[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/securitypolicy/ Added a new configuration directive to grant all permissions to a

Jim Fulton jim at zope.com
Mon May 17 06:06:11 EDT 2004


Log message for revision 24770:

Added a new configuration directive to grant all permissions to a
role or principal.



-=-
Modified: Zope3/trunk/src/zope/app/securitypolicy/meta.zcml
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/meta.zcml	2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/meta.zcml	2004-05-17 10:06:10 UTC (rev 24770)
@@ -7,6 +7,11 @@
                   handler=".metaconfigure.grant" />
 
   <meta:directive namespace="http://namespaces.zope.org/zope"
+                  name="grantAll"
+                  schema=".metadirectives.IGrantAllDirective"
+                  handler=".metaconfigure.grantAll" />
+
+  <meta:directive namespace="http://namespaces.zope.org/zope"
                   name="role"
                   schema=".metadirectives.IDefineRoleDirective"
                   handler=".metaconfigure.defineRole" />

Modified: Zope3/trunk/src/zope/app/securitypolicy/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/metaconfigure.py	2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/metaconfigure.py	2004-05-17 10:06:10 UTC (rev 24770)
@@ -29,10 +29,12 @@
 
 
 def grant(_context, principal=None, role=None, permission=None):
-    if ( (principal is not None)
-        + (role is not None)
-        + (permission is not None)
-          ) != 2:
+    nspecified = ((principal is not None)
+                  + (role is not None)
+                  + (permission is not None)
+                  )
+
+    if nspecified != 2:
         raise ConfigurationError(
             "Exactly two of the principal, role, and permission attributes "
             "must be specified")
@@ -42,22 +44,51 @@
             _context.action(
                 discriminator = ('grantRoleToPrincipal', role, principal),
                 callable = principal_role_mgr.assignRoleToPrincipal,
-                args = (role, principal) )
-
-        if permission:
+                args = (role, principal)
+                )
+        else:
             _context.action(
                 discriminator = ('grantPermissionToPrincipal',
                                  permission,
                                  principal),
                 callable = principal_perm_mgr.grantPermissionToPrincipal,
-                args = (permission, principal) )
+                args = (permission, principal)
+                )
     else:
         _context.action(
             discriminator = ('grantPermissionToRole', permission, role),
             callable = role_perm_mgr.grantPermissionToRole,
-            args = (permission, role) )
+            args = (permission, role)
+            )
 
+def grantAll(_context, principal=None, role=None):
+    """Grant all permissions to a role or principal
+    """
+    nspecified = ((principal is not None)
+                  + (role is not None)
+                  )
 
+    if nspecified != 1:
+        raise ConfigurationError(
+            "Exactly one of the principal and role attributes "
+            "must be specified")
+
+    if principal:
+        _context.action(
+            discriminator = ('grantAllPermissionsToPrincipal',
+                             principal),
+            callable =
+            principal_perm_mgr.grantAllPermissionsToPrincipal,
+            args = (principal, )
+            )
+    else:
+        _context.action(
+            discriminator = ('grantAllPermissionsToRole', role),
+            callable = role_perm_mgr.grantAllPermissionsToRole,
+            args = (role, )
+            )
+
+
 def defineRole(_context, id, title, description=''):
     role = Role(id, title, description)
     utility(_context, IRole, role, name=id)

Modified: Zope3/trunk/src/zope/app/securitypolicy/metadirectives.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/metadirectives.py	2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/metadirectives.py	2004-05-17 10:06:10 UTC (rev 24770)
@@ -20,7 +20,7 @@
 from zope.app.security.metadirectives import IBaseDefineDirective
 from zope.app.security.fields import Permission
 
-class IGrantDirective(Interface):
+class IGrantAllDirective(Interface):
     """Grant Permissions to roles and principals and roles to principals."""
 
     principal = Id(
@@ -28,16 +28,19 @@
         description=u"Specifies the Principal to be mapped.",
         required=False)
 
+    role = Id(
+        title=u"Role",
+        description=u"Specifies the Role to be mapped.",
+        required=False)
+
+class IGrantDirective(IGrantAllDirective):
+    """Grant Permissions to roles and principals and roles to principals."""
+
     permission = Permission(
         title=u"Permission",
         description=u"Specifies the Permission to be mapped.",
         required=False)
 
-    role = Id(
-        title=u"Role",
-        description=u"Specifies the Role to be mapped.",
-        required=False)
-
 class IDefineRoleDirective(IBaseDefineDirective):
     """Define a new role."""
 

Modified: Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py	2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/principalpermission.py	2004-05-17 10:06:10 UTC (rev 24770)
@@ -22,7 +22,7 @@
 
 from zope.app.security.settings import Allow, Deny, Unset
 from zope.app.security.principal import checkPrincipal
-from zope.app.security.permission import checkPermission
+from zope.app.security.permission import checkPermission, allPermissions
 
 from zope.app.securitypolicy.securitymap import SecurityMap
 
@@ -121,6 +121,12 @@
 
         self.addCell(permission_id, principal_id, Allow)
 
+    def grantAllPermissionsToPrincipal(self, principal_id):
+        ''' See the interface IPrincipalPermissionManager '''
+
+        for permission_id in allPermissions(None):
+            self.grantPermissionToPrincipal(permission_id, principal_id, False)
+
     def denyPermissionToPrincipal(self, permission_id, principal_id,
                                   check=True):
         ''' See the interface IPrincipalPermissionManager '''

Modified: Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py	2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/rolepermission.py	2004-05-17 10:06:10 UTC (rev 24770)
@@ -20,7 +20,7 @@
 from zope.app.annotation.interfaces import IAnnotations
 
 from zope.app.security.settings import Allow, Deny, Unset
-from zope.app.security.permission import checkPermission
+from zope.app.security.permission import checkPermission, allPermissions
 from zope.app.securitypolicy.role import checkRole
 
 from zope.app.securitypolicy.interfaces import IRolePermissionManager
@@ -169,6 +169,10 @@
 
         self.addCell(permission_id, role_id, Allow)
 
+    def grantAllPermissionsToRole(self, role_id):
+        for permission_id in allPermissions(None):
+            self.grantPermissionToRole(permission_id, role_id, False)
+
     def denyPermissionToRole(self, permission_id, role_id, check=True):
         '''See interface IRolePermissionMap'''
 

Modified: Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py	2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py	2004-05-17 10:06:10 UTC (rev 24770)
@@ -141,6 +141,16 @@
         self.failUnless((perm1,prin1,Allow) in perms)
         self.failUnless((perm2,prin1,Deny) in perms)
 
+    def testAllPermissions(self):
+        perm1 = definePermission('Perm One', 'title').id
+        perm2 = definePermission('Perm Two', 'title').id
+        prin1 = self._make_principal()
+        manager.grantAllPermissionsToPrincipal(prin1)
+        perms = manager.getPermissionsForPrincipal(prin1)
+        self.assertEqual(len(perms), 2)
+        self.failUnless((perm1,Allow) in perms)
+        self.failUnless((perm2,Allow) in perms)
+
     def testManyPrincipalsOnePermission(self):
         perm1 = definePermission('Perm One', 'title').id
         prin1 = self._make_principal()

Modified: Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py
===================================================================
--- Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py	2004-05-17 10:02:08 UTC (rev 24769)
+++ Zope3/trunk/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py	2004-05-17 10:06:10 UTC (rev 24770)
@@ -79,6 +79,20 @@
         self.assertEqual(len(perms), 2)
         self.failUnless((perm2,Allow) in perms)
 
+    def testAllPermissions(self):
+        perm1 = definePermission('Perm One', 'P1').id
+        perm2 = definePermission('Perm Two', 'P2').id
+        perm3 = definePermission('Perm Three', 'P3').id
+        role1 = defineRole('Role One', 'Role #1').id
+        perms = manager.getPermissionsForRole(role1)
+        self.assertEqual(len(perms), 0)
+        manager.grantAllPermissionsToRole(role1)
+        perms = manager.getPermissionsForRole(role1)
+        self.assertEqual(len(perms), 3)
+        self.failUnless((perm1, Allow) in perms)
+        self.failUnless((perm2, Allow) in perms)
+        self.failUnless((perm3, Allow) in perms)
+
     def testManyRolesOnePermission(self):
         perm1 = definePermission('Perm One', 'title').id
         role1 = defineRole('Role One', 'Role #1').id




More information about the Zope3-Checkins mailing list