Skip to main content

A collection of security maps baseclasses

Project description

dolmen.security.policies provides a pluggable way to handle object-level security.

>>> from zope.location import Location
>>> from zope.interface import implements
>>> from zope.annotation.interfaces import IAttributeAnnotatable
>>> class Content(Location):
...     implements(IAttributeAnnotatable)
...     def __init__(self, parent, name):
...         self.__parent__ = parent
...         self.__name__ = name
>>> class MyFolder(Location):
...     implements(IAttributeAnnotatable)
...     def __init__(self):
...         self.contents = {}
>>> folder = MyFolder()
>>> contentA = folder.contents['a'] = Content(folder, 'a')

Roles

Standard behavior

Out of the box settings

>>> from zope.securitypolicy.zopepolicy import settingsForObject
>>> pprint(settingsForObject(contentA))
[('a',
  {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
 (None,
  {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
 ('global settings',
  {'principalPermissions': [{'permission': 'zope.View',
                             'principal': 'zope.test',
                             'setting': PermissionSetting: Allow}],
   'principalRoles': [],
   'rolePermissions': [{'permission': 'zope.ManageContent',
                        'role': 'test.role',
                        'setting': PermissionSetting: Allow}]})]

Assign a role to the test user

>>> from zope.securitypolicy.interfaces import IPrincipalRoleManager
>>> manager = IPrincipalRoleManager(folder)
>>> manager.assignRoleToPrincipal('test.role', 'zope.test')

Test the role application

>>> from zope.securitypolicy.interfaces import IPrincipalRoleMap
>>> folder_rpm = IPrincipalRoleMap(folder)
>>> print folder_rpm.getRolesForPrincipal('zope.test')
[('test.role', PermissionSetting: Allow)]

Role inheritence

>>> pprint(settingsForObject(contentA))
[('a',
  {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
 (None,
  {'principalPermissions': [],
   'principalRoles': [{'principal': 'zope.test',
                       'role': 'test.role',
                       'setting': PermissionSetting: Allow}],
   'rolePermissions': []}),
 ('global settings',
  {'principalPermissions': [{'permission': 'zope.View',
                             'principal': 'zope.test',
                             'setting': PermissionSetting: Allow}],
   'principalRoles': [],
   'rolePermissions': [{'permission': 'zope.ManageContent',
                        'role': 'test.role',
                        'setting': PermissionSetting: Allow}]})]

Additive behavior

>>> import grokcore.component as grok
>>> from grokcore.component.testing import grok_component
>>> from zope.securitypolicy.interfaces import Allow
>>> from zope.securitypolicy.securitymap import SecurityMap
>>> from dolmen.security.policies.principalrole import ExtraRoleMap
>>> from zope.securitypolicy.interfaces import IPrincipalRoleManager
>>> class MyHomefolder(Location):
...     implements(IAttributeAnnotatable)
...     def __init__(self, id):
...        self.__name__ = "%s homepage" % id
...        self.userid = id
>>> home = MyHomefolder('zope.test')
>>> pprint(settingsForObject(home)[0])
('zope.test homepage',
   {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []})
>>> class HomepageRoleManager(ExtraRoleMap):
...    grok.context(MyHomefolder)
...
...    def _compute_extra_data(self):
...        extra_map = SecurityMap()
...        extra_map.addCell('test.role', self.context.userid, Allow)
...        return extra_map
>>> from zope.component import provideAdapter
>>> from zope.securitypolicy.interfaces import (
...      IPrincipalRoleManager, IPrincipalRoleMap, IRolePermissionMap)
>>> provideAdapter(
...     HomepageRoleManager, (MyHomefolder,), IPrincipalRoleManager)
>>> provideAdapter(
...     HomepageRoleManager, (MyHomefolder,), IPrincipalRoleMap)
>>> pprint(settingsForObject(home)[0])
('zope.test homepage',
 {'principalPermissions': [],
  'principalRoles': [{'principal': 'zope.test',
                      'role': 'test.role',
                      'setting': PermissionSetting: Allow}],
  'rolePermissions': []})

Checking the permissions:

>>> from zope.security.testing import Principal, Participation
>>> from zope.security.management import newInteraction, endInteraction
>>> newInteraction(Participation(Principal('zope.test')))

>>> from zope.security import checkPermission
>>> checkPermission('zope.ManageContent', home)
True

>>> home.userid = "someone else"
>>> checkPermission('zope.ManageContent', home)
False

>>> endInteraction()

Changelog

0.2 (2011-01-19)

  • Re-packaging

0.1 (2011-01-18)

  • Initial release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dolmen.security.policies-0.2.tar.gz (4.6 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page