def test_restoreInteraction_after_new(self):
from zope.security.management import newInteraction
from zope.security.management import queryInteraction
from zope.security.management import restoreInteraction
newInteraction()
self.assertTrue(queryInteraction() is not None)
restoreInteraction() # restore to no interaction
self.assertTrue(queryInteraction() is None)
def lockingSetUp(test):
placelesssetup.setUp(test)
z3c.etree.testing.etreeSetup(test)
# create principal
participation = TestRequest(environ = {"REQUEST_METHOD": "PUT"})
participation.setPrincipal(Principal("michael"))
if queryInteraction() is not None:
queryInteraction().add(participation)
else:
newInteraction(participation)
events = test.globs["events"] = []
zope.event.subscribers.append(events.append)
gsm = zope.component.getGlobalSiteManager()
gsm.registerAdapter(DemoKeyReference,
(IDemo,),
zope.app.keyreference.interfaces.IKeyReference)
gsm.registerAdapter(PhysicallyLocatable, (Demo,))
gsm.registerAdapter(PhysicallyLocatable, (DemoFolder,))
gsm.registerAdapter(DemoKeyReference, (IDemoFolder,),
zope.app.keyreference.interfaces.IKeyReference)
gsm.registerAdapter(SiteManagerAdapter,
(zope.interface.Interface,), IComponentLookup)
gsm.registerAdapter(DemoAbsoluteURL,
(IDemo, zope.interface.Interface),
zope.traversing.browser.interfaces.IAbsoluteURL)
gsm.registerAdapter(DemoAbsoluteURL,
(IDemoFolder, zope.interface.Interface),
zope.traversing.browser.interfaces.IAbsoluteURL)
# register some IDAVWidgets so that we can render the activelock and
# supportedlock widgets.
gsm.registerAdapter(z3c.dav.widgets.ListDAVWidget,
(zope.schema.interfaces.IList,
z3c.dav.interfaces.IWebDAVRequest))
gsm.registerAdapter(z3c.dav.widgets.ObjectDAVWidget,
(zope.schema.interfaces.IObject,
z3c.dav.interfaces.IWebDAVRequest))
gsm.registerAdapter(z3c.dav.widgets.TextDAVWidget,
(zope.schema.interfaces.IText,
z3c.dav.interfaces.IWebDAVRequest))
gsm.registerAdapter(z3c.dav.properties.OpaqueWidget,
(z3c.dav.properties.DeadField,
z3c.dav.interfaces.IWebDAVRequest))
gsm.registerAdapter(z3c.dav.widgets.TextDAVWidget,
(zope.schema.interfaces.IURI,
z3c.dav.interfaces.IWebDAVRequest))
# Need connection to a database to manage locking
db = test.globs["db"] = ZODB.DB(ZODB.MappingStorage.MappingStorage())
test.globs["conn"] = db.open()
# expose these classes to the test
test.globs["Demo"] = Demo
test.globs["DemoFolder"] = DemoFolder
def test_restoreInteraction_after_new(self):
from zope.security.management import newInteraction
from zope.security.management import queryInteraction
from zope.security.management import restoreInteraction
newInteraction()
self.assertTrue(queryInteraction() is not None)
restoreInteraction() # restore to no interaction
self.assertTrue(queryInteraction() is None)
def test_restoreInteraction_after_end(self):
from zope.security.management import endInteraction
from zope.security.management import newInteraction
from zope.security.management import queryInteraction
from zope.security.management import restoreInteraction
newInteraction()
interaction = queryInteraction()
endInteraction()
restoreInteraction()
self.assertTrue(interaction is queryInteraction())
def test_endInteraction_repeated(self):
from zope.security.management import endInteraction
from zope.security.management import newInteraction
from zope.security.management import queryInteraction
newInteraction()
interaction = queryInteraction()
endInteraction()
self.assertEqual(queryInteraction(), None)
endInteraction()
self.assertEqual(queryInteraction(), None)
def test_restoreInteraction_after_end(self):
from zope.security.management import endInteraction
from zope.security.management import newInteraction
from zope.security.management import queryInteraction
from zope.security.management import restoreInteraction
newInteraction()
interaction = queryInteraction()
endInteraction()
restoreInteraction()
self.assertTrue(interaction is queryInteraction())
def test_endInteraction_repeated(self):
from zope.security.management import endInteraction
from zope.security.management import newInteraction
from zope.security.management import queryInteraction
newInteraction()
interaction = queryInteraction()
endInteraction()
self.assertEqual(queryInteraction(), None)
endInteraction()
self.assertEqual(queryInteraction(), None)
def test_query_new_end_restore_Interaction(self):
from zope.security.management import queryInteraction
self.assertEquals(queryInteraction(), None)
from zope.security.management import newInteraction
newInteraction()
interaction = queryInteraction()
self.assert_(interaction is not None)
self.assertRaises(AssertionError, newInteraction)
from zope.security.management import endInteraction
endInteraction()
self.assertEquals(queryInteraction(), None)
from zope.security.management import restoreInteraction
restoreInteraction()
self.assert_(interaction is queryInteraction())
endInteraction()
self.assertEquals(queryInteraction(), None)
endInteraction()
self.assertEquals(queryInteraction(), None)
newInteraction()
self.assert_(queryInteraction() is not None)
restoreInteraction() # restore to no interaction
self.assert_(queryInteraction() is None)
def test_query_new_end_restore_Interaction(self):
from zope.security.management import queryInteraction
self.assertEquals(queryInteraction(), None)
from zope.security.management import newInteraction
newInteraction()
interaction = queryInteraction()
self.assert_(interaction is not None)
self.assertRaises(AssertionError, newInteraction)
from zope.security.management import endInteraction
endInteraction()
self.assertEquals(queryInteraction(), None)
from zope.security.management import restoreInteraction
restoreInteraction()
self.assert_(interaction is queryInteraction())
endInteraction()
self.assertEquals(queryInteraction(), None)
endInteraction()
self.assertEquals(queryInteraction(), None)
newInteraction()
self.assert_(queryInteraction() is not None)
restoreInteraction() # restore to no interaction
self.assert_(queryInteraction() is None)
def test_checkPermission(self):
from zope.security import checkPermission
from zope.security.management import setSecurityPolicy
from zope.security.management import queryInteraction
from zope.security.management import newInteraction, endInteraction
from zope.security.interfaces import NoInteraction
permission = 'zope.Test'
obj = object()
class PolicyStub(object):
def checkPermission(s, p, o,):
self.assert_(p is permission)
self.assert_(o is obj)
self.assert_(s is queryInteraction() or s is interaction)
return s is interaction
setSecurityPolicy(PolicyStub)
newInteraction()
interaction = queryInteraction()
self.assertEquals(checkPermission(permission, obj), True)
endInteraction()
self.assertRaises(NoInteraction, checkPermission, permission, obj)
def __init__(self, **data):
"""
constructor of Superclass
"""
Persistent.__init__(self)
ISuperclass['objectID'].readonly = False
self.objectID = generateOid(self)
self.ikName = self.objectID
for (name, value) in data.items():
if name in ISuperclass.names():
setattr(self, name, value)
ISuperclass['objectID'].readonly = True
self.ikAuthor = u""
self.dbgLevel = NOTSET
self.history = RingBuffer(20)
self.inpEQueue = Queue()
self.outEQueue = Queue()
self.outEReceiver = None
self.workflows = {}
self.wf_worklist = []
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
#principalid = participation.principal.id
principal_title = participation.principal.title
self.ikAuthor += unicode(principal_title)
self.myFactory = str(self.__class__).split("'")[1]
self.ikRevision = __version__
def check(self):
interaction = queryInteraction()
if interaction is None:
return False
request = None
for participation in interaction.participations:
request = participation
if request is not None:
break
if request is None:
return False
contenttype = self.draftct
container = queryMultiAdapter(
(request.principal, contenttype), IDraftContainer)
if container is None:
return False
if contenttype.submit:
if interaction.checkPermission(contenttype.submit, self.context):
return True
if contenttype.publish:
if interaction.checkPermission(contenttype.publish, self.context):
return True
return False
def test_newInteraction(self):
from zope.security.management import newInteraction
from zope.security.management import queryInteraction
newInteraction()
interaction = queryInteraction()
self.assertTrue(interaction is not None)
def getCurrentPrincipal():
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
if participation.principal is not None:
return participation.principal
return None
def testPlacefulAuth(self):
self.publication.beforeTraversal(self.request)
self.assertEqual(list(queryInteraction().participations), [self.request])
self.assertEqual(self.request.principal.id, "anonymous")
root = self.publication.getApplication(self.request)
self.publication.callTraversalHooks(self.request, root)
self.assertEqual(self.request.principal.id, "anonymous")
ob = self.publication.traverseName(self.request, root, "f1")
self.publication.callTraversalHooks(self.request, ob)
self.assertEqual(self.request.principal.id, "test.anonymous")
ob = self.publication.traverseName(self.request, ob, "f2")
self.publication.afterTraversal(self.request, ob)
self.assertEqual(self.request.principal.id, "test.bob")
self.assertEqual(list(queryInteraction().participations), [self.request])
self.publication.endRequest(self.request, ob)
self.assertEqual(queryInteraction(), None)
def test_checkPermission(self):
from zope.security import checkPermission
from zope.security.management import setSecurityPolicy
from zope.security.management import queryInteraction
from zope.security.management import newInteraction, endInteraction
from zope.security.interfaces import NoInteraction
permission = 'zope.Test'
obj = object()
class PolicyStub(object):
def checkPermission(
s,
p,
o,
):
self.assert_(p is permission)
self.assert_(o is obj)
self.assert_(s is queryInteraction() or s is interaction)
return s is interaction
setSecurityPolicy(PolicyStub)
newInteraction()
interaction = queryInteraction()
self.assertEquals(checkPermission(permission, obj), True)
endInteraction()
self.assertRaises(NoInteraction, checkPermission, permission, obj)
def getRequest():
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
if participation is not None:
return participation
def invitationAcceptedHandler(invitation, event):
owner = IOwnership(invitation).owner
if owner is None:
return
messaging = IMessageStorage(owner, None)
if messaging is None:
return
interaction = queryInteraction()
if interaction is not None:
for request in interaction.participations:
principal = invitation.principal
view = queryMultiAdapter(
(principal, request), IPagelet, 'personal.message')
if view is None:
return
view.update()
data = {'title': u'Your invitation has been accepted',
'text': view.render(),
'sender': unicode(principal.id)}
messaging.create(SERVICE_ID, **data)
def resetingPassword(event):
email = IMailAddress(event.principal, None)
if email is None:
return
request = queryInteraction().participations[0]
template = getMultiAdapter((event, request), IMailTemplate)
template.send((formataddr((event.principal.title, email.address)),))
def testPlacefulAuth(self):
setup.setUpTraversal()
setup.setUpSiteManagerLookup()
principalRegistry.defineDefaultPrincipal('anonymous', '')
root = self.db.open().root()
app = root[ZopePublication.root_name]
app['f1'] = rootFolder()
f1 = app['f1']
f1['f2'] = Folder()
sm1 = setup.createSiteManager(f1)
setup.addUtility(sm1, '', IAuthenticationUtility, AuthUtility1())
f2 = f1['f2']
sm2 = setup.createSiteManager(f2)
setup.addUtility(sm2, '', IAuthenticationUtility, AuthUtility2())
transaction.commit()
from zope.app.container.interfaces import ISimpleReadContainer
from zope.app.container.traversal import ContainerTraverser
ztapi.provideView(ISimpleReadContainer, IRequest, IPublishTraverse, '',
ContainerTraverser)
from zope.app.folder.interfaces import IFolder
from zope.security.checker import defineChecker, InterfaceChecker
defineChecker(Folder, InterfaceChecker(IFolder))
self.publication.beforeTraversal(self.request)
self.assertEqual(list(queryInteraction().participations),
[self.request])
self.assertEqual(self.request.principal.id, 'anonymous')
root = self.publication.getApplication(self.request)
self.publication.callTraversalHooks(self.request, root)
self.assertEqual(self.request.principal.id, 'anonymous')
ob = self.publication.traverseName(self.request, root, 'f1')
self.publication.callTraversalHooks(self.request, ob)
self.assertEqual(self.request.principal.id, 'test.anonymous')
ob = self.publication.traverseName(self.request, ob, 'f2')
self.publication.afterTraversal(self.request, ob)
self.assertEqual(self.request.principal.id, 'test.bob')
self.assertEqual(list(queryInteraction().participations),
[self.request])
self.publication.endRequest(self.request, ob)
self.assertEqual(queryInteraction(), None)
def testPlacefulAuth(self):
setup.setUpTraversal()
setup.setUpSiteManagerLookup()
principalRegistry.defineDefaultPrincipal('anonymous', '')
root = self.db.open().root()
app = root[ZopePublication.root_name]
app['f1'] = rootFolder()
f1 = app['f1']
f1['f2'] = Folder()
sm1 = setup.createSiteManager(f1)
setup.addUtility(sm1, '', IAuthenticationUtility, AuthUtility1())
f2 = f1['f2']
sm2 = setup.createSiteManager(f2)
setup.addUtility(sm2, '', IAuthenticationUtility, AuthUtility2())
transaction.commit()
from zope.app.container.interfaces import ISimpleReadContainer
from zope.app.container.traversal import ContainerTraverser
ztapi.provideView(ISimpleReadContainer, IRequest, IPublishTraverse,
'', ContainerTraverser)
from zope.app.folder.interfaces import IFolder
from zope.security.checker import defineChecker, InterfaceChecker
defineChecker(Folder, InterfaceChecker(IFolder))
self.publication.beforeTraversal(self.request)
self.assertEqual(list(queryInteraction().participations),
[self.request])
self.assertEqual(self.request.principal.id, 'anonymous')
root = self.publication.getApplication(self.request)
self.publication.callTraversalHooks(self.request, root)
self.assertEqual(self.request.principal.id, 'anonymous')
ob = self.publication.traverseName(self.request, root, 'f1')
self.publication.callTraversalHooks(self.request, ob)
self.assertEqual(self.request.principal.id, 'test.anonymous')
ob = self.publication.traverseName(self.request, ob, 'f2')
self.publication.afterTraversal(self.request, ob)
self.assertEqual(self.request.principal.id, 'test.bob')
self.assertEqual(list(queryInteraction().participations),
[self.request])
self.publication.endRequest(self.request, ob)
self.assertEqual(queryInteraction(), None)
def test_contextmanager_ends_interaction_on_exception(self):
from zope.security.management import queryInteraction
from zope.security.testing import interaction
try:
with interaction('foo'):
raise RuntimeError()
except RuntimeError:
pass
self.assertFalse(queryInteraction())
def checkPermission(
s,
p,
o,
):
self.assertTrue(p is permission)
self.assertTrue(o is obj)
self.assertTrue(s is queryInteraction() or s is interaction)
return s is interaction
def test_usable_as_contextmanager(self):
from zope.security.management import getInteraction
from zope.security.management import queryInteraction
from zope.security.testing import interaction
with interaction('foo'):
ix = getInteraction()
participation = ix.participations[0]
self.assertEqual('foo', participation.principal.id)
self.assertFalse(queryInteraction())
def testPlacefulAuth(self):
self.publication.beforeTraversal(self.request)
self.assertEqual(list(queryInteraction().participations),
[self.request])
self.assertEqual(self.request.principal.id, 'anonymous')
root = self.publication.getApplication(self.request)
self.publication.callTraversalHooks(self.request, root)
self.assertEqual(self.request.principal.id, 'anonymous')
ob = self.publication.traverseName(self.request, root, 'f1')
self.publication.callTraversalHooks(self.request, ob)
self.assertEqual(self.request.principal.id, 'test.anonymous')
ob = self.publication.traverseName(self.request, ob, 'f2')
self.publication.afterTraversal(self.request, ob)
self.assertEqual(self.request.principal.id, 'test.bob')
self.assertEqual(list(queryInteraction().participations),
[self.request])
self.publication.endRequest(self.request, ob)
self.assertEqual(queryInteraction(), None)
def checkPermissionForPrincipal(principal, permission, object):
interaction = queryInteraction()
if IZojaxSecurityPolicy.providedBy(interaction):
return interaction.cached_decision(
removeSecurityProxy(object), principal.id,
interaction._groupsFor(principal), permission)
return False
def test_usable_as_contextmanager(self):
from zope.security.management import getInteraction
from zope.security.management import queryInteraction
from zope.security.testing import interaction
with interaction('foo'):
ix = getInteraction()
participation = ix.participations[0]
self.assertEqual('foo', participation.principal.id)
self.assertFalse(queryInteraction())
def isNotSelf(group):
principal_id = None
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
principal_id = participation.principal.id
break
return principal_id != group.__principal__.id
def test_contextmanager_ends_interaction_on_exception(self):
from zope.security.management import queryInteraction
from zope.security.testing import interaction
try:
with interaction('foo'):
raise RuntimeError()
except RuntimeError:
pass
self.assertFalse(queryInteraction())
def test_contextmanager_ends_interaction_on_exception(self):
from zope.security.management import queryInteraction
class MyError(Exception):
pass
with self.assertRaises(MyError):
with testing.interaction('foo'):
raise MyError()
self.assertFalse(queryInteraction())
def _invalidated_interaction_cache(self):
# Invalidate this threads interaction cache
interaction = queryInteraction()
if interaction is not None:
try:
invalidate_cache = interaction.invalidate_cache
except AttributeError:
pass
else:
invalidate_cache()
def contentModifiedHandler(revision, event):
revision = removeAllProxies(revision)
revision.__date__ = datetime.now(pytz.utc)
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
if participation is not None:
revision.__principal__ = participation.principal.id
def get_interaction_extras():
"""Return the active provider of `IInteractionExtras`.
This is looked up from the interaction. If there is no interaction then
return None.
"""
interaction = queryInteraction()
if interaction is None:
return None
return interaction.extras
def getPrincipal():
""" get current interaction principal """
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
if participation.principal is not None:
return participation.principal
raise UnknownPrincipalException()
def get_interaction_extras():
"""Return the active provider of `IInteractionExtras`.
This is looked up from the interaction. If there is no interaction then
return None.
"""
interaction = queryInteraction()
if interaction is None:
return None
return interaction.extras
def principalLoggingOut(event):
if IRPXNowPrincipalMarker.providedBy(event.principal):
request = None
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
request = participation
if request is not None:
ISession(request)[SESSION_KEY]['token'] = None
def test_conflict(self):
self.browser.open('http://localhost/conflict.html')
self.assertEqual(self.browser.status, '503 Service Unavailable')
self.assertEqual(
get_event_names(),
['PublicationStart',
'PublicationAfterTraversal',
'PublicationBeforeAbort',
'PublicationFailure'] * 4 +
['EndRequestEvent'] * 4)
self.assertIs(queryInteraction(), None)
def test_abort(self):
self.browser.open('http://localhost/abort.html')
self.assertEqual(self.browser.status, '400 Bad Request')
self.assertEqual(
get_event_names(),
['PublicationStart',
'PublicationAfterTraversal',
'PublicationBeforeAbort',
'PublicationFailure',
'EndRequestEvent'])
self.assertIs(queryInteraction(), None)
def getAccessList(context, permission):
context = removeAllProxies(context)
grant = IExtendedGrantInfo(context)
interaction = queryInteraction()
if not IZojaxSecurityPolicy.providedBy(interaction):
interaction = SecurityPolicy()
allowed = {}
for role, setting in grant.getRolesForPermission(permission):
if role == 'content.Owner':
for principal, setting in grant.getPrincipalsForRole('content.Owner'):
if setting is Allow and principal:
allowed['user:'******'user:'******'user:'******'user:'******'user:%s'%principal.id
if checkPermissionForPrincipal(principal, permission, context):
allowed[uid] = 1
else:
if uid in allowed:
del allowed[uid]
return allowed.keys()
def principalLoggingOut(event):
if IFacebookPrincipalMarker.providedBy(event.principal):
request = None
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
request = participation
if request is not None:
product = getUtility(IFacebookAuthenticationProduct)
expireCookies(request, product.apiKey)
def test_contextmanager_ends_interaction_on_exception(self):
from zope.security.management import queryInteraction
class MyError(Exception):
pass
with self.assertRaises(MyError):
with testing.interaction('foo'):
raise MyError()
self.assertFalse(queryInteraction())
def test_notfound_view(self):
self.browser.open('http://localhost/nowhere')
self.assertEqual(self.browser.status, '404 Not Found')
self.assertEqual(
get_event_names(),
['PublicationStart',
'PublicationBeforeError',
'PublicationAfterRender',
'PublicationBeforeAbort',
'PublicationFailure',
'EndRequestEvent'])
self.assertIs(queryInteraction(), None)
def __init__(self, principal=None, **kw):
if principal is None:
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
principal = participation.principal.id
self.principal = principal
for attr, value in kw.items():
setattr(self, attr, value)
def test_principal_from_iteraction(self):
principal = _Principal('bob')
participation = _Participation(principal)
newInteraction(participation)
try:
interaction = queryInteraction()
p_from_i = IPrincipal(interaction)
assert_that(p_from_i.username, is_(principal.username))
finally:
endInteraction()
def getRequestFromInteraction(request_type=IApplicationRequest):
"""Extract the browser request from the current interaction.
Returns None when there is no interaction, or when the interaction has no
participations that provide request_type.
"""
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
if request_type.providedBy(participation):
return participation
return None
def _zope_response(self):
"""Get the response."""
current_principal = None
# End and save the current interaction, since HTTPCaller creates
# its own interaction.
if queryInteraction():
current_principal = get_current_principal()
endInteraction()
if self._response is None:
self._response = self.caller(self._data_to_send)
# Restore the interaction to what it was before.
setupInteraction(current_principal)
return self._response
def _render(self, form_values=None, method='GET'):
self.request = self.request_class(method=method,
form=form_values,
PATH_INFO='/',
environ=self.request_environ)
if queryInteraction() is not None:
self.request.setPrincipal(get_current_principal())
# Setup a new interaction using self.request, create the view,
# initialize() it and then restore the original interaction.
endInteraction()
newInteraction(self.request)
self.view = self.view_class(self.context, self.request)
self.view.initialize()
restoreInteraction()
def test_restoreInteraction_after_neither(self):
from zope.security.management import queryInteraction
from zope.security.management import restoreInteraction
from zope.security._definitions import thread_local
try:
del thread_local.interaction
except AttributeError:
pass
try:
del thread_local.previous_interaction
except AttributeError:
pass
restoreInteraction()
self.assertTrue(queryInteraction() is None)
def __init__(self):
# set date
self.date = datetime.datetime.now()
# set revisors
revisor = ()
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
if participation.principal is None:
continue
principalid = participation.principal.id
if not principalid in revisor:
revisor = revisor + (unicode(principalid), )
self.revisor = revisor
def interaction(self):
"""Context manager for interaction as the given user.
If an interaction is already in progress this is a no-op,
otherwise it sets up an interaction on entry and ends it on
exit.
"""
if queryInteraction() is None:
setupInteraction(self._principal, login=self._login)
try:
yield
finally:
endInteraction()
else:
yield
def _with_login(login_method, identifier):
"""Make a context manager that runs with a particular log in."""
interaction = queryInteraction()
person = login_method(identifier)
try:
yield person
finally:
if interaction is None:
logout()
else:
# This reaches under the covers of the zope.security.management
# module's interface in order to provide true nestable
# interactions. This means that real requests can be maintained
# across these calls, such as is desired for yuixhr fixtures.
zope_security_thread_local.interaction = interaction
def __init__(self, date=None, principal=None, **kw):
if date is None:
date = datetime.utcnow()
self.date = date
if principal is None:
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
principal = participation.principal.id
self.principal = principal
for attr, value in kw.items():
setattr(self, attr, value)
def get_current_principal():
"""Get the principal from the current interaction.
:return: The current principal if there is an interaction, None otherwise.
"""
interaction = queryInteraction()
if interaction is None:
return None
principals = [
participation.principal for participation in interaction.participations
if participation.principal is not None
]
if not principals:
return None
elif len(principals) > 1:
raise ValueError('Too many principals')
else:
return principals[0]
def __checkSecurity(self, data):
"""
Returns a boolean indicating whether *data* passes the security
checks defined for this subscription.
If we are not able to make the security check because the principal or
permission we are supposed to use is not defined, returns the special
(false) value `None`. This can be used to distinguish the case where
access is denied by the security policy from the case where requested
principals are missing.
"""
if not self.permission_id and not self.owner_id:
# If no security is requested, we're good.
return True
# OK, now we need to find the permission and the principal.
# Both should be found in the context of the data; if not
# there, then check the currently installed site.
principal = self._find_principal(data)
permission = self._find_permission(data)
if principal is None or permission is None:
# A missing permission causes zope.security to grant full access.
# It's treated the same as zope.Public. So don't let that happen.
return None
# Now, we need to set up the interaction and do the security check.
participation = Participation(principal)
current_interaction = queryInteraction()
if current_interaction is not None:
# Cool, we can add our participation to the interaction.
current_interaction.add(participation)
else:
newInteraction(participation)
try:
# Yes, this needs the ID of the permission, not the permission object.
return checkPermission(self.permission_id, data)
finally:
if current_interaction is not None:
current_interaction.remove(participation)
else:
endInteraction()
def lastActivitySubscriber(event, item):
"""Update Dublin-Core creator property"""
dc = IZopeDublinCore(item, None)
# Principals that can create objects do not necessarily have
# 'zope.app.dublincore.change' permission.
# https://bugs.launchpad.net/zope3/+bug/98124
dc = removeSecurityProxy(dc)
if dc is None:
return
# Try to find a principal for that one. If there
# is no principal then we don't touch the list
# of creators.
interaction = queryInteraction()
if interaction is not None:
for participation in interaction.participations:
if participation.principal is None:
continue
principalid = participation.principal.id
if not principalid in dc.creators:
dc.creators = dc.creators + (unicode(principalid), )
def test_checkPermission_w_interaction(self):
from zope.security.management import checkPermission
from zope.security.management import setSecurityPolicy
from zope.security.management import queryInteraction
from zope.security.management import newInteraction
permission = 'zope.Test'
obj = object()
class PolicyStub(object):
def checkPermission(
s,
p,
o,
):
self.assertTrue(p is permission)
self.assertTrue(o is obj)
self.assertTrue(s is queryInteraction() or s is interaction)
return s is interaction
setSecurityPolicy(PolicyStub)
newInteraction()
interaction = queryInteraction()
self.assertEqual(checkPermission(permission, obj), True)
def test_queryInteraction_none_present(self):
from zope.security.management import queryInteraction
self.assertEqual(queryInteraction(), None)
def test_newInteraction(self):
from zope.security.management import newInteraction
from zope.security.management import queryInteraction
newInteraction()
interaction = queryInteraction()
self.assertTrue(interaction is not None)
