From 17ce5747ea36df10ec78e0af7140b55f691f5016 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Sun, 2 Nov 2008 17:27:33 +0000 Subject: Features - The ``BFG_DEBUG_AUTHORIZATION`` envvar and the ``debug_authorization`` config file value now only imply debugging of view-invoked security checks. Previously, information was printed for every call to ``has_permission`` as well, which made output confusing. To debug ``has_permission`` checks and other manual permission checks, use the debugger and print statements in your own code. - Authorization debugging info is now only present in the HTTP response body oif ``debug_authorization`` is true. - The format of authorization debug messages was improved. - A new ``BFG_DEBUG_NOTFOUND`` envvar was added and a symmetric ``debug_notfound`` config file value was added. When either is true, and a NotFound response is returned by the BFG router (because a view could not be found), debugging information is printed to stderr. When this value is set true, the body of HTTPNotFound responses will also contain the same debugging information. - ``Allowed`` and ``Denied`` responses from the security machinery are now specialized into two types: ACL types, and non-ACL types. The ACL-related responses are instances of ``repoze.bfg.security.ACLAllowed`` and ``repoze.bfg.security.ACLDenied``. The non-ACL-related responses are ``repoze.bfg.security.Allowed`` and ``repoze.bfg.security.Denied``. The allowed-type responses continue to evaluate equal to things that themselves evaluate equal to the ``True`` boolean, while the denied-type responses continue to evaluate equal to things that themselves evaluate equal to the ``False`` boolean. The only difference between the two types is the information attached to them for debugging purposes. - Added a new ``BFG_DEBUG_ALL`` envvar and a symmetric ``debug_all`` config file value. When either is true, all other debug-related flags are set true unconditionally (e.g. ``debug_notfound`` and ``debug_authorization``). Documentation - Added info about debug flag changes. - Added a section to the security chapter named "Debugging Imperative Authorization Failures" (for e.g. ``has_permssion``). --- repoze/bfg/view.py | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) (limited to 'repoze/bfg/view.py') diff --git a/repoze/bfg/view.py b/repoze/bfg/view.py index 0012019e7..ae4f304f0 100644 --- a/repoze/bfg/view.py +++ b/repoze/bfg/view.py @@ -4,10 +4,31 @@ from zope.component import queryUtility from repoze.bfg.interfaces import ISecurityPolicy from repoze.bfg.interfaces import IViewPermission from repoze.bfg.interfaces import IView + from repoze.bfg.security import Unauthorized +from repoze.bfg.security import Allowed _marker = () +def view_execution_permitted(context, request, name=''): + """ If the view specified by ``context`` and ``name`` is protected + by a permission, return the result of checking the permission + associated with the view using the effective security policy and + the ``request``. If no security policy is in effect, or if the + view is not protected by a permission, return a True value. """ + security_policy = queryUtility(ISecurityPolicy) + if security_policy: + permission = queryMultiAdapter((context, request), IViewPermission, + name=name) + if permission is None: + return Allowed( + 'Allowed: view name %r in context %r (no permission ' + 'registered for name %r).' % (name, context, name) + ) + return permission(security_policy) + return Allowed('Allowed: view name %r in context %r (no security policy ' + 'in use).' % (name, context)) + def render_view_to_response(context, request, name='', secure=True): """ Render the view named ``name`` against the specified ``context`` and ``request`` to an object implementing @@ -24,16 +45,13 @@ def render_view_to_response(context, request, name='', secure=True): ``args`` attribute explains why the view access was disallowed. If ``secure`` is ``False``, no permission checking is done.""" if secure: - security_policy = queryUtility(ISecurityPolicy) - if security_policy: - permission = queryMultiAdapter((context, request), IViewPermission, - name=name) - if permission is not None: - result = permission(security_policy) - if not result: - raise Unauthorized(result) + permitted = view_execution_permitted(context, request, name) + if not permitted: + raise Unauthorized(permitted) + response = queryMultiAdapter((context, request), IView, name=name, default=_marker) + if response is _marker: return None -- cgit v1.2.3