Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Zope>
  3. Users
changing permissions on classes/methods at runtime?
Juergen.Herrmann at XLhost
Feb 29, 2012, 6:12 AM
Post #1 of 6 (2482 views)
Permalink
hi all!

is it possible to change permissions and roles on classes/methods
at runtime? normally you'd attach security declarations inline in
your class definition code:

from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
class Cls():
security = ClassSecurityInfo()
security.declarePrivate('foo')
def foo(self):
pass
InitializeClass(Cls)


now what i tried at runtime is:

from mycode import Cls
from AccessControl import ClassSecurityInfo
security = ClassSecurityInfo()
security.declarePublic('foo')
security.apply(Cls)

but this does not what i want it to, in fact it doesn't seem
to do anything yet - probably because i'm using the wrong way :)

any hints how to do this correctly would be greatly appreciated.

thank you very much in advance and best regards,
Jürgen Herrmann
--
>> XLhost.de ® - Webhosting von supersmall bis eXtra Large <<

XLhost.de GmbH
Jürgen Herrmann, Geschäftsführer
Boelckestrasse 21, 93051 Regensburg, Germany

Geschäftsführer: Jürgen Herrmann
Registriert unter: HRB9918
Umsatzsteuer-Identifikationsnummer: DE245931218

Fon: +49 (0)800 XLHOSTDE [0800 95467833]
Fax: +49 (0)800 95467830
Web: http://www.XLhost.de
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )
Re: changing permissions on classes/methods at runtime? [ In reply to ]
thierry.florac at onf
Mar 2, 2012, 1:29 AM
Post #2 of 6 (2442 views)
Permalink
Hi,


Le Wed, 29 Feb 2012 15:12:37 +0100,
Jürgen Herrmann <Juergen.Herrmann@XLhost.de> a écrit:

> is it possible to change permissions and roles on classes/methods
> at runtime? normally you'd attach security declarations inline in
> your class definition code:
>
> from AccessControl import ClassSecurityInfo
> from AccessControl.class_init import InitializeClass
> class Cls():
> security = ClassSecurityInfo()
> security.declarePrivate('foo')
> def foo(self):
> pass
> InitializeClass(Cls)
>
>
> now what i tried at runtime is:
>
> from mycode import Cls
> from AccessControl import ClassSecurityInfo
> security = ClassSecurityInfo()
> security.declarePublic('foo')
> security.apply(Cls)
>
> but this does not what i want it to, in fact it doesn't seem
> to do anything yet - probably because i'm using the wrong way :)
>
> any hints how to do this correctly would be greatly appreciated.
>
> thank you very much in advance and best regards,

The way I handle this kind of problem is:
- declare me method as protected, with a specific permission
- grant this permission to roles or users (which can be "anybody")
according to your context.

Best regards,
Thierry
--
Chef de projets internet/intranet
Office National des Forêts
Direction des Systèmes d'Information
2, Avenue de Saint Mandé
75570 PARIS Cedex 12

Tél. : 01 40 19 59 64
Fax. : 01 40 19 59 85
Mél. : thierry.florac@onf.fr
WWW : http://www.onf.fr
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )
Re: changing permissions on classes/methods at runtime? [ In reply to ]
sdupton at gmail
Mar 5, 2012, 10:22 AM
Post #3 of 6 (2430 views)
Permalink
On Wed, Feb 29, 2012 at 7:12 AM, Jürgen Herrmann
<Juergen.Herrmann@xlhost.de> wrote:
> hi all!
>
> is it possible to change permissions and roles on classes/methods
> at runtime? normally you'd attach security declarations inline in
> your class definition code:

I don't off-hand know why just monkey-patching the security attribute
of your class and then calling InitializeClass() again would not work,
but the idea of changing these at runtime after initial zope startup
sounds a bit odd, possibly dangerous. What is it that you are trying
to do?

Sean
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )
Re: changing permissions on classes/methods at runtime? [ In reply to ]
regebro at gmail
Mar 6, 2012, 12:02 AM
Post #4 of 6 (2425 views)
Permalink
On Mon, Mar 5, 2012 at 19:22, Sean Upton <sdupton@gmail.com> wrote:
> On Wed, Feb 29, 2012 at 7:12 AM, Jürgen Herrmann
> <Juergen.Herrmann@xlhost.de> wrote:
>> hi all!
>>
>> is it possible to change permissions and roles on classes/methods
>> at runtime? normally you'd attach security declarations inline in
>> your class definition code:
>
> I don't off-hand know why just monkey-patching the security attribute
> of your class and then calling InitializeClass() again would not work,
> but the idea of changing these at runtime after initial zope startup
> sounds a bit odd, possibly dangerous.  What is it that you are trying
> to do?

When I needed this to be dynamic I simply did not have any security
declaration and instead tested the permissions the first thing I did
in the method. That worked fine. It is however probably ten years ago,
and I don't remember or have the code. But it was quite simple, I
think.

//Lennart
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )
Re: changing permissions on classes/methods at runtime? [ In reply to ]
Juergen.Herrmann at XLhost
Mar 7, 2012, 2:47 AM
Post #5 of 6 (2435 views)
Permalink
Am 06.03.2012 09:02, schrieb Lennart Regebro:
> On Mon, Mar 5, 2012 at 19:22, Sean Upton <sdupton@gmail.com> wrote:
>> On Wed, Feb 29, 2012 at 7:12 AM, Jürgen Herrmann
>> <Juergen.Herrmann@xlhost.de> wrote:
>>> hi all!
>>>
>>> is it possible to change permissions and roles on classes/methods
>>> at runtime? normally you'd attach security declarations inline in
>>> your class definition code:
>>
>> I don't off-hand know why just monkey-patching the security
>> attribute
>> of your class and then calling InitializeClass() again would not
>> work,
>> but the idea of changing these at runtime after initial zope startup
>> sounds a bit odd, possibly dangerous.  What is it that you are
>> trying
>> to do?
>
> When I needed this to be dynamic I simply did not have any security
> declaration and instead tested the permissions the first thing I did
> in the method. That worked fine. It is however probably ten years
> ago,
> and I don't remember or have the code. But it was quite simple, I
> think.
>
> //Lennart

Since a long time i have a mechanism in place that scans class-specific
directories for page templates, dtml files, images, sql-methods etc.
and attaches these to the classes. up to now i did mark everything as
protected, with a fixed permission, worked fine for my purposes.

now i had a use case where i need to mark some templates and methods
as public because they use an internal authentication.

best regards, jürgen
--
>> XLhost.de ® - Webhosting von supersmall bis eXtra Large <<

XLhost.de GmbH
Jürgen Herrmann, Geschäftsführer
Boelckestrasse 21, 93051 Regensburg, Germany

Geschäftsführer: Jürgen Herrmann
Registriert unter: HRB9918
Umsatzsteuer-Identifikationsnummer: DE245931218

Fon: +49 (0)800 XLHOSTDE [0800 95467833]
Fax: +49 (0)800 95467830
Web: http://www.XLhost.de
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )
Re: changing permissions on classes/methods at runtime? [ In reply to ]
sdupton at gmail
Mar 7, 2012, 9:49 AM
Post #6 of 6 (2431 views)
Permalink
On Wed, Mar 7, 2012 at 3:47 AM, Jürgen Herrmann
<Juergen.Herrmann@xlhost.de> wrote:
> now i had a use case where i need to mark some templates and methods
> as public because they use an internal authentication.

One of the challenges I see is that InitializeClass() removes the
original 'security' attribute of the class, so you end up having to
copy the security info to a module global before calling
InitializeClass() the first time. Then, if you have that copy of the
class security information, you should be able to re-use it, modify
it, re-apply it to the class, then call InitializeClass (again).

Sean
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal