zope.security.interfaces

Interfaces for security machinery.

These can be categorized into a few different groups of related objects.

Anywhere that an API is documented as accepting a permission, it means the name of the permission, or the special object zope.security.checker.CheckerPublic.

zope.security.interfaces.PUBLIC_PERMISSION_NAME = 'zope.Public'

The name (id) of the registered IPermission utility that signifies that the protected attribute is public.

New in version 4.2.0.

interface zope.security.interfaces.IUnauthorized[source]

Extends: zope.interface.common.interfaces.IException

The action is not authorized.

Implemented in Unauthorized.

exception zope.security.interfaces.Unauthorized[source]

Bases: exceptions.Exception

Some user wasn’t allowed to access a resource.

Default implementation of IUnauthorized.

interface zope.security.interfaces.IForbidden[source]

Extends: zope.interface.common.interfaces.IException

A resource cannot be accessed under any circumstances

Implemented in Forbidden.

exception zope.security.interfaces.Forbidden[source]

Bases: exceptions.Exception

A resource cannot be accessed under any circumstances

Default implementation if IForbidden.

interface zope.security.interfaces.IForbiddenAttribute[source]

Extends: zope.security.interfaces.IForbidden, zope.interface.common.interfaces.IAttributeError

An attribute is unavailable because it is forbidden (private).

Implemented in ForbiddenAttribute.

exception zope.security.interfaces.ForbiddenAttribute[source]

Bases: zope.security.interfaces.Forbidden, exceptions.AttributeError

An attribute is unavailable because it is forbidden (private).

Default implementation of IForbiddenAttribute.

interface zope.security.interfaces.ISecurityManagement[source]

Public security management API.

This is implemented by zope.security.management.

getSecurityPolicy()

Get the system default security policy.

setSecurityPolicy(aSecurityPolicy)

Set the system default security policy.

This method should only be called by system startup code. It should never, for example, be called during a web request.

interface zope.security.interfaces.ISecurityChecking[source]

Public security API.

checkPermission(permission, object, interaction=None)

Return whether security policy allows permission on object.

Parameters:
  • permission (str) – The permission name.
  • object – The object being accessed according to the permission.
  • interaction – An IInteraction, providing access to information such as authenticated principals. If it is None, the current interaction is used.
interface zope.security.interfaces.ISecurityProxyFactory[source]

A factory for creating security-proxied objects.

See zope.security.checker.ProxyFactory for the default implementation.

__call__(object, checker=None)

Create a security proxy

If a checker (IChecker) is given, then use it, otherwise, try to figure out a checker.

If the object is already a security proxy, then it will be returned.

interface zope.security.interfaces.IChecker[source]

Security-proxy plugin objects that implement low-level checks.

The checker is responsible for creating proxies for operation return values, via the proxy method.

There are check_getattr() and check_setattr() methods for checking getattr and setattr, and a check() method for all other operations.

The check methods will raise errors if access is not allowed. They return no value.

Example (for __getitem__):

checker.check(ob, "__getitem__")
return checker.proxy(ob[key])
check_getattr(ob, name)

Check whether attribute access is allowed.

If a checker implements __setitem__, then __setitem__ will be called rather than check to ascertain whether an operation is allowed. This is a hack that allows significantly greater performance due to the fact that low-level operator access is much faster than method access.

Raises:Unauthorized
Raises:Forbidden
Returns:Nothing
check_setattr(ob, name)

Check whether attribute assignment is allowed.

If a checker implements __setitem__, then __setitem__ will be called rather than check to ascertain whether an operation is allowed. This is a hack that allows significantly greater performance due to the fact that low-level operator access is much faster than method access.

Raises:Unauthorized
Raises:Forbidden
Returns:Nothing
check(ob, operation)

Check whether operation is allowed.

The operation name is the Python special method name, e.g. “__getitem__”.

May raise Unauthorized or Forbidden. Returns no value.

If a checker implements __setitem__, then __setitem__ will be called rather than check to ascertain whether an operation is allowed. This is a hack that allows significantly greater performance due to the fact that low-level operator access is much faster than method access.

Raises:Unauthorized
Raises:Forbidden
Returns:Nothing
proxy(value)

Return a security proxy for the value.

If a checker implements __getitem__, then __getitem__ will be called rather than proxy to proxy the value. This is a hack that allows significantly greater performance due to the fact that low-level operator access is much faster than method access.

interface zope.security.interfaces.INameBasedChecker[source]

Extends: zope.security.interfaces.IChecker

Security checker that uses permissions to check attribute access.

permission_id(name)

Return the permission used to check attribute access on name.

This permission is used by both check() and check_getattr().

setattr_permission_id(name)

Return the permission used to check attribute assignment on name.

This permission is used by check_setattr().

interface zope.security.interfaces.ISecurityPolicy[source]

A factory to get IInteraction objects.

See also

zope.security.simplepolicies For default implementations.

__call__(participation=None)

Creates and returns a new IInteraction for a given request.

If participation is not None, it is added to the new interaction.

interface zope.security.interfaces.IInteraction[source]

A representation of an interaction between some actors and the system.

participations

An iterable of participations.

add(participation)

Add a participation.

remove(participation)

Remove a participation.

checkPermission(permission, object)

Return whether security context allows permission on object.

Parameters:
  • permission (str) – A permission name
  • object – The object being accessed according to the permission
Returns:

Whether the access is allowed or not.

Return type:

bool

interface zope.security.interfaces.IParticipation[source]

A single participant in an interaction.

interaction

The interaction

principal

The authenticated IPrincipal

exception zope.security.interfaces.NoInteraction[source]

Bases: exceptions.Exception

No interaction started

interface zope.security.interfaces.IInteractionManagement[source]

Interaction management API.

Every thread has at most one active interaction at a time.

See also

zope.security.management That module provides the default implementation.

newInteraction(participation=None)

Start a new interaction.

If participation is not None, it is added to the new interaction.

Raises an error if the calling thread already has an interaction.

queryInteraction()

Return the current interaction.

Return None if there is no interaction.

getInteraction()

Return the current interaction.

Raises:NoInteraction – if there isn’t a current interaction.
endInteraction()

End the current interaction.

Does nothing if there is no interaction.

interface zope.security.interfaces.IPrincipal[source]

Principals are security artifacts that execute actions in a security environment.

The most common examples of principals include user and group objects.

It is likely that IPrincipal objects will have associated views used to list principals in management interfaces. For example, a system in which other meta-data are provided for principals might extend IPrincipal and register a view for the extended interface that displays the extended information.

id

Id

The unique identification of the principal.

title

Title

The title of the principal. This is usually used in the UI.

description

Description

A detailed description of the principal.

interface zope.security.interfaces.IGroupAwarePrincipal[source]

Extends: zope.security.interfaces.IPrincipal

Group aware principal interface.

Extends IPrincipal to contain direct group information.

groups

An iterable of IGroup objects to which the principal directly belongs

interface zope.security.interfaces.IGroupClosureAwarePrincipal[source]

Extends: zope.security.interfaces.IGroupAwarePrincipal

A group-aware principal that can recursively flatten the membership of groups to return all the groups.

allGroups

An iterable of the full closure of the principal’s groups.

interface zope.security.interfaces.IGroup[source]

Extends: zope.security.interfaces.IPrincipal

Group of principals

interface zope.security.interfaces.IMemberGetterGroup[source]

Extends: zope.security.interfaces.IGroup

A group that can get its members.

getMembers()

Return an iterable of the members of the group

interface zope.security.interfaces.IMemberAwareGroup[source]

Extends: zope.security.interfaces.IMemberGetterGroup

A group that can both set and get its members.

setMembers(value)

Set members of group to the principal IDs in the iterable value.

interface zope.security.interfaces.IPermission[source]

A permission object.

id

Id

Id as which this permission will be known and used.

title

Title

Provides a title for the permission.

description

Description

Provides a description for the permission.