Zope Subversion Repository
Zope Subversion Repository |
|
Drop support for Python 2.4 and 2.5. Replace deprecated 'zope.component.adapts' usage with equivalent 'zope.component.adapter' decorator. Replace deprecated 'zope.interface.classProvides' usage with equivalent 'zope.interface.provider' decorator. Replace deprecated 'zope.interface.implements' usage with equivalent 'zope.interface.implementer' decorator.
Remove CVS-era Id fossils.
Conform to repository policy.
Add zope.i18nmessage.Message to non-proxied basic types, as it's immutable and it was done by zope.app.security. Add __name__ and __parent__ to list of available by default attributes. It was also done by zope.app.security before.
Moving code to satellite.
Merge of jim-adapter branch: This branch has three major refactorings on it: - A redesign of the adapter registration machinery - A major simplification of local component management See zope.component.interfaces.IComponentRegistry. - A flexible system for combining component registries. - A beginning of the migration of packages out of zope.app. - A new package for doing deferred imports. This allows you to make names available at the package level without creating circular imports. See zope.deferredimport and see zope.component.__init__ for examples of it's use. This package also provides a way to deprecate names in a module. - Deprecation of zope. i18nmessageid.MessageID I should have created checkin messages for individual sets of related changes, but there were just too many for the time allowed.
Make changes as discussed in http://www.zope.org/Collectors/Zope3-dev/506: canWrite now does not raise Forbidden if canAccess does not, effectively.
Integrated newer version of zdaemon that has more robust tests.
I think this fixes our security proxy issues. Gary, that's cool with you?
No longer re-proxying objects that provide an explicit __Security_checker__.
Add two convenience functions: canWrite and canAccess. While the tests for this package are not doc tests, I included doctest-like comments in the tests. Since these functions are primarily conveniences for app code, I imported them in the package __init__.
Merged from ZopeX3-3.0 branch: r27201 | jim | 2004-08-20 18:14:11 -0400 (Fri, 20 Aug 2004) | 2 lines Removed unneeded removeAllProxies calls. ------------------------------------------------------------------------ r27200 | jim | 2004-08-20 17:47:26 -0400 (Fri, 20 Aug 2004) | 2 lines Removed unneeded removeAllProxies calls. ------------------------------------------------------------------------ r27199 | jim | 2004-08-20 17:42:45 -0400 (Fri, 20 Aug 2004) | 2 lines Converted removeAllProxies calls to the prefered removeSecurityProxy. ------------------------------------------------------------------------ r27198 | jim | 2004-08-20 17:07:23 -0400 (Fri, 20 Aug 2004) | 2 lines Converted a package with one module to a regulat module. ------------------------------------------------------------------------ r27197 | jim | 2004-08-20 17:05:39 -0400 (Fri, 20 Aug 2004) | 2 lines Made the dependency subscriber trusted ------------------------------------------------------------------------ r27196 | jim | 2004-08-20 17:05:37 -0400 (Fri, 20 Aug 2004) | 8 lines Converted removeAllProxies calls to the prefered removeSecurityProxy. D src/zope/app/security/interfaces D src/zope/app/security/interfaces/__init__.py A + src/zope/app/security/interfaces.py Converted a package with one module to a regulat module. ------------------------------------------------------------------------ r27195 | jim | 2004-08-20 16:29:43 -0400 (Fri, 20 Aug 2004) | 4 lines Added a zapi.isinstance method that works with security proxies. ------------------------------------------------------------------------ r27194 | jim | 2004-08-20 15:26:59 -0400 (Fri, 20 Aug 2004) | 3 lines Added some defensive programming to work around a lame implicit Python string-formatting behavior. ------------------------------------------------------------------------ r27193 | jim | 2004-08-20 15:26:57 -0400 (Fri, 20 Aug 2004) | 2 lines Removed unneeded removeAllProxies call ------------------------------------------------------------------------ r27192 | jim | 2004-08-20 15:26:55 -0400 (Fri, 20 Aug 2004) | 3 lines Fixed a problem with the security dclarations to make calling removeAllProxies unnecessary. ------------------------------------------------------------------------ r27191 | jim | 2004-08-20 14:20:12 -0400 (Fri, 20 Aug 2004) | 2 lines Removed unneeded removeAllProxies calls. ------------------------------------------------------------------------ r27190 | jim | 2004-08-20 14:20:07 -0400 (Fri, 20 Aug 2004) | 2 lines Converted removeAllProxies calls to the prefered removeSecurityProxy. ------------------------------------------------------------------------ r27189 | jim | 2004-08-20 13:02:06 -0400 (Fri, 20 Aug 2004) | 6 lines Added "trusted" option for defining trusted subscribers. Deprecated zope.security.trustedRemoveSecurityProxy and zope.security.getProxiedObject. Use zope.security.removeSecurityProxy instead. (This should also be used rather than removeAllProxies.) ------------------------------------------------------------------------ r27188 | jim | 2004-08-20 13:02:03 -0400 (Fri, 20 Aug 2004) | 4 lines Deprecated zope.security.trustedRemoveSecurityProxy and zope.security.getProxiedObject. Use zope.security.removeSecurityProxy instead. (This should also be used rather than removeAllProxies.) Also converted additional removeAllProxies calls to the prefered removeSecurityProxy. (These were on the trunk, but not the branch.)
Moved forbidden and unauthorized exception definitions to zope.security.interfaces.
Removed the special treatment of exception classes. Previously, we treated excptions and xception clases as basic objects that were not proxied. This strategy seems overly lax. The problem is that we don't really kow how to raise or catch exceptions if exceptions and exception classes are proxied. The answer is not to be lax with exceptions. Rather, we'll need to change the way exceptions are handled in untrusted python code. This will require code manipulation, which we've avoided until recently.
Rearranged the security apis, largely combining security policies and interactions. Now security policies are just interaction factories -- usually just the interaction class. See: http://mail.zope.org/pipermail/zope3-dev/2004-July/011656.html
Converted as many classes as possible to new style classes.
Removed __metaclass__ and made classes inherit 'object'. Also made most classic classes new-style classes. Updated module doc strings where appropriate.
Converted XXX to TODO.
Changed basic checkers to use dictionaries. Now when you create checkers, you must pass one or two dictionary objects. We used to allow functions to be passed that would be called to get the permission needed to access a name. It turns out that this generality wasn't needed or used. If we need this in the furture, we can add custom checkers. For now, we only allow dictionaries, as that will enable more efficient checker implementation.
Removed unused NonPrivateChecker
Removed the unused DecoratedChecker class.
Updated to use ZPL 2.1.
Tell subversion to expand the Id keyword: - replaced old CVS expansion with a clean $Id$ - set the svn:keywords property to "Id" When you check-in files in the future and want $Id$ to be expanded, make sure it reads "$Id$" in that file; then set svn:keywords to "Id".
Merged Zope3/branches/mgedmin-security 24595:24640 This is UnificationOfRequestsAndSecurityContextsThroughUse: - Security managers and security contexts are gone. - Interactions and participations replace them. - BaseRequest is now IParticipation. - request.user was renamed to request.principal because of the above.
Set mime-type or svn-eol property from cvs expansion data
Cleanup.
Documented the behavior of CombinedChecker explicitly. Fixed a bug where CombinedChecker could raise a ForbiddenAttribute instead of Unauthorized. Documented Checker.permission_id and setattr_permission_id in an interface (INameBasedChecker). Remove the dependency on permission_id/setattr_permission_id from CheckerLoggingMixin. I do not think anyone cares about the distinction of 'Public' and 'Granted' when debugging checkers. Make CombinedChecker log things when ZOPE_WATCH_CHECKERS is set.
Implemented descriptor for __Security_checker__ of context wrappers. This descriptor gets a checker for the wrapper and for the proxied object, and returns a checker combined from both of those. If either the wrapper or the proxied object has no checker defined, then the checker for the proxied object or the wrapper is returned, respectively. If no checkers are defined, None is returned.
Added a CombinedChecker that provides a proxy to two checkers.
Added a DecoratedChecker.
renamed zope.proxy.getObject to zope.proxy.getProxiedObject
Now getObject comes from zope.proxy
Merged some of the work done by SteveA and MariusG on the stevea-decorators-branch. * Refactored acting on WATCH_CHECKERS into a reusable and unobtrusive mixin class. Execution speed will be faster when WATCH_CHECKERS is false. * Improved and clearer implementation of ProxyFactory. * Added comprehensive test of ProxyFactory. * Made an explicit TrustedCheckerBase marker type to show the connection between the checker module and the proxy module. * Added a note about the poor naming of _always_available. The name _available_by_default would better reflect actual use. That is, it is possible to make an _always_available name unavailable. * Added a BasicTypes_examples dict that can be imported into unit tests that want to check whether basic types are handled properly. * Added comprehensive test of ProxyFactory.
Reverted my change as Guido pointed out why exception classes need to be unwrapped as well as instances. This needs more thinking about though, as no tests failed... If all extension instances are unwrapped, and extension classes are included inline in the code, then there is no problem with comparison. I'll talk to people and experiment tomorrow, and perhaps re-check this in.
Made the checker for ClassType objects more sensible.
Modified CheckerPublic so that it can be pickled and unpickled without loss of identity. This is necessary so that it can be stored and used in persistent objects.
Changed the marker object, CheckerPublic to be picklable (as a global object). This will allow the value to be safely stored in persistent objects.
More renaming.
Grand renaming: - Renamed most files (especially python modules) to lower case. - Moved views and interfaces into separate hierarchies within each project, where each top-level directory under the zope package is a separate project. - Moved everything to src from lib/python. lib/python will eventually go away. I need access to the cvs repository to make this happen, however. There are probably some bits that are broken. All tests pass and zope runs, but I haven't tried everything. There are a number of cleanups I'll work on tomorrow.
|
webmaster@zope.org Powered by ViewCVS 1.0-dev |
 ViewCVS and CVS Help |