mò
$á¸Ec           @   sO  d  Z  g  Z d k Z d e i _ h  e f  ƒ d <e d ƒ d <e d ƒ d <Z d f  d „  ƒ  YZ d k l Z e ƒ  Z	 yG e	 d d ƒ d	 Z
 e e
 ƒ e e ƒ  ƒ j	 o d e e e
 ƒ <n Wn n Xe i Z d d
 „ Z d k l Z l Z l Z d k l Z l Z l Z d k l Z l Z l Z d k l Z l Z l Z xe d f e d f e d	 f e d f e d f e d	 f e d f e d f e d	 f e d f e d f e d	 f g D] \ Z Z e ƒ  Z  e e  i! ƒ  ƒ Z" e" e# j	 o e e" ƒ n e oD e" e e  i$ ƒ  ƒ j p t% ‚ e" e e  i& ƒ  ƒ j p t% ‚ qºqºWd S(   sÄ  Collect rules for access to objects that don't have roles.

The rules are expressed as a mapping from type -> assertion

An assertion can be:

  - A dict

  - A callable

  - Something with a truth value

If the assertion is a callable, then it will be called with
a name being accessed and the name used.  Its return value is ignored,
but in may veto an access by raising an exception.

If the assertion is a dictionary, then the keys are attribute names.
The values may be callables or objects with boolean values. If a value
is callable, it will be called with the object we are accessing an
attribute of and the attribute name. It should return an attribute
value. Callables are often used to returned guarded versions of
methods.  Otherwise, accesses are allowed if values in this dictionary
are true and disallowed if the values are false or if an item for an
attribute name is not present.

If the assertion is not a dict and is not callable, then access to
unprotected attributes is allowed if the assertion is true, and
disallowed otherwise.

XXX This descrition doesn't actually match what's done in ZopeGuards
or in ZopeSecurityPolicy. :(

$Id: SimpleObjectPolicies.py 40218 2005-11-18 14:39:19Z andreasjung $Ni   t    u    t   _dummy_classc           B   s   t  Z RS(   N(   t   __name__t
   __module__(    (    (    tA   /data/zmath/zope/lib/python/AccessControl/SimpleObjectPolicies.pyR   P   s    (   s   TemplateDictt   dummyi    c         C   s‚   t  |  ƒ t  j	 o t d |  ‚ n t |  d ƒ o t d |  ‚ n t | t ƒ p t | t ƒ p t d ‚ n | t |  <d S(   sz   Allow a type and all of its methods and attributes to be used from
    restricted code.  The argument Type must be a type.s   %s is not a typet	   __roles__s   %s handles its own securitys.   The 'allowed' argument must be an int or dict.N(	   t   typet   Typet
   ValueErrort   hasattrt
   isinstancet   allowedt   intt   dictt   ContainerAssertions(   R   R   (    (    R   t
   allow_typea   s      (   s   OOBTrees   OOBuckets   OOSet(   s   OIBTrees   OIBuckets   OISet(   s   IOBTrees   IOBuckets   IOSet(   s   IIBTrees   IIBuckets   IISet('   t   __doc__t   _norolest   Recordt*   __allow_access_to_unprotected_subobjects__R   R   R   t   DocumentTemplate.DT_Utilt   TemplateDictt   templateDictt   dictInstancet   gett
   ContainersR   t   BTrees.OOBTreet   OOBTreet   OOBuckett   OOSett   BTrees.OIBTreet   OIBTreet   OIBuckett   OISett   BTrees.IOBTreet   IOBTreet   IOBuckett   IOSett   BTrees.IIBTreet   IIBTreet   IIBuckett   IISett	   tree_typet
   has_valuest   treet   keyst   key_typet   listt   valuest   AssertionErrort   items(   R   R&   R%   R/   R   R)   R   R   R   R   R   R   R*   R,   R   R$   R   R   R   R!   R-   R(   R    R+   R"   (    (    R   t   ?-   s8   	3		s 	