Unscrew permission handling. Yay!

20487259 · Evan Simpson · d432d54b · 20487259 · 20487259 · 20487259
Commit 20487259 authored Jan 16, 2001 by Evan Simpson
7 changed files
--- a/lib/python/AccessControl/SecurityInfo.py
+++ b/lib/python/AccessControl/SecurityInfo.py
@@ -226,11 +226,7 @@ class ClassSecurityInfo(SecurityInfo):
        ac_permissions = {}
        for name, access in self.names.items():
            if access in (ACCESS_PRIVATE, ACCESS_PUBLIC, ACCESS_NONE):
-                attr=getattr(classobj, name, None)
+                dict['%s__roles__' % name] = access
-                try: attr.__roles__ = access
-                except:
-                    rname='%s__roles__' % name
-                    dict[rname] = access
            else:
                if not ac_permissions.has_key(access):
                    ac_permissions[access] = []

--- a/lib/python/AccessControl/User.py
+++ b/lib/python/AccessControl/User.py
@@ -84,7 +84,7 @@
 ##############################################################################
 """Access control package"""
-__version__='$Revision: 1.132 $'[11:-2]
+__version__='$Revision: 1.133 $'[11:-2]
 import Globals, socket, ts_regex, SpecialUsers
 import os
@@ -490,12 +490,16 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
    def authorize(self, user, accessed, container, name, value, roles):
        newSecurityManager(None, user)
-        security=getSecurityManager()
+        security = getSecurityManager()
-        if security.validate(accessed, container, name, value, roles):
+        try:
-            return 1
+            try:
-        else:
+                if security.validate(accessed, container, name, value, roles):
-            noSecurityManager()
+                    return 1
-            return 0
+            except:
+                noSecurityManager()
+                raise
+        except 'Unauthorized': pass
+        return 0
    def _setRemote(self, request):
        # If no authorization, only a user with a domain spec and no

--- a/lib/python/AccessControl/ZopeSecurityPolicy.py
+++ b/lib/python/AccessControl/ZopeSecurityPolicy.py
@@ -85,11 +85,12 @@
 __doc__='''Define Zope\'s default security policy
-$Id: ZopeSecurityPolicy.py,v 1.8 2001/01/10 20:22:18 chrism Exp $'''
+$Id: ZopeSecurityPolicy.py,v 1.9 2001/01/16 20:01:09 evan Exp $'''
-__version__='$Revision: 1.8 $'[11:-2]
+__version__='$Revision: 1.9 $'[11:-2]
 import SimpleObjectPolicies
 _noroles=SimpleObjectPolicies._noroles
+from zLOG import LOG, PROBLEM
 from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
@@ -175,7 +176,14 @@ class ZopeSecurityPolicy:
            value=container
        # Short-circuit tests if we can:
-        if roles is None or 'Anonymous' in roles: return 1
+        try:
+            if roles is None or 'Anonymous' in roles: return 1
+        except TypeError:
+            # 'roles' isn't a sequence
+            LOG('Zope Security Policy', PROBLEM, "'%s' passed as roles"
+                " during validation of '%s' is not a sequence." % (
+                `roles`, name))
+            raise
        # Check executable security
        stack=context.stack

--- a/lib/python/App/Management.py
+++ b/lib/python/App/Management.py
@@ -85,9 +85,9 @@
 """Standard management interface support
-$Id: Management.py,v 1.45 2001/01/16 02:55:10 shane Exp $"""
+$Id: Management.py,v 1.46 2001/01/16 20:01:09 evan Exp $"""
-__version__='$Revision: 1.45 $'[11:-2]
+__version__='$Revision: 1.46 $'[11:-2]
 import sys, Globals, ExtensionClass, urllib
 from Dialogs import MessageDialog
@@ -220,13 +220,13 @@ class Navigation(ExtensionClass.Base):
                                help_topic=None)
    manage_form_title._setFuncSignature(
        varnames=('form_title', 'help_product', 'help_topic') )
-    manage_form_title.__roles__ = None
+    manage_form_title__roles__ = None
    zope_quick_start=DTMLFile('dtml/zope_quick_start', globals())
-    zope_quick_start.__roles__=None
+    zope_quick_start__roles__=None
    manage_copyright=DTMLFile('dtml/copyright', globals())
-    manage_copyright.__roles__ = None
+    manage_copyright__roles__ = None
    manage_zmi_logout__roles__ = None
    def manage_zmi_logout(self, REQUEST, RESPONSE):
@@ -250,10 +250,10 @@ You have been logged out.
    manage_zmi_prefs=HTMLFile('dtml/manage_zmi_prefs', globals())
-    manage_zmi_prefs.__roles__ = None
+    manage_zmi_prefs__roles__ = None
 file = DTMLFile('dtml/manage_page_style.css', globals())
 setattr(Navigation, 'manage_page_style.css', file)
-file.__roles__ = None
+setattr(Navigation, 'manage_page_style.css__roles__', None)
 Globals.default__class_init__(Navigation)
--- a/lib/python/App/ProductContext.py
+++ b/lib/python/App/ProductContext.py
@@ -228,8 +228,7 @@ class ProductContext:
              },)
        m[name]=initial
-        try: initial.__roles__=pr
+        m[name+'__roles__']=pr
-        except: m[name+'__roles__']=pr
        for method in constructors[1:]:
            if type(method) is tt: name, method = method
@@ -237,8 +236,7 @@ class ProductContext:
                name=os.path.split(method.__name__)[-1]
            if not productObject.__dict__.has_key(name):
                m[name]=method
-                try: method.__roles__ = pr
+                m[name+'__roles__']=pr
-                except: m[name+'__roles__']=pr
        if icon:
            name=os.path.split(icon)[1]

--- a/lib/python/App/class_init.py
+++ b/lib/python/App/class_init.py
@@ -124,6 +124,4 @@ def default__class_init__(self):
            pname, mnames = acp[:2]
            pr=PermissionRole(pname)
            for mname in mnames:
-                try: getattr(self, mname).__roles__=pr
-                except: pass
                dict[mname+'__roles__']=pr
--- a/lib/python/ZPublisher/BaseRequest.py
+++ b/lib/python/ZPublisher/BaseRequest.py
@@ -82,7 +82,7 @@
 # attributions are listed in the accompanying credits file.
 # 
 ##############################################################################
-__version__='$Revision: 1.35 $'[11:-2]
+__version__='$Revision: 1.36 $'[11:-2]
 from string import join, split, find, rfind, lower, upper
 from urllib import quote
@@ -383,7 +383,9 @@ class BaseRequest:
                if r is not UNSPECIFIED_ROLES:
                    roles = r
                elif not got:
-                    roles = getattr(subobject, entry_name+'__roles__', roles)
+                    # We got the subobject as an attribute, not an item,
+                    # so we should check "next to it" for __roles__.
+                    roles = getattr(object, entry_name+'__roles__', roles)
                # Promote subobject to object
                object=subobject