This package provides basic elements for defining Zope permissions and
security checkers without ZCML.
.. contents::
Setting up ``grokcore.security``
================================
This package is essentially set up like the `grokcore.component`_
package, please refer to its documentation for details. The
additional ZCML lines you will need are::
<include package="grokcore.security" file="meta.zcml" />
<include package="grokcore.security" />
Put this somewhere near the top of your root ZCML file but below the
line where you include ``grokcore.component``'s configuration.
Defining permissions
====================
In `grokcore.component`_, various components are defined (and
automatically registered) by subclassing from certain baseclasses.
The same applies to defining permissions with ``grokcore.security`` as
well::
import grokcore.security
class EditContent(grokcore.security.Permission):
grokcore.security.name('mypkg.EditContent')
This defines a permission with the ID ``mypkg.EditContent``. You must
always specify this ID explicitly. In addition, you can also give the
permission a human-readable title and description. This is useful
when your application provides lists of permissions somewhere and you
don't want to bother users with deciphering the dotted IDs::
import grokcore.security
class EditContent(grokcore.security.Permission):
grokcore.security.name('mypkg.EditContent')
grokcore.security.title('Edit content')
grokcore.security.description('Anyone who has this permission may '
'modify content in the application.')
Defining checkers for components
================================
``grokcore.security`` provides some means for defining checkers for
components:
* ``grokcore.security.require(permission)`` which can be used either
as a class-level directive to set a permission for a whole
component, or as a decorator to set a permission for a function or
method.
* ``protect_getattr`` and ``protect_setattr``, available from
``grokcore.security.util``, which take a class, an attribute name
and a permission as arguments and define Zope security checkers for
getting or setting a particular attribute on instance of said class.
With these, you can build grokkers for components that need security
declarations. For instance, the `grokcore.view`_ package uses them to
define a grokker that makes security declarations for views::
class ViewSecurityGrokker(martian.ClassGrokker):
martian.component(grokcore.view.View)
martian.directive(grokcore.security.require, name='permission')
def execute(self, factory, config, permission, **kw):
for method_name in zope.publisher.interfaces.browser.IBrowserPage:
config.action(
discriminator=('protectName', factory, method_name),
callable=grokcore.security.util.protect_getattr,
args=(factory, method_name, permission),
)
return True
With such a grokker, it is possible to protect views like so::
class Edit(grokcore.view.View):
grokcore.security.require(EditContent)
Note how we can simply pass a permission class to the ``require``
directive. Alternatively, you can pass the permission ID::
class Edit(grokcore.view.View):
grokcore.security.require('mypkg.EditContent')
If you wanted to be able to define permissions for individual class
methods rather than the whole class, you would simply base your
grokker on ``martian.MethodGrokker`` rather than ``ClassGrokker``.
The actual mechanics of defining a checker are the same.
Please note that ``grokcore.security`` does not yet provide directives
that allow you to specify permissions for simple attribute access
(read and write).
API overview
============
``Permission``
Base class for defining permissions. Use the ``name`` directive
to define the mandatory permission ID. Optionally use the
``title`` and ``description`` directives to give the permission
human-readable information.
``Public``
Special permission that can be referred to whenever a component
should not be protected by a permission at all (public access).
``require(permission_class_or_id)``
declares that the use of a particular component (when used as a
class-level directive) or a method (when used as a method
decorator) requires a certain permission. The argument can either
be a permission class (subclass of ``Permission``) or a permission
ID.
In addition, the ``grokcore.security`` package exposes the
`grokcore.component`_ API.
.. _grokcore.component: http://pypi.python.org/pypi/grokcore.component
.. _grokcore.view: http://pypi.python.org/pypi/grokcore.view
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
grokcore.security-1.6.3.tar.gz (52个子文件)
grokcore.security-1.6.3
setup.py 1KB
src
grokcore.security.egg-info
top_level.txt 9B
SOURCES.txt 2KB
PKG-INFO 9KB
namespace_packages.txt 9B
not-zip-safe 1B
dependency_links.txt 1B
requires.txt 235B
grokcore
__init__.py 200B
security
interfaces.py 2KB
directive.py 4KB
meta
__init__.py 0B
role.py 3KB
permission.py 2KB
__init__.py 1KB
components.py 1KB
tests
__init__.py 32B
test_all.py 1KB
role
__init__.py 0B
role_i18n.py 2KB
missing_role_name.py 360B
permissions.py 928B
security
not_a_permissionclass.py 591B
__init__.py 32B
multiple_require.py 546B
missing_permission.py 515B
missing_permission_name.py 369B
fallback.py 477B
protect_getattr.py 586B
permission.py 935B
permissions
directive.py 416B
__init__.py 0B
directive_fixture.py 220B
util.py 2KB
ftesting.zcml 457B
ftests
__init__.py 0B
test_all.py 1KB
role
__init__.py 0B
roles.py 3KB
meta.zcml 210B
testing.py 2KB
bootstrap.py 6KB
.travis.yml 158B
MANIFEST.in 144B
setup.cfg 59B
buildout.cfg 409B
LICENSE.txt 2KB
PKG-INFO 9KB
COPYRIGHT.txt 32B
CHANGES.txt 2KB
README.txt 5KB
CREDITS.txt 145B
共 52 条
- 1
资源评论
挣扎的蓝藻
- 粉丝: 12w+
- 资源: 15万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功