安全映射基类集合
项目描述
dolmen.security.policies 提供了一种可插拔的方式来处理对象级安全。
>>> from zope.location import Location >>> from zope.interface import implementer >>> from zope.annotation.interfaces import IAttributeAnnotatable>>> @implementer(IAttributeAnnotatable) ... class Content(Location): ... def __init__(self, parent, name): ... self.__parent__ = parent ... self.__name__ = name>>> @implementer(IAttributeAnnotatable) ... class MyFolder(Location): ... def __init__(self): ... self.contents = {}>>> folder = MyFolder() >>> contentA = folder.contents['a'] = Content(folder, 'a')
角色
标准行为
默认设置
>>> from zope.securitypolicy.zopepolicy import settingsForObject
>>> pprint(settingsForObject(contentA))
[('a',
{'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
(None,
{'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
('global settings',
{'principalPermissions': [{'permission': 'zope.View',
'principal': 'zope.test',
'setting': PermissionSetting: Allow}],
'principalRoles': [],
'rolePermissions': [{'permission': 'zope.ManageContent',
'role': 'test.role',
'setting': PermissionSetting: Allow}]})]
为测试用户分配角色
>>> from zope.securitypolicy.interfaces import IPrincipalRoleManager
>>> manager = IPrincipalRoleManager(folder)
>>> manager.assignRoleToPrincipal('test.role', 'zope.test')
测试角色应用
>>> from zope.securitypolicy.interfaces import IPrincipalRoleMap
>>> folder_rpm = IPrincipalRoleMap(folder)
>>> print(folder_rpm.getRolesForPrincipal('zope.test'))
[('test.role', PermissionSetting: Allow)]
角色继承
>>> pprint(settingsForObject(contentA))
[('a',
{'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []}),
(None,
{'principalPermissions': [],
'principalRoles': [{'principal': 'zope.test',
'role': 'test.role',
'setting': PermissionSetting: Allow}],
'rolePermissions': []}),
('global settings',
{'principalPermissions': [{'permission': 'zope.View',
'principal': 'zope.test',
'setting': PermissionSetting: Allow}],
'principalRoles': [],
'rolePermissions': [{'permission': 'zope.ManageContent',
'role': 'test.role',
'setting': PermissionSetting: Allow}]})]
可选行为
>>> import grokcore.component as grok >>> from grokcore.component.testing import grok_component >>> from zope.securitypolicy.interfaces import Allow, Deny >>> from zope.securitypolicy.securitymap import SecurityMap >>> from dolmen.security.policies.principalrole import ExtraRoleMap >>> from zope.securitypolicy.interfaces import IPrincipalRoleManager>>> @implementer(IAttributeAnnotatable) ... class MyHomefolder(Location): ... def __init__(self, id): ... self.__name__ = "%s homepage" % id ... self.userid = id>>> home = MyHomefolder('zope.test') >>> pprint(settingsForObject(home)[0]) ('zope.test homepage', {'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []})>>> class HomepageRoleManager(ExtraRoleMap): ... grok.context(MyHomefolder) ... ... def _compute_extra_data(self): ... extra_map = SecurityMap() ... extra_map.addCell('test.role', self.context.userid, Allow) ... return extra_map>>> from zope.component import provideAdapter >>> from zope.securitypolicy.interfaces import ( ... IPrincipalRoleManager, IPrincipalRoleMap, IRolePermissionMap)>>> provideAdapter( ... HomepageRoleManager, (MyHomefolder,), IPrincipalRoleManager) >>> provideAdapter( ... HomepageRoleManager, (MyHomefolder,), IPrincipalRoleMap)>>> pprint(settingsForObject(home)[0]) ('zope.test homepage', {'principalPermissions': [], 'principalRoles': [{'principal': 'zope.test', 'role': 'test.role', 'setting': PermissionSetting: Allow}], 'rolePermissions': []})
检查权限
>>> from zope.security.testing import Principal, Participation
>>> from zope.security.management import newInteraction, endInteraction
>>> newInteraction(Participation(Principal('zope.test')))
>>> from zope.security import checkPermission
>>> checkPermission('zope.ManageContent', home)
True
>>> home.userid = "someone else"
>>> checkPermission('zope.ManageContent', home)
False
>>> home.userid = "zope.test"
>>> checkPermission('zope.ManageContent', home)
True
角色权限
我们也可以允许/拒绝角色的权限
>>> from dolmen.security.policies import ExtraRolePermissionMap
>>> from zope.securitypolicy.interfaces import IRolePermissionManager
>>> class HomepageRolePermissionManager(ExtraRolePermissionMap):
... grok.context(MyHomefolder)
...
... def _compute_extra_data(self):
... extra_map = SecurityMap()
... extra_map.addCell('zope.ManageContent', 'test.role', Deny)
... return extra_map
>>> provideAdapter(
... HomepageRolePermissionManager, (MyHomefolder,),
... IRolePermissionManager)
>>> pprint(settingsForObject(home)[0])
('zope.test homepage',
{'principalPermissions': [],
'principalRoles': [{'principal': 'zope.test',
'role': 'test.role',
'setting': PermissionSetting: Allow}],
'rolePermissions': [{'permission': 'zope.ManageContent',
'role': 'test.role',
'setting': PermissionSetting: Deny}]})
>>> checkPermission('zope.ManageContent', home)
False
>>> endInteraction()
更新日志
0.4 (2020-08-26)
修正了适用于python3.6+的代码。
0.3 (2011-02-22)
添加了 IRolePermissionManager 的基础适配器。这允许通过角色拒绝或允许权限。[goschtl]
0.2 (2011-01-19)
重新打包
0.1 (2011-01-18)
首次发布
下载文件
下载适合您平台的应用程序文件。如果您不确定要选择哪一个,请了解有关 安装包 的更多信息。
源分布
dolmen.security.policies-0.4.tar.gz (6.5 kB 查看哈希值)
