Fixed bug:

The special system_user object wasn't actually a user (principal).

Also cleaned up some circular import issues.

5 files changed, 50 insertions, 25 deletions

diff --git a/src/zope/security/__init__.py b/src/zope/security/__init__.py
index 5237e7f..18360ed 100644
--- a/src/zope/security/__init__.py
+++ b/src/zope/security/__init__.py
@@ -17,9 +17,10 @@ $Id$
 
 """
 
-# TODO: There's a circular import problem with the proxy package.
-# The proxy framework needs some refactoring, but not today.
-import zope.proxy
+import zope.deferredimport
 
-from zope.security.management import checkPermission
-from zope.security.checker import canWrite, canAccess
+zope.deferredimport.define(
+    checkPermission = 'zope.security.management:checkPermission',
+    canWrite = 'zope.security.checker:canWrite',
+    canAccess = 'zope.security.checker:canAccess',
+    )
diff --git a/src/zope/security/_definitions.py b/src/zope/security/_definitions.py
new file mode 100644
index 0000000..0dad074
--- /dev/null
+++ b/src/zope/security/_definitions.py
@@ -0,0 +1,29 @@
+##############################################################################
+#
+# Copyright (c) 2005 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Common definitions to avoid circular imports
+"""
+
+import threading
+
+import zope.interface
+
+import zope.security.interfaces
+
+thread_local = threading.local()
+
+class system_user(object):
+    zope.interface.classProvides(zope.security.interfaces.IPrincipal)
+    id = __name__ + u'.system_user'
+    title = u'Special System User that typically has all permissions'
+    description = u''
diff --git a/src/zope/security/checker.py b/src/zope/security/checker.py
index 3a576c1..d3b29aa 100644
--- a/src/zope/security/checker.py
+++ b/src/zope/security/checker.py
@@ -44,7 +44,7 @@ from zope.interface.interfaces import IInterface, IDeclaration
 from zope.security.interfaces import IChecker, INameBasedChecker
 from zope.security.interfaces import ISecurityProxyFactory
 from zope.security.interfaces import Unauthorized, ForbiddenAttribute
-from zope.security.management import thread_local
+from zope.security._definitions import thread_local
 from zope.security._proxy import _Proxy as Proxy, getChecker
 
 if os.environ.get('ZOPE_WATCH_CHECKERS'):
diff --git a/src/zope/security/management.py b/src/zope/security/management.py
index 00a8f1c..3a106bf 100644
--- a/src/zope/security/management.py
+++ b/src/zope/security/management.py
@@ -15,20 +15,22 @@
 
 $Id$
 """
-# Special system user that has all permissions
-# zope.security.simplepolicies needs it
-system_user = object()
-
-from zope.interface import moduleProvides
-from zope.security.interfaces import ISecurityManagement
-from zope.security.interfaces import IInteractionManagement
-from zope.security.interfaces import NoInteraction
+
+
+import zope.interface
 import zope.thread
 
-thread_local = zope.thread.local()
+import zope.security.interfaces
+
+from zope.security.checker import CheckerPublic
+from zope.security._definitions import thread_local, system_user
+from zope.security.simplepolicies import ParanoidSecurityPolicy
 
-moduleProvides(ISecurityManagement, IInteractionManagement)
+_defaultPolicy = ParanoidSecurityPolicy
 
+zope.interface.moduleProvides(
+    zope.security.interfaces.ISecurityManagement,
+    zope.security.interfaces.IInteractionManagement)
 
 def _clear():
     global _defaultPolicy
@@ -80,7 +82,7 @@ def getInteraction():
     try:
         return thread_local.interaction
     except AttributeError:
-        raise NoInteraction
+        raise zope.security.interfaces.NoInteraction
 
 def newInteraction(*participations):
     """Start a new interaction."""
@@ -140,10 +142,3 @@ def checkPermission(permission, object, interaction=None):
     return interaction.checkPermission(permission, object)
 
 addCleanUp(endInteraction)
-
-
-# circular imports are not fun
-
-from zope.security.checker import CheckerPublic
-from zope.security.simplepolicies import ParanoidSecurityPolicy
-_defaultPolicy = ParanoidSecurityPolicy
diff --git a/src/zope/security/simplepolicies.py b/src/zope/security/simplepolicies.py
index 133e27a..3cca0b9 100644
--- a/src/zope/security/simplepolicies.py
+++ b/src/zope/security/simplepolicies.py
@@ -18,7 +18,7 @@ $Id$
 import zope.interface
 from zope.security.checker import CheckerPublic
 from zope.security.interfaces import IInteraction, ISecurityPolicy
-from zope.security.management import system_user
+from zope.security._definitions import system_user
 
 class ParanoidSecurityPolicy(object):
     zope.interface.implements(IInteraction)