def findView(tile, viewName):
"""Find the view to use for portlet/viewlet context lookup."""
view = tile
prequest = tile.request.get('PARENT_REQUEST', None)
# Attempt to determine the underlying view name from the parent request
# XXX: This won't work if using ESI rendering or any other
# technique that doesn't use plone.subrequest
if viewName is None and prequest is not None:
ppublished = prequest.get('PUBLISHED', None)
if IView.providedBy(ppublished):
viewName = prequest['PUBLISHED'].__name__
context = tile.context
request = tile.request
if prequest is not None:
request = prequest
if viewName is not None:
view = queryMultiAdapter((context, request), name=viewName)
if view is None:
view = tile
# Decide whether to mark the view
# XXX: Again, this probably won't work well if not using plone.subrequest
layoutPolicy = queryMultiAdapter((context, request), name='plone_layout')
if layoutPolicy is not None:
layoutPolicy.mark_view(view)
return view
def findView(tile, viewName):
"""Find the view to use for portlet/viewlet context lookup."""
view = tile
prequest = tile.request.get('PARENT_REQUEST', None)
# Provide IViewView by default when tile is rendered with contentish
# context outside subrequest, but don't return to still support custom
# policies
if prequest is None and IContentish.providedBy(tile.context):
alsoProvides(view, IViewView)
# Attempt to determine the underlying view name from the parent request
# XXX: This won't work if using ESI rendering or any other
# technique that doesn't use plone.subrequest
if viewName is None and prequest is not None:
ppublished = prequest.get('PUBLISHED', None)
if IView.providedBy(ppublished):
viewName = prequest['PUBLISHED'].__name__
request = tile.request
if prequest is not None:
request = prequest
if viewName is not None:
try:
view = queryMultiAdapter((tile.context, request), name=viewName)
except TypeError:
# Helps to debug an issue where broken view registration raised:
# TypeError: __init__() takes exactly N arguments (3 given)
logger.exception('Error in resolving view for tile: {0:s}'.format(
tile.url))
view = None
if view is None:
view = tile
# Decide whether to mark the view
# XXX: Again, this probably won't work well if not using plone.subrequest
layoutPolicy = queryMultiAdapter((tile.context, request),
name='plone_layout') # noqa
if layoutPolicy is not None:
layoutPolicy.mark_view(view)
return view
def findView(tile, viewName):
"""Find the view to use for portlet/viewlet context lookup."""
view = tile
prequest = tile.request.get('PARENT_REQUEST', None)
# Provide IViewView by default when tile is rendered with contentish
# context outside subrequest, but don't return to still support custom
# policies
if prequest is None and IContentish.providedBy(tile.context):
alsoProvides(view, IViewView)
# Attempt to determine the underlying view name from the parent request
# XXX: This won't work if using ESI rendering or any other
# technique that doesn't use plone.subrequest
if viewName is None and prequest is not None:
ppublished = prequest.get('PUBLISHED', None)
if IView.providedBy(ppublished):
viewName = prequest['PUBLISHED'].__name__
request = tile.request
if prequest is not None:
request = prequest
if viewName is not None:
try:
view = queryMultiAdapter((tile.context, request), name=viewName)
except TypeError:
# Helps to debug an issue where broken view registration raised:
# TypeError: __init__() takes exactly N arguments (3 given)
logger.exception('Error in resolving view for tile: {0:s}'.format(
tile.url))
view = None
if view is None:
view = tile
# Decide whether to mark the view
# XXX: Again, this probably won't work well if not using plone.subrequest
layoutPolicy = queryMultiAdapter((tile.context, request), name='plone_layout') # noqa
if layoutPolicy is not None:
layoutPolicy.mark_view(view)
return view
def checkPermission(self, permission, object):
"""Check the permission, object, user against the launchpad
authorization policy.
If the object is a view, then consider the object to be the view's
context.
If we are running in read-only mode, all permission checks are
failed except for launchpad.View requests, which are checked
as normal. All other permissions are used to protect write
operations.
Workflow:
- If the principal is not None and its access level is not what is
required by the permission, deny.
- If the object to authorize is private and the principal has no
access to private objects, deny.
- If we have zope.Public, allow. (But we shouldn't ever get this.)
- If we have launchpad.AnyPerson and the principal is an
ILaunchpadPrincipal then allow.
- If the object has an IAuthorization named adapter, named
after the permission, use that to check the permission.
- Otherwise, deny.
"""
# If we have a view, get its context and use that to get an
# authorization adapter.
if IView.providedBy(object):
objecttoauthorize = object.context
else:
objecttoauthorize = object
if objecttoauthorize is None:
# We will not be able to lookup an adapter for this, so we can
# return False already.
return False
# Remove all proxies from object to authorize. The security proxy is
# removed for obvious reasons but we also need to remove the location
# proxy (which is used on apidoc.lp.dev) because otherwise we can't
# create a weak reference to our object in our security policy cache.
objecttoauthorize = removeAllProxies(objecttoauthorize)
participations = [
participation for participation in self.participations
if participation.principal is not system_user]
if len(participations) > 1:
raise RuntimeError("More than one principal participating.")
# The participation's cache of (object -> permission -> result), or
# None if the participation does not support caching.
participation_cache = None
# A cache of (permission -> result) for objecttoauthorize, or None if
# the participation does not support caching. This resides as a value
# of participation_cache.
object_cache = None
if len(participations) == 0:
principal = None
else:
participation = participations[0]
if IApplicationRequest.providedBy(participation):
participation_cache = participation.annotations.setdefault(
LAUNCHPAD_SECURITY_POLICY_CACHE_KEY,
weakref.WeakKeyDictionary())
object_cache = participation_cache.setdefault(
objecttoauthorize, {})
if permission in object_cache:
return object_cache[permission]
principal = removeAllProxies(participation.principal)
if (principal is not None and
not isinstance(principal, UnauthenticatedPrincipal)):
access_level = self._getPrincipalsAccessLevel(
principal, objecttoauthorize)
if not self._checkRequiredAccessLevel(
access_level, permission, objecttoauthorize):
return False
if not self._checkPrivacy(access_level, objecttoauthorize):
return False
# The following two checks shouldn't be needed, strictly speaking,
# because zope.Public is CheckerPublic, and the Zope security
# machinery shortcuts this to always allow it. However, it is here as
# a "belt and braces". It is also a bit of a lie: if the permission is
# zope.Public, privacy and access levels (checked above) will be
# irrelevant!
if permission == 'zope.Public':
return True
if permission is CheckerPublic:
return True
if (permission == 'launchpad.AnyPerson' and
ILaunchpadPrincipal.providedBy(principal)):
return True
# If there are delegated authorizations they must *all* be allowed
# before permission to access objecttoauthorize is granted.
result = all(
iter_authorization(
objecttoauthorize, permission, principal,
participation_cache, breadth_first=True))
# Cache the top-level result. Be warned that this result /may/ be
# based on 10s or 100s of delegated authorization checks, and so even
# small changes in the model data could invalidate this result.
if object_cache is not None:
object_cache[permission] = result
return result
def checkPermission(self, permission, object):
"""Check the permission, object, user against the launchpad
authorization policy.
If the object is a view, then consider the object to be the view's
context.
If we are running in read-only mode, all permission checks are
failed except for launchpad.View requests, which are checked
as normal. All other permissions are used to protect write
operations.
Workflow:
- If the principal is not None and its access level is not what is
required by the permission, deny.
- If the object to authorize is private and the principal has no
access to private objects, deny.
- If we have zope.Public, allow. (But we shouldn't ever get this.)
- If we have launchpad.AnyPerson and the principal is an
ILaunchpadPrincipal then allow.
- If the object has an IAuthorization named adapter, named
after the permission, use that to check the permission.
- Otherwise, deny.
"""
# If we have a view, get its context and use that to get an
# authorization adapter.
if IView.providedBy(object):
objecttoauthorize = object.context
else:
objecttoauthorize = object
if objecttoauthorize is None:
# We will not be able to lookup an adapter for this, so we can
# return False already.
return False
# Remove all proxies from object to authorize. The security proxy is
# removed for obvious reasons but we also need to remove the location
# proxy (which is used on apidoc.lp.dev) because otherwise we can't
# create a weak reference to our object in our security policy cache.
objecttoauthorize = removeAllProxies(objecttoauthorize)
participations = [
participation for participation in self.participations if participation.principal is not system_user
]
if len(participations) > 1:
raise RuntimeError("More than one principal participating.")
# The participation's cache of (object -> permission -> result), or
# None if the participation does not support caching.
participation_cache = None
# A cache of (permission -> result) for objecttoauthorize, or None if
# the participation does not support caching. This resides as a value
# of participation_cache.
object_cache = None
if len(participations) == 0:
principal = None
else:
participation = participations[0]
if IApplicationRequest.providedBy(participation):
participation_cache = participation.annotations.setdefault(
LAUNCHPAD_SECURITY_POLICY_CACHE_KEY, weakref.WeakKeyDictionary()
)
object_cache = participation_cache.setdefault(objecttoauthorize, {})
if permission in object_cache:
return object_cache[permission]
principal = removeAllProxies(participation.principal)
if principal is not None and not isinstance(principal, UnauthenticatedPrincipal):
access_level = self._getPrincipalsAccessLevel(principal, objecttoauthorize)
if not self._checkRequiredAccessLevel(access_level, permission, objecttoauthorize):
return False
if not self._checkPrivacy(access_level, objecttoauthorize):
return False
# The following two checks shouldn't be needed, strictly speaking,
# because zope.Public is CheckerPublic, and the Zope security
# machinery shortcuts this to always allow it. However, it is here as
# a "belt and braces". It is also a bit of a lie: if the permission is
# zope.Public, privacy and access levels (checked above) will be
# irrelevant!
if permission == "zope.Public":
return True
if permission is CheckerPublic:
return True
if permission == "launchpad.AnyPerson" and ILaunchpadPrincipal.providedBy(principal):
return True
# If there are delegated authorizations they must *all* be allowed
# before permission to access objecttoauthorize is granted.
result = all(
iter_authorization(objecttoauthorize, permission, principal, participation_cache, breadth_first=True)
)
# Cache the top-level result. Be warned that this result /may/ be
# based on 10s or 100s of delegated authorization checks, and so even
# small changes in the model data could invalidate this result.
if object_cache is not None:
object_cache[permission] = result
return result
