Allow restricted code to import AccessControl.getSecurityManager and use

some of the security methods.

doc/CHANGES.txt

@@ -4,6 +4,10 @@ Zope changes
   Change information for previous versions of Zope can be found in the
   file HISTORY.txt.
 
+        - Restricted code can import AccessControl.getSecurityManager,
+          and use 'validate', 'validateValue', 'checkPermission',
+          'getUser', and 'calledByExecutable'.
+
         - Zope's WebDAV support now includes exclusive write locking.
 
         - Data.fs.in index_html now shows zope_quick_start instead

lib/python/AccessControl/SecurityManager.py

@@ -85,8 +85,8 @@
 __doc__='''short description
 
 
-$Id: SecurityManager.py,v 1.3 2001/01/10 20:20:46 chrism Exp $'''
-__version__='$Revision: 1.3 $'[11:-2]
+$Id: SecurityManager.py,v 1.4 2001/04/11 17:53:22 evan Exp $'''
+__version__='$Revision: 1.4 $'[11:-2]
 
 import ZopeSecurityPolicy, os, string
 
@@ -112,6 +112,11 @@ class SecurityManager:
     executable context and policies
     """
 
+    __allow_access_to_unprotected_subobjects__ = {
+        'validate': 1, 'validateValue': 1, 'checkPermission': 1,
+        'getUser': 1, 'calledByExecutable': 1
+        }
+    
     def __init__(self, thread_id, context):
         self._thread_id=thread_id
         self._context=context

lib/python/AccessControl/__init__.py

@@ -92,3 +92,6 @@ from SecurityInfo import ACCESS_PRIVATE
 from SecurityInfo import ACCESS_PUBLIC
 from SecurityInfo import ACCESS_NONE
 from SecurityInfo import secureModule
+
+msec = ModuleSecurityInfo('AccessControl')
+msec.declarePublic('getSecurityManager')