/usr/share/pyshared/zope.app.security-3.7.5.egg-info/PKG-INFO is in python-zope.app.security 3.7.5-0ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 | Metadata-Version: 1.1
Name: zope.app.security
Version: 3.7.5
Summary: ZMI Views For Zope3 Security Components
Home-page: http://pypi.python.org/pypi/zope.app.security
Author: Zope Foundation and Contributors
Author-email: zope-dev@zope.org
License: ZPL 2.1
Description: This package provides ZMI browser views for Zope security components.
It used to provide a large part of security functionality for Zope 3, but it was
factored out from this package to several little packages to reduce dependencies
and improve reusability.
The functionality was splitted into these new packages:
* zope.authentication - the IAuthentication interface and related utilities.
* zope.principalregistry - the global principal registry and its zcml directives.
* zope.app.localpermission - the LocalPermission class that implements
persistent permissions.
The rest of functionality that were provided by this package is merged into
``zope.security`` and ``zope.publisher``.
Backward-compatibility imports are provided to ensure that older applications
work. See CHANGES.txt for more info.
Detailed Documentation
======================
===========================================
The Query View for Authentication Utilities
===========================================
A regular authentication service will not provide the `ISourceQueriables`
interface, but it is a queriable itself, since it provides the simple
`getPrincipals(name)` method:
>>> class Principal:
... def __init__(self, id):
... self.id = id
>>> class MyAuthUtility:
... data = {'jim': Principal(42), 'don': Principal(0),
... 'stephan': Principal(1)}
...
... def getPrincipals(self, name):
... return [principal
... for id, principal in self.data.items()
... if name in id]
Now that we have our queriable, we create the view for it:
>>> from zope.app.security.browser.auth import AuthUtilitySearchView
>>> from zope.publisher.browser import TestRequest
>>> request = TestRequest()
>>> view = AuthUtilitySearchView(MyAuthUtility(), request)
This allows us to render a search form.
>>> print view.render('test') # doctest: +NORMALIZE_WHITESPACE
<h4>principals.zcml</h4>
<div class="row">
<div class="label">
Search String
</div>
<div class="field">
<input type="text" name="test.searchstring" />
</div>
</div>
<div class="row">
<div class="field">
<input type="submit" name="test.search" value="Search" />
</div>
</div>
If we ask for results:
>>> view.results('test')
We don't get any, since we did not provide any. But if we give input:
>>> request.form['test.searchstring'] = 'n'
we still don't get any:
>>> view.results('test')
because we did not press the button. So let's press the button:
>>> request.form['test.search'] = 'Search'
so that we now get results (!):
>>> ids = list(view.results('test'))
>>> ids.sort()
>>> ids
[0, 1]
====================
Login/Logout Snippet
====================
The class LoginLogout:
>>> from zope.app.security.browser.auth import LoginLogout
is used as a view to generate an HTML snippet suitable for logging in or
logging out based on whether or not the current principal is authenticated.
When the current principal is unauthenticated, it provides
IUnauthenticatedPrincipal:
>>> from zope.authentication.interfaces import IUnauthenticatedPrincipal
>>> from zope.principalregistry.principalregistry import UnauthenticatedPrincipal
>>> anonymous = UnauthenticatedPrincipal('anon', '', '')
>>> IUnauthenticatedPrincipal.providedBy(anonymous)
True
When LoginLogout is used for a request that has an unauthenticated principal,
it provides the user with a link to 'Login':
>>> from zope.publisher.browser import TestRequest
>>> request = TestRequest()
>>> request.setPrincipal(anonymous)
>>> LoginLogout(None, request)()
u'<a href="@@login.html?nextURL=http%3A//127.0.0.1">[Login]</a>'
Logout, however, behaves differently. Not all authentication protocols (i.e.
credentials extractors/challengers) support 'logout'. Furthermore, we don't
know how an admin may have configured Zope's authentication. Our solution is
to rely on the admin to tell us explicitly that the site supports logout.
By default, the LoginLogout snippet will not provide a logout link for an
unauthenticated principal. To illustrate, we'll first setup a request with an
unauthenticated principal:
>>> from zope.security.interfaces import IPrincipal
>>> from zope.interface import implements
>>> class Bob:
... implements(IPrincipal)
... id = 'bob'
... title = description = ''
>>> bob = Bob()
>>> IUnauthenticatedPrincipal.providedBy(bob)
False
>>> request.setPrincipal(bob)
In this case, the default behavior is to return None for the snippet:
>>> print LoginLogout(None, request)()
None
To show a logout prompt, an admin must register a marker adapter that provides
the interface:
>>> from zope.authentication.interfaces import ILogoutSupported
This flags to LoginLogout that the site supports logout. There is a 'no-op'
adapter that can be registered for this:
>>> from zope.authentication.logout import LogoutSupported
>>> from zope.component import provideAdapter
>>> provideAdapter(LogoutSupported, (None,), ILogoutSupported)
Now when we use LoginLogout with an unauthenticated principal, we get a logout
prompt:
>>> LoginLogout(None, request)()
u'<a href="@@logout.html?nextURL=http%3A//127.0.0.1">[Logout]</a>'
=======
CHANGES
=======
3.7.5 (2010-01-08)
------------------
- Move 'zope.ManageApplication' permission to zope.app.applicationcontrol
- Fix tests using a newer zope.publisher that requires zope.login.
3.7.3 (2009-11-29)
------------------
- provide a clean zope setup and move zope.app.testing to a test dependency
- removed unused dependencies like ZODB3 etc. from install_requires
3.7.2 (2009-09-10)
------------------
- Added data attribute to '_protections.zcml' for PersistentList
and PersistentDict to accomodate UserList and UserDict behavior
when they are proxied.
3.7.1 (2009-08-15)
------------------
- Changed globalmodules.zcml to avoid making declarations for
deprecated standard modules, to avoid deprecation warnings.
Note that globalmodules.zcml should be avoided. It's better to make
declarations for only what you actually need to use.
3.7.0 (2009-03-14)
------------------
- All interfaces, as well as some authentication-related helper classes and
functions (checkPrincipal, PrincipalSource, PrincipalTerms, etc.) were moved
into the new ``zope.authentication`` package. Backward-compatibility imports
are provided.
- The "global principal registry" along with its zcml directives was moved into
new "zope.principalregistry" package. Backward-compatibility imports are
provided.
- The IPrincipal -> zope.publisher.interfaces.logginginfo.ILoggingInfo
adapter was moved to ``zope.publisher``. Backward-compatibility import
is provided.
- The PermissionsVocabulary and PermissionIdsVocabulary has been moved
to the ``zope.security`` package. Backward-compatibility imports are
provided.
- The registration of the "zope.Public" permission as well as some other
common permissions, like "zope.View" have been moved to ``zope.security``.
Its configure.zcml is now included by this package.
- The "protect" function is now a no-op and is not needed anymore, because
zope.security now knows about i18n messages and __name__ and __parent__
attributes and won't protect them by default.
- The addCheckerPublic was moved from zope.app.security.tests to
zope.security.testing. Backward-compatibility import is provided.
- The ``LocalPermission`` class is now moved to new ``zope.app.localpermission``
package. This package now only has backward-compatibility imports and
zcml includes.
- Cleanup dependencies after refactorings. Also, don't depend on
zope.app.testing for tests anymore.
- Update package's description to point about refactorings done.
3.6.2 (2009-03-10)
------------------
- The `Allow`, `Deny` and `Unset` permission settings was preferred to
be imported from ``zope.securitypolicy.interfaces`` for a long time
and now they are completely moved there from ``zope.app.security.settings``
as well as the ``PermissionSetting`` class. The only thing left for
backward compatibility is the import of Allow/Unset/Deny constants if
``zope.securitypolicy`` is installed to allow unpickling of security
settings.
3.6.1 (2009-03-09)
------------------
- Depend on new ``zope.password`` package instead of ``zope.app.authentication``
to get password managers for the authentication utility, thus remove
dependency on ``zope.app.authentication``.
- Use template for AuthUtilitySearchView instead of ugly HTML
constructing in the python code.
- Bug: The `sha` and `md5` modules has been deprecated in Python 2.6.
Whenever the ZCML of this package was included when using Python 2.6,
a deprecation warning had been raised stating that `md5` and `sha` have
been deprecated. Provided a simple condition to check whether Python 2.6
or later is installed by checking for the presense of `json` module
thas was added only in Python 2.6 and thus optionally load the security
declaration for `md5` and `sha`.
- Remove deprecated code, thus removing explicit dependency on
zope.deprecation and zope.deferredimport.
- Cleanup code a bit, replace old __used_for__ statements by ``adapts``
calls.
3.6.0 (2009-01-31)
------------------
- Changed mailing list address to zope-dev at zope.org, because
zope3-dev is retired now. Changed "cheeseshop" to "pypi" in
the package homepage.
- Moved the `protectclass` module to `zope.security` leaving only a
compatibility module here that imports from the new location.
- Moved the <module> directive implementation to `zope.security`.
- Use `zope.container` instead of `zope.app.container`;.
3.5.3 (2008-12-11)
------------------
- use zope.browser.interfaces.ITerms instead of
`zope.app.form.browser.interfaces`.
3.5.2 (2008-07-31)
------------------
- Bug: It turned out that checking for regex was not much better of an
idea, since it causes deprecation warnings in Python 2.4. Thus let's
look for a library that was added in Python 2.5.
3.5.1 (2008-06-24)
------------------
- Bug: The `gopherlib` module has been deprecated in Python 2.5. Whenever the
ZCML of this package was included when using Python 2.5, a deprecation
warning had been raised stating that `gopherlib` has been
deprecated. Provided a simple condition to check whether Python 2.5 or later
is installed by checking for the deleted `regex` module and thus optionally
load the security declaration for `gopherlib`.
3.5.0 (2008-02-05)
------------------
- Feature:
`zope.app.security.principalregistry.PrincipalRegistry.getPrincipal` returns
`zope.security.management.system_user` when its id is used for the search
key.
3.4.0 (2007-10-27)
------------------
- Initial release independent of the main Zope tree.
Keywords: zope security authentication principal ftp http
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Zope Public License
Classifier: Programming Language :: Python
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Framework :: Zope3
|