def testLikeUntoOnly(self): protectName(TestModule.test_base, "m1", P1) protectName(TestModule.test_base, "m2", P1) protectSetAttribute(TestModule.test_base, "m1", P1) protectSetAttribute(TestModule.test_base, "m2", P1) protectLikeUnto(TestModule.test_class, TestModule.test_base) # m1 and m2 are in the interface, so should be set, and m3 should not: self.assertState(m1P=P1, m2P=P1) self.assertSetattrState(m1P=P1, m2P=P1)
def testLikeUntoOnly(self): protectName(TestModule.test_base, 'm1', P1) protectName(TestModule.test_base, 'm2', P1) protectSetAttribute(TestModule.test_base, 'm1', P1) protectSetAttribute(TestModule.test_base, 'm2', P1) protectLikeUnto(TestModule.test_class, TestModule.test_base) # m1 and m2 are in the interface, so should be set, and m3 should not: self.assertState(m1P=P1, m2P=P1) self.assertSetattrState(m1P=P1, m2P=P1)
def _protect(cls, protect=None, like_class=None): """Register security protections for cls, as per protect/like_class. Constraint: cls must be a type, class or module. Attempt to reset to a different permission on a name raises an error. The protect parameter is a dictionary that can can specify whatever a sequence of class/require zcml directives may specify (except for the non-compatible like_class, that if needed may be provided as a spearate parameter): protect:{ permission:str: { attributes:[str], set_attributes:[str], # tbd, zope.security.metaconfigure interface:Interface, set_schema:Interface # tbd } } like_class: either(type, class, module) """ assert protect is not None or like_class is not None, \ "[%s] params protect [%s] or like_class [%s] may not be both None." % ( cls, protect, like_class) assert protect is None or like_class is None, \ "[%s] One of params protect [%s] or like_class [%s] must be None." % ( cls, protect, like_class) if like_class is not None: protectclass.protectLikeUnto(cls, like_class) return for permission in protect: interface = protect[permission].get("interface") if interface: for attr, d in interface.namesAndDescriptions(1): protectclass.protectName(cls, attr, permission) attributes = protect[permission].get("attributes") if attributes: for attr in attributes: # retrieve cls checker on each attr (may not be defined on first) checker = protectclass.getCheckerForInstancesOf(cls) if checker is not None: previous_permission = checker.get_permissions.get(attr) if previous_permission is not None: assert previous_permission == permission, \ "Cannot change protection of class [%s] " \ "attribute [%s] from [%s] to [%s]" % ( cls, attr, previous_permission, permission) continue protectclass.protectName(cls, attr, permission)
def testLikeUntoAsDefault(self): protectName(TestModule.test_base, 'm1', P1) protectName(TestModule.test_base, 'm2', P1) protectSetAttribute(TestModule.test_base, 'm1', P1) protectSetAttribute(TestModule.test_base, 'm2', P1) protectLikeUnto(TestModule.test_class, TestModule.test_base) protectName(TestModule.test_class, 'm2', P2) protectName(TestModule.test_class, 'm3', P2) protectSetAttribute(TestModule.test_class, 'm2', P2) protectSetAttribute(TestModule.test_class, 'm3', P2) # m1 and m2 are in the interface, so should be set, and m3 should not: self.assertState(m1P=P1, m2P=P2, m3P=P2) self.assertSetattrState(m1P=P1, m2P=P2, m3P=P2)
def _callFUT(self, class_, like_unto): from zope.security.protectclass import protectLikeUnto return protectLikeUnto(class_, like_unto)