1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
|
Metadata-Version: 1.0
Name: zope.app.security
Version: 3.7.5
Summary: ZMI Views For Zope3 Security Components
Home-page: http://pypi.python.org/pypi/zope.app.security
Author: Zope Foundation and Contributors
Author-email: zope-dev@zope.org
License: ZPL 2.1
Description: This package provides ZMI browser views for Zope security components.
It used to provide a large part of security functionality for Zope 3, but it was
factored out from this package to several little packages to reduce dependencies
and improve reusability.
The functionality was splitted into these new packages:
* zope.authentication - the IAuthentication interface and related utilities.
* zope.principalregistry - the global principal registry and its zcml directives.
* zope.app.localpermission - the LocalPermission class that implements
persistent permissions.
The rest of functionality that were provided by this package is merged into
``zope.security`` and ``zope.publisher``.
Backward-compatibility imports are provided to ensure that older applications
work. See CHANGES.txt for more info.
Detailed Documentation
======================
===========================================
The Query View for Authentication Utilities
===========================================
A regular authentication service will not provide the `ISourceQueriables`
interface, but it is a queriable itself, since it provides the simple
`getPrincipals(name)` method:
>>> class Principal:
... def __init__(self, id):
... self.id = id
>>> class MyAuthUtility:
... data = {'jim': Principal(42), 'don': Principal(0),
... 'stephan': Principal(1)}
...
... def getPrincipals(self, name):
... return [principal
... for id, principal in self.data.items()
... if name in id]
Now that we have our queriable, we create the view for it:
>>> from zope.app.security.browser.auth import AuthUtilitySearchView
>>> from zope.publisher.browser import TestRequest
>>> request = TestRequest()
>>> view = AuthUtilitySearchView(MyAuthUtility(), request)
This allows us to render a search form.
>>> print view.render('test') # doctest: +NORMALIZE_WHITESPACE
<h4>principals.zcml</h4>
<div class="row">
<div class="label">
Search String
</div>
<div class="field">
<input type="text" name="test.searchstring" />
</div>
</div>
<div class="row">
<div class="field">
<input type="submit" name="test.search" value="Search" />
</div>
</div>
If we ask for results:
>>> view.results('test')
We don't get any, since we did not provide any. But if we give input:
>>> request.form['test.searchstring'] = 'n'
we still don't get any:
>>> view.results('test')
because we did not press the button. So let's press the button:
>>> request.form['test.search'] = 'Search'
so that we now get results (!):
>>> ids = list(view.results('test'))
>>> ids.sort()
>>> ids
[0, 1]
====================
Login/Logout Snippet
====================
The class LoginLogout:
>>> from zope.app.security.browser.auth import LoginLogout
is used as a view to generate an HTML snippet suitable for logging in or
logging out based on whether or not the current principal is authenticated.
When the current principal is unauthenticated, it provides
IUnauthenticatedPrincipal:
>>> from zope.authentication.interfaces import IUnauthenticatedPrincipal
>>> from zope.principalregistry.principalregistry import UnauthenticatedPrincipal
>>> anonymous = UnauthenticatedPrincipal('anon', '', '')
>>> IUnauthenticatedPrincipal.providedBy(anonymous)
True
When LoginLogout is used for a request that has an unauthenticated principal,
it provides the user with a link to 'Login':
>>> from zope.publisher.browser import TestRequest
>>> request = TestRequest()
>>> request.setPrincipal(anonymous)
>>> LoginLogout(None, request)()
u'<a href="@@login.html?nextURL=http%3A//127.0.0.1">[Login]</a>'
Logout, however, behaves differently. Not all authentication protocols (i.e.
credentials extractors/challengers) support 'logout'. Furthermore, we don't
know how an admin may have configured Zope's authentication. Our solution is
to rely on the admin to tell us explicitly that the site supports logout.
By default, the LoginLogout snippet will not provide a logout link for an
unauthenticated principal. To illustrate, we'll first setup a request with an
unauthenticated principal:
>>> from zope.security.interfaces import IPrincipal
>>> from zope.interface import implements
>>> class Bob:
... implements(IPrincipal)
... id = 'bob'
... title = description = ''
>>> bob = Bob()
>>> IUnauthenticatedPrincipal.providedBy(bob)
False
>>> request.setPrincipal(bob)
In this case, the default behavior is to return None for the snippet:
>>> print LoginLogout(None, request)()
None
To show a logout prompt, an admin must register a marker adapter that provides
the interface:
>>> from zope.authentication.interfaces import ILogoutSupported
This flags to LoginLogout that the site supports logout. There is a 'no-op'
adapter that can be registered for this:
>>> from zope.authentication.logout import LogoutSupported
>>> from zope.component import provideAdapter
>>> provideAdapter(LogoutSupported, (None,), ILogoutSupported)
Now when we use LoginLogout with an unauthenticated principal, we get a logout
prompt:
>>> LoginLogout(None, request)()
u'<a href="@@logout.html?nextURL=http%3A//127.0.0.1">[Logout]</a>'
=======
CHANGES
=======
3.7.5 (2010-01-08)
------------------
- Move 'zope.ManageApplication' permission to zope.app.applicationcontrol
- Fix tests using a newer zope.publisher that requires zope.login.
3.7.3 (2009-11-29)
------------------
- provide a clean zope setup and move zope.app.testing to a test dependency
- removed unused dependencies like ZODB3 etc. from install_requires
3.7.2 (2009-09-10)
------------------
- Added data attribute to '_protections.zcml' for PersistentList
and PersistentDict to accomodate UserList and UserDict behavior
when they are proxied.
3.7.1 (2009-08-15)
------------------
- Changed globalmodules.zcml to avoid making declarations for
deprecated standard modules, to avoid deprecation warnings.
Note that globalmodules.zcml should be avoided. It's better to make
declarations for only what you actually need to use.
3.7.0 (2009-03-14)
------------------
- All interfaces, as well as some authentication-related helper classes and
functions (checkPrincipal, PrincipalSource, PrincipalTerms, etc.) were moved
into the new ``zope.authentication`` package. Backward-compatibility imports
are provided.
- The "global principal registry" along with its zcml directives was moved into
new "zope.principalregistry" package. Backward-compatibility imports are
provided.
- The IPrincipal -> zope.publisher.interfaces.logginginfo.ILoggingInfo
adapter was moved to ``zope.publisher``. Backward-compatibility import
is provided.
- The PermissionsVocabulary and PermissionIdsVocabulary has been moved
to the ``zope.security`` package. Backward-compatibility imports are
provided.
- The registration of the "zope.Public" permission as well as some other
common permissions, like "zope.View" have been moved to ``zope.security``.
Its configure.zcml is now included by this package.
- The "protect" function is now a no-op and is not needed anymore, because
zope.security now knows about i18n messages and __name__ and __parent__
attributes and won't protect them by default.
- The addCheckerPublic was moved from zope.app.security.tests to
zope.security.testing. Backward-compatibility import is provided.
- The ``LocalPermission`` class is now moved to new ``zope.app.localpermission``
package. This package now only has backward-compatibility imports and
zcml includes.
- Cleanup dependencies after refactorings. Also, don't depend on
zope.app.testing for tests anymore.
- Update package's description to point about refactorings done.
3.6.2 (2009-03-10)
------------------
- The `Allow`, `Deny` and `Unset` permission settings was preferred to
be imported from ``zope.securitypolicy.interfaces`` for a long time
and now they are completely moved there from ``zope.app.security.settings``
as well as the ``PermissionSetting`` class. The only thing left for
backward compatibility is the import of Allow/Unset/Deny constants if
``zope.securitypolicy`` is installed to allow unpickling of security
settings.
3.6.1 (2009-03-09)
------------------
- Depend on new ``zope.password`` package instead of ``zope.app.authentication``
to get password managers for the authentication utility, thus remove
dependency on ``zope.app.authentication``.
- Use template for AuthUtilitySearchView instead of ugly HTML
constructing in the python code.
- Bug: The `sha` and `md5` modules has been deprecated in Python 2.6.
Whenever the ZCML of this package was included when using Python 2.6,
a deprecation warning had been raised stating that `md5` and `sha` have
been deprecated. Provided a simple condition to check whether Python 2.6
or later is installed by checking for the presense of `json` module
thas was added only in Python 2.6 and thus optionally load the security
declaration for `md5` and `sha`.
- Remove deprecated code, thus removing explicit dependency on
zope.deprecation and zope.deferredimport.
- Cleanup code a bit, replace old __used_for__ statements by ``adapts``
calls.
3.6.0 (2009-01-31)
------------------
- Changed mailing list address to zope-dev at zope.org, because
zope3-dev is retired now. Changed "cheeseshop" to "pypi" in
the package homepage.
- Moved the `protectclass` module to `zope.security` leaving only a
compatibility module here that imports from the new location.
- Moved the <module> directive implementation to `zope.security`.
- Use `zope.container` instead of `zope.app.container`;.
3.5.3 (2008-12-11)
------------------
- use zope.browser.interfaces.ITerms instead of
`zope.app.form.browser.interfaces`.
3.5.2 (2008-07-31)
------------------
- Bug: It turned out that checking for regex was not much better of an
idea, since it causes deprecation warnings in Python 2.4. Thus let's
look for a library that was added in Python 2.5.
3.5.1 (2008-06-24)
------------------
- Bug: The `gopherlib` module has been deprecated in Python 2.5. Whenever the
ZCML of this package was included when using Python 2.5, a deprecation
warning had been raised stating that `gopherlib` has been
deprecated. Provided a simple condition to check whether Python 2.5 or later
is installed by checking for the deleted `regex` module and thus optionally
load the security declaration for `gopherlib`.
3.5.0 (2008-02-05)
------------------
- Feature:
`zope.app.security.principalregistry.PrincipalRegistry.getPrincipal` returns
`zope.security.management.system_user` when its id is used for the search
key.
3.4.0 (2007-10-27)
------------------
- Initial release independent of the main Zope tree.
Keywords: zope security authentication principal ftp http
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Zope Public License
Classifier: Programming Language :: Python
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Framework :: Zope3
|