Log message for revision 113169: Create an API to access Products.__ac_permissions__
Changed: U Zope/trunk/src/AccessControl/Permission.py U Zope/trunk/src/AccessControl/Role.py U Zope/trunk/src/AccessControl/security.py U Zope/trunk/src/AccessControl/tests/testZCML.py U Zope/trunk/src/HelpSys/HelpSys.py U Zope/trunk/src/OFS/ObjectManager.py -=- Modified: Zope/trunk/src/AccessControl/Permission.py =================================================================== --- Zope/trunk/src/AccessControl/Permission.py 2010-06-05 19:26:14 UTC (rev 113168) +++ Zope/trunk/src/AccessControl/Permission.py 2010-06-05 19:58:00 UTC (rev 113169) @@ -141,10 +141,28 @@ _registeredPermissions = {} +def getPermissions(): + import Products + return getattr(Products, '__ac_permissions__', ()) + + +def addPermission(perm, default_roles=('Manager', )): + if perm in _registeredPermissions: + return + + entry = ((perm, (), default_roles), ) + import Products + Products_permissions = getPermissions() + Products.__ac_permissions__ = Products_permissions + entry + _registeredPermissions[perm] = 1 + mangled = pname(perm) # get mangled permission name + if not hasattr(ApplicationDefaultPermissions, mangled): + setattr(ApplicationDefaultPermissions, mangled, default_roles) + + def registerPermissions(permissions, defaultDefault=('Manager', )): """Register an __ac_permissions__ sequence. """ - import Products for setting in permissions: if setting[0] in _registeredPermissions: continue @@ -153,14 +171,7 @@ default = defaultDefault else: perm, methods, default = setting - _registeredPermissions[perm]=1 - Products_permissions = getattr(Products, '__ac_permissions__', ()) - Products.__ac_permissions__=( - Products_permissions + ((perm, (), default), )) - mangled=pname(perm) # get mangled permission name - if not hasattr(ApplicationDefaultPermissions, mangled): - setattr(ApplicationDefaultPermissions, - mangled, default) + addPermission(perm, default) class ApplicationDefaultPermissions: Modified: Zope/trunk/src/AccessControl/Role.py =================================================================== --- Zope/trunk/src/AccessControl/Role.py 2010-06-05 19:26:14 UTC (rev 113168) +++ Zope/trunk/src/AccessControl/Role.py 2010-06-05 19:58:00 UTC (rev 113169) @@ -28,6 +28,7 @@ from AccessControl import ClassSecurityInfo from AccessControl.class_init import InitializeClass from AccessControl.interfaces import IRoleManager +from AccessControl.Permission import getPermissions from AccessControl.Permission import Permission from AccessControl.Permissions import change_permissions from AccessControl.requestmethod import requestmethod @@ -608,9 +609,8 @@ pass def possible_permissions(self): - import Products d={} - Products_permissions = getattr(Products, '__ac_permissions__', ()) + Products_permissions = getPermissions() for p in Products_permissions: d[p[0]]=1 for p in self.ac_inherited_permissions(1): Modified: Zope/trunk/src/AccessControl/security.py =================================================================== --- Zope/trunk/src/AccessControl/security.py 2010-06-05 19:26:14 UTC (rev 113168) +++ Zope/trunk/src/AccessControl/security.py 2010-06-05 19:58:00 UTC (rev 113169) @@ -27,16 +27,12 @@ from AccessControl.SecurityInfo import ClassSecurityInfo from AccessControl.SecurityManagement import getSecurityManager -from AccessControl.Permission import _registeredPermissions -from AccessControl.Permission import pname +from AccessControl.Permission import addPermission -import Products - -from AccessControl.Permission import ApplicationDefaultPermissions - CheckerPublicId = 'zope.Public' CheckerPrivateId = 'zope2.Private' + def getSecurityInfo(klass): sec = {} info = vars(klass) @@ -47,8 +43,8 @@ sec[k] = v return sec + def clearSecurityInfo(klass): - sec = {} info = vars(klass) if info.has_key('__ac_permissions__'): delattr(klass, '__ac_permissions__') @@ -56,6 +52,7 @@ if k.endswith('__roles__'): delattr(klass, k) + def checkPermission(permission, object, interaction=None): """Return whether security policy allows permission on object. @@ -82,6 +79,7 @@ return False + class SecurityPolicy(ParanoidSecurityPolicy): """Security policy that bridges between zope.security security mechanisms and Zope 2's security policy. @@ -94,6 +92,7 @@ def checkPermission(self, permission, object): return checkPermission(permission, object) + def newInteraction(): """Con zope.security to use Zope 2's checkPermission. @@ -105,6 +104,7 @@ if getattr(thread_local, 'interaction', None) is None: thread_local.interaction = SecurityPolicy() + def _getSecurity(klass): # a Zope 2 class can contain some attribute that is an instance # of ClassSecurityInfo. Zope 2 scans through things looking for @@ -120,6 +120,7 @@ setattr(klass, '__security__', security) return security + def protectName(klass, name, permission_id): """Protect the attribute 'name' on 'klass' using the given permission""" @@ -139,6 +140,7 @@ perm = str(permission.title) security.declareProtected(perm, name) + def protectClass(klass, permission_id): """Protect the whole class with the given permission""" security = _getSecurity(klass) @@ -155,21 +157,11 @@ perm = str(permission.title) security.declareObjectProtected(perm) + def create_permission_from_permission_directive(permission, event): """When a new IPermission utility is registered (via the <permission /> directive), create the equivalent Zope2 style permission. """ - - global _registeredPermissions - # Zope 2 uses string, not unicode yet zope2_permission = str(permission.title) - roles = ('Manager',) - - if not _registeredPermissions.has_key(zope2_permission): - _registeredPermissions[zope2_permission] = 1 - - Products.__ac_permissions__ += ((zope2_permission, (), roles,),) - - mangled = pname(zope2_permission) - setattr(ApplicationDefaultPermissions, mangled, roles) + addPermission(zope2_permission) Modified: Zope/trunk/src/AccessControl/tests/testZCML.py =================================================================== --- Zope/trunk/src/AccessControl/tests/testZCML.py 2010-06-05 19:26:14 UTC (rev 113168) +++ Zope/trunk/src/AccessControl/tests/testZCML.py 2010-06-05 19:58:00 UTC (rev 113169) @@ -351,8 +351,8 @@ The permission will be made available globally, with default role set of ('Manager',). - >>> import Products - >>> permissions = getattr(Products, '__ac_permissions__', ()) + >>> from AccessControl.Permission import getPermissions + >>> permissions = getPermissions() >>> [p[2] for p in permissions ... if p[0] == 'AccessControl: Dummy permission'] [('Manager',)] @@ -360,10 +360,8 @@ Let's also ensure that permissions are not overwritten if they exist already: - >>> from AccessControl.Permission import _registeredPermissions - >>> _registeredPermissions['Dummy: Other dummy'] = 1 - >>> Products.__ac_permissions__ += ( - ... ('Dummy: Other dummy', (), ('Anonymous', ),),) + >>> from AccessControl.Permission import addPermission + >>> addPermission('Dummy: Other dummy', ('Anonymous', )) >>> from StringIO import StringIO >>> configure_zcml = StringIO(''' @@ -380,9 +378,8 @@ >>> from zope.configuration.xmlconfig import xmlconfig >>> xmlconfig(configure_zcml) - >>> permissions = getattr(Products, '__ac_permissions__', ()) - >>> [p[2] for p in permissions - ... if p[0] == 'Dummy: Other dummy'] + >>> permissions = getPermissions() + >>> [p[2] for p in permissions if p[0] == 'Dummy: Other dummy'] [('Anonymous',)] >>> tearDown() Modified: Zope/trunk/src/HelpSys/HelpSys.py =================================================================== --- Zope/trunk/src/HelpSys/HelpSys.py 2010-06-05 19:26:14 UTC (rev 113168) +++ Zope/trunk/src/HelpSys/HelpSys.py 2010-06-05 19:58:00 UTC (rev 113169) @@ -56,7 +56,6 @@ security.declareProtected(access_contents_information, 'helpValues') def helpValues(self, spec=None): "ProductHelp objects of all Products that have help" - import Products hv=[] for product in self.Control_Panel.Products.objectValues(): productHelp=product.getProductHelp() Modified: Zope/trunk/src/OFS/ObjectManager.py =================================================================== --- Zope/trunk/src/OFS/ObjectManager.py 2010-06-05 19:26:14 UTC (rev 113168) +++ Zope/trunk/src/OFS/ObjectManager.py 2010-06-05 19:58:00 UTC (rev 113169) @@ -26,6 +26,7 @@ import sys from AccessControl import ClassSecurityInfo +from AccessControl.Permission import getPermissions from AccessControl.Permissions import view_management_screens from AccessControl.Permissions import access_contents_information from AccessControl.Permissions import delete_objects @@ -263,9 +264,7 @@ return meta_types def _subobject_permissions(self): - import Products - Products_permissions = getattr(Products, '__ac_permissions__', ()) - return Products_permissions + return getPermissions() def filtered_meta_types(self, user=None): # Return a list of the types for which the user has _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins