Security framework for Zope2.
AccessControl provides a general security framework for use in Zope2.
For changes before verison 3.0, see HISTORY.txt.
- In str.format, check the security for keys and items that are accessed. Part of PloneHotfix20171128. [maurits]
- set explicit PyPI index, the old zc.buildout defaults no longer work
- add tox testing configuration
- In str.format, check the security for attributes that are accessed. Part of PloneHotfix20170117. [maurits]
- Added override_container context manager. Used this in tests to make them pass when the standard permissive security assertions for strings has been changed. [maurits]
- Avoid acquiring access from module wrapped by SecurityInfo._ModuleSecurityInfo. See: https://github.com/zopefoundation/AccessControl/issues/12
- Harden test fix for machines that do not define localhost.
- Test fix for machines that do not define localhost.
- GitHub #6: Do not pass SecurityInfo instance itself to declarePublic/declarePrivate when using the public/private decorator. This fixes Conflicting security declarations warnings on Zope startup.
- LP #1248529: Leave existing security manager in place inside RoleManager.manage_getUserRolesAndPermissions.
- LP #1169923: ensure initialization of shared ImplPython state (used by ImplC) when using the “C” security policy. Thanks to Arnaud Fontaine for the patch.
- Remove long-deprecated ‘Shared’ roles support (pre-dates Zope, never used by Zope itself)
- Prevent infinite loop when looking up local roles in an acquisition chain with cycles.
- LP #1071067: Use a stronger random number generator and a constant time comparison function.
- LP #966101: Recognize special zope2.Private permission in ZCML role directive.
- LP #1047318: Tighten import restrictions for restricted code.
- Fix a bug in ZopeSecurityPolicy.py. Global variable rolesForPermissionOn could be overridden if __role__ had custom rolesForPermissionOn.
- Add Anonymous as a default role for Public permission.
- Fix tests under Python 2.6.
- Added decorators for public, private and protected security declarations.
- Update tests to take advantage of automatic test suite discovery.