[z3-checkins] r14509 - in z3/Five/trunk: . tests

Mon Jul 11 20:36:19 CEST 2005

Author: philikon
Date: Mon Jul 11 20:36:15 2005
New Revision: 14509

Modified:
   z3/Five/trunk/security.py
   z3/Five/trunk/tests/test_security.py
   z3/Five/trunk/traversable.py
Log:
Make zope.security.checkPermission and Five.security.checkPermission behave
the exact same way. The only required circumstance is that newInteraction()
(now moved to the Five.security module) has been called.


Modified: z3/Five/trunk/security.py
==============================================================================

--- z3/Five/trunk/security.py	(original)
+++ z3/Five/trunk/security.py	Mon Jul 11 20:36:15 2005
@@ -15,8 +15,11 @@
 
 $Id$
 """
-from zope.interface import implements
+from zope.interface import implements, classProvides
 from zope.component import queryUtility, getUtility
+from zope.security.management import thread_local
+from zope.security.interfaces import IInteraction, ISecurityPolicy
+from zope.security.simplepolicies import ParanoidSecurityPolicy
 from zope.app.security.interfaces import IPermission
 from zope.app import zapi
 
@@ -74,6 +77,29 @@
 
     return False
 
+class FiveSecurityPolicy(ParanoidSecurityPolicy):
+    """Security policy that bridges between Zope 3 security mechanisms and
+    Zope 2's security policy.
+
+    Don't let the name of the base class fool you... This really just
+    delegates to Zope 2's security manager."""
+    classProvides(ISecurityPolicy)
+    implements(IInteraction)
+
+    def checkPermission(self, permission, object):
+        return checkPermission(permission, object)
+
+def newInteraction():
+    """Con Zope 3 to use Zope 2's checkPermission.
+
+    Zope 3 when it does a checkPermission will turn around and
+    ask the thread local interaction for the checkPermission method.
+    By making the interaction *be* Zope 2's security manager, we can
+    con Zope 3 into using Zope 2's checker...
+    """
+    if getattr(thread_local, 'interaction', None) is None:
+        thread_local.interaction = FiveSecurityPolicy()
+
 def initializeClass(klass):
     InitializeClass(klass)
 

Modified: z3/Five/trunk/tests/test_security.py
==============================================================================
--- z3/Five/trunk/tests/test_security.py	(original)
+++ z3/Five/trunk/tests/test_security.py	Mon Jul 11 20:36:15 2005
@@ -165,6 +165,39 @@
 
       >>> checkPermission('notapermission', self.folder)
       False
+
+
+    In addition to using Five's ``checkPermission`` function directly,
+    we also expect the same behaviour when we use Zope 3's
+    zope.security.checkPermission function.  Code from within Zope 3
+    will use that and therefore it should work transparently.  For
+    that to work, a new "interaction" needs to be started:
+
+      >>> from Products.Five.security import newInteraction
+      >>> newInteraction()
+
+    a) zope2.Public (which should always be available to everyone)
+
+      >>> from zope.security import checkPermission
+      >>> checkPermission('zope2.Public', self.folder)
+      True
+
+    b) zope2.Private (which should never available to anyone)
+
+      >>> checkPermission('zope.Private', self.folder)
+      False
+      >>> checkPermission('zope2.Private', self.folder)
+      False
+
+    Any other standard Zope 2 permission will also resolve correctly:
+
+      >>> checkPermission('zope2.AccessContentsInformation', self.folder)
+      True
+
+    Invalid permissions will obviously result in a negative response:
+
+      >>> checkPermission('notapermission', self.folder)
+      False
     """
 
 def test_suite():

Modified: z3/Five/trunk/traversable.py
==============================================================================
--- z3/Five/trunk/traversable.py	(original)
+++ z3/Five/trunk/traversable.py	Mon Jul 11 20:36:15 2005
@@ -24,8 +24,8 @@
 from zope.app.traversing.adapters import DefaultTraversable
 from zope.app.traversing.adapters import traversePathElement
 
-from zope.security.management import thread_local
 from AccessControl import getSecurityManager
+from Products.Five.security import newInteraction
 
 _marker = object
 
@@ -38,17 +38,6 @@
     def has_key(self, key):
         return False
 
-def newInteraction():
-    """Con Zope 3 to use Zope 2's checkPermission.
-
-    Zope 3 when it does a checkPermission will turn around and
-    ask the thread local interaction for the checkPermission method.
-    By making the interaction *be* Zope 2's security manager, we can
-    con Zope 3 into using Zope 2's checker...
-    """
-    if getattr(thread_local, 'interaction', None) is None:
-        thread_local.interaction = getSecurityManager()
-
 class Traversable:
     """A mixin to make an object traversable using an ITraverser adapter.
     """
