Log message for revision 40279:
Warn when an attempt is made to have a security declaration on a
nonexistent method. Removed one such method.
Fixed unclear security declarations. When bug 761 was fixed,
declareProtected(perm) was made illegal, at least one method name was
required. This checkin does the same for declarePrivate() and
declarePublic().
Also there was a bug in that a class having:
security = ClassSecurityInfo()
__ac_permissions__ = ((perm, ()),)
was not equivalent to a class having:
__ac_permissions__ = ((perm, ()),)
This first form had as a buggy side effect have the behavior of
__ac_permissions__ = ((perm, ('')),)
which is equivalent to
__roles__ = PermissonRole(perm)
Not it will simply make the permission available from this object
(with default roles).
Changed:
U Zope/branches/2.9/doc/CHANGES.txt
U Zope/branches/2.9/lib/python/AccessControl/SecurityInfo.py
U Zope/branches/2.9/lib/python/App/class_init.py
U Zope/branches/2.9/lib/python/OFS/ZDOM.py
U Zope/branches/2.9/lib/python/webdav/Lockable.py
-=-
Modified: Zope/branches/2.9/doc/CHANGES.txt
===================================================================
--- Zope/branches/2.9/doc/CHANGES.txt 2005-11-20 20:44:35 UTC (rev 40278)
+++ Zope/branches/2.9/doc/CHANGES.txt 2005-11-20 23:50:04 UTC (rev 40279)
@@ -26,6 +26,9 @@
Features added
+ - Fixed unclear security declarations. Warn when an attempt is
+ made to have a security declaration on a nonexistent method.
+
- updated to ZPL 2.1
- interfaces: Added 'Interfaces' tab to basic core objects.
Modified: Zope/branches/2.9/lib/python/AccessControl/SecurityInfo.py
===================================================================
--- Zope/branches/2.9/lib/python/AccessControl/SecurityInfo.py 2005-11-20
20:44:35 UTC (rev 40278)
+++ Zope/branches/2.9/lib/python/AccessControl/SecurityInfo.py 2005-11-20
23:50:04 UTC (rev 40279)
@@ -67,9 +67,6 @@
self.roles = {}
def _setaccess(self, names, access):
- # Empty names list sets access to the class itself, named ''
- if not len(names):
- names = ('',)
for name in names:
if self.names.get(name, access) != access:
LOG('SecurityInfo', WARNING, 'Conflicting security '
@@ -78,14 +75,14 @@
self.names[name] = access
declarePublic__roles__=ACCESS_PRIVATE
- def declarePublic(self, *names):
+ def declarePublic(self, name, *names):
"""Declare names to be publicly accessible."""
- self._setaccess(names, ACCESS_PUBLIC)
+ self._setaccess((name,) + names, ACCESS_PUBLIC)
declarePrivate__roles__=ACCESS_PRIVATE
- def declarePrivate(self, *names):
+ def declarePrivate(self, name, *names):
"""Declare names to be inaccessible to restricted code."""
- self._setaccess(names, ACCESS_PRIVATE)
+ self._setaccess((name,) + names, ACCESS_PRIVATE)
declareProtected__roles__=ACCESS_PRIVATE
def declareProtected(self, permission_name, name, *names):
@@ -95,17 +92,17 @@
declareObjectPublic__roles__=ACCESS_PRIVATE
def declareObjectPublic(self):
"""Declare the object to be publicly accessible."""
- self._setaccess((), ACCESS_PUBLIC)
+ self._setaccess(('',), ACCESS_PUBLIC)
declareObjectPrivate__roles__=ACCESS_PRIVATE
def declareObjectPrivate(self):
"""Declare the object to be inaccessible to restricted code."""
- self._setaccess((), ACCESS_PRIVATE)
+ self._setaccess(('',), ACCESS_PRIVATE)
declareObjectProtected__roles__=ACCESS_PRIVATE
def declareObjectProtected(self, permission_name):
"""Declare the object to be associated with a permission."""
- self._setaccess((), permission_name)
+ self._setaccess(('',), permission_name)
setPermissionDefault__roles__=ACCESS_PRIVATE
def setPermissionDefault(self, permission_name, roles):
Modified: Zope/branches/2.9/lib/python/App/class_init.py
===================================================================
--- Zope/branches/2.9/lib/python/App/class_init.py 2005-11-20 20:44:35 UTC
(rev 40278)
+++ Zope/branches/2.9/lib/python/App/class_init.py 2005-11-20 23:50:04 UTC
(rev 40279)
@@ -11,6 +11,7 @@
#
##############################################################################
+import logging
from AccessControl.PermissionRole import PermissionRole
import AccessControl.Permission
@@ -36,7 +37,6 @@
try: classname = '%s.%s' % (
self.__module__, self.__name__)
except AttributeError: classname = `self`
- import logging
logging.getLogger("Init").warning(
'Ambiguous name for method of %s: %r != %r',
classname, d['__name__'], name)
@@ -76,3 +76,8 @@
pr=PermissionRole(pname)
for mname in mnames:
setattr(self, mname+'__roles__', pr)
+ if mname and not hasattr(self, mname):
+ logging.getLogger("Init").warning(
+ "Class %s.%s has a security declaration for "
+ "nonexistent method %r", self.__module__,
+ self.__name__, mname)
Modified: Zope/branches/2.9/lib/python/OFS/ZDOM.py
===================================================================
--- Zope/branches/2.9/lib/python/OFS/ZDOM.py 2005-11-20 20:44:35 UTC (rev
40278)
+++ Zope/branches/2.9/lib/python/OFS/ZDOM.py 2005-11-20 23:50:04 UTC (rev
40279)
@@ -234,7 +234,7 @@
__ac_permissions__=(
('Access contents information',
- ('hasFeature'),
+ ('hasFeature',),
),
)
Modified: Zope/branches/2.9/lib/python/webdav/Lockable.py
===================================================================
--- Zope/branches/2.9/lib/python/webdav/Lockable.py 2005-11-20 20:44:35 UTC
(rev 40278)
+++ Zope/branches/2.9/lib/python/webdav/Lockable.py 2005-11-20 23:50:04 UTC
(rev 40279)
@@ -45,8 +45,7 @@
security.declarePrivate('wl_lockmapping')
security.declarePublic('wl_isLocked', 'wl_getLock', 'wl_isLockedByUser',
'wl_lockItems', 'wl_lockValues', 'wl_lockTokens',)
- security.declareProtected('WebDAV Lock items',
- 'wl_grantLockToUser', 'wl_setLock')
+ security.declareProtected('WebDAV Lock items', 'wl_setLock')
security.declareProtected('WebDAV Unlock items', 'wl_delLock')
security.declareProtected('Manage WebDAV Locks', 'wl_clearLocks')
_______________________________________________
Zope-Checkins maillist - Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins
