dolmen.security.policies

A collection of security maps baseclasses

Project description

dolmen.security.policies provides a pluggable way to handle object-level security.

>>> from zope.location import Location
>>> from zope.interface import implements
>>> from zope.annotation.interfaces import IAttributeAnnotatable

>>> class Content(Location):
...     implements(IAttributeAnnotatable)
...     def __init__(self, parent, name):
...         self.__parent__ = parent
...         self.__name__ = name

>>> class MyFolder(Location):
...     implements(IAttributeAnnotatable)
...     def __init__(self):
...         self.contents = {}

>>> folder = MyFolder()
>>> contentA = folder.contents['a'] = Content(folder, 'a')

Roles

Standard behavior

Out of the box settings

>>> from zope.securitypolicy.zopepolicy import settingsForObject
>>> pprint(settingsForObject(contentA))
[('a',
  {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
 (None,
  {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
 ('global settings',
  {'principalPermissions': [{'permission': 'zope.View',
                             'principal': 'zope.test',
                             'setting': PermissionSetting: Allow}],
   'principalRoles': [],
   'rolePermissions': [{'permission': 'zope.ManageContent',
                        'role': 'test.role',
                        'setting': PermissionSetting: Allow}]})]

Assign a role to the test user

>>> from zope.securitypolicy.interfaces import IPrincipalRoleManager
>>> manager = IPrincipalRoleManager(folder)
>>> manager.assignRoleToPrincipal('test.role', 'zope.test')

Test the role application

>>> from zope.securitypolicy.interfaces import IPrincipalRoleMap
>>> folder_rpm = IPrincipalRoleMap(folder)
>>> print folder_rpm.getRolesForPrincipal('zope.test')
[('test.role', PermissionSetting: Allow)]

Role inheritence

>>> pprint(settingsForObject(contentA))
[('a',
  {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
 (None,
  {'principalPermissions': [],
   'principalRoles': [{'principal': 'zope.test',
                       'role': 'test.role',
                       'setting': PermissionSetting: Allow}],
   'rolePermissions': []}),
 ('global settings',
  {'principalPermissions': [{'permission': 'zope.View',
                             'principal': 'zope.test',
                             'setting': PermissionSetting: Allow}],
   'principalRoles': [],
   'rolePermissions': [{'permission': 'zope.ManageContent',
                        'role': 'test.role',
                        'setting': PermissionSetting: Allow}]})]

Additive behavior

>>> import grokcore.component as grok
>>> from grokcore.component.testing import grok_component
>>> from zope.securitypolicy.interfaces import Allow
>>> from zope.securitypolicy.securitymap import SecurityMap
>>> from dolmen.security.policies.principalrole import ExtraRoleMap
>>> from zope.securitypolicy.interfaces import IPrincipalRoleManager

>>> class MyHomefolder(Location):
...     implements(IAttributeAnnotatable)
...     def __init__(self, id):
...        self.__name__ = "%s homepage" % id
...        self.userid = id

>>> home = MyHomefolder('zope.test')
>>> pprint(settingsForObject(home)[0])
('zope.test homepage',
   {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []})

>>> class HomepageRoleManager(ExtraRoleMap):
...    grok.context(MyHomefolder)
...
...    def _compute_extra_data(self):
...        extra_map = SecurityMap()
...        extra_map.addCell('test.role', self.context.userid, Allow)
...        return extra_map

>>> from zope.component import provideAdapter
>>> from zope.securitypolicy.interfaces import (
...      IPrincipalRoleManager, IPrincipalRoleMap, IRolePermissionMap)

>>> provideAdapter(
...     HomepageRoleManager, (MyHomefolder,), IPrincipalRoleManager)
>>> provideAdapter(
...     HomepageRoleManager, (MyHomefolder,), IPrincipalRoleMap)

>>> pprint(settingsForObject(home)[0])
('zope.test homepage',
 {'principalPermissions': [],
  'principalRoles': [{'principal': 'zope.test',
                      'role': 'test.role',
                      'setting': PermissionSetting: Allow}],
  'rolePermissions': []})

Checking the permissions:

>>> from zope.security.testing import Principal, Participation
>>> from zope.security.management import newInteraction, endInteraction
>>> newInteraction(Participation(Principal('zope.test')))

>>> from zope.security import checkPermission
>>> checkPermission('zope.ManageContent', home)
True

>>> home.userid = "someone else"
>>> checkPermission('zope.ManageContent', home)
False

>>> endInteraction()

Changelog

0.2 (2011-01-19)

Re-packaging

0.1 (2011-01-18)

Initial release

Project details

Release history Release notifications | RSS feed

0.4

Aug 26, 2020

0.3

Feb 22, 2011

This version

0.2

Jan 19, 2011

0.1

Jan 18, 2011

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dolmen.security.policies-0.2.tar.gz (4.6 kB view hashes)

Uploaded Jan 19, 2011 Source

Hashes for dolmen.security.policies-0.2.tar.gz

Hashes for dolmen.security.policies-0.2.tar.gz
Algorithm	Hash digest
SHA256	`55e4c64eeec9cd6a5f66117b67aefb11ce08e9874f973cef86a4dc91e75d9779`
MD5	`17d13a043dd6b9dfb9d8e87cee429534`
BLAKE2b-256	`a089af080659debd4b5737e485d0490cbd7cebe9d0b9ef0c62adf5501ce624d6`