[Zope-dev] New-style ExtensionClass, ZODB 3.3, and Zope 2.8 status

Sat Nov 15 07:53:06 EST 2003

Dieter Maurer wrote:
> Jim Fulton wrote at 2003-11-13 15:22 -0500:
>  > ...
>  >    We need to refactor the way security assertions (permission
>  >    settings) are stored and accessed.  We need to store required
>  >    permissions (__permissions__) on objects. When we need to figure
>  >    out roles, we need to compute them at a higher level. (For
>  >    example, we could compute the needed roles in the zope security
>  >    policy It's likely that we can speed security checks when doing
>  >    this.)
>  > 
>  > I estimate that the necessary refactoring would take me 3-5
>  > days. The vast majority of the required time will be spent writing
>  > tests.  I really need to focus on Zope 3 for a while, so I may not
>  > be able to get back to this soon.  I think that this is an area
>  > where some volunteers could make a big difference.  I'd be happy to
>  > work with some folks on this.
> 
> Folklore says that Zope cannot protect attributes of simple types
> (because they do not provide the method magic that will be lost
> for NSEC).

 From your patch, I think you are talking about protection of
attributes of non-simple types whose values are not simple types.
That is, protecting the title attribute of a folder even though the
value of the attribute is a string and thus, can't be assigned a
__roles__ attribute.

> However, whenever I looked at ZopeSecurityPolicy (and I did often),
> I could not believe that this is true. I always thought, it would
> be easy to provide security declarations for simple type attributes, too.
> 
> Of course, Zope cannot check a bare value of simple type, but
> usually it has "container" and/or "parent" and then checking would
> be easy by looking at related ("__roles__") attributes of the container/parent.
> 
> I will see this weekend whether I have been true.
> If so, the same mechanism could (in principle) be used for
> methods.
> 
> Bound methods can even be checked without "container/parent"
> as they allow access to the bound instance.
> 

And a day later, Dieter Maurer wrote:
 > Patch attached.

So, when we are accessing a named attribute and the value doesn't
have security data, look for security data on the object we got it
from.  I like the general idea.

Hm, I suppose that this would let us keep the __roles__ travesty for now,
which would allow us to proceed with 2.8 without doing the refactoring now.

Very nice.  (well, sort of ;)

I'll see if this idea lets me get the "devil branch" merged to the trunk next
week. (I need to make the next Z3 milestone release first.)

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org