Unscrew permission handling. Yay!

lib/python/AccessControl/SecurityInfo.py

@@ -226,11 +226,7 @@ class ClassSecurityInfo(SecurityInfo):
         ac_permissions = {}
         for name, access in self.names.items():
             if access in (ACCESS_PRIVATE, ACCESS_PUBLIC, ACCESS_NONE):
-                attr=getattr(classobj, name, None)
-                try: attr.__roles__ = access
-                except:
-                    rname='%s__roles__' % name
-                    dict[rname] = access
+                dict['%s__roles__' % name] = access
             else:
                 if not ac_permissions.has_key(access):
                     ac_permissions[access] = []

lib/python/AccessControl/User.py

@@ -84,7 +84,7 @@
 ##############################################################################
 """Access control package"""
 
-__version__='$Revision: 1.132 $'[11:-2]
+__version__='$Revision: 1.133 $'[11:-2]
 
 import Globals, socket, ts_regex, SpecialUsers
 import os
@@ -490,12 +490,16 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
 
     def authorize(self, user, accessed, container, name, value, roles):
         newSecurityManager(None, user)
-        security=getSecurityManager()
-        if security.validate(accessed, container, name, value, roles):
-            return 1
-        else:
-            noSecurityManager()
-            return 0
+        security = getSecurityManager()
+        try:
+            try:
+                if security.validate(accessed, container, name, value, roles):
+                    return 1
+            except:
+                noSecurityManager()
+                raise
+        except 'Unauthorized': pass
+        return 0
         
     def _setRemote(self, request):
         # If no authorization, only a user with a domain spec and no

lib/python/AccessControl/ZopeSecurityPolicy.py

@@ -85,11 +85,12 @@
 __doc__='''Define Zope\'s default security policy
 
 
-$Id: ZopeSecurityPolicy.py,v 1.8 2001/01/10 20:22:18 chrism Exp $'''
-__version__='$Revision: 1.8 $'[11:-2]
+$Id: ZopeSecurityPolicy.py,v 1.9 2001/01/16 20:01:09 evan Exp $'''
+__version__='$Revision: 1.9 $'[11:-2]
 
 import SimpleObjectPolicies
 _noroles=SimpleObjectPolicies._noroles
+from zLOG import LOG, PROBLEM
 
 from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
 
@@ -175,7 +176,14 @@ class ZopeSecurityPolicy:
             value=container
 
         # Short-circuit tests if we can:
-        if roles is None or 'Anonymous' in roles: return 1
+        try:
+            if roles is None or 'Anonymous' in roles: return 1
+        except TypeError:
+            # 'roles' isn't a sequence
+            LOG('Zope Security Policy', PROBLEM, "'%s' passed as roles"
+                " during validation of '%s' is not a sequence." % (
+                `roles`, name))
+            raise
 
         # Check executable security
         stack=context.stack

lib/python/App/Management.py

@@ -85,9 +85,9 @@
 
 """Standard management interface support
 
-$Id: Management.py,v 1.45 2001/01/16 02:55:10 shane Exp $"""
+$Id: Management.py,v 1.46 2001/01/16 20:01:09 evan Exp $"""
 
-__version__='$Revision: 1.45 $'[11:-2]
+__version__='$Revision: 1.46 $'[11:-2]
 
 import sys, Globals, ExtensionClass, urllib
 from Dialogs import MessageDialog
@@ -220,13 +220,13 @@ class Navigation(ExtensionClass.Base):
                                 help_topic=None)
     manage_form_title._setFuncSignature(
         varnames=('form_title', 'help_product', 'help_topic') )
-    manage_form_title.__roles__ = None
+    manage_form_title__roles__ = None
 
     zope_quick_start=DTMLFile('dtml/zope_quick_start', globals())
-    zope_quick_start.__roles__=None
+    zope_quick_start__roles__=None
 
     manage_copyright=DTMLFile('dtml/copyright', globals())
-    manage_copyright.__roles__ = None
+    manage_copyright__roles__ = None
 
     manage_zmi_logout__roles__ = None
     def manage_zmi_logout(self, REQUEST, RESPONSE):
@@ -250,10 +250,10 @@ You have been logged out.
 
 
     manage_zmi_prefs=HTMLFile('dtml/manage_zmi_prefs', globals())
-    manage_zmi_prefs.__roles__ = None
+    manage_zmi_prefs__roles__ = None
 
 file = DTMLFile('dtml/manage_page_style.css', globals())
 setattr(Navigation, 'manage_page_style.css', file)
-file.__roles__ = None
+setattr(Navigation, 'manage_page_style.css__roles__', None)
 
 Globals.default__class_init__(Navigation)

lib/python/App/ProductContext.py

@@ -228,8 +228,7 @@ class ProductContext:
               },)
 
         m[name]=initial
-        try: initial.__roles__=pr
-        except: m[name+'__roles__']=pr
+        m[name+'__roles__']=pr
 
         for method in constructors[1:]:
             if type(method) is tt: name, method = method
@@ -237,8 +236,7 @@ class ProductContext:
                 name=os.path.split(method.__name__)[-1]
             if not productObject.__dict__.has_key(name):
                 m[name]=method
-                try: method.__roles__ = pr
-                except: m[name+'__roles__']=pr
+                m[name+'__roles__']=pr
 
         if icon:
             name=os.path.split(icon)[1]

lib/python/App/class_init.py

@@ -124,6 +124,4 @@ def default__class_init__(self):
             pname, mnames = acp[:2]
             pr=PermissionRole(pname)
             for mname in mnames:
-                try: getattr(self, mname).__roles__=pr
-                except: pass
                 dict[mname+'__roles__']=pr

lib/python/ZPublisher/BaseRequest.py

@@ -82,7 +82,7 @@
 # attributions are listed in the accompanying credits file.
 # 
 ##############################################################################
-__version__='$Revision: 1.35 $'[11:-2]
+__version__='$Revision: 1.36 $'[11:-2]
 
 from string import join, split, find, rfind, lower, upper
 from urllib import quote
@@ -383,7 +383,9 @@ class BaseRequest:
                 if r is not UNSPECIFIED_ROLES:
                     roles = r
                 elif not got:
-                    roles = getattr(subobject, entry_name+'__roles__', roles)
+                    # We got the subobject as an attribute, not an item,
+                    # so we should check "next to it" for __roles__.
+                    roles = getattr(object, entry_name+'__roles__', roles)
 
                 # Promote subobject to object
                 object=subobject