def __init__(self, checker1, checker2): """Create a combined checker.""" Checker.__init__(self, checker1.get_permissions, checker1.set_permissions) self._checker2 = checker2
def check(self, object, name): 'See IChecker' try: Checker.check(self, object, name) except ForbiddenAttribute: self._checker2.check(object, name) except Unauthorized as unauthorized_exception: try: self._checker2.check(object, name) except ForbiddenAttribute: raise unauthorized_exception
def MultiChecker(specs): """Create a checker from a sequence of specifications A specification is: - A two-tuple with: o a sequence of names or an interface o a permission id All the names in the sequence of names or the interface are protected by the permission. - A dictionoid (having an items method), with items that are name/permission-id pairs. """ data = {} for spec in specs: if type(spec) is tuple: names, permission_id = spec if IInterface.providedBy(names): names = names.names(all=True) for name in names: if data.get(name, permission_id) is not permission_id: raise DuplicationError(name) data[name] = permission_id else: for name, permission_id in spec.items(): if data.get(name, permission_id) is not permission_id: raise DuplicationError(name) data[name] = permission_id return Checker(data)
def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__): """Return a checker that grants access to a set of names. A sequence of names is given as the first argument. If a second argument, permission_id, is given, it is the permission required to access the names. Additional names and permission IDs can be supplied as keyword arguments. """ data = {} data.update(__kw__) for name in names: if data.get(name, permission_id) is not permission_id: raise DuplicationError(name) data[name] = permission_id return Checker(data)
return self.__name__ def __repr__(self): return "%s(%s,%s)" % (self.__class__.__name__, self.__name__, self.__module__) CheckerPublic = Global('CheckerPublic') CP_HACK_XXX = CheckerPublic # Now we wrap it in a security proxy so that it retains its # identity when it needs to be security proxied. # XXX: This means that we can't directly document it with # sphinx because issubclass() will fail. d = {} CheckerPublic = Proxy(CheckerPublic, Checker(d)) # XXX uses CheckerPy d['__reduce__'] = CheckerPublic d['__module__'] = CheckerPublic del d # TODO: It's a bit scary above that we can pickle a proxy if access is # granted to __reduce__. We might want to bother to prevent this in # general and only allow it in this specific case. def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__): """Return a checker that grants access to a set of names. A sequence of names is given as the first argument. If a second argument, permission_id, is given, it is the permission required to access the names. Additional names and permission IDs can be supplied as keyword arguments.
def __reduce__(self): return self.__name__ def __repr__(self): return "%s(%s,%s)" % (self.__class__.__name__, self.__name__, self.__module__) # Marker for public attributes CheckerPublic = Global('CheckerPublic') # Now we wrap it in a security proxy so that it retains it's # identity when it needs to be security proxied. d = {} CheckerPublic = Proxy(CheckerPublic, Checker(d)) d['__reduce__'] = CheckerPublic del d # TODO: It's a bit scary above that we can pickle a proxy if access is # granted to __reduce__. We might want to bother to prevent this in # general and only allow it in this specific case. def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__): """Return a checker that grants access to a set of names. A sequence of names is given as the first argument. If a second argument, permission_id, is given, it is the permission required to access the names. Additional names and permission ids can be supplied as keyword arguments.
def __reduce__(self): return self.__name__ def __repr__(self): return "%s(%s,%s)" % (self.__class__.__name__, self.__name__, self.__module__) # Marker for public attributes CheckerPublic = Global('CheckerPublic') CP_HACK_XXX = CheckerPublic # Now we wrap it in a security proxy so that it retains its # identity when it needs to be security proxied. d = {} CheckerPublic = Proxy(CheckerPublic, Checker(d)) # XXX uses CheckerPy d['__reduce__'] = CheckerPublic d['__module__'] = CheckerPublic del d # TODO: It's a bit scary above that we can pickle a proxy if access is # granted to __reduce__. We might want to bother to prevent this in # general and only allow it in this specific case. def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__): """Return a checker that grants access to a set of names. A sequence of names is given as the first argument. If a second argument, permission_id, is given, it is the permission required to access the names. Additional names and permission ids can be