[Zope-CVS] CVS: Products/VerboseSecurity - CHANGES.txt:1.3
VerboseSecurityPolicy.py:1.6 version.txt:1.4
Shane Hathaway
shane at zope.com
Thu Jan 8 10:39:51 EST 2004
Update of /cvs-repository/Products/VerboseSecurity
In directory cvs.zope.org:/tmp/cvs-serv15249
Modified Files:
CHANGES.txt VerboseSecurityPolicy.py version.txt
Log Message:
Made compatible with Zope 2.7.
=== Products/VerboseSecurity/CHANGES.txt 1.2 => 1.3 ===
--- Products/VerboseSecurity/CHANGES.txt:1.2 Thu Jan 30 16:59:12 2003
+++ Products/VerboseSecurity/CHANGES.txt Thu Jan 8 10:39:50 2004
@@ -1,13 +1,15 @@
-Version 0.2.1:
+Next release:
- - Removed code that tried to add debugging information after the DTML
- had been parsed. It was too eager, interfered with dtml-sendmail,
- and is no longer necessary.
+ - When run under Zope 2.7, the verbose policy now behaves the same
+ way Zope 2.7's policy behaves. Specifically, the "accessed"
+ argument is now ignored and any denial of access raises an
+ exception rather than returning 0.
-Version 0.3:
+Version 0.5:
- - Updated for Zope 2.4.x. (No longer works with previous versions.)
+ - VerboseSecurity no longer tries to display every Unauthorized
+ error message. There were too many false positives.
Version 0.4:
@@ -15,8 +17,13 @@
and Zope 2.6 produces nice, informative ZPT tracebacks, the DTML
debugger isn't needed anymore.
-Version 0.5:
+Version 0.3:
- - VerboseSecurity no longer tries to display every Unauthorized
- error message. There were too many false positives.
+ - Updated for Zope 2.4.x. (No longer works with previous versions.)
+
+Version 0.2.1:
+
+ - Removed code that tried to add debugging information after the DTML
+ had been parsed. It was too eager, interfered with dtml-sendmail,
+ and is no longer necessary.
=== Products/VerboseSecurity/VerboseSecurityPolicy.py 1.5 => 1.6 ===
--- Products/VerboseSecurity/VerboseSecurityPolicy.py:1.5 Fri Aug 30 12:36:52 2002
+++ Products/VerboseSecurity/VerboseSecurityPolicy.py Thu Jan 8 10:39:50 2004
@@ -19,7 +19,7 @@
if 1: # Preserve indentation for better diff
- from types import StringType
+ from types import StringType, IntType, DictType, UnicodeType
from AccessControl import SimpleObjectPolicies
from AccessControl import Unauthorized
@@ -27,12 +27,16 @@
_noroles = SimpleObjectPolicies._noroles
except AttributeError:
_noroles = []
+ Containers = SimpleObjectPolicies.Containers
from zLOG import LOG, PROBLEM, BLATHER
from Acquisition import aq_base, aq_inner, aq_parent
from AccessControl.PermissionRole import _what_not_even_god_should_do, \
rolesForPermissionOn
+ from App.version_txt import getZopeVersion
+ pre_2_7 = (tuple(getZopeVersion()[:2]) < (2, 7))
+
class VerboseSecurityPolicy:
@@ -64,10 +68,7 @@
self._authenticated=authenticated
def validate(self, accessed, container, name, value, context,
- roles=_noroles, None=None, type=type, IntType=type(0),
- DictType=type({}), getattr=getattr, _noroles=_noroles,
- StringType=type(''),
- Containers=SimpleObjectPolicies.Containers,
+ roles=_noroles, _noroles=_noroles,
valid_aq_=('aq_parent','aq_inner', 'aq_explicit')):
@@ -80,11 +81,13 @@
return 0
containerbase = aq_base(container)
- accessedbase = aq_base(accessed)
- if accessedbase is accessed:
- # accessed is not a wrapper, so assume that the
- # value could not have been acquired.
- accessedbase = container
+ if pre_2_7:
+ accessedbase = aq_base(accessed)
+ if accessedbase is accessed:
+ # accessed is not a wrapper, so assume that the
+ # value could not have been acquired.
+ accessedbase = container
+ # else the "accessed" argument is not used.
############################################################
# If roles weren't passed in, we'll try to get them from the object
@@ -103,16 +106,18 @@
# object like a string or a list. We'll try to get roles
# from its container.
if container is None:
- setUnauthorized('No container provided',
- accessed, container, name, value, context)
- return 0 # Bail if no container
+ info = setUnauthorized(
+ 'No container provided',
+ accessed, container, name, value, context)
+ if pre_2_7:
+ return 0 # Bail if no container
+ raise Unauthorized(info)
roles=getattr(container, '__roles__', _noroles)
if roles is _noroles:
if containerbase is container:
# container is not wrapped.
- roles=_noroles
- if containerbase is not accessedbase:
+ if pre_2_7 and containerbase is not accessedbase:
setUnauthorized(
'Unable to find __roles__ in the container '
'and the container is not wrapped',
@@ -122,8 +127,7 @@
# Try to acquire roles
try: roles = container.aq_acquire('__roles__')
except AttributeError:
- roles=_noroles
- if containerbase is not accessedbase:
+ if pre_2_7 and containerbase is not accessedbase:
setUnauthorized(
'Unable to find or acquire __roles__ '
'from the container',
@@ -138,13 +142,18 @@
p=Containers(type(container), None)
if p is None:
p=getattr(container,
- '__allow_access_to_unprotected_subobjects__', None)
+ '__allow_access_to_unprotected_subobjects__',
+ None)
if p is not None:
tp=type(p)
if tp is not IntType:
if tp is DictType:
- p=p.get(name, None)
+ if (isinstance(name, UnicodeType) or
+ isinstance(name, StringType)):
+ p = p.get(name)
+ else:
+ p = 1
else:
p=p(name, value)
@@ -153,10 +162,9 @@
'The container has no security assertions',
accessed, container, name, value, context
)
- if (containerbase is accessedbase):
- raise Unauthorized(info)
- else:
+ if pre_2_7 and containerbase is not accessedbase:
return 0
+ raise Unauthorized(info)
if roles is _noroles: return 1
@@ -204,9 +212,9 @@
required_roles=roles, eo_owner=owner, eo=eo,
eo_owner_roles=getUserRolesInContext(
owner, value))
- if accessedbase is containerbase:
- raise Unauthorized(info)
- return 0
+ if pre_2_7 and containerbase is not accessedbase:
+ return 0
+ raise Unauthorized(info)
# Proxy roles, which are a lot safer now.
proxy_roles=getattr(eo, '_proxy_roles', None)
@@ -226,10 +234,9 @@
accessed, container, name, value, context,
eo=eo, eo_proxy_roles=proxy_roles,
required_roles=roles)
- if accessedbase is containerbase:
- raise Unauthorized(info)
-
- return 0
+ if pre_2_7 and containerbase is not accessedbase:
+ return 0
+ raise Unauthorized(info)
try:
@@ -260,15 +267,15 @@
accessed, container, name, value, context,
required_roles=roles, user=context.user,
user_roles=getUserRolesInContext(context.user, value))
- if accessedbase is containerbase:
- raise Unauthorized(info)
+ if pre_2_7 and containerbase is not accessedbase:
+ return 0
+ raise Unauthorized(info)
- return 0
def checkPermission(self, permission, object, context):
# XXX proxy roles and executable owner are not checked
roles=rolesForPermissionOn(permission, object)
- if type(roles) is StringType:
+ if isinstance(roles, StringType) or isinstance(roles, UnicodeType):
roles=[roles]
return context.user.allowed(object, roles)
=== Products/VerboseSecurity/version.txt 1.3 => 1.4 ===
--- Products/VerboseSecurity/version.txt:1.3 Thu Jan 30 16:59:12 2003
+++ Products/VerboseSecurity/version.txt Thu Jan 8 10:39:50 2004
@@ -1 +1 @@
-VerboseSecurity-0.5
+VerboseSecurity-0.5+
More information about the Zope-CVS
mailing list