From 1d553ae96dcc185e54cb9832203f6bb42ebda79b Mon Sep 17 00:00:00 2001 From: Jason Madden Date: Mon, 20 Aug 2018 15:02:44 -0500 Subject: Add ``ISystemPrincipal`` and make ``system_user`` a regular object that implements it This facilitates adding adapter registrations for the system user. --- src/zope/security/_definitions.py | 6 ++++-- src/zope/security/interfaces.py | 15 +++++++++++++++ src/zope/security/management.py | 17 +++++++++++++++-- src/zope/security/tests/test_management.py | 8 ++++++++ 4 files changed, 42 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/zope/security/_definitions.py b/src/zope/security/_definitions.py index e4f3867..929823c 100644 --- a/src/zope/security/_definitions.py +++ b/src/zope/security/_definitions.py @@ -20,8 +20,10 @@ from zope.security import interfaces thread_local = threading.local() -@zope.interface.provider(interfaces.IPrincipal) -class system_user(object): +@zope.interface.implementer(interfaces.ISystemPrincipal) +class SystemUser(object): id = u'zope.security.management.system_user' title = u'System' description = u'' + +system_user = SystemUser() diff --git a/src/zope/security/interfaces.py b/src/zope/security/interfaces.py index 1d646ee..74cd385 100644 --- a/src/zope/security/interfaces.py +++ b/src/zope/security/interfaces.py @@ -38,6 +38,7 @@ These can be categorized into a few different groups of related objects. - :class:`IParticipation` - :class:`IInteractionManagement` - :class:`IPrincipal` + - :class:`ISystemPrincipal` - :class:`IGroupAwarePrincipal` - :class:`IGroupClosureAwarePrincipal` - :class:`IGroup` @@ -394,6 +395,20 @@ class IPrincipal(Interface): required=False) +class ISystemPrincipal(IPrincipal): + """ + A principal that represents the system (application) itself. + + Typically a system principal is granted extra capabilities + or excluded from certain checks. End users should *not* be able + to act as the system principal. + + Because speed is often a factor, a single instance of a system principal + is found at ``zope.security.management.system_user`` and can + be compared for by identity (e.g., ``if principal is system_user:``). + """ + + class IGroupAwarePrincipal(IPrincipal): """ Group aware principal interface. diff --git a/src/zope/security/management.py b/src/zope/security/management.py index 0c037d0..1acc3d3 100644 --- a/src/zope/security/management.py +++ b/src/zope/security/management.py @@ -26,8 +26,21 @@ from zope.security.interfaces import ISecurityManagement from zope.security.interfaces import NoInteraction from zope.security.simplepolicies import ParanoidSecurityPolicy from zope.security._definitions import thread_local -from zope.security._definitions import system_user # API? - +from zope.security._definitions import system_user + + +__all__ = [ + 'system_user', + 'getSecurityPolicy', + 'setSecurityPolicy', + 'queryInteraction', + 'getInteraction', + 'ExistingInteraction', + 'newInteraction', + 'endInteraction', + 'restoreInteraction', + 'checkPermission', +] _defaultPolicy = ParanoidSecurityPolicy diff --git a/src/zope/security/tests/test_management.py b/src/zope/security/tests/test_management.py index 83aca7b..93ce19d 100644 --- a/src/zope/security/tests/test_management.py +++ b/src/zope/security/tests/test_management.py @@ -170,7 +170,11 @@ class Test(unittest.TestCase): self.assertEqual(checkPermission(None, obj), True) self.assertEqual(checkPermission(CheckerPublic, obj), True) + def test_system_user(self): + from zope.interface.verify import verifyObject + from zope.security.interfaces import IPrincipal + from zope.security.interfaces import ISystemPrincipal from zope.security.management import system_user self.assertEqual(system_user.id, @@ -182,5 +186,9 @@ class Test(unittest.TestCase): self.assertIsInstance(getattr(system_user, name), type(u'')) + verifyObject(IPrincipal, system_user) + verifyObject(ISystemPrincipal, system_user) + + def test_suite(): return unittest.defaultTestLoader.loadTestsFromName(__name__) -- cgit v1.2.1