Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Zope: Users

changing permissions on classes/methods at runtime?

 

 

Zope users RSS feed   Index | Next | Previous | View Threaded


Juergen.Herrmann at XLhost

Feb 29, 2012, 6:12 AM

Post #1 of 6 (849 views)
Permalink
changing permissions on classes/methods at runtime?

hi all!

is it possible to change permissions and roles on classes/methods
at runtime? normally you'd attach security declarations inline in
your class definition code:

from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
class Cls():
security = ClassSecurityInfo()
security.declarePrivate('foo')
def foo(self):
pass
InitializeClass(Cls)


now what i tried at runtime is:

from mycode import Cls
from AccessControl import ClassSecurityInfo
security = ClassSecurityInfo()
security.declarePublic('foo')
security.apply(Cls)

but this does not what i want it to, in fact it doesn't seem
to do anything yet - probably because i'm using the wrong way :)

any hints how to do this correctly would be greatly appreciated.

thank you very much in advance and best regards,
Jürgen Herrmann
--
>> XLhost.de ® - Webhosting von supersmall bis eXtra Large <<

XLhost.de GmbH
Jürgen Herrmann, Geschäftsführer
Boelckestrasse 21, 93051 Regensburg, Germany

Geschäftsführer: Jürgen Herrmann
Registriert unter: HRB9918
Umsatzsteuer-Identifikationsnummer: DE245931218

Fon: +49 (0)800 XLHOSTDE [0800 95467833]
Fax: +49 (0)800 95467830
Web: http://www.XLhost.de
_______________________________________________
Zope maillist - Zope [at] zope
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )


thierry.florac at onf

Mar 2, 2012, 1:29 AM

Post #2 of 6 (824 views)
Permalink
Re: changing permissions on classes/methods at runtime? [In reply to]

Hi,


Le Wed, 29 Feb 2012 15:12:37 +0100,
Jürgen Herrmann <Juergen.Herrmann [at] XLhost> a écrit:

> is it possible to change permissions and roles on classes/methods
> at runtime? normally you'd attach security declarations inline in
> your class definition code:
>
> from AccessControl import ClassSecurityInfo
> from AccessControl.class_init import InitializeClass
> class Cls():
> security = ClassSecurityInfo()
> security.declarePrivate('foo')
> def foo(self):
> pass
> InitializeClass(Cls)
>
>
> now what i tried at runtime is:
>
> from mycode import Cls
> from AccessControl import ClassSecurityInfo
> security = ClassSecurityInfo()
> security.declarePublic('foo')
> security.apply(Cls)
>
> but this does not what i want it to, in fact it doesn't seem
> to do anything yet - probably because i'm using the wrong way :)
>
> any hints how to do this correctly would be greatly appreciated.
>
> thank you very much in advance and best regards,

The way I handle this kind of problem is:
- declare me method as protected, with a specific permission
- grant this permission to roles or users (which can be "anybody")
according to your context.

Best regards,
Thierry
--
Chef de projets internet/intranet
Office National des Forêts
Direction des Systèmes d'Information
2, Avenue de Saint Mandé
75570 PARIS Cedex 12

Tél. : 01 40 19 59 64
Fax. : 01 40 19 59 85
Mél. : thierry.florac [at] onf
WWW : http://www.onf.fr
_______________________________________________
Zope maillist - Zope [at] zope
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )


sdupton at gmail

Mar 5, 2012, 10:22 AM

Post #3 of 6 (812 views)
Permalink
Re: changing permissions on classes/methods at runtime? [In reply to]

On Wed, Feb 29, 2012 at 7:12 AM, Jrgen Herrmann
<Juergen.Herrmann [at] xlhost> wrote:
> hi all!
>
> is it possible to change permissions and roles on classes/methods
> at runtime? normally you'd attach security declarations inline in
> your class definition code:

I don't off-hand know why just monkey-patching the security attribute
of your class and then calling InitializeClass() again would not work,
but the idea of changing these at runtime after initial zope startup
sounds a bit odd, possibly dangerous. What is it that you are trying
to do?

Sean
_______________________________________________
Zope maillist - Zope [at] zope
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )


regebro at gmail

Mar 6, 2012, 12:02 AM

Post #4 of 6 (810 views)
Permalink
Re: changing permissions on classes/methods at runtime? [In reply to]

On Mon, Mar 5, 2012 at 19:22, Sean Upton <sdupton [at] gmail> wrote:
> On Wed, Feb 29, 2012 at 7:12 AM, Jrgen Herrmann
> <Juergen.Herrmann [at] xlhost> wrote:
>> hi all!
>>
>> is it possible to change permissions and roles on classes/methods
>> at runtime? normally you'd attach security declarations inline in
>> your class definition code:
>
> I don't off-hand know why just monkey-patching the security attribute
> of your class and then calling InitializeClass() again would not work,
> but the idea of changing these at runtime after initial zope startup
> sounds a bit odd, possibly dangerous. What is it that you are trying
> to do?

When I needed this to be dynamic I simply did not have any security
declaration and instead tested the permissions the first thing I did
in the method. That worked fine. It is however probably ten years ago,
and I don't remember or have the code. But it was quite simple, I
think.

//Lennart
_______________________________________________
Zope maillist - Zope [at] zope
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )


Juergen.Herrmann at XLhost

Mar 7, 2012, 2:47 AM

Post #5 of 6 (815 views)
Permalink
Re: changing permissions on classes/methods at runtime? [In reply to]

Am 06.03.2012 09:02, schrieb Lennart Regebro:
> On Mon, Mar 5, 2012 at 19:22, Sean Upton <sdupton [at] gmail> wrote:
>> On Wed, Feb 29, 2012 at 7:12 AM, Jürgen Herrmann
>> <Juergen.Herrmann [at] xlhost> wrote:
>>> hi all!
>>>
>>> is it possible to change permissions and roles on classes/methods
>>> at runtime? normally you'd attach security declarations inline in
>>> your class definition code:
>>
>> I don't off-hand know why just monkey-patching the security
>> attribute
>> of your class and then calling InitializeClass() again would not
>> work,
>> but the idea of changing these at runtime after initial zope startup
>> sounds a bit odd, possibly dangerous.  What is it that you are
>> trying
>> to do?
>
> When I needed this to be dynamic I simply did not have any security
> declaration and instead tested the permissions the first thing I did
> in the method. That worked fine. It is however probably ten years
> ago,
> and I don't remember or have the code. But it was quite simple, I
> think.
>
> //Lennart

Since a long time i have a mechanism in place that scans class-specific
directories for page templates, dtml files, images, sql-methods etc.
and attaches these to the classes. up to now i did mark everything as
protected, with a fixed permission, worked fine for my purposes.

now i had a use case where i need to mark some templates and methods
as public because they use an internal authentication.

best regards, jürgen
--
>> XLhost.de ® - Webhosting von supersmall bis eXtra Large <<

XLhost.de GmbH
Jürgen Herrmann, Geschäftsführer
Boelckestrasse 21, 93051 Regensburg, Germany

Geschäftsführer: Jürgen Herrmann
Registriert unter: HRB9918
Umsatzsteuer-Identifikationsnummer: DE245931218

Fon: +49 (0)800 XLHOSTDE [0800 95467833]
Fax: +49 (0)800 95467830
Web: http://www.XLhost.de
_______________________________________________
Zope maillist - Zope [at] zope
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )


sdupton at gmail

Mar 7, 2012, 9:49 AM

Post #6 of 6 (813 views)
Permalink
Re: changing permissions on classes/methods at runtime? [In reply to]

On Wed, Mar 7, 2012 at 3:47 AM, Jrgen Herrmann
<Juergen.Herrmann [at] xlhost> wrote:
> now i had a use case where i need to mark some templates and methods
> as public because they use an internal authentication.

One of the challenges I see is that InitializeClass() removes the
original 'security' attribute of the class, so you end up having to
copy the security info to a module global before calling
InitializeClass() the first time. Then, if you have that copy of the
class security information, you should be able to re-use it, modify
it, re-apply it to the class, then call InitializeClass (again).

Sean
_______________________________________________
Zope maillist - Zope [at] zope
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )

Zope users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.