From 62bcc58d7859fc2bdf5bab4a64b991e12250884b Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Sun, 25 Jan 2009 18:05:08 +0000
Subject: - It is no longer permissible for a security ACE to contain a
 "nested"   list of permissions (e.g. ``(Allow, Everyone, ['read', ['view',  
 ['write', 'manage']]])`)`.  The list must instead be fully expanded   (e.g.
 ``(Allow, Everyone, ['read', 'view', 'write', 'manage])``).  This   feature
 was never documented, and was never an API, so it's not a   backwards
 incompatibility.

---
 CHANGES.txt                       | 15 +++++++++++----
 repoze/bfg/security.py            | 28 ++--------------------------
 repoze/bfg/tests/test_security.py | 21 ---------------------
 3 files changed, 13 insertions(+), 51 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 90281e2af..1faf5d76c 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -25,10 +25,17 @@ Behavior Changes
   be raised (speed).  
 
 - It is no longer permissible to pass a "nested" list of principals to
-  ``repoze.bfg.ACLAuthorizer.permits`` (e.g. ['fred', ['larry',
-  'bob']).  The principals list must be fully expanded.  This feature
-  was never documented, and was never an API, so it's not a backwards
-  incompatibility.
+  ``repoze.bfg.ACLAuthorizer.permits`` (e.g. ``['fred', ['larry',
+  'bob']]``).  The principals list must be fully expanded.  This
+  feature was never documented, and was never an API, so it's not a
+  backwards incompatibility.
+
+- It is no longer permissible for a security ACE to contain a "nested"
+  list of permissions (e.g. ``(Allow, Everyone, ['read', ['view',
+  ['write', 'manage']]])`)`.  The list must instead be fully expanded
+  (e.g. ``(Allow, Everyone, ['read', 'view', 'write', 'manage])``).  This
+  feature was never documented, and was never an API, so it's not a
+  backwards incompatibility.
 
 Implementation Changes
 ----------------------
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py
index edb7871d8..1ee7b28a0 100644
--- a/repoze/bfg/security.py
+++ b/repoze/bfg/security.py
@@ -81,9 +81,7 @@ class ACLSecurityPolicy(object):
             for ace in acl:
                 ace_action, ace_principal, ace_permissions = ace
                 if ace_principal in principals:
-                    if hasattr(ace_permissions, '__iter__'):
-                        ace_permissions = _flatten(ace_permissions)
-                    else:
+                    if not hasattr(ace_permissions, '__iter__'):
                         ace_permissions = [ace_permissions]
                     if permission in ace_permissions:
                         if ace_action == Allow:
@@ -126,9 +124,7 @@ class ACLSecurityPolicy(object):
 
             for ace_action, ace_principal, ace_permissions in acl:
                 if ace_action == Allow:
-                    if hasattr(ace_permissions, '__iter__'):
-                        ace_permissions = _flatten(ace_permissions)
-                    else:
+                    if not hasattr(ace_permissions, '__iter__'):
                         ace_permissions = [ace_permissions]
                     if permission in ace_permissions:
                         allowed[ace_principal] = True
@@ -295,26 +291,6 @@ class ACLAllowed(ACLPermitsResult):
     as he ``msg`` attribute."""
     boolval = 1
 
-def _flatten(iterable):
-    """flatten(sequence) -> list
-
-    Returns a single, flat list which contains all elements retrieved
-    from the sequence and all recursively contained sub-sequences
-    (iterables).
-
-    Examples:
-    >>> [1, 2, [3,4], (5,6)]
-    [1, 2, [3, 4], (5, 6)]
-    >>> flatten([[[1,2,3], (42,None)], [4,5], [6], 7, MyVector(8,9,10)])
-    [1, 2, 3, 42, None, 4, 5, 6, 7, 8, 9, 10]"""
-    result = []
-    for el in iterable:
-        if hasattr(el, "__iter__"):
-            result.extend(_flatten(el))
-        else:
-            result.append(el)
-    return result
-
 class ViewPermission(object):
     implements(IViewPermission)
     def __init__(self, context, request, permission_name):
diff --git a/repoze/bfg/tests/test_security.py b/repoze/bfg/tests/test_security.py
index 3ee89d9c3..69b92cd2f 100644
--- a/repoze/bfg/tests/test_security.py
+++ b/repoze/bfg/tests/test_security.py
@@ -531,27 +531,6 @@ class TestACLDenied(unittest.TestCase):
         self.failUnless('<ACLDenied instance at ' in repr(denied))
         self.failUnless("with msg %r>" % msg in repr(denied))
 
-class TestFlatten(unittest.TestCase):
-    def _callFUT(self, item):
-        from repoze.bfg.security import _flatten
-        return _flatten(item)
-
-    def test_flat_sequence(self):
-        result = self._callFUT([1, 2, 3])
-        self.assertEqual(result, [1, 2, 3])
-
-    def test_singly_nested_sequence(self):
-        result = self._callFUT([1, [2, 3]])
-        self.assertEqual(result, [1, 2, 3])
-        
-    def test_doubly_nested_sequence(self):
-        result = self._callFUT([1, [2, [3]]])
-        self.assertEqual(result, [1, 2, 3])
-
-    def test_mix_str_unicode_sequence(self):
-        result = self._callFUT([1, [2, [3]], u'a', ('b', set(['c', 'd']))])
-        self.assertEqual(result, [1, 2, 3, u'a', 'b', 'c', 'd'])
-
 class DummyContext:
     pass
 
-- 
cgit v1.2.3