- It is no longer permissible for a security ACE to contain a "nested"

list of permissions (e.g. ``(Allow, Everyone, ['read', ['view', ['write', 'manage']]])`)`. The list must instead be fully expanded (e.g. ``(Allow, Everyone, ['read', 'view', 'write', 'manage])``). This feature was never documented, and was never an API, so it's not a backwards incompatibility.
author: Chris McDonough <chrism@agendaless.com> 2009-01-25 18:05:08 +0000
committer: Chris McDonough <chrism@agendaless.com> 2009-01-25 18:05:08 +0000
commit: 62bcc58d7859fc2bdf5bab4a64b991e12250884b (patch)
tree: b604a504500dda46d3f1a83c15b3b20a97ab5814 /repoze/bfg/security.py
parent: 7c7158db8d4e1a3cc52211b2ab5d679fab948823 (diff)
download: pyramid-62bcc58d7859fc2bdf5bab4a64b991e12250884b.tar.gz
pyramid-62bcc58d7859fc2bdf5bab4a64b991e12250884b.tar.bz2
pyramid-62bcc58d7859fc2bdf5bab4a64b991e12250884b.zip
1 files changed, 2 insertions, 26 deletions
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py
index edb7871d8..1ee7b28a0 100644
--- a/repoze/bfg/security.py
+++ b/repoze/bfg/security.py
@@ -81,9 +81,7 @@ class ACLSecurityPolicy(object):
             for ace in acl:
                 ace_action, ace_principal, ace_permissions = ace
                 if ace_principal in principals:
-                    if hasattr(ace_permissions, '__iter__'):
-                        ace_permissions = _flatten(ace_permissions)
-                    else:
+                    if not hasattr(ace_permissions, '__iter__'):
                         ace_permissions = [ace_permissions]
                     if permission in ace_permissions:
                         if ace_action == Allow:
@@ -126,9 +124,7 @@ class ACLSecurityPolicy(object):
 
             for ace_action, ace_principal, ace_permissions in acl:
                 if ace_action == Allow:
-                    if hasattr(ace_permissions, '__iter__'):
-                        ace_permissions = _flatten(ace_permissions)
-                    else:
+                    if not hasattr(ace_permissions, '__iter__'):
                         ace_permissions = [ace_permissions]
                     if permission in ace_permissions:
                         allowed[ace_principal] = True
@@ -295,26 +291,6 @@ class ACLAllowed(ACLPermitsResult):
     as he ``msg`` attribute."""
     boolval = 1
 
-def _flatten(iterable):
-    """flatten(sequence) -> list
-
-    Returns a single, flat list which contains all elements retrieved
-    from the sequence and all recursively contained sub-sequences
-    (iterables).
-
-    Examples:
-    >>> [1, 2, [3,4], (5,6)]
-    [1, 2, [3, 4], (5, 6)]
-    >>> flatten([[[1,2,3], (42,None)], [4,5], [6], 7, MyVector(8,9,10)])
-    [1, 2, 3, 42, None, 4, 5, 6, 7, 8, 9, 10]"""
-    result = []
-    for el in iterable:
-        if hasattr(el, "__iter__"):
-            result.extend(_flatten(el))
-        else:
-            result.append(el)
-    return result
-
 class ViewPermission(object):
     implements(IViewPermission)
     def __init__(self, context, request, permission_name):
author	Chris McDonough <chrism@agendaless.com>	2009-01-25 18:05:08 +0000
committer	Chris McDonough <chrism@agendaless.com>	2009-01-25 18:05:08 +0000
commit	62bcc58d7859fc2bdf5bab4a64b991e12250884b (patch)
tree	b604a504500dda46d3f1a83c15b3b20a97ab5814 /repoze/bfg/security.py
parent	7c7158db8d4e1a3cc52211b2ab5d679fab948823 (diff)
download	pyramid-62bcc58d7859fc2bdf5bab4a64b991e12250884b.tar.gz pyramid-62bcc58d7859fc2bdf5bab4a64b991e12250884b.tar.bz2 pyramid-62bcc58d7859fc2bdf5bab4a64b991e12250884b.zip