diff options
author | Jason Madden <jamadden@gmail.com> | 2017-09-11 09:32:29 -0500 |
---|---|---|
committer | Jason Madden <jamadden@gmail.com> | 2017-09-11 09:32:29 -0500 |
commit | a844ed40b62d10d776e39584fc51c61077a2bd7e (patch) | |
tree | 709dc362dc9390386dba8cd4aa5eea5402ab240f /src/zope/security/simplepolicies.py | |
parent | b339f682bf801ca4d041282e8f9a2662a68a0236 (diff) | |
download | zope-security-issue19.tar.gz |
Document behaviour of ParanoidSecurityPolicy when there are no participationsissue19
Add an explicit test for this case.
Fixes #19.
Diffstat (limited to 'src/zope/security/simplepolicies.py')
-rw-r--r-- | src/zope/security/simplepolicies.py | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/zope/security/simplepolicies.py b/src/zope/security/simplepolicies.py index 4825e70..b2e8980 100644 --- a/src/zope/security/simplepolicies.py +++ b/src/zope/security/simplepolicies.py @@ -24,7 +24,12 @@ from zope.security._definitions import system_user @zope.interface.implementer(IInteraction) @zope.interface.provider(ISecurityPolicy) class ParanoidSecurityPolicy(object): - """Prohibit all access exctp to public items, or by explicit principals""" + """ + Prohibit all access by any non-system principal, unless the item is public. + + This means that if there are no participations (and hence no + principals), then access is allowed. + """ def __init__(self, *participations): self.participations = [] @@ -58,7 +63,9 @@ class ParanoidSecurityPolicy(object): @zope.interface.provider(ISecurityPolicy) class PermissiveSecurityPolicy(ParanoidSecurityPolicy): - """Allow all access.""" + """ + Allow all access. + """ def checkPermission(self, permission, object): return True |