def guard(container, value, index=None): if Containers(type(container)) and Containers(type(value)): # Simple type. Short circuit. return if getSecurityManager().validate(container, container, index, value): return _error(index)
def guarded_import(mname, globals=None, locals=None, fromlist=None, level=-1): if fromlist is None: fromlist = () if '*' in fromlist: raise Unauthorized("'from %s import *' is not allowed") if globals is None: globals = {} if locals is None: locals = {} # Refs https://bugs.launchpad.net/zope2/+bug/659968 if level != -1: raise Unauthorized("Using import with a level specification isn't " "supported by AccessControl: %s" % mname) mnameparts = mname.split('.') validate = getSecurityManager().validate module = load_module(None, None, mnameparts, validate, globals, locals) if module is None: raise Unauthorized("import of '%s' is unauthorized" % mname) if fromlist is None: fromlist = () for name in fromlist: v = getattr(module, name, None) if v is None: v = load_module(module, mname, [name], validate, globals, locals) if not validate(module, module, name, v): raise Unauthorized else: return module #__import__(mname, globals, locals, fromlist)
def guarded_filter(f, seq, skip_unauthorized=0): if type(seq) is type(''): return filter(f, seq) if f is None: def f(x): return x v = getSecurityManager().validate result = [] a = result.append for el in seq: if v(seq, seq, None, el): if f(el): a(el) elif not skip_unauthorized: raise Unauthorized, 'unauthorized access to element' return result
def guarded_getitem(object, index): if type(index) is SliceType: if index.step is not None: v = object[index] else: start = index.start stop = index.stop if start is None: start = 0 if stop is None: v = object[start:] else: v = object[start:stop] # We don't guard slices. return v v = object[index] if Containers(type(object)) and Containers(type(v)): # Simple type. Short circuit. return v if getSecurityManager().validate(object, object, None, v): return v raise Unauthorized('unauthorized access to element %s' % index)