[Zope-Checkins] SVN: Zope/trunk/src/ Create an API to access Products.__ac_permissions__

Hanno Schlichting hannosch at hannosch.eu
Sat Jun 5 15:58:01 EDT 2010


Log message for revision 113169:
  Create an API to access Products.__ac_permissions__
  

Changed:
  U   Zope/trunk/src/AccessControl/Permission.py
  U   Zope/trunk/src/AccessControl/Role.py
  U   Zope/trunk/src/AccessControl/security.py
  U   Zope/trunk/src/AccessControl/tests/testZCML.py
  U   Zope/trunk/src/HelpSys/HelpSys.py
  U   Zope/trunk/src/OFS/ObjectManager.py

-=-
Modified: Zope/trunk/src/AccessControl/Permission.py
===================================================================
--- Zope/trunk/src/AccessControl/Permission.py	2010-06-05 19:26:14 UTC (rev 113168)
+++ Zope/trunk/src/AccessControl/Permission.py	2010-06-05 19:58:00 UTC (rev 113169)
@@ -141,10 +141,28 @@
 _registeredPermissions = {}
 
 
+def getPermissions():
+    import Products
+    return getattr(Products, '__ac_permissions__', ())
+
+
+def addPermission(perm, default_roles=('Manager', )):
+    if perm in _registeredPermissions:
+        return
+
+    entry = ((perm, (), default_roles), )
+    import Products
+    Products_permissions = getPermissions()
+    Products.__ac_permissions__ = Products_permissions + entry
+    _registeredPermissions[perm] = 1
+    mangled = pname(perm) # get mangled permission name
+    if not hasattr(ApplicationDefaultPermissions, mangled):
+        setattr(ApplicationDefaultPermissions, mangled, default_roles)
+
+
 def registerPermissions(permissions, defaultDefault=('Manager', )):
     """Register an __ac_permissions__ sequence.
     """
-    import Products
     for setting in permissions:
         if setting[0] in _registeredPermissions:
             continue
@@ -153,14 +171,7 @@
             default = defaultDefault
         else:
             perm, methods, default = setting
-        _registeredPermissions[perm]=1
-        Products_permissions = getattr(Products, '__ac_permissions__', ())
-        Products.__ac_permissions__=(
-            Products_permissions + ((perm, (), default), ))
-        mangled=pname(perm) # get mangled permission name
-        if not hasattr(ApplicationDefaultPermissions, mangled):
-            setattr(ApplicationDefaultPermissions,
-                    mangled, default)
+        addPermission(perm, default)
 
 
 class ApplicationDefaultPermissions:

Modified: Zope/trunk/src/AccessControl/Role.py
===================================================================
--- Zope/trunk/src/AccessControl/Role.py	2010-06-05 19:26:14 UTC (rev 113168)
+++ Zope/trunk/src/AccessControl/Role.py	2010-06-05 19:58:00 UTC (rev 113169)
@@ -28,6 +28,7 @@
 from AccessControl import ClassSecurityInfo
 from AccessControl.class_init import InitializeClass
 from AccessControl.interfaces import IRoleManager
+from AccessControl.Permission import getPermissions
 from AccessControl.Permission import Permission
 from AccessControl.Permissions import change_permissions
 from AccessControl.requestmethod import requestmethod
@@ -608,9 +609,8 @@
         pass
 
     def possible_permissions(self):
-        import Products
         d={}
-        Products_permissions = getattr(Products, '__ac_permissions__', ())
+        Products_permissions = getPermissions()
         for p in Products_permissions:
             d[p[0]]=1
         for p in self.ac_inherited_permissions(1):

Modified: Zope/trunk/src/AccessControl/security.py
===================================================================
--- Zope/trunk/src/AccessControl/security.py	2010-06-05 19:26:14 UTC (rev 113168)
+++ Zope/trunk/src/AccessControl/security.py	2010-06-05 19:58:00 UTC (rev 113169)
@@ -27,16 +27,12 @@
 
 from AccessControl.SecurityInfo import ClassSecurityInfo
 from AccessControl.SecurityManagement import getSecurityManager
-from AccessControl.Permission import _registeredPermissions
-from AccessControl.Permission import pname
+from AccessControl.Permission import addPermission
 
-import Products
-
-from AccessControl.Permission import ApplicationDefaultPermissions
-
 CheckerPublicId = 'zope.Public'
 CheckerPrivateId = 'zope2.Private'
 
+
 def getSecurityInfo(klass):
     sec = {}
     info = vars(klass)
@@ -47,8 +43,8 @@
             sec[k] = v
     return sec
 
+
 def clearSecurityInfo(klass):
-    sec = {}
     info = vars(klass)
     if info.has_key('__ac_permissions__'):
         delattr(klass, '__ac_permissions__')
@@ -56,6 +52,7 @@
         if k.endswith('__roles__'):
             delattr(klass, k)
 
+
 def checkPermission(permission, object, interaction=None):
     """Return whether security policy allows permission on object.
 
@@ -82,6 +79,7 @@
 
     return False
 
+
 class SecurityPolicy(ParanoidSecurityPolicy):
     """Security policy that bridges between zope.security security mechanisms
     and Zope 2's security policy.
@@ -94,6 +92,7 @@
     def checkPermission(self, permission, object):
         return checkPermission(permission, object)
 
+
 def newInteraction():
     """Con zope.security to use Zope 2's checkPermission.
 
@@ -105,6 +104,7 @@
     if getattr(thread_local, 'interaction', None) is None:
         thread_local.interaction = SecurityPolicy()
 
+
 def _getSecurity(klass):
     # a Zope 2 class can contain some attribute that is an instance
     # of ClassSecurityInfo. Zope 2 scans through things looking for
@@ -120,6 +120,7 @@
     setattr(klass, '__security__', security)
     return security
 
+
 def protectName(klass, name, permission_id):
     """Protect the attribute 'name' on 'klass' using the given
        permission"""
@@ -139,6 +140,7 @@
         perm = str(permission.title)
         security.declareProtected(perm, name)
 
+
 def protectClass(klass, permission_id):
     """Protect the whole class with the given permission"""
     security = _getSecurity(klass)
@@ -155,21 +157,11 @@
         perm = str(permission.title)
         security.declareObjectProtected(perm)
 
+
 def create_permission_from_permission_directive(permission, event):
     """When a new IPermission utility is registered (via the <permission />
     directive), create the equivalent Zope2 style permission.
     """
-
-    global _registeredPermissions
-
     # Zope 2 uses string, not unicode yet
     zope2_permission = str(permission.title)
-    roles = ('Manager',)
-
-    if not _registeredPermissions.has_key(zope2_permission):
-        _registeredPermissions[zope2_permission] = 1
-
-        Products.__ac_permissions__ += ((zope2_permission, (), roles,),)
-
-        mangled = pname(zope2_permission)
-        setattr(ApplicationDefaultPermissions, mangled, roles)
+    addPermission(zope2_permission)

Modified: Zope/trunk/src/AccessControl/tests/testZCML.py
===================================================================
--- Zope/trunk/src/AccessControl/tests/testZCML.py	2010-06-05 19:26:14 UTC (rev 113168)
+++ Zope/trunk/src/AccessControl/tests/testZCML.py	2010-06-05 19:58:00 UTC (rev 113169)
@@ -351,8 +351,8 @@
     The permission will be made available globally, with default role set
     of ('Manager',).
 
-      >>> import Products
-      >>> permissions = getattr(Products, '__ac_permissions__', ())
+      >>> from AccessControl.Permission import getPermissions
+      >>> permissions = getPermissions()
       >>> [p[2] for p in permissions
       ...          if p[0] == 'AccessControl: Dummy permission']
       [('Manager',)]
@@ -360,10 +360,8 @@
     Let's also ensure that permissions are not overwritten if they exist
     already:
 
-      >>> from AccessControl.Permission import _registeredPermissions
-      >>> _registeredPermissions['Dummy: Other dummy'] = 1
-      >>> Products.__ac_permissions__ += (
-      ...     ('Dummy: Other dummy', (), ('Anonymous', ),),)
+      >>> from AccessControl.Permission import addPermission
+      >>> addPermission('Dummy: Other dummy', ('Anonymous', ))
 
       >>> from StringIO import StringIO
       >>> configure_zcml = StringIO('''
@@ -380,9 +378,8 @@
       >>> from zope.configuration.xmlconfig import xmlconfig
       >>> xmlconfig(configure_zcml)
 
-      >>> permissions = getattr(Products, '__ac_permissions__', ())
-      >>> [p[2] for p in permissions
-      ...          if p[0] == 'Dummy: Other dummy']
+      >>> permissions = getPermissions()
+      >>> [p[2] for p in permissions if p[0] == 'Dummy: Other dummy']
       [('Anonymous',)]
 
       >>> tearDown()

Modified: Zope/trunk/src/HelpSys/HelpSys.py
===================================================================
--- Zope/trunk/src/HelpSys/HelpSys.py	2010-06-05 19:26:14 UTC (rev 113168)
+++ Zope/trunk/src/HelpSys/HelpSys.py	2010-06-05 19:58:00 UTC (rev 113169)
@@ -56,7 +56,6 @@
     security.declareProtected(access_contents_information, 'helpValues')
     def helpValues(self, spec=None):
         "ProductHelp objects of all Products that have help"
-        import Products
         hv=[]
         for product in self.Control_Panel.Products.objectValues():
             productHelp=product.getProductHelp()

Modified: Zope/trunk/src/OFS/ObjectManager.py
===================================================================
--- Zope/trunk/src/OFS/ObjectManager.py	2010-06-05 19:26:14 UTC (rev 113168)
+++ Zope/trunk/src/OFS/ObjectManager.py	2010-06-05 19:58:00 UTC (rev 113169)
@@ -26,6 +26,7 @@
 import sys
 
 from AccessControl import ClassSecurityInfo
+from AccessControl.Permission import getPermissions
 from AccessControl.Permissions import view_management_screens
 from AccessControl.Permissions import access_contents_information
 from AccessControl.Permissions import delete_objects
@@ -263,9 +264,7 @@
         return meta_types
 
     def _subobject_permissions(self):
-        import Products
-        Products_permissions = getattr(Products, '__ac_permissions__', ())
-        return Products_permissions
+        return getPermissions()
 
     def filtered_meta_types(self, user=None):
         # Return a list of the types for which the user has



More information about the Zope-Checkins mailing list