diff options
author | Jason Madden <jamadden@gmail.com> | 2018-08-20 15:02:44 -0500 |
---|---|---|
committer | Jason Madden <jamadden@gmail.com> | 2018-08-20 15:02:44 -0500 |
commit | 1d553ae96dcc185e54cb9832203f6bb42ebda79b (patch) | |
tree | 03835733e08423683472d8216576adb4ed4554e4 | |
parent | 23c968296fe58becae0a5e21f6a745827b7d11cb (diff) | |
download | zope-security-feature/system-user-regular-object.tar.gz |
Add ``ISystemPrincipal`` and make ``system_user`` a regular object that implements itfeature/system-user-regular-object
This facilitates adding adapter registrations for the system user.
-rw-r--r-- | CHANGES.rst | 5 | ||||
-rw-r--r-- | src/zope/security/_definitions.py | 6 | ||||
-rw-r--r-- | src/zope/security/interfaces.py | 15 | ||||
-rw-r--r-- | src/zope/security/management.py | 17 | ||||
-rw-r--r-- | src/zope/security/tests/test_management.py | 8 |
5 files changed, 46 insertions, 5 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index 501405d..f0ba71e 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,7 +5,10 @@ 4.2.4 (unreleased) ================== -- Nothing changed yet. +- Add the interface ``ISystemPrincipal`` and make + ``zope.security.management.system_user`` a regular object that + implements this interface. This facilitates providing adapter + registrations specifically for the ``system_user``. 4.2.3 (2018-08-09) diff --git a/src/zope/security/_definitions.py b/src/zope/security/_definitions.py index e4f3867..929823c 100644 --- a/src/zope/security/_definitions.py +++ b/src/zope/security/_definitions.py @@ -20,8 +20,10 @@ from zope.security import interfaces thread_local = threading.local() -@zope.interface.provider(interfaces.IPrincipal) -class system_user(object): +@zope.interface.implementer(interfaces.ISystemPrincipal) +class SystemUser(object): id = u'zope.security.management.system_user' title = u'System' description = u'' + +system_user = SystemUser() diff --git a/src/zope/security/interfaces.py b/src/zope/security/interfaces.py index 1d646ee..74cd385 100644 --- a/src/zope/security/interfaces.py +++ b/src/zope/security/interfaces.py @@ -38,6 +38,7 @@ These can be categorized into a few different groups of related objects. - :class:`IParticipation` - :class:`IInteractionManagement` - :class:`IPrincipal` + - :class:`ISystemPrincipal` - :class:`IGroupAwarePrincipal` - :class:`IGroupClosureAwarePrincipal` - :class:`IGroup` @@ -394,6 +395,20 @@ class IPrincipal(Interface): required=False) +class ISystemPrincipal(IPrincipal): + """ + A principal that represents the system (application) itself. + + Typically a system principal is granted extra capabilities + or excluded from certain checks. End users should *not* be able + to act as the system principal. + + Because speed is often a factor, a single instance of a system principal + is found at ``zope.security.management.system_user`` and can + be compared for by identity (e.g., ``if principal is system_user:``). + """ + + class IGroupAwarePrincipal(IPrincipal): """ Group aware principal interface. diff --git a/src/zope/security/management.py b/src/zope/security/management.py index 0c037d0..1acc3d3 100644 --- a/src/zope/security/management.py +++ b/src/zope/security/management.py @@ -26,8 +26,21 @@ from zope.security.interfaces import ISecurityManagement from zope.security.interfaces import NoInteraction from zope.security.simplepolicies import ParanoidSecurityPolicy from zope.security._definitions import thread_local -from zope.security._definitions import system_user # API? - +from zope.security._definitions import system_user + + +__all__ = [ + 'system_user', + 'getSecurityPolicy', + 'setSecurityPolicy', + 'queryInteraction', + 'getInteraction', + 'ExistingInteraction', + 'newInteraction', + 'endInteraction', + 'restoreInteraction', + 'checkPermission', +] _defaultPolicy = ParanoidSecurityPolicy diff --git a/src/zope/security/tests/test_management.py b/src/zope/security/tests/test_management.py index 83aca7b..93ce19d 100644 --- a/src/zope/security/tests/test_management.py +++ b/src/zope/security/tests/test_management.py @@ -170,7 +170,11 @@ class Test(unittest.TestCase): self.assertEqual(checkPermission(None, obj), True) self.assertEqual(checkPermission(CheckerPublic, obj), True) + def test_system_user(self): + from zope.interface.verify import verifyObject + from zope.security.interfaces import IPrincipal + from zope.security.interfaces import ISystemPrincipal from zope.security.management import system_user self.assertEqual(system_user.id, @@ -182,5 +186,9 @@ class Test(unittest.TestCase): self.assertIsInstance(getattr(system_user, name), type(u'')) + verifyObject(IPrincipal, system_user) + verifyObject(ISystemPrincipal, system_user) + + def test_suite(): return unittest.defaultTestLoader.loadTestsFromName(__name__) |