[Zope3-checkins] CVS: Zope3/src/zope/security - _proxy.c:1.5.48.1
checker.py:1.43.18.1 interfaces.py:1.8.2.1 proxy.py:1.9.2.1
readme.txt:1.5.12.1
Marius Gedminas
marius at pov.lt
Mon Feb 23 14:18:37 EST 2004
Update of /cvs-repository/Zope3/src/zope/security
In directory cvs.zope.org:/tmp/cvs-serv14712/src/zope/security
Modified Files:
Tag: mgedmin-events2-branch
_proxy.c checker.py interfaces.py proxy.py readme.txt
Log Message:
Added interaction to security proxies. Added interaction arguments to security
checkers. Added a lot of XXX comments in places where proxies are created but
no interaction is (yet) available.
Added an initial draft of IInteraction to zope.security.interfaces. This might
move to zope.interaction.interfaces as suggested by Steve.
Fixed a buglet in CheckerLoggingMixin: check_getattr delegated the check to
super(...).check instead of super(...).check_getattr. Added full unit tests
for CheckerLoggingMixin.
=== Zope3/src/zope/security/_proxy.c 1.5 => 1.5.48.1 ===
--- Zope3/src/zope/security/_proxy.c:1.5 Thu May 29 05:06:36 2003
+++ Zope3/src/zope/security/_proxy.c Mon Feb 23 14:18:06 2004
@@ -10,6 +10,7 @@
typedef struct {
ProxyObject proxy;
PyObject *proxy_checker;
+ PyObject *proxy_interaction;
} SecurityProxy;
#undef Proxy_Check
@@ -19,6 +20,9 @@
#define Proxy_GetChecker(proxy) \
(((SecurityProxy *)proxy)->proxy_checker)
+#define Proxy_GetInteraction(proxy) \
+ (((SecurityProxy *)proxy)->proxy_interaction)
+
/* Replace the "safe" version from the proxy.h API with a faster version. */
#undef Proxy_GetObject
#define Proxy_GetObject(o) \
@@ -35,12 +39,12 @@
typedef PyObject *(*function1)(PyObject *);
static int
-check(PyObject *checker, char *opname, PyObject *object)
+check(PyObject *checker, char *opname, PyObject *object, PyObject *interaction)
{
PyObject *checked;
- checked = PyObject_CallMethod(checker, "check", "(Os)",
- object, opname);
+ checked = PyObject_CallMethod(checker, "check", "(OsO)",
+ object, opname, interaction);
if (checked == NULL)
return 0;
Py_DECREF(checked);
@@ -49,12 +53,12 @@
static int
checkattr(PyObject *checker, char *check_method,
- PyObject *object, PyObject *name)
+ PyObject *object, PyObject *name, PyObject *interaction)
{
PyObject *checked;
- checked = PyObject_CallMethod(checker, check_method, "(OO)",
- object, name);
+ checked = PyObject_CallMethod(checker, check_method, "(OOO)",
+ object, name, interaction);
if (checked == NULL)
return 0;
Py_DECREF(checked);
@@ -67,12 +71,14 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, opname, object)) {
+ if (check(checker, opname, object, interaction)) {
result = operation(object);
if (result != NULL)
result = PyObject_CallMethod(checker, "proxy",
- "(N)", result);
+ "(NO)", result,
+ interaction);
}
return result;
}
@@ -84,17 +90,20 @@
PyObject *result = NULL;
PyObject *object;
PyObject *checker;
+ PyObject *interaction;
if (Proxy_Check(self)) {
object = Proxy_GetObject(self);
checker = Proxy_GetChecker(self);
- if (check(checker, opname, object))
+ interaction = Proxy_GetInteraction(self);
+ if (check(checker, opname, object, interaction))
result = operation(object, other);
}
else if (Proxy_Check(other)) {
object = Proxy_GetObject(other);
checker = Proxy_GetChecker(other);
- if (check(checker, ropname, object))
+ interaction = Proxy_GetInteraction(other);
+ if (check(checker, ropname, object, interaction))
result = operation(self, object);
}
else {
@@ -102,7 +111,8 @@
return Py_NotImplemented;
}
if (result != NULL)
- result = PyObject_CallMethod(checker, "proxy", "(N)", result);
+ result = PyObject_CallMethod(checker, "proxy", "(NO)", result,
+ interaction);
return result;
}
@@ -113,8 +123,9 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, opname, object)) {
+ if (check(checker, opname, object, interaction)) {
result = operation(object, other);
if (result == object) {
/* If the operation was really carried out inplace,
@@ -125,7 +136,8 @@
}
else if (result != NULL)
result = PyObject_CallMethod(checker, "proxy",
- "(N)", result);
+ "(NO)", result,
+ interaction);
}
return result;
}
@@ -150,22 +162,25 @@
static PyObject *
proxy_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
- static char *kwlist[] = {"object", "checker", 0};
+ static char *kwlist[] = {"object", "checker", "interaction", 0};
SecurityProxy *self;
PyObject *object;
PyObject *checker;
+ PyObject *interaction;
if (!PyArg_ParseTupleAndKeywords(args, kwds,
- "OO:_Proxy.__new__", kwlist,
- &object, &checker))
+ "OOO:_Proxy.__new__", kwlist,
+ &object, &checker, &interaction))
return NULL;
self = (SecurityProxy *)type->tp_alloc(type, 0);
if (self == NULL)
return NULL;
Py_INCREF(object);
Py_INCREF(checker);
+ Py_INCREF(interaction);
self->proxy.proxy_object = object;
self->proxy_checker = checker;
+ self->proxy_interaction = interaction;
return (PyObject *)self;
}
@@ -180,6 +195,7 @@
static void
proxy_dealloc(PyObject *self)
{
+ Py_DECREF(Proxy_GetInteraction(self));
Py_DECREF(Proxy_GetChecker(self));
SecurityProxyType.tp_base->tp_dealloc(self);
}
@@ -190,6 +206,8 @@
int err = visit(Proxy_GetObject(self), arg);
if (err == 0)
err = visit(Proxy_GetChecker(self), arg);
+ if (err == 0)
+ err = visit(Proxy_GetInteraction(self), arg);
return err;
}
@@ -210,12 +228,13 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, name_op[op], object)) {
+ if (check(checker, name_op[op], object, interaction)) {
result = PyObject_RichCompare(object, other, op);
if (result != NULL)
result = PyObject_CallMethod(
- checker, "proxy", "(N)", result);
+ checker, "proxy", "(NO)", result, interaction);
}
return result;
}
@@ -226,12 +245,13 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__iter__", object)) {
+ if (check(checker, "__iter__", object, interaction)) {
result = PyObject_GetIter(object);
if (result != NULL)
result = PyObject_CallMethod(
- checker, "proxy", "(N)", result);
+ checker, "proxy", "(NO)", result, interaction);
}
return result;
}
@@ -242,12 +262,13 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "next", object)) {
+ if (check(checker, "next", object, interaction)) {
result = PyIter_Next(object);
if (result != NULL)
result = PyObject_CallMethod(
- checker, "proxy", "(N)", result);
+ checker, "proxy", "(NO)", result, interaction);
}
return result;
}
@@ -258,12 +279,13 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (checkattr(checker, "check_getattr", object, name)) {
+ if (checkattr(checker, "check_getattr", object, name, interaction)) {
result = PyObject_GetAttr(object, name);
if (result != NULL)
result = PyObject_CallMethod(
- checker, "proxy", "(N)", result);
+ checker, "proxy", "(NO)", result, interaction);
}
return result;
}
@@ -273,8 +295,9 @@
{
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (checkattr(checker, "check_setattr", object, name))
+ if (checkattr(checker, "check_setattr", object, name, interaction))
return PyObject_SetAttr(object, name, value);
return -1;
}
@@ -326,8 +349,9 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__str__", object)) {
+ if (check(checker, "__str__", object, interaction)) {
result = PyObject_Str(object);
}
else {
@@ -343,8 +367,9 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__repr__", object)) {
+ if (check(checker, "__repr__", object, interaction)) {
result = PyObject_Repr(object);
}
else {
@@ -359,8 +384,9 @@
{
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__cmp__", object))
+ if (check(checker, "__cmp__", object, interaction))
return PyObject_Compare(object, other);
return -1;
}
@@ -370,8 +396,9 @@
{
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__hash__", object))
+ if (check(checker, "__hash__", object, interaction))
return PyObject_Hash(object);
return -1;
}
@@ -382,12 +409,13 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__call__", object)) {
+ if (check(checker, "__call__", object, interaction)) {
result = PyObject_Call(object, args, kwds);
if (result != NULL)
result = PyObject_CallMethod(
- checker, "proxy", "(N)", result);
+ checker, "proxy", "(NO)", result, interaction);
}
return result;
}
@@ -476,23 +504,27 @@
PyObject *result = NULL;
PyObject *object;
PyObject *checker;
+ PyObject *interaction;
if (Proxy_Check(self)) {
object = Proxy_GetObject(self);
checker = Proxy_GetChecker(self);
- if (check(checker, "__pow__", object))
+ interaction = Proxy_GetInteraction(self);
+ if (check(checker, "__pow__", object, interaction))
result = PyNumber_Power(object, other, modulus);
}
else if (Proxy_Check(other)) {
object = Proxy_GetObject(other);
checker = Proxy_GetChecker(other);
- if (check(checker, "__rpow__", object))
+ interaction = Proxy_GetInteraction(other);
+ if (check(checker, "__rpow__", object, interaction))
result = PyNumber_Power(self, object, modulus);
}
else if (modulus != NULL && Proxy_Check(modulus)) {
object = Proxy_GetObject(modulus);
checker = Proxy_GetChecker(modulus);
- if (check(checker, "__3pow__", object))
+ interaction = Proxy_GetInteraction(modulus);
+ if (check(checker, "__3pow__", object, interaction))
result = PyNumber_Power(self, other, modulus);
}
else {
@@ -500,7 +532,8 @@
return Py_NotImplemented;
}
if (result != NULL)
- result = PyObject_CallMethod(checker, "proxy", "(N)", result);
+ result = PyObject_CallMethod(checker, "proxy", "(NO)", result,
+ interaction);
return result;
}
@@ -517,12 +550,14 @@
PyObject *other = *p_other;
PyObject *object;
PyObject *checker;
+ PyObject *interaction;
assert(Proxy_Check(self));
object = Proxy_GetObject(self);
checker = Proxy_GetChecker(self);
+ interaction = Proxy_GetInteraction(self);
- if (check(checker, "__coerce__", object)) {
+ if (check(checker, "__coerce__", object, interaction)) {
PyObject *left = object;
PyObject *right = other;
int r;
@@ -540,7 +575,7 @@
}
else {
left = PyObject_CallMethod(checker, "proxy",
- "(N)", left);
+ "(NO)", left, interaction);
if (left == NULL) {
Py_DECREF(right);
return -1;
@@ -548,7 +583,8 @@
}
if (right != other) {
right = PyObject_CallMethod(checker, "proxy",
- "(N)", right);
+ "(NO)", right,
+ interaction);
if (right == NULL) {
Py_DECREF(left);
return -1;
@@ -570,8 +606,9 @@
{
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__nonzero__", object))
+ if (check(checker, "__nonzero__", object, interaction))
return PyObject_IsTrue(object);
return -1;
}
@@ -609,8 +646,9 @@
{
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__len__", object))
+ if (check(checker, "__len__", object, interaction))
return PyObject_Length(object);
return -1;
}
@@ -652,12 +690,13 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__getslice__", object)) {
+ if (check(checker, "__getslice__", object, interaction)) {
result = PySequence_GetSlice(object, start, end);
if (result != NULL)
result = PyObject_CallMethod(
- checker, "proxy", "(N)", result);
+ checker, "proxy", "(NO)", result, interaction);
}
return result;
}
@@ -667,8 +706,9 @@
{
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__setslice__", object))
+ if (check(checker, "__setslice__", object, interaction))
return PySequence_SetSlice(object, i, j, value);
return -1;
}
@@ -678,8 +718,9 @@
{
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__contains__", object))
+ if (check(checker, "__contains__", object, interaction))
return PySequence_Contains(object, value);
return -1;
}
@@ -694,12 +735,13 @@
PyObject *result = NULL;
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
- if (check(checker, "__getitem__", object)) {
+ if (check(checker, "__getitem__", object, interaction)) {
result = PyObject_GetItem(object, key);
if (result != NULL)
result = PyObject_CallMethod(
- checker, "proxy", "(N)", result);
+ checker, "proxy", "(NO)", result, interaction);
}
return result;
}
@@ -709,13 +751,14 @@
{
PyObject *object = Proxy_GetObject(self);
PyObject *checker = Proxy_GetChecker(self);
+ PyObject *interaction = Proxy_GetInteraction(self);
if (value == NULL) {
- if (check(checker, "__delitem__", object))
+ if (check(checker, "__delitem__", object, interaction))
return PyObject_DelItem(object, key);
}
else {
- if (check(checker, "__setitem__", object))
+ if (check(checker, "__setitem__", object, interaction))
return PyObject_SetItem(object, key, value);
}
return -1;
@@ -797,10 +840,11 @@
where 'object' is an arbitrary object, and 'checker' is an object\n\
whose signature is described by the IChecker interface.\n\
A checker should have the following methods:\n\
- check(object, operation) # operation is e.g. '__add__' or '__hash__'\n\
- check_getattr(object, name)\n\
- check_setattr(object, name)\n\
- proxy(object)\n\
+ check(object, operation, interaction) # operation is e.g. '__add__' or\n\
+ # '__hash__'\n\
+ check_getattr(object, name, interaction)\n\
+ check_setattr(object, name, interaction)\n\
+ proxy(object, interaction)\n\
The check methods should raise an exception if the operation is\n\
disallowed. The proxy method should return a proxy for the object\n\
if one is needed, otherwise the object itself.\n\
@@ -866,9 +910,26 @@
return result;
}
+static PyObject *
+module_getInteraction(PyObject *self, PyObject *arg)
+{
+ PyObject *result;
+
+ if (!Proxy_Check(arg)) {
+ PyErr_SetString(PyExc_TypeError,
+ "getInteraction argument must be a _Proxy");
+ return NULL;
+ }
+ result = Proxy_GetInteraction(arg);
+ Py_INCREF(result);
+ return result;
+}
+
static PyMethodDef
module_functions[] = {
{"getChecker", module_getChecker, METH_O, "get checker from proxy"},
+ {"getInteraction", module_getInteraction, METH_O,
+ "get interaction from proxy"},
{NULL}
};
=== Zope3/src/zope/security/checker.py 1.43 => 1.43.18.1 ===
--- Zope3/src/zope/security/checker.py:1.43 Wed Dec 3 00:41:50 2003
+++ Zope3/src/zope/security/checker.py Mon Feb 23 14:18:06 2004
@@ -37,7 +37,7 @@
from zope.security.interfaces import IChecker, INameBasedChecker
from zope.security.interfaces import ISecurityProxyFactory
from zope.security.management import getSecurityManager
-from zope.security._proxy import _Proxy as Proxy, getChecker
+from zope.security._proxy import _Proxy as Proxy, getChecker, getInteraction
from zope.exceptions import Unauthorized, ForbiddenAttribute, DuplicationError
__metaclass__ = type
@@ -51,12 +51,18 @@
WATCH_CHECKERS = 0
-def ProxyFactory(object, checker=None):
+def ProxyFactory(object, checker=None, interaction=None):
"""Factory function that creates a proxy for an object
The proxy checker is looked up if not provided.
+
+ XXX maybe interaction should be a required argument
"""
if type(object) is Proxy:
+ # XXX This code catches attempty to substitute the checker on an
+ # existing proxy. What about trying to substitute interaction --
+ # should the code ignore it, return a new proxy with a different
+ # interaction or raise TypeError?
if checker is None or checker is getChecker(object):
return object
else:
@@ -82,7 +88,7 @@
pass
# XXX This is odd. We're being asked to use a checker that is
# not the "natural" one for this object.
- return Proxy(object, checker)
+ return Proxy(object, checker, interaction)
directlyProvides(ProxyFactory, ISecurityProxyFactory)
@@ -132,11 +138,11 @@
'See INameBasedChecker'
return self._setattr_permission_func(name)
- def check_getattr(self, object, name):
+ def check_getattr(self, object, name, interaction):
'See IChecker'
- self.check(object, name)
+ self.check(object, name, interaction)
- def check_setattr(self, object, name):
+ def check_setattr(self, object, name, interaction):
'See IChecker'
permission = self._setattr_permission_func(name)
if permission is not None:
@@ -152,7 +158,7 @@
__traceback_supplement__ = (TracebackSupplement, object)
raise ForbiddenAttribute, (name, object)
- def check(self, object, name):
+ def check(self, object, name, interaction):
'See IChecker'
permission = self._permission_func(name)
if permission is not None:
@@ -171,7 +177,7 @@
__traceback_supplement__ = (TracebackSupplement, object)
raise ForbiddenAttribute, (name, object)
- def proxy(self, value):
+ def proxy(self, value, interaction):
'See IChecker'
checker = getattr(value, '__Security_checker__', None)
if checker is None:
@@ -179,7 +185,7 @@
if checker is None:
return value
- return Proxy(value, checker)
+ return Proxy(value, checker, interaction)
class CombinedChecker(TrustedCheckerBase):
@@ -205,40 +211,40 @@
self._checker1 = checker1
self._checker2 = checker2
- def check(self, object, name):
+ def check(self, object, name, interaction):
'See IChecker'
try:
- self._checker1.check(object, name)
+ self._checker1.check(object, name, interaction)
except ForbiddenAttribute:
- self._checker2.check(object, name)
+ self._checker2.check(object, name, interaction)
except Unauthorized, unauthorized_exception:
- try: self._checker2.check(object, name)
+ try: self._checker2.check(object, name, interaction)
except ForbiddenAttribute:
raise unauthorized_exception
- def check_getattr(self, object, name):
+ def check_getattr(self, object, name, interaction):
'See IChecker'
try:
- self._checker1.check_getattr(object, name)
+ self._checker1.check_getattr(object, name, interaction)
except ForbiddenAttribute:
- self._checker2.check_getattr(object, name)
+ self._checker2.check_getattr(object, name, interaction)
except Unauthorized, unauthorized_exception:
- try: self._checker2.check_getattr(object, name)
+ try: self._checker2.check_getattr(object, name, interaction)
except ForbiddenAttribute:
raise unauthorized_exception
- def check_setattr(self, object, name):
+ def check_setattr(self, object, name, interaction):
'See IChecker'
try:
- self._checker1.check_setattr(object, name)
+ self._checker1.check_setattr(object, name, interaction)
except ForbiddenAttribute:
- self._checker2.check_setattr(object, name)
+ self._checker2.check_setattr(object, name, interaction)
except Unauthorized, unauthorized_exception:
- try: self._checker2.check_setattr(object, name)
+ try: self._checker2.check_setattr(object, name, interaction)
except ForbiddenAttribute:
raise unauthorized_exception
- def proxy(self, value):
+ def proxy(self, value, interaction):
'See IChecker'
checker = getattr(value, '__Security_checker__', None)
if checker is None:
@@ -246,7 +252,7 @@
if checker is None:
return value
- return Proxy(value, checker)
+ return Proxy(value, checker, interaction)
class DecoratedChecker(TrustedCheckerBase):
@@ -296,7 +302,7 @@
permission = self._original_checker.setattr_permission_id(name)
return permission
- def check(self, object, name):
+ def check(self, object, name, interaction):
'See IChecker'
permission = self._permission_func(name)
if permission is not None:
@@ -310,10 +316,10 @@
raise Unauthorized, name
else:
# let the original checker decide
- self._original_checker.check(object, name)
+ self._original_checker.check(object, name, interaction)
return
- def check_getattr(self, object, name):
+ def check_getattr(self, object, name, interaction):
'See IChecker'
permission = self._permission_func(name)
if permission is not None:
@@ -327,10 +333,10 @@
raise Unauthorized, name
else:
# let the original checker decide
- self._original_checker.check_getattr(object, name)
+ self._original_checker.check_getattr(object, name, interaction)
return
- def check_setattr(self, object, name):
+ def check_setattr(self, object, name, interaction):
'See IChecker'
permission = self._setattr_permission_func(name)
if permission is not None:
@@ -344,10 +350,10 @@
raise Unauthorized, name
else:
# let the original checker decide
- self._original_checker.check_setattr(object, name)
+ self._original_checker.check_setattr(object, name, interaction)
return
- def proxy(self, value):
+ def proxy(self, value, interaction):
'See IChecker'
checker = getattr(value, '__Security_checker__', None)
if checker is None:
@@ -355,73 +361,76 @@
if checker is None:
return value
- return Proxy(value, checker)
+ return Proxy(value, checker, interaction)
class CheckerLoggingMixin:
"""Debugging mixin for checkers.
Prints verbose debugging information about every performed check to
- sys.stderr.
+ stderr.
- If verbosity is set to 1, only displays Unauthorized and Forbidden messages.
- If verbosity is set to a larger number, displays all messages.
+ If verbosity is set to 1, only displays Unauthorized and Forbidden
+ messages. If verbosity is set to a larger number, displays all messages.
"""
+ stderr = sys.stderr
verbosity = 1
- def check(self, object, name):
+ def check(self, object, name, interaction):
try:
- super(CheckerLoggingMixin, self).check(object, name)
+ super(CheckerLoggingMixin, self).check(object, name, interaction)
if self.verbosity > 1:
if name in _always_available:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] + Always available: %s on %r' % (name, object))
else:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] + Granted: %s on %r' % (name, object))
except Unauthorized:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] - Unauthorized: %s on %r' % (name, object))
raise
except ForbiddenAttribute:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] - Forbidden: %s on %r' % (name, object))
raise
- def check_getattr(self, object, name):
+ def check_getattr(self, object, name, interaction):
try:
- super(CheckerLoggingMixin, self).check(object, name)
+ super(CheckerLoggingMixin, self).check_getattr(object, name,
+ interaction)
if self.verbosity > 1:
if name in _always_available:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] + Always available getattr: %s on %r'
% (name, object))
else:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] + Granted getattr: %s on %r'
% (name, object))
except Unauthorized:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] - Unauthorized getattr: %s on %r' % (name, object))
raise
except ForbiddenAttribute:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] - Forbidden getattr: %s on %r' % (name, object))
raise
- def check_setattr(self, object, name):
+ def check_setattr(self, object, name, interaction):
try:
- super(CheckerLoggingMixin, self).check_setattr(object, name)
+ super(CheckerLoggingMixin, self).check_setattr(object, name,
+ interaction)
if self.verbosity > 1:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] + Granted setattr: %s on %r' % (name, object))
except Unauthorized:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] - Unauthorized setattr: %s on %r' % (name, object))
raise
except ForbiddenAttribute:
- print >> sys.stderr, (
+ print >> self.stderr, (
'[CHK] - Forbidden setattr: %s on %r' % (name, object))
raise
@@ -490,7 +499,8 @@
# Now we wrap it in a security proxy so that it retains it's
# identity when it needs to be security proxied.
d={}
-CheckerPublic = Proxy(CheckerPublic, Checker(d))
+CheckerPublic = Proxy(CheckerPublic, Checker(d), None)
+ # XXX interaction is None -- is it OK?
d['__reduce__'] = CheckerPublic
del d
=== Zope3/src/zope/security/interfaces.py 1.8 => 1.8.2.1 ===
--- Zope3/src/zope/security/interfaces.py:1.8 Fri Feb 20 15:42:12 2004
+++ Zope3/src/zope/security/interfaces.py Mon Feb 23 14:18:06 2004
@@ -54,7 +54,7 @@
class ISecurityProxyFactory(Interface):
- def __call__(object, checker=None):
+ def __call__(object, checker=None, interaction=None):
"""Create a security proxy
If a checker is given, then use it, otherwise, try to figure
@@ -62,6 +62,8 @@
If the object is already a security proxy, then it will be
returned.
+
+ XXX maybe interaction should be a required argument
"""
# XXX This interface has too much Zope application dependence. This
@@ -128,24 +130,24 @@
Example (for __getitem__):
- checker.check(ob, \"__getitem__\")
- return checker.proxy(ob[key])
+ checker.check(ob, \"__getitem__\", interaction)
+ return checker.proxy(ob[key], interaction)
"""
- def check_getattr(ob, name):
+ def check_getattr(ob, name, interaction):
"""Check whether attribute access is allowed."""
- def check_setattr(ob, name):
+ def check_setattr(ob, name, interaction):
"""Check whether attribute assignment is allowed."""
- def check(ob, operation):
+ def check(ob, operation, interaction):
"""Check whether operation is allowed.
The operation name is the Python special method name,
e.g. "__getitem__".
"""
- def proxy(value):
+ def proxy(value, interaction):
"""Return a security proxy for the value."""
@@ -190,3 +192,17 @@
Attribute('user',
'The AUTHENTICATED_USER for the request.'
)
+
+
+class IInteraction(Interface):
+ """A representation of an interaction between some actors and the system.
+ """
+
+ principals = Attribute("""An iterable of principals.""")
+
+ def add(principal):
+ """Add a participant."""
+
+ def remove(principal):
+ """Remove a participant."""
+
=== Zope3/src/zope/security/proxy.py 1.9 => 1.9.2.1 ===
--- Zope3/src/zope/security/proxy.py:1.9 Fri Feb 20 15:42:12 2004
+++ Zope3/src/zope/security/proxy.py Mon Feb 23 14:18:06 2004
@@ -17,6 +17,7 @@
"""
from zope.proxy import getProxiedObject
from zope.security._proxy import getChecker
+from zope.security._proxy import getInteraction
from zope.security._proxy import _Proxy as Proxy
from zope.security.checker import TrustedCheckerBase
=== Zope3/src/zope/security/readme.txt 1.5 => 1.5.12.1 ===
--- Zope3/src/zope/security/readme.txt:1.5 Wed Jan 14 17:55:35 2004
+++ Zope3/src/zope/security/readme.txt Mon Feb 23 14:18:06 2004
@@ -16,7 +16,7 @@
Permission
- A kind of access, i.e. permission to READ vs. permission to
+ A kind of access, e.g. permission to READ vs. permission to
WRITE. Fundamentally the whole security framework is organized
around checking permissions on objects.
More information about the Zope3-Checkins
mailing list