zope.security.zcml

Configuring security via ZCML

zope.security provides a ZCML file that configures some utilities and a couple of permissions:

>>> from zope.component import getGlobalSiteManager
>>> from zope.configuration.xmlconfig import XMLConfig
>>> from zope.component.testing import setUp
>>> import zope.security
>>> setUp()  # clear global component registry
>>> XMLConfig('permissions.zcml', zope.security)()

>>> len(list(getGlobalSiteManager().registeredUtilities()))
7

Clear the current state:

>>> from zope.component.testing import setUp, tearDown
>>> tearDown()
>>> setUp()

>>> XMLConfig('configure.zcml', zope.security)()

>>> len(list(getGlobalSiteManager().registeredUtilities()))
10
class zope.security.zcml.Permission(min_length=0, max_length=None, **kw)[source]

This field describes a permission.

Let’s look at an example:

>>> from zope.security.zcml import Permission
>>> class FauxContext(object):
...     permission_mapping = {'zope.ManageCode':'zope.private'}
...     _actions = []
...     def action(self, **kws):
...        self._actions.append(kws)
>>> context = FauxContext()
>>> field = Permission().bind(context)

Let’s test the fromUnicode method:

>>> field.fromUnicode(u'zope.foo')
'zope.foo'
>>> field.fromUnicode(u'zope.ManageCode')
'zope.private'

Now let’s see whether validation works alright

>>> field._validate('zope.ManageCode')
>>> context._actions[0]['args']
(None, 'zope.foo')

>>> from zope.schema.interfaces import InvalidId
>>> try:
...     field._validate('3 foo')
... except InvalidId as e:
...     e
InvalidId('3 foo')

zope.Public is always valid
>>> field._validate('zope.Public')
interface zope.security.zcml.ISecurityPolicyDirective[source]

Defines the security policy that will be used for Zope.

component

Component

Pointer to the object that will handle the security.

zope.security.zcml.securityPolicy(_context, component)[source]
interface zope.security.zcml.IPermissionDirective[source]

Define a new security object.

id

Id

Id as which this object will be known and used.

title

Title

Provides a title for the object.

description

Description

Provides a description for the object.

zope.security.zcml.permission(_context, id, title, description='')[source]
interface zope.security.zcml.IRedefinePermission[source]

Define a permission to replace another permission.

from_

Original permission

Original permission id to redefine.

to

Substituted permission

Substituted permission id.

zope.security.zcml.redefinePermission(_context, from_, to)[source]