles = {}
+        roles = {}
+        seen_allow = 0
+
+        # Check the placeful principal permissions and aggregate the
+        # Roles in this context
+        for c in ContainmentIterator(object):
+            ppm = queryAdapter(c, IPrincipalPermissionManager, None, globalContext)
+            if ppm is not None: 
+                for principal in principals.keys():
+                    setting = ppm.getSetting(permission, principal)
+                    if setting is Deny:
+                        return 0 # Explicit deny on principal
+                    elif setting is Allow:
+                        return 1 # Explicit allow on principal
+                    
+            prm = queryAdapter(c, IPrincipalRoleManager, None, globalContext)
+            if prm is not None:
+                for principal in principals.keys():
+                    for role, setting in prm.getRolesForPrincipal(principal):
+                        if not (role in roles):
+                            roles[role] = 1
+                            if setting is Assign:
+                                assigned_roles[role] = 1
+        
+        # now check the global principal permissions
+        getSetting = principalPermissionManager.getSetting
+        for principal in principals.keys():
+            setting = getSetting(permission, principal)
+            if setting is Allow:
+                return 1 # Explicit allow on global principal
+            elif setting is Deny:
+                return 0 # Explicit deny on global principal
+                                    
+        # aggregate global roles
+        global_roles = principalRoleManager.getRolesForPrincipal(principal)
+        for principal in principals.keys():
+            for role, setting in global_roles:
+                if not (role in roles):
+                    roles[role] = 1
+                    if setting is Assign:
+                        assigned_roles[role] = 1
+                        
+        # Check the placeful role permissions, checking anonymous first
+        for c in ContainmentIterator(object):
+            rpm = queryAdapter(c, IRolePermissionManager, None, globalContext)
+            if rpm is not None:
+                for role in ['Anonymous'] + assigned_roles.keys():
+                    setting = rpm.getSetting(permission, role)
+                    if setting is Allow:
+                        seen_allow = 1 # Flag allow, but continue processing
+                    elif setting is Deny:
+                        return 0 # Deny on placeful role permission
+                if seen_allow:
+                    return 1 # Allow on placeful role permission
+            
+        # Last, check if there are any global role settings
+        getSetting = rolePermissionManager.getSetting
+        for principal in principals.keys():
+            for role, role_setting in [('Anonymous', Assign)] + global_roles:
+                if role_setting is Assign:
+                    setting = getSetting(permission, role)
+                    if setting == Allow:
+                        seen_allow = 1 # Flag allow and continue
+                    elif setting == Deny:
+                        return 0 # Deny on global role
+            if seen_allow:
+                return 1 # Allow on global role
+
+        return 0 # Deny by default
+
+zopeSecurityPolicy=ZopeSecurityPolicy()
+


=== Zope3/lib/python/Zope/App/Security/__init__.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+""" Zope Security Architecture """
+
+# Register some standard types
+import _protections
+_protections.protect()
+del _protections


=== Zope3/lib/python/Zope/App/Security/_protections.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+# 
+##############################################################################
+"""Register protection information for some standard low-level types
+
+Revision information:
+$Id$
+"""
+
+def protect():
+    from Zope.Security.Checker import \
+         defineChecker, getCheckerForInstancesOf, NamesChecker
+    import Persistence.BTrees
+
+
+    def _protect(which):
+        __import__('Persistence.BTrees.%sBTree' % which)
+        module = getattr(Persistence.BTrees, "%sBTree" % which)
+        
+        defineChecker(getattr(module, '%sBTree' % which),
+                      getCheckerForInstancesOf(dict))
+        defineChecker(getattr(module, '%sBucket' % which),
+                      getCheckerForInstancesOf(dict))
+        defineChecker(getattr(module, '%sSet' % which),
+                      NamesChecker(['__getitem__', '__len__', 'has_key',
+                                    '__repr__', '__str__', "__contains__",
+                                    'keys', 'maxKey', 'minKey']
+                                   )
+                      )
+        defineChecker(getattr(module, '%sTreeSet' % which),
+                      NamesChecker(['__len__', 'has_key', "__contains__",
+                                   '__repr__', '__str__',
+                                   'keys', 'maxKey', 'minKey']
+                                   )
+                      )
+        items = getattr(module, '%sBTree' % which)().keys()
+        defineChecker(type(items),
+                      getCheckerForInstancesOf(tuple))
+        
+        
+    for which in 'OO', 'II', 'OI', 'IO':
+        _protect(which)
+
+    
+                      


=== Zope3/lib/python/Zope/App/Security/metaConfigure.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+""" Register security related configuration directives.
+
+$Id$
+"""
+from PermissionRegistry import permissionRegistry as perm_reg
+from RoleRegistry import roleRegistry as role_reg
+from Zope.Security.SecurityManager import setSecurityPolicy
+from PrincipalRegistry import principalRegistry
+from RolePermissionManager import rolePermissionManager as role_perm_mgr
+from PrincipalPermissionManager import principalPermissionManager \
+        as principal_perm_mgr
+from PrincipalRoleManager import principalRoleManager as principal_role_mgr
+from Zope.Configuration.Action import Action
+
+def defaultPolicy(_context, name):
+    policy = _context.resolve(name)
+    if callable(policy):
+        policy = policy()
+    return [
+        Action(
+            discriminator = 'defaultPolicy',
+            callable = setSecurityPolicy,
+            args = (policy,),
+            )
+        ]
+
+def definePermission(_context, id, title, description=''):
+    return [
+        Action(
+            discriminator = ('definePermission', id),
+            callable = perm_reg.definePermission,
+            args = (id, title, description),
+            )
+        ]
+
+def defineRole(_context, id, title, description=''):
+    return [
+        Action(
+            discriminator = ('defineRole', id),
+            callable = role_reg.defineRole,
+            args = (id, title, description),
+            )
+        ]
+
+def principal(_context, id, title, login, password, description=''):
+    return [
+        Action(
+            discriminator = ('principal', id),
+            callable = principalRegistry.definePrincipal,
+            args = (id, title, description, login, password),
+            )
+        ]
+
+def defaultPrincipal(_context, id, title, description=''):
+    return [
+        Action(
+            discriminator = 'defaultPrincipal',
+            callable = principalRegistry.defineDefaultPrincipal,
+            args = (id, title, description),
+            )
+        ]
+
+def grantPermissionToRole(_context, permission, role):
+    return [
+        Action(
+            discriminator = ('grantPermissionToRole', permission, role),
+            callable = role_perm_mgr.grantPermissionToRole,
+            args = (permission, role),
+            )
+        ]
+
+def grantPermissionToPrincipal(_context, permission, principal):
+    return [
+        Action(
+            discriminator = ('grantPermissionToPrincipal', 
+                             permission,
+                             principal),
+            callable = principal_perm_mgr.grantPermissionToPrincipal,
+            args = (permission, principal),
+        )
+    ]
+
+def assignRoleToPrincipal(_context, role, principal):
+    return [
+        Action(
+            discriminator = ('assignRoleToPrincipal', role, principal),
+            callable = principal_role_mgr.assignRoleToPrincipal,
+            args = (role, principal),
+        )
+    ]
+
+


=== Zope3/lib/python/Zope/App/Security/protectClass.py 1.1 => 1.2 ===
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+# 
+##############################################################################
+"""Make assertions about permissions needed to access class instances attributes
+"""
+
+from Exceptions import UndefinedPermissionError
+from PermissionRegistry import permissionRegistry
+
+from Zope.Security.Checker import defineChecker, getCheckerForInstancesOf
+from Zope.Security.Checker import Checker, CheckerPublic
+
+def checkPermission(permission):
+    """Check to make sure that the permission is valid.
+    """
+    if not permissionRegistry.definedPermission(permission):
+        raise UndefinedPermissionError(permission)
+
+def protectName(class_, name, permission):
+    "Set a permission on a particular name."
+    
+    checkPermission(permission)
+    
+    checker = getCheckerForInstancesOf(class_)
+    if checker is None:
+        checker = Checker({}.get)
+        defineChecker(class_, checker)
+
+    if permission == 'Zope.Public':
+        # Translate public permission to CheckerPublic
+        permission = CheckerPublic
+
+    # OK, so it's a hack.
+    protections = checker.getPermission_func().__self__    
+    protections[name] = permission
+
+def protectLikeUnto(class_, like_unto):
+    """Use the protections from like_unto for class_
+    """
+    
+    unto_checker = getCheckerForInstancesOf(like_unto)
+    if unto_checker is None:
+        return
+
+    # OK, so it's a hack.
+    unto_protections = unto_checker.getPermission_func().__self__
+    
+    checker = getCheckerForInstancesOf(class_)
+    if checker is None:
+        checker = Checker({}.get)
+        defineChecker(class_, checker)
+
+    # OK, so it's a hack.
+    protections = checker.getPermission_func().__self__
+    for name in unto_protections:
+        protections[name] = unto_protections[name]


=== Zope3/lib/python/Zope/App/Security/security-meta.zcml 1.1 => 1.2 ===
+
+  <!-- Zope.App.Security -->
+  <directives namespace="http://namespaces.zope.org/security">
+    <directive name="permission"
+               attributes="id title description"
+               handler="Zope.App.Security.metaConfigure.definePermission" />
+    <directive name="role"
+               attributes="id title description"
+               handler="Zope.App.Security.metaConfigure.defineRole" />
+    <directive name="defaultPolicy" attributes="name"
+       handler="Zope.App.Security.metaConfigure.defaultPolicy" />
+    <directive name="principal" attributes="id title description"
+       handler="Zope.App.Security.metaConfigure.principal" />
+    <directive name="defaultPrincipal" 
+               attributes="principal title description"
+       handler="Zope.App.Security.metaConfigure.defaultPrincipal" />
+    <directive name="grantPermissionToRole" attributes="permission role"
+       handler="Zope.App.Security.metaConfigure.grantPermissionToRole" />
+    <directive
+       name="grantPermissionToPrincipal"
+       attributes="permission principal"
+       handler="Zope.App.Security.metaConfigure.grantPermissionToPrincipal" />
+    <directive name="assignRoleToPrincipal" attributes="role principal"
+       handler="Zope.App.Security.metaConfigure.assignRoleToPrincipal" />
+  </directives>
+
+</zopeConfigure>


=== Zope3/lib/python/Zope/App/Security/security.zcml 1.1 => 1.2 ===
+   xmlns='http://namespaces.zope.org/zope'
+   xmlns:security='http://namespaces.zope.org/security'
+   xmlns:zmi='http://namespaces.zope.org/zmi'
+   xmlns:browser='http://namespaces.zope.org/browser'
+>
+  <serviceType
+      id="RoleService" 
+      interface="Zope.App.Security.IRoleService." />
+  <service
+      serviceType="RoleService" 
+      component="Zope.App.Security.RoleRegistry.roleRegistry" />
+
+  <serviceType
+      id="PermissionService" 
+      interface="Zope.App.Security.IPermissionService." />
+  <service
+      serviceType="PermissionService" 
+      component="Zope.App.Security.PermissionRegistry.permissionRegistry" />
+
+  <serviceType
+      id="AuthenticationService" 
+      interface="Zope.App.Security.IAuthenticationService." />
+  <service
+      serviceType="AuthenticationService" 
+      component="Zope.App.Security.PrincipalRegistry.principalRegistry" />
+
+  <security:defaultPolicy 
+      name="Zope.App.Security.ZopeSecurityPolicy.zopeSecurityPolicy" />
+
+  <adapter factory="Zope.App.Security.BasicAuthAdapter."
+           provides="Zope.App.Security.ILoginPassword."
+           for="Zope.Publisher.HTTP.IHTTPCredentials." />
+
+  <adapter factory="Zope.App.Security.BasicVFSAuthAdapter."
+           provides="Zope.App.Security.ILoginPassword."
+           for="Zope.Publisher.VFS.IVFSCredentials." />
+
+  <adapter factory="Zope.App.Security.BasicVFSAuthAdapter."
+           provides="Zope.App.Security.ILoginPassword."
+           for="Zope.Publisher.VFS.IVFSCredentials." />
+
+
+<!-- Role-Permission management view -->
+
+  <content class=".RolePermissionView.PermissionRoles.">
+    <security:require   
+        permission="Zope.Security"
+        attributes="roles rolesInfo"
+        interface="Zope.App.Security.IRegisteredObject." />
+  </content>
+  
+  <browser:view for="Zope.App.OFS.Annotation.IAnnotatable."
+                permission="Zope.Security"
+                factory="Zope.App.Security.RolePermissionView.">
+
+    <browser:page name="AllRolePermissions.html" 
+                  attribute="index" />
+    <browser:page name="ChangeAllRolePermissions.html" 
+                  attribute="action" />
+    <browser:page name="RolePermissions.html" 
+                  attribute="manage_RoleForm" />
+    <browser:page name="ChangeRolePermissions.html" 
+                  attribute="update_role" />
+    <browser:page name="RolesWithPermission.html" 
+                  attribute="manage_permissionForm" />
+    <browser:page name="ChangeRolesWithPermission.html" 
+                  attribute="update_permission" />
+  </browser:view>
+
+  <adapter factory=".AnnotationRolePermissionManager."
+           provides=".IRolePermissionManager."
+           for="Zope.App.OFS.Annotation.IAnnotatable." />
+
+
+<!-- Principal-Permission management view -->
+
+  <content class=".PrincipalPermissionView.">
+    <security:require
+        permission="Zope.Security"
+        attributes="index get_principal unsetPermissions denyPermissions
+                    grantPermissions getUnsetPermissionsForPrincipal
+                    getPermissionsForPrincipal" />
+  </content>
+
+  <browser:view
+      name="PrincipalPermissionsManagement"
+      for="Zope.App.OFS.Annotation.IAnnotatable."
+      factory=".PrincipalPermissionView." />
+
+  <adapter factory=".AnnotationPrincipalPermissionManager."
+           provides=".IPrincipalPermissionManager."
+           for="Zope.App.OFS.Annotation.IAnnotatable." />
+
+
+  <!-- protect Roles and Permissions -->
+  <content class=".RoleRegistry.Role">
+    <security:allow
+        interface="Zope.App.Security.IRegisteredObject." />
+  </content>
+  
+</zopeConfigure>
+