/usr/share/pyshared/zope/security/interfaces.py is in python-zope.security 3.8.3-2ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 | ##############################################################################
#
# Copyright (c) 2004 Zope Foundation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Interfaces for security machinery.
"""
from zope.interface import Interface, Attribute, implements
from zope.interface.common.interfaces import IException, IAttributeError
from zope.schema import Text, TextLine
from zope.security.i18n import ZopeMessageFactory as _
class IUnauthorized(IException):
pass
class Unauthorized(Exception):
"""Some user wasn't allowed to access a resource"""
implements(IUnauthorized)
class IForbidden(IException):
pass
class Forbidden(Exception):
"""A resource cannot be accessed under any circumstances
"""
implements(IForbidden)
class IForbiddenAttribute(IForbidden, IAttributeError):
pass
class ForbiddenAttribute(Forbidden, AttributeError):
"""An attribute is unavailable because it is forbidden (private)
"""
implements(IForbiddenAttribute)
class ISecurityManagement(Interface):
"""Public security management API."""
def getSecurityPolicy():
"""Get the system default security policy."""
def setSecurityPolicy(aSecurityPolicy):
"""Set the system default security policy.
This method should only be called by system startup code. It
should never, for example, be called during a web request.
"""
class ISecurityChecking(Interface):
"""Public security API."""
def checkPermission(permission, object, interaction=None):
"""Return whether security policy allows permission on object.
Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
interaction -- An interaction, which provides access to information
such as authenticated principals. If it is None, the current
interaction is used.
"""
class ISecurityProxyFactory(Interface):
def __call__(object, checker=None):
"""Create a security proxy
If a checker is given, then use it, otherwise, try to figure
out a checker.
If the object is already a security proxy, then it will be
returned.
"""
class IChecker(Interface):
"""Security-proxy plugin objects that implement low-level checks
The checker is responsible for creating proxies for
operation return values, via the proxy method.
There are check_getattr() and check_setattr() methods for checking
getattr and setattr, and a check() method for all other operations.
The check methods may raise errors. They return no value.
Example (for __getitem__):
checker.check(ob, \"__getitem__\")
return checker.proxy(ob[key])
"""
def check_getattr(ob, name):
"""Check whether attribute access is allowed.
May raise Unauthorized or Forbidden. Returns no value.
If a checker implements __setitem__, then __setitem__ will be
called rather than check_getattr to check whether an attribute
access is allowed. This is a hack that allows significantly
greater performance due to the fact that low-level operator
access is much faster than method access.
"""
def check_setattr(ob, name):
"""Check whether attribute assignment is allowed.
May raise Unauthorized or Forbidden. Returns no value.
"""
def check(ob, operation):
"""Check whether operation is allowed.
The operation name is the Python special method name,
e.g. "__getitem__".
May raise Unauthorized or Forbidden. Returns no value.
If a checker implements __setitem__, then __setitem__ will be
called rather than check to chack whether an operation is
allowed. This is a hack that allows significantly greater
performance due to the fact that low-level operator access is
much faster than method access.
"""
def proxy(value):
"""Return a security proxy for the value.
If a checker implements __getitem__, then __getitem__ will be
called rather than proxy to proxy the value. This is a hack
that allows significantly greater performance due to the fact
that low-level operator access is much faster than method
access.
"""
class INameBasedChecker(IChecker):
"""Security checker that uses permissions to check attribute access."""
def permission_id(name):
"""Return the permission used to check attribute access on name.
This permission is used by both check and check_getattr.
"""
def setattr_permission_id(name):
"""Return the permission used to check attribute assignment on name.
This permission is used by check_setattr.
"""
class ISecurityPolicy(Interface):
def __call__(participation=None):
"""Creates a new interaction for a given request.
If participation is not None, it is added to the new interaction.
"""
class IInteraction(Interface):
"""A representation of an interaction between some actors and the system.
"""
participations = Attribute("""An iterable of participations.""")
def add(participation):
"""Add a participation."""
def remove(participation):
"""Remove a participation."""
def checkPermission(permission, object):
"""Return whether security context allows permission on object.
Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
"""
class IParticipation(Interface):
interaction = Attribute("The interaction")
principal = Attribute("The authenticated principal")
class NoInteraction(Exception):
"""No interaction started
"""
class IInteractionManagement(Interface):
"""Interaction management API.
Every thread has at most one active interaction at a time.
"""
def newInteraction(participation=None):
"""Start a new interaction.
If participation is not None, it is added to the new interaction.
Raises an error if the calling thread already has an interaction.
"""
def queryInteraction():
"""Return the current interaction.
Return None if there is no interaction.
"""
def getInteraction():
"""Return the current interaction.
Raise NoInteraction if there isn't a current interaction.
"""
def endInteraction():
"""End the current interaction.
Does nothing if there is no interaction.
"""
class IPrincipal(Interface):
"""Principals are security artifacts that execute actions in a security
environment.
The most common examples of principals include user and group objects.
It is likely that IPrincipal objects will have associated views
used to list principals in management interfaces. For example, a
system in which other meta-data are provided for principals might
extend IPrincipal and register a view for the extended interface
that displays the extended information. We'll probably want to
define a standard view name (e.g. 'inline_summary') for this
purpose.
"""
id = TextLine(
title=_("Id"),
description=_("The unique identification of the principal."),
required=True,
readonly=True)
title = TextLine(
title=_("Title"),
description=_("The title of the principal. "
"This is usually used in the UI."),
required=False)
description = Text(
title=_("Description"),
description=_("A detailed description of the principal."),
required=False)
class IGroupAwarePrincipal(IPrincipal):
"""Group aware principal interface
Extends IPrincipal to contain group information.
"""
groups = Attribute(
'An iterable of groups to which the principal directly belongs')
class IGroupClosureAwarePrincipal(IGroupAwarePrincipal):
allGroups = Attribute(
"An iterable of the full closure of the principal's groups.")
class IGroup(IPrincipal):
"""Group of principals
"""
class IMemberGetterGroup(IGroup):
"""a group that can get its members"""
def getMembers():
"""return an iterable of the members of the group"""
class IMemberAwareGroup(IMemberGetterGroup):
"""a group that can both set and get its members."""
def setMembers(value):
"""set members of group to the principal ids in the iterable value"""
class IPermission(Interface):
"""A permission object."""
id = TextLine(
title=_("Id"),
description=_("Id as which this permission will be known and used."),
readonly=True,
required=True)
title = TextLine(
title=_("Title"),
description=_("Provides a title for the permission."),
required=True)
description = Text(
title=_("Description"),
description=_("Provides a description for the permission."),
required=False)
|