Source code for zope.security.management

##############################################################################
#
# Copyright (c) 2001, 2002 Zope Foundation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
Default :class:`zope.security.interfaces.ISecurityManagement` and
:class:`zope.security.interfaces.IInteractionManagement` implementation.

Note that this module itself provides those interfaces.
"""

from zope.interface import moduleProvides

from zope.security._definitions import system_user
from zope.security._definitions import thread_local
from zope.security.checker import CheckerPublic
from zope.security.interfaces import IInteractionManagement
from zope.security.interfaces import ISecurityManagement
from zope.security.interfaces import NoInteraction
from zope.security.simplepolicies import ParanoidSecurityPolicy


__all__ = [
    'system_user',
    'getSecurityPolicy',
    'setSecurityPolicy',
    'queryInteraction',
    'getInteraction',
    'ExistingInteraction',
    'newInteraction',
    'endInteraction',
    'restoreInteraction',
    'checkPermission',
]

_defaultPolicy = ParanoidSecurityPolicy

moduleProvides(
    ISecurityManagement,
    IInteractionManagement)

#
#   ISecurityManagement implementation
#


[docs]def getSecurityPolicy(): """Get the system default security policy.""" return _defaultPolicy
[docs]def setSecurityPolicy(aSecurityPolicy): """Set the system default security policy, and return the previous value. This method should only be called by system startup code. It should never, for example, be called during a web request. """ global _defaultPolicy last, _defaultPolicy = _defaultPolicy, aSecurityPolicy return last
# # IInteractionManagement implementation #
[docs]def queryInteraction(): """Return a current interaction, if there is one.""" return getattr(thread_local, 'interaction', None)
[docs]def getInteraction(): """Get the current interaction.""" try: return thread_local.interaction except AttributeError: raise NoInteraction
[docs]class ExistingInteraction(ValueError, AssertionError, # BBB ): """ The exception that :func:`newInteraction` will raise if called during an existing interaction. """
[docs]def newInteraction(*participations): """Start a new interaction.""" if queryInteraction() is not None: raise ExistingInteraction("newInteraction called" " while another interaction is active.") thread_local.interaction = getSecurityPolicy()(*participations)
[docs]def endInteraction(): """End the current interaction.""" try: thread_local.previous_interaction = thread_local.interaction except AttributeError: # if someone does a restore later, it should be restored to not having # an interaction. If there was a previous interaction from a previous # call to endInteraction, it should be removed. try: del thread_local.previous_interaction except AttributeError: pass else: del thread_local.interaction
def restoreInteraction(): try: previous = thread_local.previous_interaction except AttributeError: try: del thread_local.interaction except AttributeError: pass else: thread_local.interaction = previous
[docs]def checkPermission(permission, object, interaction=None): """Return whether security policy allows permission on object. :param str permission: A permission name. :param object: The object being accessed according to the permission. :param interaction: An interaction, providing access to information such as authenticated principals. If it is None, the current interaction is used. :return: A boolean value. ``checkPermission`` is guaranteed to return ``True`` if *permission* is :data:`zope.security.checker.CheckerPublic` or ``None``. :raise NoInteraction: If there is no current interaction and no interaction argument was given. """ if permission is CheckerPublic or permission is None: return True if interaction is None: try: interaction = thread_local.interaction except AttributeError: raise NoInteraction return interaction.checkPermission(permission, object)
def _clear(): global _defaultPolicy _defaultPolicy = ParanoidSecurityPolicy try: from zope.testing.cleanup import addCleanUp except ImportError: # pragma: no cover pass else: addCleanUp(_clear) addCleanUp(endInteraction)