[z3-five] Suggested changes in Five/security.py

[Lennart Regebro]

Change #1:
There is Global called CheckerPublic, but in Five/security.py a new 
local CheckerPublic is defined:
CheckerPublic = 'zope.Public'
CheckerPrivate = 'zope2.Private'

These seem only to be used inside Five/security.py, and are confusing, 
so I suggest changing this to

CheckerPublicId = 'zope.Public'
CheckerPrivateId = 'zope2.Private'

(With according changes where they are used in the file, of course)



Change #2:
Five.security has a method "checkPermission" that is a copy of
zope.app.security.permission.checkPermission. This checks if a 
permission is defined.

The z.a.s.p method seems to work fine for the Five permissions, and in 
fact, nobody seems to even use the F.s method.

At the same time, zope.security.management also has a checkPermission 
method. It checks if the current used has a specific permission on an 
object, just like getSecurityManager().checkPermission(). This method 
does *not* work with Five. I need something like this (of course, I can 
just call getSecurityManager().checkPermission() but I don't want to.

I therefore suggest that I remove the current 
Five.security.checkPermission, and instead insert a new one, that checks 
a permission. Suggested version:

     if isinstance(permission, StringTypes):
         permission = zapi.queryUtility(IPermission, permission)

     if permission is CheckerPublic or permission is None:
         return True

     if getSecurityManager().checkPermission(permission.title, object):
         return True
     return False


Unless anybody protests, I'll check this in tomorrow.
-- 
Lennart Regebro, Nuxeo     http://www.nuxeo.com/
CPS Content Management     http://www.cps-project.org/