Move DTML.py over

9f67c885 · Hanno Schlichting · 9e9e2c03 · 6e83525c · 9f67c885 · 9f67c885
Commit 9f67c885 authored May 16, 2010 by Hanno Schlichting
Hide whitespace changes
Inline Side-by-side

Showing with 110 additions and 92 deletions

src/AccessControl/DTML.py src/AccessControl/DTML.py +2 -92

src/DocumentTemplate/security.py src/DocumentTemplate/security.py +108 -0

No files found.
--- a/src/AccessControl/DTML.py
+++ b/src/AccessControl/DTML.py
@@ -11,97 +11,7 @@
 #
 ##############################################################################
 """Add security system support to Document Templates
-
-$Id$
 """
-from DocumentTemplate import DT_Util
-import SecurityManagement, string, math, random, sets
-import DocumentTemplate.sequence
-
-from ZopeGuards import safe_builtins
-
-# RestrictedDTML is inserted by AccessControl.Implementation.
-
-
-# Allow access to unprotected attributes
-DT_Util.TemplateDict.__allow_access_to_unprotected_subobjects__=1
-string.__allow_access_to_unprotected_subobjects__=1
-math.__allow_access_to_unprotected_subobjects__=1
-random.__allow_access_to_unprotected_subobjects__=1
-sets.__allow_access_to_unprotected_subobjects__=1
-
-
-DocumentTemplate.sequence.__allow_access_to_unprotected_subobjects__=1
-
-# Add security testing capabilities
-
-class DTMLSecurityAPI:
-    """API for performing security checks in DTML using '_' methods.
-    """
-
-    def SecurityValidate(md, inst, parent, name, value):
-        """Validate access.
-
-        Arguments:
-
-        accessed -- the object that was being accessed
-
-        container -- the object the value was found in
-
-        name -- The name used to access the value
-
-        value -- The value retrieved though the access.
-
-        The arguments may be provided as keyword arguments. Some of these
-        arguments may be ommitted, however, the policy may reject access
-        in some cases when arguments are ommitted.  It is best to provide
-        all the values possible.
-        """
-        return (SecurityManagement
-                .getSecurityManager()
-                .validate(inst, parent, name, value)
-                )
-
-    def SecurityCheckPermission(md, permission, object):
-        """Check whether the security context allows the given permission on
-        the given object.
-
-        Arguments:
-
-        permission -- A permission name
-
-        object -- The object being accessed according to the permission
-        """
-        return (SecurityManagement
-                .getSecurityManager()
-                .checkPermission(permission, object)
-                )
-
-    def SecurityGetUser(md):
-        """Gen the current authenticated user"""
-        return (SecurityManagement
-                .getSecurityManager()
-                .getUser()
-                )
-
-    def SecurityCalledByExecutable(md):
-        """Return a boolean value indicating if this context was called
-        by an executable"""
-        r = (SecurityManagement
-             .getSecurityManager()
-             .calledByExecutable()
-             )
-        if r > 0: return r-1
-        return r
-
-for name, v in DTMLSecurityAPI.__dict__.items():
-    if name[0] != '_':
-        setattr(DT_Util.TemplateDict, name, v)

-from types import FunctionType
-for name, v in safe_builtins.items():
-    if type(v) is FunctionType:
-        v = DT_Util.NotBindable(v)
-    if name.startswith('__'):
-        continue
-    setattr(DT_Util.TemplateDict, name, v)
+# BBB
+from DocumentTemplate.security import DTMLSecurityAPI
--- a/src/DocumentTemplate/security.py
+++ b/src/DocumentTemplate/security.py
+##############################################################################
+#
+# Copyright (c) 2002 Zope Foundation and Contributors.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+"""Add security system support to Document Templates
+"""
+
+import string, math, random, sets
+
+from AccessControl import SecurityManagement
+from AccessControl.ZopeGuards import safe_builtins
+
+import DocumentTemplate.sequence
+from DocumentTemplate import DT_Util
+
+# RestrictedDTML is inserted by AccessControl.Implementation.
+
+
+# Allow access to unprotected attributes
+DT_Util.TemplateDict.__allow_access_to_unprotected_subobjects__=1
+string.__allow_access_to_unprotected_subobjects__=1
+math.__allow_access_to_unprotected_subobjects__=1
+random.__allow_access_to_unprotected_subobjects__=1
+sets.__allow_access_to_unprotected_subobjects__=1
+
+
+DocumentTemplate.sequence.__allow_access_to_unprotected_subobjects__=1
+
+# Add security testing capabilities
+
+class DTMLSecurityAPI:
+    """API for performing security checks in DTML using '_' methods.
+    """
+
+    def SecurityValidate(md, inst, parent, name, value):
+        """Validate access.
+
+        Arguments:
+
+        accessed -- the object that was being accessed
+
+        container -- the object the value was found in
+
+        name -- The name used to access the value
+
+        value -- The value retrieved though the access.
+
+        The arguments may be provided as keyword arguments. Some of these
+        arguments may be ommitted, however, the policy may reject access
+        in some cases when arguments are ommitted.  It is best to provide
+        all the values possible.
+        """
+        return (SecurityManagement
+                .getSecurityManager()
+                .validate(inst, parent, name, value)
+                )
+
+    def SecurityCheckPermission(md, permission, object):
+        """Check whether the security context allows the given permission on
+        the given object.
+
+        Arguments:
+
+        permission -- A permission name
+
+        object -- The object being accessed according to the permission
+        """
+        return (SecurityManagement
+                .getSecurityManager()
+                .checkPermission(permission, object)
+                )
+
+    def SecurityGetUser(md):
+        """Gen the current authenticated user"""
+        return (SecurityManagement
+                .getSecurityManager()
+                .getUser()
+                )
+
+    def SecurityCalledByExecutable(md):
+        """Return a boolean value indicating if this context was called
+        by an executable"""
+        r = (SecurityManagement
+             .getSecurityManager()
+             .calledByExecutable()
+             )
+        if r > 0: return r-1
+        return r
+
+for name, v in DTMLSecurityAPI.__dict__.items():
+    if name[0] != '_':
+        setattr(DT_Util.TemplateDict, name, v)
+
+from types import FunctionType
+for name, v in safe_builtins.items():
+    if type(v) is FunctionType:
+        v = DT_Util.NotBindable(v)
+    if name.startswith('__'):
+        continue
+    setattr(DT_Util.TemplateDict, name, v)