def findView(tile, viewName): """Find the view to use for portlet/viewlet context lookup.""" view = tile prequest = tile.request.get('PARENT_REQUEST', None) # Attempt to determine the underlying view name from the parent request # XXX: This won't work if using ESI rendering or any other # technique that doesn't use plone.subrequest if viewName is None and prequest is not None: ppublished = prequest.get('PUBLISHED', None) if IView.providedBy(ppublished): viewName = prequest['PUBLISHED'].__name__ context = tile.context request = tile.request if prequest is not None: request = prequest if viewName is not None: view = queryMultiAdapter((context, request), name=viewName) if view is None: view = tile # Decide whether to mark the view # XXX: Again, this probably won't work well if not using plone.subrequest layoutPolicy = queryMultiAdapter((context, request), name='plone_layout') if layoutPolicy is not None: layoutPolicy.mark_view(view) return view
def findView(tile, viewName): """Find the view to use for portlet/viewlet context lookup.""" view = tile prequest = tile.request.get('PARENT_REQUEST', None) # Provide IViewView by default when tile is rendered with contentish # context outside subrequest, but don't return to still support custom # policies if prequest is None and IContentish.providedBy(tile.context): alsoProvides(view, IViewView) # Attempt to determine the underlying view name from the parent request # XXX: This won't work if using ESI rendering or any other # technique that doesn't use plone.subrequest if viewName is None and prequest is not None: ppublished = prequest.get('PUBLISHED', None) if IView.providedBy(ppublished): viewName = prequest['PUBLISHED'].__name__ request = tile.request if prequest is not None: request = prequest if viewName is not None: try: view = queryMultiAdapter((tile.context, request), name=viewName) except TypeError: # Helps to debug an issue where broken view registration raised: # TypeError: __init__() takes exactly N arguments (3 given) logger.exception('Error in resolving view for tile: {0:s}'.format( tile.url)) view = None if view is None: view = tile # Decide whether to mark the view # XXX: Again, this probably won't work well if not using plone.subrequest layoutPolicy = queryMultiAdapter((tile.context, request), name='plone_layout') # noqa if layoutPolicy is not None: layoutPolicy.mark_view(view) return view
def checkPermission(self, permission, object): """Check the permission, object, user against the launchpad authorization policy. If the object is a view, then consider the object to be the view's context. If we are running in read-only mode, all permission checks are failed except for launchpad.View requests, which are checked as normal. All other permissions are used to protect write operations. Workflow: - If the principal is not None and its access level is not what is required by the permission, deny. - If the object to authorize is private and the principal has no access to private objects, deny. - If we have zope.Public, allow. (But we shouldn't ever get this.) - If we have launchpad.AnyPerson and the principal is an ILaunchpadPrincipal then allow. - If the object has an IAuthorization named adapter, named after the permission, use that to check the permission. - Otherwise, deny. """ # If we have a view, get its context and use that to get an # authorization adapter. if IView.providedBy(object): objecttoauthorize = object.context else: objecttoauthorize = object if objecttoauthorize is None: # We will not be able to lookup an adapter for this, so we can # return False already. return False # Remove all proxies from object to authorize. The security proxy is # removed for obvious reasons but we also need to remove the location # proxy (which is used on apidoc.lp.dev) because otherwise we can't # create a weak reference to our object in our security policy cache. objecttoauthorize = removeAllProxies(objecttoauthorize) participations = [ participation for participation in self.participations if participation.principal is not system_user] if len(participations) > 1: raise RuntimeError("More than one principal participating.") # The participation's cache of (object -> permission -> result), or # None if the participation does not support caching. participation_cache = None # A cache of (permission -> result) for objecttoauthorize, or None if # the participation does not support caching. This resides as a value # of participation_cache. object_cache = None if len(participations) == 0: principal = None else: participation = participations[0] if IApplicationRequest.providedBy(participation): participation_cache = participation.annotations.setdefault( LAUNCHPAD_SECURITY_POLICY_CACHE_KEY, weakref.WeakKeyDictionary()) object_cache = participation_cache.setdefault( objecttoauthorize, {}) if permission in object_cache: return object_cache[permission] principal = removeAllProxies(participation.principal) if (principal is not None and not isinstance(principal, UnauthenticatedPrincipal)): access_level = self._getPrincipalsAccessLevel( principal, objecttoauthorize) if not self._checkRequiredAccessLevel( access_level, permission, objecttoauthorize): return False if not self._checkPrivacy(access_level, objecttoauthorize): return False # The following two checks shouldn't be needed, strictly speaking, # because zope.Public is CheckerPublic, and the Zope security # machinery shortcuts this to always allow it. However, it is here as # a "belt and braces". It is also a bit of a lie: if the permission is # zope.Public, privacy and access levels (checked above) will be # irrelevant! if permission == 'zope.Public': return True if permission is CheckerPublic: return True if (permission == 'launchpad.AnyPerson' and ILaunchpadPrincipal.providedBy(principal)): return True # If there are delegated authorizations they must *all* be allowed # before permission to access objecttoauthorize is granted. result = all( iter_authorization( objecttoauthorize, permission, principal, participation_cache, breadth_first=True)) # Cache the top-level result. Be warned that this result /may/ be # based on 10s or 100s of delegated authorization checks, and so even # small changes in the model data could invalidate this result. if object_cache is not None: object_cache[permission] = result return result
def checkPermission(self, permission, object): """Check the permission, object, user against the launchpad authorization policy. If the object is a view, then consider the object to be the view's context. If we are running in read-only mode, all permission checks are failed except for launchpad.View requests, which are checked as normal. All other permissions are used to protect write operations. Workflow: - If the principal is not None and its access level is not what is required by the permission, deny. - If the object to authorize is private and the principal has no access to private objects, deny. - If we have zope.Public, allow. (But we shouldn't ever get this.) - If we have launchpad.AnyPerson and the principal is an ILaunchpadPrincipal then allow. - If the object has an IAuthorization named adapter, named after the permission, use that to check the permission. - Otherwise, deny. """ # If we have a view, get its context and use that to get an # authorization adapter. if IView.providedBy(object): objecttoauthorize = object.context else: objecttoauthorize = object if objecttoauthorize is None: # We will not be able to lookup an adapter for this, so we can # return False already. return False # Remove all proxies from object to authorize. The security proxy is # removed for obvious reasons but we also need to remove the location # proxy (which is used on apidoc.lp.dev) because otherwise we can't # create a weak reference to our object in our security policy cache. objecttoauthorize = removeAllProxies(objecttoauthorize) participations = [ participation for participation in self.participations if participation.principal is not system_user ] if len(participations) > 1: raise RuntimeError("More than one principal participating.") # The participation's cache of (object -> permission -> result), or # None if the participation does not support caching. participation_cache = None # A cache of (permission -> result) for objecttoauthorize, or None if # the participation does not support caching. This resides as a value # of participation_cache. object_cache = None if len(participations) == 0: principal = None else: participation = participations[0] if IApplicationRequest.providedBy(participation): participation_cache = participation.annotations.setdefault( LAUNCHPAD_SECURITY_POLICY_CACHE_KEY, weakref.WeakKeyDictionary() ) object_cache = participation_cache.setdefault(objecttoauthorize, {}) if permission in object_cache: return object_cache[permission] principal = removeAllProxies(participation.principal) if principal is not None and not isinstance(principal, UnauthenticatedPrincipal): access_level = self._getPrincipalsAccessLevel(principal, objecttoauthorize) if not self._checkRequiredAccessLevel(access_level, permission, objecttoauthorize): return False if not self._checkPrivacy(access_level, objecttoauthorize): return False # The following two checks shouldn't be needed, strictly speaking, # because zope.Public is CheckerPublic, and the Zope security # machinery shortcuts this to always allow it. However, it is here as # a "belt and braces". It is also a bit of a lie: if the permission is # zope.Public, privacy and access levels (checked above) will be # irrelevant! if permission == "zope.Public": return True if permission is CheckerPublic: return True if permission == "launchpad.AnyPerson" and ILaunchpadPrincipal.providedBy(principal): return True # If there are delegated authorizations they must *all* be allowed # before permission to access objecttoauthorize is granted. result = all( iter_authorization(objecttoauthorize, permission, principal, participation_cache, breadth_first=True) ) # Cache the top-level result. Be warned that this result /may/ be # based on 10s or 100s of delegated authorization checks, and so even # small changes in the model data could invalidate this result. if object_cache is not None: object_cache[permission] = result return result