From 62bcc58d7859fc2bdf5bab4a64b991e12250884b Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Sun, 25 Jan 2009 18:05:08 +0000
Subject: - It is no longer permissible for a security ACE to contain a
 "nested"   list of permissions (e.g. ``(Allow, Everyone, ['read', ['view',  
 ['write', 'manage']]])`)`.  The list must instead be fully expanded   (e.g.
 ``(Allow, Everyone, ['read', 'view', 'write', 'manage])``).  This   feature
 was never documented, and was never an API, so it's not a   backwards
 incompatibility.

---
 repoze/bfg/security.py | 28 ++--------------------------
 1 file changed, 2 insertions(+), 26 deletions(-)

(limited to 'repoze/bfg/security.py')

diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py
index edb7871d8..1ee7b28a0 100644
--- a/repoze/bfg/security.py
+++ b/repoze/bfg/security.py
@@ -81,9 +81,7 @@ class ACLSecurityPolicy(object):
             for ace in acl:
                 ace_action, ace_principal, ace_permissions = ace
                 if ace_principal in principals:
-                    if hasattr(ace_permissions, '__iter__'):
-                        ace_permissions = _flatten(ace_permissions)
-                    else:
+                    if not hasattr(ace_permissions, '__iter__'):
                         ace_permissions = [ace_permissions]
                     if permission in ace_permissions:
                         if ace_action == Allow:
@@ -126,9 +124,7 @@ class ACLSecurityPolicy(object):
 
             for ace_action, ace_principal, ace_permissions in acl:
                 if ace_action == Allow:
-                    if hasattr(ace_permissions, '__iter__'):
-                        ace_permissions = _flatten(ace_permissions)
-                    else:
+                    if not hasattr(ace_permissions, '__iter__'):
                         ace_permissions = [ace_permissions]
                     if permission in ace_permissions:
                         allowed[ace_principal] = True
@@ -295,26 +291,6 @@ class ACLAllowed(ACLPermitsResult):
     as he ``msg`` attribute."""
     boolval = 1
 
-def _flatten(iterable):
-    """flatten(sequence) -> list
-
-    Returns a single, flat list which contains all elements retrieved
-    from the sequence and all recursively contained sub-sequences
-    (iterables).
-
-    Examples:
-    >>> [1, 2, [3,4], (5,6)]
-    [1, 2, [3, 4], (5, 6)]
-    >>> flatten([[[1,2,3], (42,None)], [4,5], [6], 7, MyVector(8,9,10)])
-    [1, 2, 3, 42, None, 4, 5, 6, 7, 8, 9, 10]"""
-    result = []
-    for el in iterable:
-        if hasattr(el, "__iter__"):
-            result.extend(_flatten(el))
-        else:
-            result.append(el)
-    return result
-
 class ViewPermission(object):
     implements(IViewPermission)
     def __init__(self, context, request, permission_name):
-- 
cgit v1.2.3