This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Help us improve Python packaging - Donate today!
Project Description

dolmen.security.policies provides a pluggable way to handle object-level security.

>>> from zope.location import Location
>>> from zope.interface import implements
>>> from zope.annotation.interfaces import IAttributeAnnotatable
>>> class Content(Location):
...     implements(IAttributeAnnotatable)
...     def __init__(self, parent, name):
...         self.__parent__ = parent
...         self.__name__ = name
>>> class MyFolder(Location):
...     implements(IAttributeAnnotatable)
...     def __init__(self):
...         self.contents = {}
>>> folder = MyFolder()
>>> contentA = folder.contents['a'] = Content(folder, 'a')

Roles

Standard behavior

Out of the box settings

>>> from zope.securitypolicy.zopepolicy import settingsForObject
>>> pprint(settingsForObject(contentA))
[('a',
  {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
 (None,
  {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
 ('global settings',
  {'principalPermissions': [{'permission': 'zope.View',
                             'principal': 'zope.test',
                             'setting': PermissionSetting: Allow}],
   'principalRoles': [],
   'rolePermissions': [{'permission': 'zope.ManageContent',
                        'role': 'test.role',
                        'setting': PermissionSetting: Allow}]})]

Assign a role to the test user

>>> from zope.securitypolicy.interfaces import IPrincipalRoleManager
>>> manager = IPrincipalRoleManager(folder)
>>> manager.assignRoleToPrincipal('test.role', 'zope.test')

Test the role application

>>> from zope.securitypolicy.interfaces import IPrincipalRoleMap
>>> folder_rpm = IPrincipalRoleMap(folder)
>>> print folder_rpm.getRolesForPrincipal('zope.test')
[('test.role', PermissionSetting: Allow)]

Role inheritence

>>> pprint(settingsForObject(contentA))
[('a',
  {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
 (None,
  {'principalPermissions': [],
   'principalRoles': [{'principal': 'zope.test',
                       'role': 'test.role',
                       'setting': PermissionSetting: Allow}],
   'rolePermissions': []}),
 ('global settings',
  {'principalPermissions': [{'permission': 'zope.View',
                             'principal': 'zope.test',
                             'setting': PermissionSetting: Allow}],
   'principalRoles': [],
   'rolePermissions': [{'permission': 'zope.ManageContent',
                        'role': 'test.role',
                        'setting': PermissionSetting: Allow}]})]

Additive behavior

>>> import grokcore.component as grok
>>> from grokcore.component.testing import grok_component
>>> from zope.securitypolicy.interfaces import Allow, Deny
>>> from zope.securitypolicy.securitymap import SecurityMap
>>> from dolmen.security.policies.principalrole import ExtraRoleMap
>>> from zope.securitypolicy.interfaces import IPrincipalRoleManager
>>> class MyHomefolder(Location):
...     implements(IAttributeAnnotatable)
...     def __init__(self, id):
...        self.__name__ = "%s homepage" % id
...        self.userid = id
>>> home = MyHomefolder('zope.test')
>>> pprint(settingsForObject(home)[0])
('zope.test homepage',
   {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []})
>>> class HomepageRoleManager(ExtraRoleMap):
...    grok.context(MyHomefolder)
...
...    def _compute_extra_data(self):
...        extra_map = SecurityMap()
...        extra_map.addCell('test.role', self.context.userid, Allow)
...        return extra_map
>>> from zope.component import provideAdapter
>>> from zope.securitypolicy.interfaces import (
...      IPrincipalRoleManager, IPrincipalRoleMap, IRolePermissionMap)
>>> provideAdapter(
...     HomepageRoleManager, (MyHomefolder,), IPrincipalRoleManager)
>>> provideAdapter(
...     HomepageRoleManager, (MyHomefolder,), IPrincipalRoleMap)
>>> pprint(settingsForObject(home)[0])
('zope.test homepage',
 {'principalPermissions': [],
  'principalRoles': [{'principal': 'zope.test',
                      'role': 'test.role',
                      'setting': PermissionSetting: Allow}],
  'rolePermissions': []})

Checking the permissions:

>>> from zope.security.testing import Principal, Participation
>>> from zope.security.management import newInteraction, endInteraction
>>> newInteraction(Participation(Principal('zope.test')))

>>> from zope.security import checkPermission
>>> checkPermission('zope.ManageContent', home)
True

>>> home.userid = "someone else"
>>> checkPermission('zope.ManageContent', home)
False

>>> home.userid = "zope.test"
>>> checkPermission('zope.ManageContent', home)
True

Role Permissions

We can allow/deny permissions on roles too:

>>> from dolmen.security.policies import ExtraRolePermissionMap
>>> from zope.securitypolicy.interfaces import IRolePermissionManager

>>> class HomepageRolePermissionManager(ExtraRolePermissionMap):
...    grok.context(MyHomefolder)
...
...    def _compute_extra_data(self):
...        extra_map = SecurityMap()
...        extra_map.addCell('zope.ManageContent', 'test.role', Deny)
...        return extra_map

>>> provideAdapter(
...     HomepageRolePermissionManager, (MyHomefolder,),
...     IRolePermissionManager)

>>> pprint(settingsForObject(home)[0])
('zope.test homepage',
 {'principalPermissions': [],
  'principalRoles': [{'principal': 'zope.test',
                      'role': 'test.role',
                      'setting': PermissionSetting: Allow}],
  'rolePermissions': [{'permission': 'zope.ManageContent',
                       'role': 'test.role',
                       'setting': PermissionSetting: Deny}]})

>>> checkPermission('zope.ManageContent', home)
False

>>> endInteraction()

Changelog

0.3 (2011-02-22)

  • Added base adapter for IRolePermissionManager. This allows to deny or allow permissions by role. [goschtl]

0.2 (2011-01-19)

  • Re-packaging

0.1 (2011-01-18)

  • Initial release
Release History

Release History

0.3

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.2

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
dolmen.security.policies-0.3.tar.gz (5.1 kB) Copy SHA256 Checksum SHA256 Source Feb 22, 2011

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting