Esempio n. 1
0
    def test_descriptor__get___set___in_proxy_subclass(self):
        class Descriptor(object):
            value = None
            instance = None
            cls = None

            def __get__(self, instance, cls):
                self.cls = cls
                return self.value

            def __set__(self, instance, value):
                self.value = value
                self.instance = instance

        descriptor = Descriptor()
        descriptor.value = "descriptor value"

        class Proxy(self._getTargetClass()):
            attr = descriptor

        proxy = Proxy(object())
        self.assertEqual(proxy.attr, "descriptor value")
        self.assertEqual(descriptor.cls, Proxy)

        proxy.attr = 42

        self.assertEqual(descriptor.value, 42)
        self.assertEqual(descriptor.instance, proxy)
Esempio n. 2
0
 def proxy(self, obj):
     if isinstance(obj, Proxy):
         return obj
     # zope.security registered
     checker = selectChecker(obj)
     if checker is not None:
         return Proxy(obj, checker)
     return Proxy(obj, self)
Esempio n. 3
0
    def test___getattr__delegates_to_wrapped_when_conflict(self):
        class Proxy(self._getTargetClass()):
            def foo(self):
                raise AssertionError("Not called")

        class Foo(object):
            def foo(self):
                return 'FOO'

        o = Foo()
        w = Proxy(o)
        self.assertEqual(w.foo(), 'FOO')
Esempio n. 4
0
    def test___setattr__sets_proxy_property(self):
        class Proxy(self._getTargetClass()):
            bar = property(lambda s: s.__dict__.get('_bar'),
                           lambda s, v: s.__dict__.__setitem__('_bar', v))

        class Foo(object):
            pass

        o = Foo()
        w = Proxy(o)
        w.bar = 43
        self.assertEqual(w.bar, 43)
        self.assertRaises(AttributeError, getattr, o, 'bar')
Esempio n. 5
0
    def test_it(self):
        from zope.proxy import ProxyBase
        from zope.proxy import non_overridable

        class Proxy(ProxyBase):
            def who(self):
                raise AssertionError("Not called")

            @non_overridable
            def what(self):
                return 'PROXY'

        class Foo(object):
            def who(self):
                return 'FOO'

            def what(self):
                return 'FOO'

        p0 = ProxyBase(Foo())
        self.assertEqual(p0.who(), 'FOO')
        self.assertEqual(p0.what(), 'FOO')
        proxy = Proxy(Foo())
        self.assertEqual(proxy.who(), 'FOO')
        self.assertEqual(proxy.what(), 'PROXY')
Esempio n. 6
0
 def factory(*args):
     ob = original_factory(*args)
     try:
         ob.__Security_checker__ = checker
     except AttributeError:
         ob = Proxy(ob, checker)
     return ob
Esempio n. 7
0
def ProxyFactory(object, checker=None):
    """Factory function that creates a proxy for an object

    The proxy checker is looked up if not provided.
    """
    if type(object) is Proxy:
        if checker is None or checker is getChecker(object):
            return object
        else:
            # We have a proxy, but someone asked us to change its checker.
            # Let's raise an exception.
            #
            # Other reasonable actions would be to either keep the existing
            # proxy, or to create a new one with the given checker.
            # The latter might be a security hole though, if untrusted code
            # can call ProxyFactory.
            raise TypeError("Tried to use ProxyFactory to change a Proxy's"
                            " checker.")
    if checker is None:
        checker = getattr(object, '__Security_checker__', None)

        if checker is None:
            checker = selectChecker(object)
            if checker is None:
                return object

    return Proxy(object, checker)
Esempio n. 8
0
        def proxyView(request, factory=factory, checker=checker):
            resource = factory(request)

            # We need this in case the resource gets unwrapped and
            # needs to be rewrapped
            resource.__Security_checker__ = checker

            return Proxy(resource, checker)
Esempio n. 9
0
def proxy_factory(value, interaction):
    if type(value) is Proxy:
        return value
    # ignore proxies on deferreds
    if isinstance(value, Deferred):
        return value

    return Proxy(value, _select_checker(value, interaction))
Esempio n. 10
0
    def proxy(self, value):
        'See IChecker'
        if type(value) is Proxy:
            return value
        checker = getattr(value, '__Security_checker__', None)
        if checker is None:
            checker = selectChecker(value)
            if checker is None:
                return value

        return Proxy(value, checker)
Esempio n. 11
0
    def test_descriptor__set___only_in_proxy_subclass(self):
        class Descriptor(object):
            value = None
            instance = None

            def __set__(self, instance, value):
                self.value = value
                self.instance = instance

        descriptor = Descriptor()

        class Proxy(self._getTargetClass()):
            attr = descriptor

        proxy = Proxy(object())
        proxy.attr = 42

        self.assertEqual(proxy.attr, descriptor)
        self.assertEqual(descriptor.value, 42)
        self.assertEqual(descriptor.instance, proxy)
Esempio n. 12
0
    def test_method_in_proxy_subclass(self):
        class Proxy(self._getTargetClass()):
            def __getitem__(self, k):
                return k

        proxy = Proxy(object())
        # Both when called by the interpreter, which bypasses
        # __getattribute__
        self.assertEqual(proxy[42], 42)
        # And when asked for as an attribute
        self.assertNotEqual(getattr(proxy, '__getitem__'), self)
Esempio n. 13
0
    def test_non_descriptor_in_proxy_subclass__dict__(self):
        # Non-descriptors in the class dict of the subclass
        # are always passed through to the wrapped instance
        class Proxy(self._getTargetClass()):
            attr = "constant value"

        proxy = Proxy(object())
        self.assertEqual(proxy.attr, "constant value")

        self.assertRaises(AttributeError, setattr, proxy, 'attr', 42)
        self.assertEqual(proxy.attr, "constant value")
Esempio n. 14
0
    def proxy(self, value):
        'See IChecker'
        if type(value) is Proxy:
            return value
        # ignore proxies on deferreds
        if isinstance(value, Deferred):
            return value
        # don't proxy classes
        if isinstance(value, type):
            return value
        checker = getattr(value, '__Security_checker__', None)
        if checker is None:
            checker = _select_checker(value,
                                      self.interaction)  # pass interaction
            if checker is None or type(checker) is object:
                return value

        return Proxy(value, checker)
Esempio n. 15
0
def _proxied(*args):
    return Proxy(args, selectChecker(args))
Esempio n. 16
0
        return self.__name__

    def __repr__(self):
        return "%s(%s,%s)" % (self.__class__.__name__,
                              self.__name__, self.__module__)


CheckerPublic = Global('CheckerPublic')
CP_HACK_XXX = CheckerPublic

# Now we wrap it in a security proxy so that it retains its
# identity when it needs to be security proxied.
# XXX: This means that we can't directly document it with
# sphinx because issubclass() will fail.
d = {}
CheckerPublic = Proxy(CheckerPublic, Checker(d)) # XXX uses CheckerPy
d['__reduce__'] = CheckerPublic
d['__module__'] = CheckerPublic
del d

# TODO: It's a bit scary above that we can pickle a proxy if access is
# granted to __reduce__. We might want to bother to prevent this in
# general and only allow it in this specific case.

def NamesChecker(names=(), permission_id=CheckerPublic, **__kw__):
    """Return a checker that grants access to a set of names.

    A sequence of names is given as the first argument. If a second
    argument, permission_id, is given, it is the permission required
    to access the names.  Additional names and permission IDs can be
    supplied as keyword arguments.
Esempio n. 17
0
 def _makeSecurityProxy(self, obj):
     from zope.security.proxy import Proxy
     from zope.security.checker import Checker
     checker = Checker({})
     return Proxy(obj, checker)
Esempio n. 18
0
 def _makeSecurityProxy(self, obj):
     from zope.security.proxy import Proxy
     checker = object()
     return Proxy(obj, checker)