[z3-checkins] r14516 - in z3/Five/branch/Five-1.0: . tests
philikon at codespeak.net
philikon at codespeak.net
Mon Jul 11 21:03:56 CEST 2005
Author: philikon
Date: Mon Jul 11 21:03:52 2005
New Revision: 14516
Modified:
z3/Five/branch/Five-1.0/security.py
z3/Five/branch/Five-1.0/tests/test_security.py
z3/Five/branch/Five-1.0/traversable.py
Log:
Merge r14509 from the trunk:
Make zope.security.checkPermission and Five.security.checkPermission behave
the exact same way. The only required circumstance is that newInteraction()
(now moved to the Five.security module) has been called.
Modified: z3/Five/branch/Five-1.0/security.py
==============================================================================
--- z3/Five/branch/Five-1.0/security.py (original)
+++ z3/Five/branch/Five-1.0/security.py Mon Jul 11 21:03:52 2005
@@ -15,8 +15,11 @@
$Id$
"""
-from zope.interface import implements
+from zope.interface import implements, classProvides
from zope.component import queryUtility, getUtility
+from zope.security.management import thread_local
+from zope.security.interfaces import IInteraction, ISecurityPolicy
+from zope.security.simplepolicies import ParanoidSecurityPolicy
from zope.app.security.interfaces import IPermission
from zope.app import zapi
@@ -74,6 +77,29 @@
return False
+class FiveSecurityPolicy(ParanoidSecurityPolicy):
+ """Security policy that bridges between Zope 3 security mechanisms and
+ Zope 2's security policy.
+
+ Don't let the name of the base class fool you... This really just
+ delegates to Zope 2's security manager."""
+ classProvides(ISecurityPolicy)
+ implements(IInteraction)
+
+ def checkPermission(self, permission, object):
+ return checkPermission(permission, object)
+
+def newInteraction():
+ """Con Zope 3 to use Zope 2's checkPermission.
+
+ Zope 3 when it does a checkPermission will turn around and
+ ask the thread local interaction for the checkPermission method.
+ By making the interaction *be* Zope 2's security manager, we can
+ con Zope 3 into using Zope 2's checker...
+ """
+ if getattr(thread_local, 'interaction', None) is None:
+ thread_local.interaction = FiveSecurityPolicy()
+
def initializeClass(klass):
InitializeClass(klass)
Modified: z3/Five/branch/Five-1.0/tests/test_security.py
==============================================================================
--- z3/Five/branch/Five-1.0/tests/test_security.py (original)
+++ z3/Five/branch/Five-1.0/tests/test_security.py Mon Jul 11 21:03:52 2005
@@ -21,11 +21,14 @@
from Products.Five.tests.fivetest import *
+import zope.security
from zope.component import getView
from zope.testing.cleanup import CleanUp
+
+import Products.Five.security
from Products.Five import zcml
from Products.Five.traversable import FakeRequest
-from Products.Five.security import clearSecurityInfo, checkPermission
+from Products.Five.security import clearSecurityInfo, newInteraction
from Products.Five.tests.dummy import Dummy1, Dummy2
from Globals import InitializeClass
@@ -134,29 +137,38 @@
self.assertEquals(baz_roles2, ())
-class CheckPermissionTest(FiveTestCase):
+class FiveCheckPermissionTest(FiveTestCase):
+
+ def afterSetUp(self):
+ self.checkPermission = Products.Five.security.checkPermission
def test_publicPermissionId(self):
- self.failUnless(checkPermission('zope2.Public', self.folder))
+ self.failUnless(self.checkPermission('zope2.Public', self.folder))
def test_privatePermissionId(self):
- self.failIf(checkPermission('zope.Private', self.folder))
- self.failIf(checkPermission('zope2.Private', self.folder))
+ self.failIf(self.checkPermission('zope.Private', self.folder))
+ self.failIf(self.checkPermission('zope2.Private', self.folder))
def test_accessPermissionId(self):
- self.failUnless(checkPermission('zope2.AccessContentsInformation',
- self.folder))
+ self.failUnless(self.checkPermission('zope2.AccessContentsInformation',
+ self.folder))
def test_invalidPermissionId(self):
- self.failIf(checkPermission('notapermission', self.folder))
+ self.failIf(self.checkPermission('notapermission', self.folder))
+
+class Zope3CheckPermissionTest(FiveCheckPermissionTest):
+ def afterSetUp(self):
+ self.checkPermission = zope.security.checkPermission
+ newInteraction()
def test_suite():
from unittest import TestSuite, makeSuite
suite = TestSuite()
suite.addTest(makeSuite(SecurityEquivalenceTest))
suite.addTest(makeSuite(PageSecurityTest))
- suite.addTest(makeSuite(CheckPermissionTest))
+ suite.addTest(makeSuite(FiveCheckPermissionTest))
+ suite.addTest(makeSuite(Zope3CheckPermissionTest))
return suite
if __name__ == '__main__':
Modified: z3/Five/branch/Five-1.0/traversable.py
==============================================================================
--- z3/Five/branch/Five-1.0/traversable.py (original)
+++ z3/Five/branch/Five-1.0/traversable.py Mon Jul 11 21:03:52 2005
@@ -24,8 +24,8 @@
from zope.app.traversing.adapters import DefaultTraversable
from zope.app.traversing.adapters import traversePathElement
-from zope.security.management import thread_local
from AccessControl import getSecurityManager
+from Products.Five.security import newInteraction
_marker = object
@@ -38,17 +38,6 @@
def has_key(self, key):
return False
-def newInteraction():
- """Con Zope 3 to use Zope 2's checkPermission.
-
- Zope 3 when it does a checkPermission will turn around and
- ask the thread local interaction for the checkPermission method.
- By making the interaction *be* Zope 2's security manager, we can
- con Zope 3 into using Zope 2's checker...
- """
- if getattr(thread_local, 'interaction', None) is None:
- thread_local.interaction = getSecurityManager()
-
class Traversable:
"""A mixin to make an object traversable using an ITraverser adapter.
"""
More information about the z3-checkins
mailing list