From 2466f6eaa2246598dc6cb3c962364773eb4cc64a Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 16 Jul 2008 10:32:08 +0000 Subject: Add security. --- repoze/bfg/sampleapp/configure.zcml | 13 +++++++++---- repoze/bfg/sampleapp/models.py | 25 ++++++++++++++++++------- repoze/bfg/sampleapp/run.py | 11 +---------- repoze/bfg/sampleapp/views.py | 2 +- 4 files changed, 29 insertions(+), 22 deletions(-) (limited to 'repoze/bfg/sampleapp') diff --git a/repoze/bfg/sampleapp/configure.zcml b/repoze/bfg/sampleapp/configure.zcml index 374a93090..bd1b46d6a 100644 --- a/repoze/bfg/sampleapp/configure.zcml +++ b/repoze/bfg/sampleapp/configure.zcml @@ -4,18 +4,23 @@ + + @@ -23,7 +28,7 @@ for=".models.IBlog" factory=".views.blog_entry_add_view" name="add_entry.html" - permission="repoze.view" + permission="add" /> @@ -31,7 +36,7 @@ for=".models.IMapping" factory=".views.contents_view" name="contents.html" - permission="repoze.view" + permission="manage" /> diff --git a/repoze/bfg/sampleapp/models.py b/repoze/bfg/sampleapp/models.py index 975d79142..d07110e83 100644 --- a/repoze/bfg/sampleapp/models.py +++ b/repoze/bfg/sampleapp/models.py @@ -1,5 +1,10 @@ from zope.interface import Interface from zope.interface import implements +from zope.location.interfaces import ILocation +from zope.location.location import Location + +from repoze.bfg.security import Everyone +from repoze.bfg.security import Allow import datetime @@ -9,20 +14,26 @@ class IMapping(Interface): class IBlog(Interface): pass -class Blog(dict): - implements(IBlog, IMapping) - def __init__(self, name): - self.__name__ = name - dict.__init__(self) +class Blog(dict, Location): + __acl__ = [ (Allow, Everyone, 'view'), (Allow, 'group:editors', 'add'), + (Allow, 'group:managers', 'manage') ] + implements(IBlog, IMapping, ILocation) class IBlogEntry(Interface): pass class BlogEntry(object): implements(IBlogEntry) - def __init__(self, name, title, body, author): - self.__name__ = name + def __init__(self, title, body, author): self.title = title self.body = body self.author = author self.created = datetime.datetime.now() + +blog = Blog() +blog['sample'] = BlogEntry('Sample Blog Entry', + '

This is a sample blog entry

', + 'chrism') +def get_root(environ): + return blog + diff --git a/repoze/bfg/sampleapp/run.py b/repoze/bfg/sampleapp/run.py index c6fbeed78..6c36c430e 100644 --- a/repoze/bfg/sampleapp/run.py +++ b/repoze/bfg/sampleapp/run.py @@ -1,17 +1,8 @@ from repoze.bfg import make_app from repoze.bfg import sampleapp - -from repoze.bfg.sampleapp.models import Blog -from repoze.bfg.sampleapp.models import BlogEntry +from repoze.bfg.sampleapp.models import get_root def main(): - blog = Blog('Sample blog') - blog['sample'] = BlogEntry('sample', 'Sample Blog Entry', - '

This is a sample blog entry

', - 'chrism') - def get_root(environ): - return blog - app = make_app(get_root, sampleapp) from paste import httpserver httpserver.serve(app, host='0.0.0.0', port='5432') diff --git a/repoze/bfg/sampleapp/views.py b/repoze/bfg/sampleapp/views.py index 41ab69061..ce591dec2 100644 --- a/repoze/bfg/sampleapp/views.py +++ b/repoze/bfg/sampleapp/views.py @@ -63,8 +63,8 @@ def blog_entry_add_view(context, request): author = form['author'] body = form['body'] title = form['title'] + new_entry = BlogEntry(title, body, author) name = str(time.time()) - new_entry = BlogEntry(name, title, body, author) context[name] = new_entry return HTTPFound(location='/') -- cgit v1.2.3