/usr/share/pyshared/zope/component/security.py is in python-zope.component 3.10.0-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 | ##############################################################################
#
# Copyright (c) 2005 Zope Foundation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""zope.security support for the configuration handlers
"""
__docformat__ = "reStructuredText"
from zope.interface import providedBy
from zope.proxy import ProxyBase, getProxiedObject
from zope.security.adapter import LocatingTrustedAdapterFactory, \
LocatingUntrustedAdapterFactory, TrustedAdapterFactory
from zope.security.checker import Checker, CheckerPublic, InterfaceChecker
from zope.security.proxy import Proxy
PublicPermission = 'zope.Public'
class PermissionProxy(ProxyBase):
__slots__ = ('__Security_checker__', )
def __providedBy__(self):
return providedBy(getProxiedObject(self))
__providedBy__ = property(__providedBy__)
def _checker(_context, permission, allowed_interface, allowed_attributes):
if (not allowed_attributes) and (not allowed_interface):
allowed_attributes = ["__call__"]
if permission == PublicPermission:
permission = CheckerPublic
require={}
if allowed_attributes:
for name in allowed_attributes:
require[name] = permission
if allowed_interface:
for i in allowed_interface:
for name in i.names(all=True):
require[name] = permission
checker = Checker(require)
return checker
def proxify(ob, checker=None, provides=None, permission=None):
"""Try to get the object proxied with the `checker`, but not too soon
We really don't want to proxy the object unless we need to.
"""
if checker is None:
if provides is None or permission is None:
raise ValueError, 'Required arguments: checker or both provides and permissions'
if permission == PublicPermission:
permission = CheckerPublic
checker = InterfaceChecker(provides, permission)
ob = PermissionProxy(ob)
ob.__Security_checker__ = checker
return ob
def protectedFactory(original_factory, provides, permission):
if permission == PublicPermission:
permission = CheckerPublic
checker = InterfaceChecker(provides, permission)
# This has to be named 'factory', aparently, so as not to confuse apidoc :(
def factory(*args):
ob = original_factory(*args)
try:
ob.__Security_checker__ = checker
except AttributeError:
ob = Proxy(ob, checker)
return ob
factory.factory = original_factory
return factory
def securityAdapterFactory(factory, permission, locate, trusted):
"""
If a permission is provided when wrapping the adapter, it will be
wrapped in a LocatingAdapterFactory.
>>> class Factory:
... pass
If both locate and trusted are False and a non-public
permission is provided, then the factory is wrapped into a
LocatingUntrustedAdapterFactory:
>>> factory = securityAdapterFactory(Factory, 'zope.AnotherPermission',
... locate=False, trusted=False)
>>> isinstance(factory, LocatingUntrustedAdapterFactory)
True
If a PublicPermission is provided, then the factory is not touched.
>>> factory = securityAdapterFactory(Factory, PublicPermission,
... locate=False, trusted=False)
>>> factory is Factory
True
Same for CheckerPublic:
>>> factory = securityAdapterFactory(Factory, CheckerPublic,
... locate=False, trusted=False)
>>> factory is Factory
True
If the permission is None, the factory isn't touched:
>>> factory = securityAdapterFactory(Factory, None,
... locate=False, trusted=False)
>>> factory is Factory
True
If the factory is trusted and a no permission is provided then the
adapter is wrapped into a TrustedAdapterFactory:
>>> factory = securityAdapterFactory(Factory, None,
... locate=False, trusted=True)
>>> isinstance(factory, TrustedAdapterFactory)
True
Same for PublicPermission:
>>> factory = securityAdapterFactory(Factory, PublicPermission,
... locate=False, trusted=True)
>>> isinstance(factory, TrustedAdapterFactory)
True
Same for CheckerPublic:
>>> factory = securityAdapterFactory(Factory, CheckerPublic,
... locate=False, trusted=True)
>>> isinstance(factory, TrustedAdapterFactory)
True
If the factory is trusted and a locate is true, then the
adapter is wrapped into a LocatingTrustedAdapterFactory:
>>> factory = securityAdapterFactory(Factory, 'zope.AnotherPermission',
... locate=True, trusted=True)
>>> isinstance(factory, LocatingTrustedAdapterFactory)
True
"""
if permission == PublicPermission:
permission = CheckerPublic
if locate or (permission is not None and permission is not CheckerPublic):
if trusted:
return LocatingTrustedAdapterFactory(factory)
else:
return LocatingUntrustedAdapterFactory(factory)
elif trusted:
return TrustedAdapterFactory(factory)
else:
return factory
|