m $Ec@sdZdklZdklZdklZdefdYZdefdYZdefd YZd efd YZ d efd YZ defdYZ dS(sVAccessControl z3 interfaces. $Id: interfaces.py 40461 2005-12-01 22:45:54Z tseaver $ (s_noroles(s Attribute(s InterfacetIOwnedcBstZedZdZddZdZdZddZdZ dd Z d ddd Z d Z d ZRS(NsManage owner viewcCsdS(s'Get ownership info for display N((((t7/data/zmath/zope/lib/python/AccessControl/interfaces.pyt owner_infosicCsdS(sGet the owner If a true argument is provided, then only the owner path and id are returned. Otherwise, the owner object is returned. N((tinfo((RtgetOwner"scCsdS(sReturn a tuple, (userdb_path, user_id) for the owner. o Ownership can be acquired, but only from the containment path. o If unowned, return None. N((((Rt getOwnerTuple)scCsdS(sGet the owner, modestly wrapped in the user folder. o If the object is not owned, return None. o If the owner's user database doesn't exist, return Nobody. o If the owner ID does not exist in the user database, return Nobody. N((((RtgetWrappedOwner1scCsdS(sChange the ownership to the given user. If 'recursive' is true then also take ownership of all sub-objects, otherwise sub-objects retain their ownership information. N((tusert recursive((RtchangeOwnership;scCsdS(s N((((RtuserCanTakeOwnershipBscCsdS(sTake ownership (responsibility) for an object. If 'recursive' is true, then also take ownership of all sub-objects. N((tREQUESTtRESPONSER((Rtmanage_takeOwnershipFsicCsdS(s=Change the type (implicit or explicit) of ownership. N((texplicitR R ((Rtmanage_changeOwnershipTypeLscCsdS(s N((((Rt_deleteOwnershipAfterAddQscCsdS(s N((((Rtmanage_fixupOwnershipAfterAddUs(t__name__t __module__t Attributet manage_ownerRRRRR R R tNoneRRR(((RRs        tIPermissionMappingSupportcBs#tZdZggddZRS(NcCsdS(sReturn the permission mapping for the object This is a list of dictionaries with: permission_name -- The name of the native object permission class_permission -- The class permission the permission is mapped to. N((((Rtmanage_getPermissionMapping_s cCsdS(s&Change the permission mapping N((tpermission_namestclass_permissionsR ((Rtmanage_setPermissionMappingjs(RRRRR(((RR]s t IRoleManagercBstZdZedZddZedZedZgedZ edZ gedZ edZ gdedZ d Zd Zd Zd Zd ZedZedZedZdZdZdZdZdZedZedZedZdZdZdZ dZ!eedZ"edZ#edZ$dZ%dgdZ&d Z'd!Z(RS("s+An object that has configurable permissionssAcquired attributeicCsdS(sGet all permissions not defined in ourself that are inherited. This will be a sequence of tuples with a name as the first item and an empty tuple as the second. N((tall((Rtac_inherited_permissionsyscCsdS(sReturn user-role permission settings. If 'permission' is passed to the method then only the settings for 'permission' is returned. N((t permission((Rtpermission_settingsst cCsdS(s8Change the permissions given to the given role. N((trole_to_managet permissionsR ((Rt manage_rolescCsdS(s-Change the permissions that acquire. N((R#R ((Rtmanage_acquiredPermissionsscCsdS(s Change the settings for the given permission. If optional arg acquire is true, then the roles for the permission are acquired, in addition to the ones specified, otherwise the permissions are restricted to only the designated roles. N((tpermission_to_managetrolestacquireR ((Rtmanage_permissionscKsdS(s=Return an interface for making permissions settings. N((R tkw((Rt manage_accessscCsdS(sFChange all permissions settings, called by management screen. N((R ((Rtmanage_changePermissionsscCsdS(s#Used by management screen. N((trole((RtpermissionsOfRolescCsdS(s#Used by management screen. N((R((RtrolesOfPermissionscCsdS(s#Used by management screen. N((R((RtacquiredRolesAreUsedByscCsdS(s N((((Rthas_local_rolesscCsdS(s N((((Rtget_local_rolesscCsdS(s N((R-((Rtusers_with_local_rolescCsdS(s N((((Rtget_valid_useridsscCsdS(s N((tuserid((Rtget_local_roles_for_useridscCsdS(sSet local roles for a user.N((R5R'R ((Rtmanage_addLocalRolesscCsdS(sSet local roles for a user.N((R5R'R ((Rtmanage_setLocalRolesscCsdS(s"Remove all local roles for a user.N((tuseridsR ((Rtmanage_delLocalRolesscCsdS(sReturn debug info. N((((Rtaccess_debug_infoscCsdS(s$Return list of valid roles. N((((Rt valid_rolesscCsdS(s2Return true if all given roles are valid. N((R'((Rtvalidate_rolesscCsdS(s+Return list of user-defined roles. N((((Rtuserdefined_rolesscCsdS(s%Called by management screen. N((tsubmitR ((Rtmanage_defined_rolesscCsdS(s N((R-R ((Rt_addRolescCsdS(s N((R'R ((Rt _delRolesscCsdS(s N((R-((Rt_has_user_defined_rolestAcCsdS(s N((R tacl_typet acl_roles((Rtmanage_editRolesscCsdS(s N((RERF((Rt _setRolesscCsdS(s N((((Rtpossible_permissionss()RRt__doc__RtpermissionMappingPossibleValuesRRR tmanage_roleFormR$tmanage_acquiredFormR%tmanage_permissionFormR)R+R,R.R/R0t__ac_local_roles__tmanage_listLocalRolestmanage_editLocalRolesR1R2R3R4R6R7R8R:R;R<R=R>R@RARBRCRGRHRI(((RRssJ                              tIStandardUserFoldercBs#tZdZdZdZRS(NcCsdS(szGet the user object specified by name. If there is no user named 'name' in the user folder, return None. N((tname((RtgetUserscCsdS(sLGet a sequence of all user objects which reside in the user folder. N((((RtgetUsersscCsdS(sNGet a sequence of names of the users which reside in the user folder. N((((Rt getUserNamess(RRRTRURV(((RRR s  tISecurityPolicycBs#tZdZedZdZRS(sIPlug-in policy for checking access to objects within untrusted code. cCsdS(s7Check that the current user (from context) has access. o Raise Unauthorized if access is not allowed; otherwise, return a true value. Arguments: accessed -- the object that was being accessed container -- the object the value was found in name -- The name used to access the value value -- The value retrieved though the access. context -- the security context (normally supplied by the security manager). roles -- The roles of the object if already known. N((taccessedt containerRStvaluetcontextR'((Rtvalidate scCsdS(sJCheck whether the current user has a permission w.r.t. an object. N((RtobjectR[((RtcheckPermission6s(RRRJt_norolesR\R^(((RRWs  tISecurityManagercBswtZdZedZeeeeedZeeeeedZdZ dZ dZ dZ dZ RS( s>Check access and manages executable context and policies. uCurrent Security PolicycCsdS(sDValidate access. Arguments: accessed -- the object that was being accessed container -- the object the value was found in name -- The name used to access the value value -- The value retrieved though the access. roles -- The roles of the object if already known. The arguments may be provided as keyword arguments. Some of these arguments may be ommitted, however, the policy may reject access in some cases when arguments are ommitted. It is best to provide all the values possible. N((RXRYRSRZR'((RR\?scCsdS(sdValidate access. * THIS EXISTS FOR DTML COMPATIBILITY * Arguments: accessed -- the object that was being accessed container -- the object the value was found in name -- The name used to access the value value -- The value retrieved though the access. md -- multidict for DTML (ignored) The arguments may be provided as keyword arguments. Some of these arguments may be ommitted, however, the policy may reject access in some cases when arguments are ommitted. It is best to provide all the values possible. N((RXRYRSRZtmd((Rt DTMLValidateYscCsdS(sCheck whether the security context allows the given permission on the given object. Arguments: permission -- A permission name object -- The object being accessed according to the permission N((RR]((RR^us cCsdS(sAdd an ExecutableObject to the current security context. o If it declares a custom security policy, make that policy "current"; otherwise, make the "default" security policy current. N((tanExecutableObject((Rt addContextscCsdS(sRemove an ExecutableObject from the current security context. o Remove all objects from the top of the stack "down" to the supplied object. o If the top object on the stack declares a custom security policy, make that policy "current". o If the stack is empty, or if the top declares no custom security policy, restore the 'default" security policy as current. N((Rc((Rt removeContexts cCsdS(s-Get the currently authenticated user N((((RRTscCsdS(sReturn a boolean value indicating whether this context was called in the context of an by an executable (i.e., one added via 'addContext'). N((((RtcalledByExecutables(RRRJRt_policyRR_R\RbR^RdReRTRf(((RR`:s    N( RJt"AccessControl.SimpleObjectPoliciesR_tzope.interfaceRt InterfaceRRRRRRWR`( RWRRRRRRjR_RR`((Rt?s   C