[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/ Permissions were being checked by individual directive handlers

Jim Fulton jim at zope.com
Fri Jun 4 09:50:38 EDT 2004


Log message for revision 25251:
Permissions were being checked by individual directive handlers
even though permissions are now checked by permission schema
fields. This work is redundant and doesn't provide suffient control.




-=-
Modified: Zope3/trunk/src/zope/app/component/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/component/metaconfigure.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/component/metaconfigure.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -25,7 +25,6 @@
 
 from zope.app import zapi
 from zope.app.component.interface import queryInterface
-from zope.app.security.permission import checkPermission 
 from zope.app.servicenames import Adapters, Presentation
 
 PublicPermission = 'zope.Public'
@@ -48,12 +47,6 @@
 # the interface service.
 from zope.app.component.interface import provideInterface
 
-def checkingHandler(permission=None, *args, **kw):
-    """Check if permission is defined"""
-    if permission is not None:
-        checkPermission(None, permission)
-    handler(*args, **kw)
-
 def managerHandler(methodName, *args, **kwargs):
     method=getattr(zapi.getGlobalServices(), methodName)
     method(*args, **kwargs)
@@ -106,8 +99,8 @@
 
     _context.action(
         discriminator = None,
-        callable = checkingHandler,
-        args = (permission, Adapters, 'subscribe',
+        callable = handler,
+        args = (Adapters, 'subscribe',
                 for_, provides, factory),
         )
 
@@ -154,8 +147,8 @@
 
     _context.action(
         discriminator = ('adapter', for_, provides, name),
-        callable = checkingHandler,
-        args = (permission, Adapters, 'register',
+        callable = handler,
+        args = (Adapters, 'register',
                 for_, provides, name, factory, _context.info),
         )
     _context.action(
@@ -188,8 +181,8 @@
 
     _context.action(
         discriminator = ('utility', provides, name),
-        callable = checkingHandler,
-        args = (permission, 'Utilities', 'provideUtility',
+        callable = handler,
+        args = ('Utilities', 'provideUtility',
                 provides, component, name),
         )
     _context.action(
@@ -252,8 +245,8 @@
 
     _context.action(
         discriminator = ('resource', name, type, layer, provides),
-        callable = checkingHandler,
-        args = (permission, Presentation, 'provideResource',
+        callable = handler,
+        args = (Presentation, 'provideResource',
                 name, type, factory, layer, provides),
         )
     _context.action(
@@ -319,8 +312,8 @@
 
     _context.action(
         discriminator = ('view', for_, name, type, layer, provides),
-        callable = checkingHandler,
-        args = (permission, Presentation, 'provideAdapter',
+        callable = handler,
+        args = (Presentation, 'provideAdapter',
                 type, factory, name, for_, provides, layer, _context.info),
         )
     if type is not None:

Modified: Zope3/trunk/src/zope/app/container/browser/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/container/browser/metaconfigure.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/container/browser/metaconfigure.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -22,6 +22,7 @@
 from zope.app.container.browser.contents import Contents
 from zope.app.container.browser.adding import Adding
 from zope.app.i18n import ZopeMessageIDFactory as _
+from zope.app.security.fields import Permission
 
 class IContainerViews(Interface):
     """Define a container views"""
@@ -34,17 +35,17 @@
         required=True
         )
      
-    contents = Id(
+    contents = Permission(
         title=u"The permission needed for content page.",
         required=False,
         )
 
-    index = Id(
+    index = Permission(
         title=u"The permission needed for index page.",
         required=False,
         )
 
-    add = Id(
+    add = Permission(
         title=u"The permission needed for add page.",
         required=False,
         )

Modified: Zope3/trunk/src/zope/app/container/browser/tests/test_directive.py
===================================================================
--- Zope3/trunk/src/zope/app/container/browser/tests/test_directive.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/container/browser/tests/test_directive.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -63,9 +63,6 @@
        'zope.ManageContent',
        None)),
      (None,
-      <function checkPermission>,
-      (None, 'zope.ManageContent')),
-     (None,
       <function provideInterface>,
       ('',
        <InterfaceClass zope.app.container.browser.tests.test_directive.I>)),
@@ -85,9 +82,6 @@
        'default',
        'info')),
      (None,
-      <function checkPermission>,
-      (None, 'zope.View')),
-     (None,
       <function provideInterface>,
       ('',
        <InterfaceClass zope.app.container.browser.tests.test_directive.I>)),
@@ -120,9 +114,6 @@
        'zope.ManageContent',
        None)),
      (None,
-      <function checkPermission>,
-      (None, 'zope.ManageContent')),
-     (None,
       <function provideInterface>,
       ('',
        <InterfaceClass zope.app.container.browser.tests.test_directive.I>)),

Modified: Zope3/trunk/src/zope/app/publisher/browser/globalbrowsermenuservice.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/globalbrowsermenuservice.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/publisher/browser/globalbrowsermenuservice.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -22,8 +22,6 @@
 from zope.interface import implements
 from zope.security.checker import CheckerPublic
 from zope.security import checkPermission
-from zope.app.security.permission import checkPermission \
-                                            as checkPermissionDefined
 from zope.app.component.metaconfigure import handler
 from zope.app.publisher.interfaces.browser import IBrowserMenuService
 from zope.app.publisher.interfaces.browser import IGlobalBrowserMenuService
@@ -268,8 +266,6 @@
         if permission:
             if permission == 'zope.Public':
                 permission = CheckerPublic
-            else:
-                checkPermissionDefined(None, permission)
 
         data = registry.get(interface) or []
         data.append(

Modified: Zope3/trunk/src/zope/app/publisher/browser/tests/test_addMenuItem.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/tests/test_addMenuItem.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/publisher/browser/tests/test_addMenuItem.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -1,4 +1,4 @@
-##############################################################################
+#############################################################################
 #
 # Copyright (c) 2003 Zope Corporation and Contributors.
 # All Rights Reserved.
@@ -21,9 +21,8 @@
 ((('utility',
    <InterfaceClass zope.component.interfaces.IFactory>,
    'zope.app.browser.add.X.f1'),
-  <function checkingHandler>,
-  (Global(CheckerPublic,zope.security.checker),
-   'Utilities',
+  <function handler>,
+  ('Utilities',
    'provideUtility',
    <InterfaceClass zope.component.interfaces.IFactory>,
    <zope.component.factory.Factory object>,
@@ -134,9 +133,8 @@
     ((('utility',
        <InterfaceClass zope.component.interfaces.IFactory>,
        'zope.app.browser.add.X.f1'),
-      <function checkingHandler>,
-      (Global(CheckerPublic,zope.security.checker),
-       'Utilities',
+      <function handler>,
+      ('Utilities',
        'provideUtility',
        <InterfaceClass zope.component.interfaces.IFactory>,
        <zope.component.factory.Factory object>,

Modified: Zope3/trunk/src/zope/app/publisher/browser/viewmeta.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/browser/viewmeta.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/publisher/browser/viewmeta.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -420,12 +420,6 @@
 def _handle_permission(_context, permission):
     if permission == 'zope.Public':
         permission = CheckerPublic
-    else:
-        _context.action(
-            discriminator = None,
-            callable = checkPermission,
-            args = (None, permission)
-            )
 
     return permission
 

Modified: Zope3/trunk/src/zope/app/security/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/security/metaconfigure.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/security/metaconfigure.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -43,7 +43,6 @@
 
     If there isn't a checker for the module, create one.
     """
-    checkPermission(None, permission)
 
     checker = moduleChecker(module)
     if checker is None:

Modified: Zope3/trunk/src/zope/app/security/protectclass.py
===================================================================
--- Zope3/trunk/src/zope/app/security/protectclass.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/security/protectclass.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -24,7 +24,6 @@
 
 def protectName(class_, name, permission):
     """Set a permission on a particular name."""
-    checkPermission(None, permission)
 
     checker = getCheckerForInstancesOf(class_)
     if checker is None:
@@ -41,7 +40,6 @@
 
 def protectSetAttribute(class_, name, permission):
     """Set a permission on a particular name."""
-    checkPermission(None, permission)
 
     checker = getCheckerForInstancesOf(class_)
     if checker is None:

Modified: Zope3/trunk/src/zope/app/security/tests/test_directives.py
===================================================================
--- Zope3/trunk/src/zope/app/security/tests/test_directives.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/security/tests/test_directives.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -51,14 +51,7 @@
     Initially, there's no checker defined for the module:
 
     >>> moduleChecker(test_directives)
-    
-    Should get an error if a permission isn't defined before it's used:
-
-    >>> metaconfigure.protectModule(test_directives, 'foo', test_perm)
-    Traceback (most recent call last):
-    ...
-    ValueError: ('Undefined permission id', 'zope.app.security.metaconfigure.test')
-    
+        
     >>> perm = Permission(test_perm, '')
     >>> ztapi.provideUtility(IPermission, perm, test_perm)
     >>> metaconfigure.protectModule(test_directives, 'foo', test_perm)

Modified: Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -116,7 +116,6 @@
         ''' See the interface IPrincipalPermissionManager '''
 
         if check:
-            checkPermission(None, permission_id)
             checkPrincipal(None, principal_id)
 
         self.addCell(permission_id, principal_id, Allow)
@@ -132,7 +131,6 @@
         ''' See the interface IPrincipalPermissionManager '''
 
         if check:
-            checkPermission(None, permission_id)
             checkPrincipal(None, principal_id)
 
         self.addCell(permission_id, principal_id, Deny)

Modified: Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -165,7 +165,6 @@
 
         if check:
             checkRole(None, role_id)
-            checkPermission(None, permission_id)
 
         self.addCell(permission_id, role_id, Allow)
 
@@ -178,7 +177,6 @@
 
         if check:
             checkRole(None, role_id)
-            checkPermission(None, permission_id)
 
         self.addCell(permission_id, role_id, Deny)
 

Modified: Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -61,15 +61,6 @@
         self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
 
 
-    def test_invalidPermission(self):
-        self.assertRaises(ValueError,
-                          manager.grantPermissionToPrincipal,
-                          'permission', 'principal')
-        principal = self._make_principal()
-        self.assertRaises(ValueError,
-                          manager.grantPermissionToPrincipal,
-                          'permission', principal)
-
     def test_invalidPrincipal(self):
         permission = definePermission('APerm', 'title').id
         self.assertRaises(ValueError,

Modified: Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -121,12 +121,6 @@
         self.assertRaises(ValueError,
                           manager.grantPermissionToRole, perm1, 'role1'
                           )
-
-    def test_invalidPerm(self):
-        role1 = defineRole('Role One', 'Role #1').id
-        self.assertRaises(ValueError,
-                          manager.grantPermissionToRole, 'perm1', role1
-                          )
         
 
 def test_suite():

Modified: Zope3/trunk/src/zope/app/site/browser/tests/test_directives.py
===================================================================
--- Zope3/trunk/src/zope/app/site/browser/tests/test_directives.py	2004-06-04 13:48:39 UTC (rev 25250)
+++ Zope3/trunk/src/zope/app/site/browser/tests/test_directives.py	2004-06-04 13:50:37 UTC (rev 25251)
@@ -58,7 +58,7 @@
     <InterfaceClass zope.interface.Interface>
     >>> view['callable'].__module__
     'zope.app.component.metaconfigure'
-    >>> view['args'][5]
+    >>> view['args'][4]
     'manageIDummyUtilityTool.html'
     """
 
@@ -89,7 +89,7 @@
     <InterfaceClass zope.interface.Interface>
     >>> view['callable'].__module__
     'zope.app.component.metaconfigure'
-    >>> view['args'][5]
+    >>> view['args'][4]
     'manageILocalServiceTool.html'
     """
 




More information about the Zope3-Checkins mailing list