Commit f4bf46a9 authored by Florent Guillaume's avatar Florent Guillaume

Warn when an attempt is made to have a security declaration on a

nonexistent method. Removed one such method.

Fixed unclear security declarations. When bug 761 was fixed,
declareProtected(perm) was made illegal, at least one method name was
required. This checkin does the same for declarePrivate() and
declarePublic().

Also there was a bug in that a class having:
  security = ClassSecurityInfo()
  __ac_permissions__ = ((perm, ()),)
was not equivalent to a class having:
  __ac_permissions__ = ((perm, ()),)
This first form had as a buggy side effect have the behavior of
  __ac_permissions__ = ((perm, ('')),)
which is equivalent to
  __roles__ = PermissonRole(perm)
Not it will simply make the permission available from this object
(with default roles).
parent b282f835
...@@ -26,6 +26,9 @@ Zope Changes ...@@ -26,6 +26,9 @@ Zope Changes
Features added Features added
- Fixed unclear security declarations. Warn when an attempt is
made to have a security declaration on a nonexistent method.
- updated to ZPL 2.1 - updated to ZPL 2.1
- interfaces: Added 'Interfaces' tab to basic core objects. - interfaces: Added 'Interfaces' tab to basic core objects.
......
...@@ -67,9 +67,6 @@ class SecurityInfo(Acquisition.Implicit): ...@@ -67,9 +67,6 @@ class SecurityInfo(Acquisition.Implicit):
self.roles = {} self.roles = {}
def _setaccess(self, names, access): def _setaccess(self, names, access):
# Empty names list sets access to the class itself, named ''
if not len(names):
names = ('',)
for name in names: for name in names:
if self.names.get(name, access) != access: if self.names.get(name, access) != access:
LOG('SecurityInfo', WARNING, 'Conflicting security ' LOG('SecurityInfo', WARNING, 'Conflicting security '
...@@ -78,14 +75,14 @@ class SecurityInfo(Acquisition.Implicit): ...@@ -78,14 +75,14 @@ class SecurityInfo(Acquisition.Implicit):
self.names[name] = access self.names[name] = access
declarePublic__roles__=ACCESS_PRIVATE declarePublic__roles__=ACCESS_PRIVATE
def declarePublic(self, *names): def declarePublic(self, name, *names):
"""Declare names to be publicly accessible.""" """Declare names to be publicly accessible."""
self._setaccess(names, ACCESS_PUBLIC) self._setaccess((name,) + names, ACCESS_PUBLIC)
declarePrivate__roles__=ACCESS_PRIVATE declarePrivate__roles__=ACCESS_PRIVATE
def declarePrivate(self, *names): def declarePrivate(self, name, *names):
"""Declare names to be inaccessible to restricted code.""" """Declare names to be inaccessible to restricted code."""
self._setaccess(names, ACCESS_PRIVATE) self._setaccess((name,) + names, ACCESS_PRIVATE)
declareProtected__roles__=ACCESS_PRIVATE declareProtected__roles__=ACCESS_PRIVATE
def declareProtected(self, permission_name, name, *names): def declareProtected(self, permission_name, name, *names):
...@@ -95,17 +92,17 @@ class SecurityInfo(Acquisition.Implicit): ...@@ -95,17 +92,17 @@ class SecurityInfo(Acquisition.Implicit):
declareObjectPublic__roles__=ACCESS_PRIVATE declareObjectPublic__roles__=ACCESS_PRIVATE
def declareObjectPublic(self): def declareObjectPublic(self):
"""Declare the object to be publicly accessible.""" """Declare the object to be publicly accessible."""
self._setaccess((), ACCESS_PUBLIC) self._setaccess(('',), ACCESS_PUBLIC)
declareObjectPrivate__roles__=ACCESS_PRIVATE declareObjectPrivate__roles__=ACCESS_PRIVATE
def declareObjectPrivate(self): def declareObjectPrivate(self):
"""Declare the object to be inaccessible to restricted code.""" """Declare the object to be inaccessible to restricted code."""
self._setaccess((), ACCESS_PRIVATE) self._setaccess(('',), ACCESS_PRIVATE)
declareObjectProtected__roles__=ACCESS_PRIVATE declareObjectProtected__roles__=ACCESS_PRIVATE
def declareObjectProtected(self, permission_name): def declareObjectProtected(self, permission_name):
"""Declare the object to be associated with a permission.""" """Declare the object to be associated with a permission."""
self._setaccess((), permission_name) self._setaccess(('',), permission_name)
setPermissionDefault__roles__=ACCESS_PRIVATE setPermissionDefault__roles__=ACCESS_PRIVATE
def setPermissionDefault(self, permission_name, roles): def setPermissionDefault(self, permission_name, roles):
......
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
# #
############################################################################## ##############################################################################
import logging
from AccessControl.PermissionRole import PermissionRole from AccessControl.PermissionRole import PermissionRole
import AccessControl.Permission import AccessControl.Permission
...@@ -36,7 +37,6 @@ def default__class_init__(self): ...@@ -36,7 +37,6 @@ def default__class_init__(self):
try: classname = '%s.%s' % ( try: classname = '%s.%s' % (
self.__module__, self.__name__) self.__module__, self.__name__)
except AttributeError: classname = `self` except AttributeError: classname = `self`
import logging
logging.getLogger("Init").warning( logging.getLogger("Init").warning(
'Ambiguous name for method of %s: %r != %r', 'Ambiguous name for method of %s: %r != %r',
classname, d['__name__'], name) classname, d['__name__'], name)
...@@ -76,3 +76,8 @@ def default__class_init__(self): ...@@ -76,3 +76,8 @@ def default__class_init__(self):
pr=PermissionRole(pname) pr=PermissionRole(pname)
for mname in mnames: for mname in mnames:
setattr(self, mname+'__roles__', pr) setattr(self, mname+'__roles__', pr)
if mname and not hasattr(self, mname):
logging.getLogger("Init").warning(
"Class %s.%s has a security declaration for "
"nonexistent method %r", self.__module__,
self.__name__, mname)
...@@ -234,7 +234,7 @@ class DOMImplementation: ...@@ -234,7 +234,7 @@ class DOMImplementation:
__ac_permissions__=( __ac_permissions__=(
('Access contents information', ('Access contents information',
('hasFeature'), ('hasFeature',),
), ),
) )
......
...@@ -45,8 +45,7 @@ class LockableItem(EtagSupport): ...@@ -45,8 +45,7 @@ class LockableItem(EtagSupport):
security.declarePrivate('wl_lockmapping') security.declarePrivate('wl_lockmapping')
security.declarePublic('wl_isLocked', 'wl_getLock', 'wl_isLockedByUser', security.declarePublic('wl_isLocked', 'wl_getLock', 'wl_isLockedByUser',
'wl_lockItems', 'wl_lockValues', 'wl_lockTokens',) 'wl_lockItems', 'wl_lockValues', 'wl_lockTokens',)
security.declareProtected('WebDAV Lock items', security.declareProtected('WebDAV Lock items', 'wl_setLock')
'wl_grantLockToUser', 'wl_setLock')
security.declareProtected('WebDAV Unlock items', 'wl_delLock') security.declareProtected('WebDAV Unlock items', 'wl_delLock')
security.declareProtected('Manage WebDAV Locks', 'wl_clearLocks') security.declareProtected('Manage WebDAV Locks', 'wl_clearLocks')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment