From 754e1f6aa3753ed1f23898238f398038133d9f5f Mon Sep 17 00:00:00 2001
From: Jim Fulton <jim@zope.com>
Date: Tue, 14 Aug 2007 17:52:16 +0000
Subject: Fixed bug: The special system_user object wasn't actually a user
 (principal).

Also cleaned up some circular import issues.
---
 CHANGES.txt                         | 13 +++++++++++--
 setup.py                            |  2 +-
 src/zope/security/__init__.py       | 11 ++++++-----
 src/zope/security/_definitions.py   | 29 +++++++++++++++++++++++++++++
 src/zope/security/checker.py        |  2 +-
 src/zope/security/management.py     | 31 +++++++++++++------------------
 src/zope/security/simplepolicies.py |  2 +-
 7 files changed, 62 insertions(+), 28 deletions(-)
 create mode 100644 src/zope/security/_definitions.py

diff --git a/CHANGES.txt b/CHANGES.txt
index ec09a10..76099bc 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,8 +1,14 @@
 zope.security package changelog
 ===============================
 
-Next release
-------------
+3.4.0b3 - 2007/08/14
+--------------------
+
+Bugs fixed:
+-----------
+
+- zope.security.management.system_user wasn't a valid principal
+  (didn't provide IPrincipal).
 
 - zope.security now works on Python 2.5
 
@@ -12,6 +18,9 @@ Next release
 3.4.0b2 - 2007/06/15
 --------------------
 
+Bugs fixed:
+-----------
+
 - removed stack extraction in newInteraction. When using eggs this is an
   extremly expensive function. The publisher is now more than 10 times faster
   when using eggs and about twice as fast with a zope trunk checkout.
diff --git a/setup.py b/setup.py
index 2639fe6..563c026 100644
--- a/setup.py
+++ b/setup.py
@@ -47,13 +47,13 @@ setup(name='zope.security',
                         'pytz',
                         'zope.component',
                         'zope.configuration',
+                        'zope.deferredimport', 
                         'zope.exceptions',
                         'zope.i18nmessageid',
                         'zope.interface',
                         'zope.location>=3.4.0b1.dev-r75152',
                         'zope.proxy',
                         'zope.schema',
-                        'zope.thread',
                         ],
       include_package_data = True,
       extras_require = {'untrustedpython': ["RestrictedPython"]},
diff --git a/src/zope/security/__init__.py b/src/zope/security/__init__.py
index 5237e7f..18360ed 100644
--- a/src/zope/security/__init__.py
+++ b/src/zope/security/__init__.py
@@ -17,9 +17,10 @@ $Id$
 
 """
 
-# TODO: There's a circular import problem with the proxy package.
-# The proxy framework needs some refactoring, but not today.
-import zope.proxy
+import zope.deferredimport
 
-from zope.security.management import checkPermission
-from zope.security.checker import canWrite, canAccess
+zope.deferredimport.define(
+    checkPermission = 'zope.security.management:checkPermission',
+    canWrite = 'zope.security.checker:canWrite',
+    canAccess = 'zope.security.checker:canAccess',
+    )
diff --git a/src/zope/security/_definitions.py b/src/zope/security/_definitions.py
new file mode 100644
index 0000000..0dad074
--- /dev/null
+++ b/src/zope/security/_definitions.py
@@ -0,0 +1,29 @@
+##############################################################################
+#
+# Copyright (c) 2005 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Common definitions to avoid circular imports
+"""
+
+import threading
+
+import zope.interface
+
+import zope.security.interfaces
+
+thread_local = threading.local()
+
+class system_user(object):
+    zope.interface.classProvides(zope.security.interfaces.IPrincipal)
+    id = __name__ + u'.system_user'
+    title = u'Special System User that typically has all permissions'
+    description = u''
diff --git a/src/zope/security/checker.py b/src/zope/security/checker.py
index 3a576c1..d3b29aa 100644
--- a/src/zope/security/checker.py
+++ b/src/zope/security/checker.py
@@ -44,7 +44,7 @@ from zope.interface.interfaces import IInterface, IDeclaration
 from zope.security.interfaces import IChecker, INameBasedChecker
 from zope.security.interfaces import ISecurityProxyFactory
 from zope.security.interfaces import Unauthorized, ForbiddenAttribute
-from zope.security.management import thread_local
+from zope.security._definitions import thread_local
 from zope.security._proxy import _Proxy as Proxy, getChecker
 
 if os.environ.get('ZOPE_WATCH_CHECKERS'):
diff --git a/src/zope/security/management.py b/src/zope/security/management.py
index 00a8f1c..3a106bf 100644
--- a/src/zope/security/management.py
+++ b/src/zope/security/management.py
@@ -15,20 +15,22 @@
 
 $Id$
 """
-# Special system user that has all permissions
-# zope.security.simplepolicies needs it
-system_user = object()
-
-from zope.interface import moduleProvides
-from zope.security.interfaces import ISecurityManagement
-from zope.security.interfaces import IInteractionManagement
-from zope.security.interfaces import NoInteraction
+
+
+import zope.interface
 import zope.thread
 
-thread_local = zope.thread.local()
+import zope.security.interfaces
+
+from zope.security.checker import CheckerPublic
+from zope.security._definitions import thread_local, system_user
+from zope.security.simplepolicies import ParanoidSecurityPolicy
 
-moduleProvides(ISecurityManagement, IInteractionManagement)
+_defaultPolicy = ParanoidSecurityPolicy
 
+zope.interface.moduleProvides(
+    zope.security.interfaces.ISecurityManagement,
+    zope.security.interfaces.IInteractionManagement)
 
 def _clear():
     global _defaultPolicy
@@ -80,7 +82,7 @@ def getInteraction():
     try:
         return thread_local.interaction
     except AttributeError:
-        raise NoInteraction
+        raise zope.security.interfaces.NoInteraction
 
 def newInteraction(*participations):
     """Start a new interaction."""
@@ -140,10 +142,3 @@ def checkPermission(permission, object, interaction=None):
     return interaction.checkPermission(permission, object)
 
 addCleanUp(endInteraction)
-
-
-# circular imports are not fun
-
-from zope.security.checker import CheckerPublic
-from zope.security.simplepolicies import ParanoidSecurityPolicy
-_defaultPolicy = ParanoidSecurityPolicy
diff --git a/src/zope/security/simplepolicies.py b/src/zope/security/simplepolicies.py
index 133e27a..3cca0b9 100644
--- a/src/zope/security/simplepolicies.py
+++ b/src/zope/security/simplepolicies.py
@@ -18,7 +18,7 @@ $Id$
 import zope.interface
 from zope.security.checker import CheckerPublic
 from zope.security.interfaces import IInteraction, ISecurityPolicy
-from zope.security.management import system_user
+from zope.security._definitions import system_user
 
 class ParanoidSecurityPolicy(object):
     zope.interface.implements(IInteraction)
-- 
cgit v1.2.1