2
Name: zope.app.security
4
Summary: ZMI Views For Zope3 Security Components
5
Home-page: http://pypi.python.org/pypi/zope.app.security
6
Author: Zope Foundation and Contributors
7
Author-email: zope-dev@zope.org
9
Description: This package provides ZMI browser views for Zope security components.
11
It used to provide a large part of security functionality for Zope 3, but it was
12
factored out from this package to several little packages to reduce dependencies
13
and improve reusability.
15
The functionality was splitted into these new packages:
17
* zope.authentication - the IAuthentication interface and related utilities.
18
* zope.principalregistry - the global principal registry and its zcml directives.
19
* zope.app.localpermission - the LocalPermission class that implements
20
persistent permissions.
22
The rest of functionality that were provided by this package is merged into
23
``zope.security`` and ``zope.publisher``.
25
Backward-compatibility imports are provided to ensure that older applications
26
work. See CHANGES.txt for more info.
29
Detailed Documentation
30
======================
33
===========================================
34
The Query View for Authentication Utilities
35
===========================================
37
A regular authentication service will not provide the `ISourceQueriables`
38
interface, but it is a queriable itself, since it provides the simple
39
`getPrincipals(name)` method:
42
... def __init__(self, id):
45
>>> class MyAuthUtility:
46
... data = {'jim': Principal(42), 'don': Principal(0),
47
... 'stephan': Principal(1)}
49
... def getPrincipals(self, name):
51
... for id, principal in self.data.items()
54
Now that we have our queriable, we create the view for it:
56
>>> from zope.app.security.browser.auth import AuthUtilitySearchView
57
>>> from zope.publisher.browser import TestRequest
58
>>> request = TestRequest()
59
>>> view = AuthUtilitySearchView(MyAuthUtility(), request)
61
This allows us to render a search form.
63
>>> print view.render('test') # doctest: +NORMALIZE_WHITESPACE
64
<h4>principals.zcml</h4>
70
<input type="text" name="test.searchstring" />
75
<input type="submit" name="test.search" value="Search" />
79
If we ask for results:
81
>>> view.results('test')
83
We don't get any, since we did not provide any. But if we give input:
85
>>> request.form['test.searchstring'] = 'n'
87
we still don't get any:
89
>>> view.results('test')
91
because we did not press the button. So let's press the button:
93
>>> request.form['test.search'] = 'Search'
95
so that we now get results (!):
97
>>> ids = list(view.results('test'))
107
The class LoginLogout:
109
>>> from zope.app.security.browser.auth import LoginLogout
111
is used as a view to generate an HTML snippet suitable for logging in or
112
logging out based on whether or not the current principal is authenticated.
114
When the current principal is unauthenticated, it provides
115
IUnauthenticatedPrincipal:
117
>>> from zope.authentication.interfaces import IUnauthenticatedPrincipal
118
>>> from zope.principalregistry.principalregistry import UnauthenticatedPrincipal
119
>>> anonymous = UnauthenticatedPrincipal('anon', '', '')
120
>>> IUnauthenticatedPrincipal.providedBy(anonymous)
123
When LoginLogout is used for a request that has an unauthenticated principal,
124
it provides the user with a link to 'Login':
126
>>> from zope.publisher.browser import TestRequest
127
>>> request = TestRequest()
128
>>> request.setPrincipal(anonymous)
129
>>> LoginLogout(None, request)()
130
u'<a href="@@login.html?nextURL=http%3A//127.0.0.1">[Login]</a>'
132
Logout, however, behaves differently. Not all authentication protocols (i.e.
133
credentials extractors/challengers) support 'logout'. Furthermore, we don't
134
know how an admin may have configured Zope's authentication. Our solution is
135
to rely on the admin to tell us explicitly that the site supports logout.
137
By default, the LoginLogout snippet will not provide a logout link for an
138
unauthenticated principal. To illustrate, we'll first setup a request with an
139
unauthenticated principal:
141
>>> from zope.security.interfaces import IPrincipal
142
>>> from zope.interface import implements
144
... implements(IPrincipal)
146
... title = description = ''
148
>>> IUnauthenticatedPrincipal.providedBy(bob)
150
>>> request.setPrincipal(bob)
152
In this case, the default behavior is to return None for the snippet:
154
>>> print LoginLogout(None, request)()
157
To show a logout prompt, an admin must register a marker adapter that provides
160
>>> from zope.authentication.interfaces import ILogoutSupported
162
This flags to LoginLogout that the site supports logout. There is a 'no-op'
163
adapter that can be registered for this:
165
>>> from zope.authentication.logout import LogoutSupported
166
>>> from zope.component import provideAdapter
167
>>> provideAdapter(LogoutSupported, (None,), ILogoutSupported)
169
Now when we use LoginLogout with an unauthenticated principal, we get a logout
172
>>> LoginLogout(None, request)()
173
u'<a href="@@logout.html?nextURL=http%3A//127.0.0.1">[Logout]</a>'
183
- Move 'zope.ManageApplication' permission to zope.app.applicationcontrol
185
- Fix tests using a newer zope.publisher that requires zope.login.
190
- provide a clean zope setup and move zope.app.testing to a test dependency
192
- removed unused dependencies like ZODB3 etc. from install_requires
197
- Added data attribute to '_protections.zcml' for PersistentList
198
and PersistentDict to accomodate UserList and UserDict behavior
199
when they are proxied.
204
- Changed globalmodules.zcml to avoid making declarations for
205
deprecated standard modules, to avoid deprecation warnings.
207
Note that globalmodules.zcml should be avoided. It's better to make
208
declarations for only what you actually need to use.
213
- All interfaces, as well as some authentication-related helper classes and
214
functions (checkPrincipal, PrincipalSource, PrincipalTerms, etc.) were moved
215
into the new ``zope.authentication`` package. Backward-compatibility imports
218
- The "global principal registry" along with its zcml directives was moved into
219
new "zope.principalregistry" package. Backward-compatibility imports are
222
- The IPrincipal -> zope.publisher.interfaces.logginginfo.ILoggingInfo
223
adapter was moved to ``zope.publisher``. Backward-compatibility import
226
- The PermissionsVocabulary and PermissionIdsVocabulary has been moved
227
to the ``zope.security`` package. Backward-compatibility imports are
230
- The registration of the "zope.Public" permission as well as some other
231
common permissions, like "zope.View" have been moved to ``zope.security``.
232
Its configure.zcml is now included by this package.
234
- The "protect" function is now a no-op and is not needed anymore, because
235
zope.security now knows about i18n messages and __name__ and __parent__
236
attributes and won't protect them by default.
238
- The addCheckerPublic was moved from zope.app.security.tests to
239
zope.security.testing. Backward-compatibility import is provided.
241
- The ``LocalPermission`` class is now moved to new ``zope.app.localpermission``
242
package. This package now only has backward-compatibility imports and
245
- Cleanup dependencies after refactorings. Also, don't depend on
246
zope.app.testing for tests anymore.
248
- Update package's description to point about refactorings done.
253
- The `Allow`, `Deny` and `Unset` permission settings was preferred to
254
be imported from ``zope.securitypolicy.interfaces`` for a long time
255
and now they are completely moved there from ``zope.app.security.settings``
256
as well as the ``PermissionSetting`` class. The only thing left for
257
backward compatibility is the import of Allow/Unset/Deny constants if
258
``zope.securitypolicy`` is installed to allow unpickling of security
264
- Depend on new ``zope.password`` package instead of ``zope.app.authentication``
265
to get password managers for the authentication utility, thus remove
266
dependency on ``zope.app.authentication``.
268
- Use template for AuthUtilitySearchView instead of ugly HTML
269
constructing in the python code.
271
- Bug: The `sha` and `md5` modules has been deprecated in Python 2.6.
272
Whenever the ZCML of this package was included when using Python 2.6,
273
a deprecation warning had been raised stating that `md5` and `sha` have
274
been deprecated. Provided a simple condition to check whether Python 2.6
275
or later is installed by checking for the presense of `json` module
276
thas was added only in Python 2.6 and thus optionally load the security
277
declaration for `md5` and `sha`.
279
- Remove deprecated code, thus removing explicit dependency on
280
zope.deprecation and zope.deferredimport.
282
- Cleanup code a bit, replace old __used_for__ statements by ``adapts``
288
- Changed mailing list address to zope-dev at zope.org, because
289
zope3-dev is retired now. Changed "cheeseshop" to "pypi" in
290
the package homepage.
292
- Moved the `protectclass` module to `zope.security` leaving only a
293
compatibility module here that imports from the new location.
295
- Moved the <module> directive implementation to `zope.security`.
297
- Use `zope.container` instead of `zope.app.container`;.
302
- use zope.browser.interfaces.ITerms instead of
303
`zope.app.form.browser.interfaces`.
308
- Bug: It turned out that checking for regex was not much better of an
309
idea, since it causes deprecation warnings in Python 2.4. Thus let's
310
look for a library that was added in Python 2.5.
315
- Bug: The `gopherlib` module has been deprecated in Python 2.5. Whenever the
316
ZCML of this package was included when using Python 2.5, a deprecation
317
warning had been raised stating that `gopherlib` has been
318
deprecated. Provided a simple condition to check whether Python 2.5 or later
319
is installed by checking for the deleted `regex` module and thus optionally
320
load the security declaration for `gopherlib`.
326
`zope.app.security.principalregistry.PrincipalRegistry.getPrincipal` returns
327
`zope.security.management.system_user` when its id is used for the search
333
- Initial release independent of the main Zope tree.
335
Keywords: zope security authentication principal ftp http
337
Classifier: Development Status :: 5 - Production/Stable
338
Classifier: Environment :: Web Environment
339
Classifier: Intended Audience :: Developers
340
Classifier: License :: OSI Approved :: Zope Public License
341
Classifier: Programming Language :: Python
342
Classifier: Natural Language :: English
343
Classifier: Operating System :: OS Independent
344
Classifier: Topic :: Internet :: WWW/HTTP
345
Classifier: Framework :: Zope3