Log message for revision 40420: Add interface and tests for AccessControl.SecurityManager. o The new tests are amphibious: they exercise both the Python and the C implementations, ensuring that they remain in sync.
Changed: U Zope/trunk/lib/python/AccessControl/ImplPython.py U Zope/trunk/lib/python/AccessControl/interfaces.py A Zope/trunk/lib/python/AccessControl/tests/testSecurityManager.py -=- Modified: Zope/trunk/lib/python/AccessControl/ImplPython.py =================================================================== --- Zope/trunk/lib/python/AccessControl/ImplPython.py 2005-11-30 00:55:24 UTC (rev 40419) +++ Zope/trunk/lib/python/AccessControl/ImplPython.py 2005-11-30 03:40:57 UTC (rev 40420) @@ -22,6 +22,7 @@ from Acquisition import aq_acquire from ExtensionClass import Base from zLOG import LOG, BLATHER, PROBLEM +from zope.interface import implements # This is used when a permission maps explicitly to no permission. We # try and get this from cAccessControl first to make sure that if both @@ -33,6 +34,7 @@ from AccessControl import SecurityManagement from AccessControl import Unauthorized +from AccessControl.interfaces import ISecurityManager from AccessControl.SimpleObjectPolicies import Containers, _noroles from AccessControl.ZopeGuards import guarded_getitem @@ -491,7 +493,7 @@ """A security manager provides methods for checking access and managing executable context and policies """ - + implements(ISecurityManager) __allow_access_to_unprotected_subobjects__ = { 'validate': 1, 'checkPermission': 1, 'getUser': 1, 'calledByExecutable': 1 Modified: Zope/trunk/lib/python/AccessControl/interfaces.py =================================================================== --- Zope/trunk/lib/python/AccessControl/interfaces.py 2005-11-30 00:55:24 UTC (rev 40419) +++ Zope/trunk/lib/python/AccessControl/interfaces.py 2005-11-30 03:40:57 UTC (rev 40420) @@ -15,6 +15,7 @@ $Id$ """ +from AccessControl.SimpleObjectPolicies import _noroles from zope.interface import Attribute from zope.interface import Interface @@ -280,3 +281,104 @@ def getUserNames(): """Get a sequence of names of the users which reside in the user folder. """ + +class ISecurityManager(Interface): + """Checks access and manages executable context and policies. + """ + _policy = Attribute(u'Current Security Policy') + + def validate(accessed=None, + container=None, + name=None, + value=None, + roles=_noroles, + ): + """Validate access. + + Arguments: + + accessed -- the object that was being accessed + + container -- the object the value was found in + + name -- The name used to access the value + + value -- The value retrieved though the access. + + roles -- The roles of the object if already known. + + The arguments may be provided as keyword arguments. Some of these + arguments may be ommitted, however, the policy may reject access + in some cases when arguments are ommitted. It is best to provide + all the values possible. + """ + + def DTMLValidate(accessed=None, + container=None, + name=None, + value=None, + md=None, + ): + """Validate access. + * THIS EXISTS FOR DTML COMPATIBILITY * + + Arguments: + + accessed -- the object that was being accessed + + container -- the object the value was found in + + name -- The name used to access the value + + value -- The value retrieved though the access. + + md -- multidict for DTML (ignored) + + The arguments may be provided as keyword arguments. Some of these + arguments may be ommitted, however, the policy may reject access + in some cases when arguments are ommitted. It is best to provide + all the values possible. + + """ + + def checkPermission(permission, object): + """Check whether the security context allows the given permission on + the given object. + + Arguments: + + permission -- A permission name + + object -- The object being accessed according to the permission + """ + + def addContext(anExecutableObject): + """Add an ExecutableObject to the current security context. + + o If it declares a custom security policy, make that policy + "current"; otherwise, make the "default" security policy + current. + """ + + def removeContext(anExecutableObject): + """Remove an ExecutableObject from the current security context. + + o Remove all objects from the top of the stack "down" to the + supplied object. + + o If the top object on the stack declares a custom security policy, + make that policy "current". + + o If the stack is empty, or if the top declares no custom security + policy, restore the 'default" security policy as current. + """ + + def getUser(): + """Get the currently authenticated user + """ + + def calledByExecutable(): + """Return a boolean value indicating whether this context was called + in the context of an by an executable (i.e., one added via + 'addContext'). + """ Copied: Zope/trunk/lib/python/AccessControl/tests/testSecurityManager.py (from rev 40419, Zope/branches/2.9/lib/python/AccessControl/tests/testSecurityManager.py) _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins