Source code for zope.security.management
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Foundation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
Default :class:`zope.security.interfaces.ISecurityManagement` and
:class:`zope.security.interfaces.IInteractionManagement` implementation.
Note that this module itself provides those interfaces.
"""
from zope.interface import moduleProvides
from zope.security._definitions import system_user
from zope.security._definitions import thread_local
from zope.security.checker import CheckerPublic
from zope.security.interfaces import IInteractionManagement
from zope.security.interfaces import ISecurityManagement
from zope.security.interfaces import NoInteraction
from zope.security.simplepolicies import ParanoidSecurityPolicy
__all__ = [
'system_user',
'getSecurityPolicy',
'setSecurityPolicy',
'queryInteraction',
'getInteraction',
'ExistingInteraction',
'newInteraction',
'endInteraction',
'restoreInteraction',
'checkPermission',
]
_defaultPolicy = ParanoidSecurityPolicy
moduleProvides(
ISecurityManagement,
IInteractionManagement)
#
# ISecurityManagement implementation
#
[docs]def getSecurityPolicy():
"""Get the system default security policy."""
return _defaultPolicy
[docs]def setSecurityPolicy(aSecurityPolicy):
"""Set the system default security policy, and return the previous
value.
This method should only be called by system startup code.
It should never, for example, be called during a web request.
"""
global _defaultPolicy
last, _defaultPolicy = _defaultPolicy, aSecurityPolicy
return last
#
# IInteractionManagement implementation
#
[docs]def queryInteraction():
"""Return a current interaction, if there is one."""
return getattr(thread_local, 'interaction', None)
[docs]def getInteraction():
"""Get the current interaction."""
try:
return thread_local.interaction
except AttributeError:
raise NoInteraction
[docs]class ExistingInteraction(ValueError,
AssertionError, # BBB
):
"""
The exception that :func:`newInteraction` will raise if called
during an existing interaction.
"""
[docs]def newInteraction(*participations):
"""Start a new interaction."""
if queryInteraction() is not None:
raise ExistingInteraction("newInteraction called"
" while another interaction is active.")
thread_local.interaction = getSecurityPolicy()(*participations)
[docs]def endInteraction():
"""End the current interaction."""
try:
thread_local.previous_interaction = thread_local.interaction
except AttributeError:
# if someone does a restore later, it should be restored to not having
# an interaction. If there was a previous interaction from a previous
# call to endInteraction, it should be removed.
try:
del thread_local.previous_interaction
except AttributeError:
pass
else:
del thread_local.interaction
def restoreInteraction():
try:
previous = thread_local.previous_interaction
except AttributeError:
try:
del thread_local.interaction
except AttributeError:
pass
else:
thread_local.interaction = previous
[docs]def checkPermission(permission, object, interaction=None):
"""Return whether security policy allows permission on object.
:param str permission: A permission name.
:param object: The object being accessed according to the permission.
:param interaction: An interaction, providing access to information
such as authenticated principals. If it is None, the current
interaction is used.
:return: A boolean value. ``checkPermission`` is guaranteed to
return ``True`` if *permission* is
:data:`zope.security.checker.CheckerPublic` or ``None``.
:raise NoInteraction: If there is no current interaction and no
interaction argument was given.
"""
if permission is CheckerPublic or permission is None:
return True
if interaction is None:
try:
interaction = thread_local.interaction
except AttributeError:
raise NoInteraction
return interaction.checkPermission(permission, object)
def _clear():
global _defaultPolicy
_defaultPolicy = ParanoidSecurityPolicy
try:
from zope.testing.cleanup import addCleanUp
except ImportError: # pragma: no cover
pass
else:
addCleanUp(_clear)
addCleanUp(endInteraction)