Commit d5f46b74 authored by Hanno Schlichting's avatar Hanno Schlichting

Moved security related ZCML configuration into the AccessControl package.

parent 1bca2144
......@@ -35,7 +35,8 @@ Restructuring
- Removed experimental support for configuring the Twisted HTTP server
as an alternative to ``ZServer``.
- Moved ``Products/Five/security.py`` into the AccessControl package.
- Moved ``Products/Five/security.py`` and security related ZCML configuration
into the AccessControl package.
- Moved ``Products/Five/traversing.zcml`` directly into the configure.zcml.
......
<configure
xmlns="http://namespaces.zope.org/zope"
xmlns:meta="http://namespaces.zope.org/meta">
<include package="zope.component" file="meta.zcml" />
<include package="zope.security" file="meta.zcml" />
<meta:directives namespace="http://namespaces.zope.org/zope">
<meta:complexDirective
name="class"
schema="zope.security.metadirectives.IClassDirective"
handler=".metaconfigure.ClassDirective"
>
<meta:subdirective
name="implements"
schema="zope.security.metadirectives.IImplementsSubdirective"
/>
<meta:subdirective
name="require"
schema="zope.security.metadirectives.IRequireSubdirective"
/>
<meta:subdirective
name="allow"
schema="zope.security.metadirectives.IAllowSubdirective"
/>
</meta:complexDirective>
<meta:directive
name="securityPolicy"
schema="zope.security.zcml.ISecurityPolicyDirective"
handler="zope.security.zcml.securityPolicy"
/>
</meta:directives>
</configure>
##############################################################################
#
# Copyright (c) 2004, 2005 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
import warnings
from zope.security import metaconfigure
from AccessControl.security import protectName
from App.class_init import InitializeClass
class ClassDirective(metaconfigure.ClassDirective):
def __protectName(self, name, permission_id):
self.__context.action(
discriminator = ('five:protectName', self.__class, name),
callable = protectName,
args = (self.__class, name, permission_id)
)
def __protectSetAttributes(self, names, permission_id):
warnings.warn("The set_attribute option of the <require /> directive "
"is not supported in Zope 2. "
"Ignored for %s" % str(self.__class), stacklevel=3)
def __protectSetSchema(self, schema, permission):
warnings.warn("The set_schema option of the <require /> directive "
"is not supported in Zope 2. "
"Ignored for %s" % str(self.__class), stacklevel=3)
def __mimic(self, _context, class_):
warnings.warn("The like_class option of the <require /> directive "
"is not supported in Zope 2. "
"Ignored for %s" % str(self.__class), stacklevel=3)
def __call__(self):
return self.__context.action(
discriminator = None,
callable = InitializeClass,
args = (self.__class,)
)
def test_check_permission():
"""Code (in Zope 3) often uses
"""Code (in Zope packages) often uses
zope.security.management.checkPermission to determine whether the
current user has a certain permission in a given context. Five
inserts its own interaction that assures that such calls still
......@@ -53,6 +53,80 @@ def test_check_permission():
"""
def test_allowed_interface():
"""This test demonstrates that allowed_interface security declarations work
as expected.
>>> from zope.component.testing import setUp, tearDown
>>> setUp()
Before we can make security declarations through ZCML, we need to
register the directive and the permission:
>>> import AccessControl
>>> from zope.configuration.xmlconfig import XMLConfig
>>> XMLConfig('meta.zcml', AccessControl)()
>>> import Products.Five.browser
>>> XMLConfig('meta.zcml', Products.Five.browser)()
>>> XMLConfig('permissions.zcml', AccessControl)()
Now we provide some ZCML declarations for ``Dummy1``:
>>> from StringIO import StringIO
>>> configure_zcml = StringIO('''
... <configure xmlns="http://namespaces.zope.org/zope"
... xmlns:browser="http://namespaces.zope.org/browser">
... <browser:page
... for="*"
... name="testview"
... permission="zope2.ViewManagementScreens"
... class="AccessControl.tests.testZCML.Dummy1"
... allowed_interface="AccessControl.tests.testZCML.IDummy" />
... </configure>
... ''')
>>> from zope.configuration.xmlconfig import xmlconfig
>>> xmlconfig(configure_zcml)
We are going to check that roles are correctly setup, so we need getRoles.
>>> from AccessControl.ZopeSecurityPolicy import getRoles
>>> from AccessControl import ACCESS_PRIVATE
Due to the nasty voodoo involved in Five's handling of view classes,
browser:page doesn't apply security to Dummy1, but rather to the "magic"
view class that is created at ZCML parse time. That means we can't just
instanciate with Dummy1() directly and expect a security-aware instance :(.
Instead, we'll have to actually lookup the view. The view was declared for
"*", so we just use an instance of Dummy1 ;-).
Instanciate a Dummy1 object to test with.
>>> from AccessControl.tests.testZCML import Dummy1
>>> dummy1 = Dummy1()
>>> from zope.component import getMultiAdapter
>>> from zope.publisher.browser import TestRequest
>>> request = TestRequest()
>>> view = getMultiAdapter((dummy1, request), name="testview")
As 'foo' is defined in IDummy, it should have the 'Manager' role.
>>> getRoles(view, 'foo', view.foo, ('Def',))
('Manager',)
As 'wot' is not defined in IDummy, it should be private.
>>> getRoles(view, 'wot', view.wot, ('Def',)) is ACCESS_PRIVATE
True
But 'superMethod' is defined on IDummy by inheritance from ISuperDummy, and
so should have the 'Manager' role setup.
>>> getRoles(view, 'superMethod', view.superMethod, ('Def',))
('Manager',)
>>> tearDown()
"""
def test_suite():
from Testing.ZopeTestCase import FunctionalDocTestSuite
from zope.testing.doctest import ELLIPSIS
......
from Products.Five import BrowserView
from zope.publisher.browser import BrowserView
from zope.security.management import checkPermission
class Zope3SecurityView(BrowserView):
......
......@@ -2,8 +2,8 @@
xmlns="http://namespaces.zope.org/zope"
xmlns:meta="http://namespaces.zope.org/meta">
<include package="AccessControl" file="meta.zcml" />
<include package="zope.component" file="meta.zcml" />
<include package="zope.security" file="meta.zcml" />
<include package="zope.i18n" file="meta.zcml" />
<include package=".browser" file="meta.zcml" />
......@@ -17,35 +17,6 @@
handler="zope.component.zcml.view"
/>
<meta:complexDirective
name="class"
schema="zope.security.metadirectives.IClassDirective"
handler=".metaconfigure.ClassDirective"
>
<meta:subdirective
name="implements"
schema="zope.security.metadirectives.IImplementsSubdirective"
/>
<meta:subdirective
name="require"
schema="zope.security.metadirectives.IRequireSubdirective"
/>
<meta:subdirective
name="allow"
schema="zope.security.metadirectives.IAllowSubdirective"
/>
</meta:complexDirective>
<meta:directive
name="securityPolicy"
schema="zope.security.zcml.ISecurityPolicyDirective"
handler="zope.security.zcml.securityPolicy"
/>
</meta:directives>
<meta:directives namespace="http://namespaces.zope.org/five">
......
##############################################################################
#
# Copyright (c) 2004, 2005 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Generic Components ZCML Handlers
$Id$
"""
import warnings
from zope.security import metaconfigure
from AccessControl.security import protectName
from App.class_init import InitializeClass
class ClassDirective(metaconfigure.ClassDirective):
def __protectName(self, name, permission_id):
self.__context.action(
discriminator = ('five:protectName', self.__class, name),
callable = protectName,
args = (self.__class, name, permission_id)
)
def __protectSetAttributes(self, names, permission_id):
warnings.warn("The set_attribute option of the <require /> directive is not supported in Zope 2. " + \
"Ignored for %s" % str(self.__class), stacklevel=3)
def __protectSetSchema(self, schema, permission):
warnings.warn("The set_schema option of the <require /> directive is not supported in Zope 2. " + \
"Ignored for %s" % str(self.__class), stacklevel=3)
def __mimic(self, _context, class_):
warnings.warn("The like_class option of the <require /> directive is not supported in Zope 2. " + \
"Ignored for %s" % str(self.__class), stacklevel=3)
def __call__(self):
return self.__context.action(
discriminator = None,
callable = InitializeClass,
args = (self.__class,)
)
# BBB
from AccessControl.metaconfigure import ClassDirective
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment