[z3-checkins] r5452 - z3/sqlos/trunk

dreamcatcher at codespeak.net dreamcatcher at codespeak.net
Tue Jul 6 17:25:29 MEST 2004 

Author: dreamcatcher
Date: Tue Jul  6 17:25:28 2004
New Revision: 5452

Modified:
   z3/sqlos/trunk/descriptor.py
   z3/sqlos/trunk/metaconfigure.py
Log:
__Security_checker__ cannot be None. Add a couple XXX reminders where code needs fixing. We'll eventually fix those when Jim figures out the reason for directlyProvides/providedBy failing with proxies.

Modified: z3/sqlos/trunk/descriptor.py
==============================================================================
--- z3/sqlos/trunk/descriptor.py	(original)
+++ z3/sqlos/trunk/descriptor.py	Tue Jul  6 17:25:28 2004
@@ -22,6 +22,11 @@
     def __get__(self, inst, cls=None):
         if inst is None:
             # being called for the class
+            # XXX This is going to be replaced by registering a
+            # proxied class using the sqlos:factory directive
+            # with computed permission names (or maybe providing
+            # permission names on the directive). The content
+            # creation will be protected on the IFactory utility.
             add_perm = '%s.Add%s' % (self.module, cls.__name__)
             checker = NamesChecker(new=add_perm,
                                    q='zope.View',
@@ -33,6 +38,8 @@
             raise AttributeError, self.name
 
     def __set__(self, inst, value):
+        if value is None:
+            raise AttributeError, '%s cannot be None' % self.name
         inst.__dict__[self.name] = value
 
     def __delete__(self, inst):

Modified: z3/sqlos/trunk/metaconfigure.py
==============================================================================
--- z3/sqlos/trunk/metaconfigure.py	(original)
+++ z3/sqlos/trunk/metaconfigure.py	Tue Jul  6 17:25:28 2004
@@ -12,13 +12,16 @@
 
 from zope.interface.verify import verifyClass
 from zope.interface import directlyProvides, implements
-from sqlos.interfaces import IISQLObject
-from sqlos.interfaces import IConnectionName
 from zope.app.component.metaconfigure import factory, utility
 from zope.app.component.metaconfigure import PublicPermission, proxify
-from zope.security.checker import getCheckerForInstancesOf
+from zope.security.checker import getCheckerForInstancesOf, MultiChecker
+from zope.security.proxy import Proxy
 from zope.component.factory import Factory, IFactory
 
+from sqlos.interfaces import IISQLObject
+from sqlos.interfaces import IReadSQLObjectClass, IWriteSQLObjectClass
+from sqlos.interfaces import IConnectionName
+
 class SQLObjectFactory(Factory):
     implements(IFactory)
 
@@ -29,25 +32,39 @@
 
     factoryObj = SQLObjectFactory(component, title, description)
 
+    # XXX We compute a permission name from the package top-level
+    # name plus the component (which should be a class) __name__
+    # The permission should probably be part of the directive here.
+    package = component.__module__.split('.')[0]
+    add_perm = '%s.Add%s' % (package, component.__name__)
     utility(_context, IFactory, factoryObj,
-            permission=PublicPermission, name=id)
+            permission=add_perm, name=id)
 
     if not IISQLObject.providedBy(component):
         if verifyClass(IISQLObject, component, tentative=1):
             directlyProvides(component, IISQLObject)
 
-    # XXX We do the proxyfication ourselves so that it gets
-    # the right proxy. See comment below.
-    checker = getCheckerForInstancesOf(component)
-    component = proxify(component, checker)
-
-    # XXX We pass permission=None here so the component doesn't get
-    # proxified by the utility handler. If we did pass a permission
-    # in, it would create a checker for the provided interfaces, thus
-    # disregarding the checker created by the <content>
-    # directive. IMHO, the utility handler needs to be fixed to lookup
-    # a checker using getCheckerForInstancesOf
-    utility(_context, IISQLObject, component,
+    # XXX We are really creating a proxy for the *class* here.
+    # However, we don't want to modify the class, and we don't
+    # want this to conflict with the checker created by the
+    # <content> directive, so we create a Proxy using a checker
+    # with computed permission names.
+    # The permissions should probably be part of the directive.
+    read_perm = '%s.View%s' % (package, component.__name__)
+    change_perm = '%s.Change%s' % (package, component.__name__)
+    checker = MultiChecker(((IReadSQLObjectClass, read_perm),
+                            (IWriteSQLObjectClass, change_perm),
+                            ))
+
+    # XXX Seems like there's a bug on X30 that proxied
+    # objects don't expose interfaces declared by means of
+    # directlyProvides.
+    # proxied = Proxy(component, checker)
+    proxied = component
+
+    # XXX We pass permission=None here so that the utility handler
+    # doesn't override what we've just did above.
+    utility(_context, IISQLObject, proxied,
             permission=None, name=id)
 
 class ConnectionName:

More information about the z3-checkins mailing list