Move DTML.py over

9f67c885 · Hanno Schlichting · 9e9e2c03 · 6e83525c · 9f67c885 · 9f67c885
Commit 9f67c885 authored May 16, 2010 by Hanno Schlichting
Show whitespace changes
Inline Side-by-side

Showing with 110 additions and 92 deletions

src/AccessControl/DTML.py src/AccessControl/DTML.py +2 -92

src/DocumentTemplate/security.py src/DocumentTemplate/security.py +108 -0

No files found.
--- a/src/AccessControl/DTML.py
+++ b/src/AccessControl/DTML.py
@@ -11,97 +11,7 @@
 #
 ##############################################################################
 """Add security system support to Document Templates
-$Id$
 """
-from DocumentTemplate import DT_Util
-import SecurityManagement, string, math, random, sets
-import DocumentTemplate.sequence
-from ZopeGuards import safe_builtins
-# RestrictedDTML is inserted by AccessControl.Implementation.
-# Allow access to unprotected attributes
-DT_Util.TemplateDict.__allow_access_to_unprotected_subobjects__=1
-string.__allow_access_to_unprotected_subobjects__=1
-math.__allow_access_to_unprotected_subobjects__=1
-random.__allow_access_to_unprotected_subobjects__=1
-sets.__allow_access_to_unprotected_subobjects__=1
-DocumentTemplate.sequence.__allow_access_to_unprotected_subobjects__=1
-# Add security testing capabilities
-class DTMLSecurityAPI:
-    """API for performing security checks in DTML using '_' methods.
-    """
-    def SecurityValidate(md, inst, parent, name, value):
-        """Validate access.
-        Arguments:
-        accessed -- the object that was being accessed
-        container -- the object the value was found in
-        name -- The name used to access the value
-        value -- The value retrieved though the access.
-        The arguments may be provided as keyword arguments. Some of these
-        arguments may be ommitted, however, the policy may reject access
-        in some cases when arguments are ommitted.  It is best to provide
-        all the values possible.
-        """
-        return (SecurityManagement
-                .getSecurityManager()
-                .validate(inst, parent, name, value)
-                )
-    def SecurityCheckPermission(md, permission, object):
-        """Check whether the security context allows the given permission on
-        the given object.
-        Arguments:
-        permission -- A permission name
-        object -- The object being accessed according to the permission
-        """
-        return (SecurityManagement
-                .getSecurityManager()
-                .checkPermission(permission, object)
-                )
-    def SecurityGetUser(md):
-        """Gen the current authenticated user"""
-        return (SecurityManagement
-                .getSecurityManager()
-                .getUser()
-                )
-    def SecurityCalledByExecutable(md):
-        """Return a boolean value indicating if this context was called
-        by an executable"""
-        r = (SecurityManagement
-             .getSecurityManager()
-             .calledByExecutable()
-             )
-        if r > 0: return r-1
-        return r
-for name, v in DTMLSecurityAPI.__dict__.items():
-    if name[0] != '_':
-        setattr(DT_Util.TemplateDict, name, v)
-from types import FunctionType
+# BBB
-for name, v in safe_builtins.items():
+from DocumentTemplate.security import DTMLSecurityAPI
-    if type(v) is FunctionType:
-        v = DT_Util.NotBindable(v)
-    if name.startswith('__'):
-        continue
-    setattr(DT_Util.TemplateDict, name, v)
--- a/src/DocumentTemplate/security.py
+++ b/src/DocumentTemplate/security.py
+##############################################################################
+#
+# Copyright (c) 2002 Zope Foundation and Contributors.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+"""Add security system support to Document Templates
+"""
+import string, math, random, sets
+from AccessControl import SecurityManagement
+from AccessControl.ZopeGuards import safe_builtins
+import DocumentTemplate.sequence
+from DocumentTemplate import DT_Util
+# RestrictedDTML is inserted by AccessControl.Implementation.
+# Allow access to unprotected attributes
+DT_Util.TemplateDict.__allow_access_to_unprotected_subobjects__=1
+string.__allow_access_to_unprotected_subobjects__=1
+math.__allow_access_to_unprotected_subobjects__=1
+random.__allow_access_to_unprotected_subobjects__=1
+sets.__allow_access_to_unprotected_subobjects__=1
+DocumentTemplate.sequence.__allow_access_to_unprotected_subobjects__=1
+# Add security testing capabilities
+class DTMLSecurityAPI:
+    """API for performing security checks in DTML using '_' methods.
+    """
+    def SecurityValidate(md, inst, parent, name, value):
+        """Validate access.
+        Arguments:
+        accessed -- the object that was being accessed
+        container -- the object the value was found in
+        name -- The name used to access the value
+        value -- The value retrieved though the access.
+        The arguments may be provided as keyword arguments. Some of these
+        arguments may be ommitted, however, the policy may reject access
+        in some cases when arguments are ommitted.  It is best to provide
+        all the values possible.
+        """
+        return (SecurityManagement
+                .getSecurityManager()
+                .validate(inst, parent, name, value)
+                )
+    def SecurityCheckPermission(md, permission, object):
+        """Check whether the security context allows the given permission on
+        the given object.
+        Arguments:
+        permission -- A permission name
+        object -- The object being accessed according to the permission
+        """
+        return (SecurityManagement
+                .getSecurityManager()
+                .checkPermission(permission, object)
+                )
+    def SecurityGetUser(md):
+        """Gen the current authenticated user"""
+        return (SecurityManagement
+                .getSecurityManager()
+                .getUser()
+                )
+    def SecurityCalledByExecutable(md):
+        """Return a boolean value indicating if this context was called
+        by an executable"""
+        r = (SecurityManagement
+             .getSecurityManager()
+             .calledByExecutable()
+             )
+        if r > 0: return r-1
+        return r
+for name, v in DTMLSecurityAPI.__dict__.items():
+    if name[0] != '_':
+        setattr(DT_Util.TemplateDict, name, v)
+from types import FunctionType
+for name, v in safe_builtins.items():
+    if type(v) is FunctionType:
+        v = DT_Util.NotBindable(v)
+    if name.startswith('__'):
+        continue
+    setattr(DT_Util.TemplateDict, name, v)