def __init__(self, checker1, checker2):
"""Create a combined checker."""
Checker.__init__(self,
checker1.get_permissions,
checker1.set_permissions)
self._checker2 = checker2
def check(self, object, name):
'See IChecker'
try:
Checker.check(self, object, name)
except ForbiddenAttribute:
self._checker2.check(object, name)
except Unauthorized as unauthorized_exception:
try: self._checker2.check(object, name)
except ForbiddenAttribute:
raise unauthorized_exception
def MultiChecker(specs):
"""Create a checker from a sequence of specifications
A specification is:
- A two-tuple with:
o a sequence of names or an interface
o a permission id
All the names in the sequence of names or the interface are
protected by the permission.
- A dictionoid (having an items method), with items that are
name/permission-id pairs.
"""
data = {}
for spec in specs:
if type(spec) is tuple:
names, permission_id = spec
if IInterface.providedBy(names):
names = names.names(all=True)
for name in names:
if data.get(name, permission_id) is not permission_id:
raise DuplicationError(name)
data[name] = permission_id
else:
for name, permission_id in spec.items():
if data.get(name, permission_id) is not permission_id:
raise DuplicationError(name)
data[name] = permission_id
return Checker(data)
def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__):
"""Return a checker that grants access to a set of names.
A sequence of names is given as the first argument. If a second
argument, permission_id, is given, it is the permission required
to access the names. Additional names and permission IDs can be
supplied as keyword arguments.
"""
data = {}
data.update(__kw__)
for name in names:
if data.get(name, permission_id) is not permission_id:
raise DuplicationError(name)
data[name] = permission_id
return Checker(data)
return self.__name__
def __repr__(self):
return "%s(%s,%s)" % (self.__class__.__name__,
self.__name__, self.__module__)
CheckerPublic = Global('CheckerPublic')
CP_HACK_XXX = CheckerPublic
# Now we wrap it in a security proxy so that it retains its
# identity when it needs to be security proxied.
# XXX: This means that we can't directly document it with
# sphinx because issubclass() will fail.
d = {}
CheckerPublic = Proxy(CheckerPublic, Checker(d)) # XXX uses CheckerPy
d['__reduce__'] = CheckerPublic
d['__module__'] = CheckerPublic
del d
# TODO: It's a bit scary above that we can pickle a proxy if access is
# granted to __reduce__. We might want to bother to prevent this in
# general and only allow it in this specific case.
def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__):
"""Return a checker that grants access to a set of names.
A sequence of names is given as the first argument. If a second
argument, permission_id, is given, it is the permission required
to access the names. Additional names and permission IDs can be
supplied as keyword arguments.
def __reduce__(self):
return self.__name__
def __repr__(self):
return "%s(%s,%s)" % (self.__class__.__name__, self.__name__,
self.__module__)
# Marker for public attributes
CheckerPublic = Global('CheckerPublic')
# Now we wrap it in a security proxy so that it retains it's
# identity when it needs to be security proxied.
d = {}
CheckerPublic = Proxy(CheckerPublic, Checker(d))
d['__reduce__'] = CheckerPublic
del d
# TODO: It's a bit scary above that we can pickle a proxy if access is
# granted to __reduce__. We might want to bother to prevent this in
# general and only allow it in this specific case.
def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__):
"""Return a checker that grants access to a set of names.
A sequence of names is given as the first argument. If a second
argument, permission_id, is given, it is the permission required
to access the names. Additional names and permission ids can be
supplied as keyword arguments.
def __reduce__(self):
return self.__name__
def __repr__(self):
return "%s(%s,%s)" % (self.__class__.__name__, self.__name__,
self.__module__)
# Marker for public attributes
CheckerPublic = Global('CheckerPublic')
CP_HACK_XXX = CheckerPublic
# Now we wrap it in a security proxy so that it retains its
# identity when it needs to be security proxied.
d = {}
CheckerPublic = Proxy(CheckerPublic, Checker(d)) # XXX uses CheckerPy
d['__reduce__'] = CheckerPublic
d['__module__'] = CheckerPublic
del d
# TODO: It's a bit scary above that we can pickle a proxy if access is
# granted to __reduce__. We might want to bother to prevent this in
# general and only allow it in this specific case.
def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__):
"""Return a checker that grants access to a set of names.
A sequence of names is given as the first argument. If a second
argument, permission_id, is given, it is the permission required
to access the names. Additional names and permission ids can be
