Log message for revision 112381: Move the DTML policy assignment and deal with import order changes
Changed: U Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/DTML.py U Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/ImplC.py U Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/ImplPython.py U Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/Implementation.py U Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/DT_Util.py U Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/__init__.py U Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/security.py U Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/sequence/__init__.py -=- Modified: Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/DTML.py =================================================================== --- Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/DTML.py 2010-05-16 19:01:27 UTC (rev 112380) +++ Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/DTML.py 2010-05-16 19:32:39 UTC (rev 112381) @@ -15,3 +15,4 @@ # BBB from DocumentTemplate.security import DTMLSecurityAPI +from DocumentTemplate.security import RestrictedDTML Modified: Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/ImplC.py =================================================================== --- Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/ImplC.py 2010-05-16 19:01:27 UTC (rev 112380) +++ Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/ImplC.py 2010-05-16 19:32:39 UTC (rev 112381) @@ -31,15 +31,11 @@ # make sure a partial import doesn't pollute sys.modules del sys.modules[__name__] raise - -from AccessControl.ImplPython import RestrictedDTML + from AccessControl.ImplPython import SecurityManager from AccessControl.ImplPython import ZopeSecurityPolicy -class RestrictedDTML(RestrictedDTMLMixin, RestrictedDTML): - """A mix-in for derivatives of DT_String.String that adds Zope security.""" - class ZopeSecurityPolicy(cZopeSecurityPolicy, ZopeSecurityPolicy): """A security manager provides methods for checking access and managing executable context and policies Modified: Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/ImplPython.py =================================================================== --- Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/ImplPython.py 2010-05-16 19:01:27 UTC (rev 112380) +++ Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/ImplPython.py 2010-05-16 19:32:39 UTC (rev 112381) @@ -180,19 +180,6 @@ return len(v) -# AccessControl.DTML -# ------------------ - -class RestrictedDTML: - """A mix-in for derivatives of DT_String.String that adds Zope security.""" - - def guarded_getattr(self, *args): # ob, name [, default] - return guarded_getattr(*args) - - def guarded_getitem(self, ob, index): - return guarded_getitem(ob, index) - - # AccessControl.ZopeSecurityPolicy # -------------------------------- # Modified: Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/Implementation.py =================================================================== --- Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/Implementation.py 2010-05-16 19:01:27 UTC (rev 112380) +++ Zope/branches/hannosch-dtml-vs-accesscontrol/src/AccessControl/Implementation.py 2010-05-16 19:32:39 UTC (rev 112381) @@ -75,8 +75,6 @@ _policy_names = { "AccessControl": ("setDefaultBehaviors", ), - "AccessControl.DTML": ("RestrictedDTML", - ), "AccessControl.PermissionRole": ("_what_not_even_god_should_do", "rolesForPermissionOn", "PermissionRole", Modified: Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/DT_Util.py =================================================================== --- Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/DT_Util.py 2010-05-16 19:01:27 UTC (rev 112380) +++ Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/DT_Util.py 2010-05-16 19:32:39 UTC (rev 112381) @@ -33,6 +33,10 @@ from Shared.TaintedString import TaintedString +if 'test' not in utility_builtins: + from RestrictedPython.Utilities import test + utility_builtins['test'] = test + test = utility_builtins['test'] # for backwards compatibility, dont remove! LIMITED_BUILTINS = 1 @@ -109,6 +113,7 @@ return retval TemplateDict.string = StringModuleWrapper() +TemplateDict.__allow_access_to_unprotected_subobjects__ = 1 # The functions below are meant to bind to the TemplateDict. Modified: Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/__init__.py =================================================================== --- Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/__init__.py 2010-05-16 19:01:27 UTC (rev 112380) +++ Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/__init__.py 2010-05-16 19:32:39 UTC (rev 112381) @@ -10,14 +10,11 @@ # FOR A PARTICULAR PURPOSE # ############################################################################## -__doc__='''Package wrapper for Document Template +"""Package wrapper for Document Template This wrapper allows the (now many) document template modules to be -segregated in a separate package. +segregated in a separate package.""" -$Id$''' -__version__='$Revision: 1.18 $'[11:-2] - from DocumentTemplate.DT_String import String, File from DocumentTemplate.DT_HTML import HTML, HTMLDefault, HTMLFile Modified: Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/security.py =================================================================== --- Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/security.py 2010-05-16 19:01:27 UTC (rev 112380) +++ Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/security.py 2010-05-16 19:32:39 UTC (rev 112381) @@ -15,28 +15,43 @@ import string, math, random, sets -from AccessControl import SecurityManagement -from AccessControl.SimpleObjectPolicies import ContainerAssertions -from AccessControl.ZopeGuards import safe_builtins - -import DocumentTemplate.sequence -from DocumentTemplate import DT_Util - -# RestrictedDTML is inserted by AccessControl.Implementation. - - # Allow access to unprotected attributes -DT_Util.TemplateDict.__allow_access_to_unprotected_subobjects__=1 string.__allow_access_to_unprotected_subobjects__=1 math.__allow_access_to_unprotected_subobjects__=1 random.__allow_access_to_unprotected_subobjects__=1 sets.__allow_access_to_unprotected_subobjects__=1 +# Setup RestrictedDTML -DocumentTemplate.sequence.__allow_access_to_unprotected_subobjects__=1 +from AccessControl.ImplPython import guarded_getattr +from AccessControl.ZopeGuards import guarded_getitem +RestrictedDTML = None + +class BaseRestrictedDTML: + """A mix-in for derivatives of DT_String.String that adds Zope security.""" + + def guarded_getattr(self, *args): # ob, name [, default] + return guarded_getattr(*args) + + def guarded_getitem(self, ob, index): + return guarded_getitem(ob, index) + + +# This does not respect the security policy as set by AccessControl. Instead +# it only deals with the C module being compiled or not. +try: + from AccessControl.cAccessControl import RestrictedDTMLMixin +except ImportError: + RestrictedDTML = BaseRestrictedDTML +else: + class RestrictedDTML(RestrictedDTMLMixin, BaseRestrictedDTML): + """C version of RestrictedDTML.""" + # Add security testing capabilities +from AccessControl import SecurityManagement + class DTMLSecurityAPI: """API for performing security checks in DTML using '_' methods. """ @@ -96,11 +111,16 @@ if r > 0: return r-1 return r + +from DocumentTemplate import DT_Util + for name, v in DTMLSecurityAPI.__dict__.items(): if name[0] != '_': setattr(DT_Util.TemplateDict, name, v) from types import FunctionType +from AccessControl.ZopeGuards import safe_builtins + for name, v in safe_builtins.items(): if type(v) is FunctionType: v = DT_Util.NotBindable(v) @@ -109,11 +129,14 @@ setattr(DT_Util.TemplateDict, name, v) +# Temporarily create a DictInstance so that we can mark its type as +# being a key in the ContainerAssertions. + +from AccessControl.SimpleObjectPolicies import ContainerAssertions + class _dummy_class: pass -# Temporarily create a DictInstance so that we can mark its type as -# being a key in the ContainerAssertions. templateDict = DT_Util.TemplateDict() try: dictInstance = templateDict(dummy=1)[0] Modified: Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/sequence/__init__.py =================================================================== --- Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/sequence/__init__.py 2010-05-16 19:01:27 UTC (rev 112380) +++ Zope/branches/hannosch-dtml-vs-accesscontrol/src/DocumentTemplate/sequence/__init__.py 2010-05-16 19:32:39 UTC (rev 112381) @@ -11,5 +11,6 @@ # ############################################################################## +__allow_access_to_unprotected_subobjects__ = 1 from zope.sequencesort.ssort import * _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins