mò #á¸Ec@s¥dZdkZdkZdklZdklZdklZdklZdkl Z dk l Z dk l Z yd klZWnej o gZnXd klZd klZd klZd klZdklZlZdklZedƒZeieidZe ed„e!e"e#dƒƒƒZ$ei%di&e$ƒde'e$ƒƒZ$dfZ(da)e(e*d„Z+de fd„ƒYZ,de fd„ƒYZ-dfd„ƒYZ.dk/l0Z0dfd „ƒYZ1ye2ei3i4d!d"ƒƒZ5Wn d#Z5nXd$„Z6e6e7e7e8ƒd%fd&„ƒYZ9d'„Z:e;ƒZ<e<d(„Z=d)„Z>d*„Z?e*e*e*e*e*e*e*d+„Z@d,„ZAd-„ZBe*d.„ZCdS(/s6Python implementation of the access control machinery.N(s getLogger(saq_base(s aq_parent(saq_inner(s aq_acquire(sBase(s implements(s_what_not_even_god_should_do(sSecurityManagement(s Unauthorized(sISecurityPolicy(sISecurityManager(s Containerss_noroles(sguarded_getitemt ImplPythont_cCs ||jS(N(tctan(RR((t7/data/zmath/zope/lib/python/AccessControl/ImplPython.pyt0sittManagericCsó|pdti|tƒd}d}xSt||ƒot ||ƒ}|djot od|fSndSnt |ƒ}|tjo]|djot o||fSn|Snt o|t|ƒ|gSn|t|ƒSn|tjo|o |}qGtSqK|o1|djot|ƒ}qG|t|ƒ}qKnt |ddƒ}|djoPn|i}q*W|djoOt o@|o.t|tƒo||fSqÍ||gSqÑ|gSn|Snt o||gSn|S(sHReturn the roles that have the given permission on the given object Rt _Permissionit Anonymoustaq_innerN(R (tntstringt translatetpermt name_transtNonetrthasattrtobjecttgetattrtrolest_embed_permission_in_rolesttypettttupletlisttstrt_what_not_even_god_should_dot aq_parenttdefaultt isinstance(RRRR RRR((RtrolesForPermissionOn=sV!          tPermissionRolecBs,tZdZdd„Zd„Zd„ZRS(s'Implement permission-based roles. Under normal circumstances, our __of__ method will be called with an unwrapped object. The result will then be called with a wrapped object, if the original object was wrapped. To deal with this, we have to create an intermediate object. RcCs:||_dti|tƒd|_||_|_ dS(NRR( tnametselft__name__R R Rt_pRt_dt __roles__(R#R"R((Rt__init__…s cCsbtƒ}|i|_||_|i|_t|ddƒ}|dj o|i |ƒSn|SdS(NR ( timPermissionRoleRR#R%tparentt_paR&RRtpt__of__(R#R*R,R((RR-Šs     cCstd||i|iƒS(N(R RtvalueR#R&R%(R#R.((RR •s(R(R$t __module__t__doc__R(R-R (((RR!{s   R)cBs/tZdZd„ZeZd„Zd„ZRS(s Implement permission-based rolescCstd||i|iƒS(N(R RR.R#R&R%(R#R.((RR-œscCs>y |i}Wn&|i|iƒ}|_|`nX||S(N(R#t_vtvR-R+ti(R#R3R2((Rt __getitem__¢s   cCs@y |i}Wn&|i|iƒ}|_|`nXt|ƒS(N(R#R1R2R-R+tlen(R#R2((Rt__len__«s   (R$R/R0R-R R4R6(((RR)™s   tRestrictedDTMLcBs tZdZd„Zd„ZRS(sEA mix-in for derivatives of DT_String.String that adds Zope security.cGs t|ŒS(N(tguarded_getattrtargs(R#R9((RR8»scCs t||ƒS(N(tguarded_getitemtobtindex(R#R;R<((RR:¾s(R$R/R0R8R:(((RR7¸s  (sgetRolestZopeSecurityPolicycBsBtZeeƒdddd„Zeeed d„Zd„ZRS( NiicCs||_||_||_dS(s<Create a Zope security policy. Optional arguments may be provided: ownerous -- Untrusted users can create code (e.g. Python scripts or templates), so check that code owners can access resources. The argument must have a truth value. The default is true. authenticated -- Allow access to resources based on the privaledges of the authenticated user. The argument must have a truth value. The default is true. This (somewhat experimental) option can be set to false on sites that allow only public (unauthenticated) access. An anticipated scenario is a ZEO configuration in which some clients allow only public access and other clients allow full management. verbose -- Include debugging information in Unauthorized exceptions. Not suitable for public sites. N(townerousR#t _owneroust authenticatedt_authenticatedtverboset_verbose(R#R>R@RB((RR(Îs  RR t aq_explicitc Cs t|tƒoh|idƒoT|| joG|io*tddi| ƒ|||||ƒnt ||ƒ‚qxnt|ƒ}t|ƒ} | |jo |} n||jot||||ƒ}n||jo;|djo:|iotd|||||ƒnt ||ƒ‚n||d|ƒ}||joÌ||joK|| j o:|iotd|||||ƒnt ||ƒ‚qq y|idƒ}Wq tj oN|| j o:|iotd|||||ƒnt ||ƒ‚qq Xntt|ƒdƒ}|djo||ddƒ}n|dj odt|tƒpPt|tƒo-t|tƒo|i|ƒ}q­d }q±|||ƒ}qµn|p:|iotd |||||ƒnt ||ƒ‚n||jod Sn|}ny&|djp d |jod SnWn.tj o"t i!d | |fƒ‚nX|i"}|o[|d } |i$oþ| i%ƒ} | dj oá| i'||ƒ oÍ|io°t(|ƒd jotd|||||ƒqwt)| ||ƒo/td|||||d|d| d| ƒqwtd|||||d|d| d| dt*| |ƒƒnt ||ƒ‚qŽn|| ddƒ} | o,| i,ƒ} | dj oq||j o`| i-|ƒpL|io/td|||||d|d| d| ƒnt ||ƒ‚q-q1nx#| D]}||jod Sq8q8W|io_t(|ƒd jotd|||||ƒqÀtd|||||d| d| d|ƒnt ||ƒ‚q×ny,|i/o|i0i'||ƒod SnWntj onX|io×t(|ƒd jotd|||||ƒqú|i/ptd|||||ƒqút)|i0||ƒo,td|||||d|d|i0ƒqútd|||||d|d|i0dt*|i0|ƒƒnt ||ƒ‚dS(Ntaq_s*aq_* names (other than %s) are not alloweds, sNo container providedR'sJUnable to find __roles__ in the container and the container is not wrappeds6Unable to find or acquire __roles__ from the containert*__allow_access_to_unprotected_subobjects__is(The container has no security assertionsR sA'%s' passed as roles during validation of '%s' is not a sequence.iÿÿÿÿsThe object is marked as privates]The owner of the executing script is defined outside the context of the object being accessedtrequired_rolesteo_ownerteosGThe owner of the executing script does not have the required permissionteo_owner_rolest _proxy_roless¢The owner of the executing script is defined outside the context of the object being accessed. The script has proxy roles, but they do not apply in this context.s?The proxy roles set on the executing script do not allow accessteo_proxy_roless;Authenticated access is not allowed by this security policysMYour user account is defined outside the context of the object being accessedtusers7Your user account does not have the required permissiont user_roles(1RR"Rt startswitht valid_aq_R#RCt raiseVerbosetjointaccessedt containerR.tcontextt Unauthorizedtaq_baset containerbaset accessedbaseRt_norolestgetRolesRRt aq_acquiretAttributeErrort ContainersRR,tinttdictt basestringtgett TypeErrortLOGterrortstackRIR?tgetOwnertownertallowedR5tuserHasRolesButNotInContexttgetUserRolesInContextt proxy_rolestgetWrappedOwnert_check_contextRRARM(R#RSRTR"R.RURRRZRPRIRhRYRlRfRXR,R((Rtvalidateìsú                           !              c Cs3t||ƒ}t|tƒo |g}n|i} | oä| d}|i o9|i ƒ}|dj o|i||ƒ odSq‰nt|ddƒ}|oz|iƒ}|dj o3|t|ƒj o|i|ƒpdSqêqînx#|D]}||jodSqõqõWdSq n|ii||ƒS(NiÿÿÿÿiRKi(R t permissionRRRRaRURfRIR#R?RgRhRRiRRlRmRWRnRRM( R#RpRRURRIRRhRlRf((RtcheckPermissionÐs.     !      (s aq_parentsaq_innerRD( R$R/t implementstISecurityPolicyR(RZRRoRq(((RR=Ês ätZ_MAX_STACK_SIZEt100idcCs%td|d|d|ƒa|adS(NR>R@RB(R=R>R@RBt_defaultPolicyR(R>R@RB((RtsetDefaultBehaviorss   tSecurityManagercBs«tZdZeeƒhdd<dd<dd<ddt)N(treprR;treplace(R;((Rt item_reprßscCs;h}x|D]}d|| ÿ4     =  >