From e25a70a7d1c2016eaeff9c630df9109e715bba3b Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Thu, 9 Sep 2010 17:46:49 +0000 Subject: Features -------- - In support of making it easier to configure applications which are "secure by default", a default permission feature was added. If supplied, the default permission is used as the permission string to all view registrations which don't otherwise name a permission. These APIs are in support of that: - A new constructor argument was added to the Configurator: ``default_permission``. - A new method was added to the Configurator: ``set_default_permission``. - A new ZCML directive was added: ``default_permission``. Documentation ------------- - Added documentation for the ``default_permission`` ZCML directive. - Added documentation for the ``default_permission`` constructor value and the ``set_default_permission`` method in the Configurator API documentation. - Added a new section to the "security" chapter named "Setting a Default Permission". - Document ``renderer_globals_factory`` and ``request_factory`` arguments to Configurator constructor. --- repoze/bfg/zcml.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'repoze/bfg/zcml.py') diff --git a/repoze/bfg/zcml.py b/repoze/bfg/zcml.py index 5320554bc..2bf394eb8 100644 --- a/repoze/bfg/zcml.py +++ b/repoze/bfg/zcml.py @@ -18,6 +18,7 @@ from zope.schema import TextLine from repoze.bfg.interfaces import IAuthenticationPolicy from repoze.bfg.interfaces import IAuthorizationPolicy +from repoze.bfg.interfaces import IDefaultPermission from repoze.bfg.interfaces import IRendererFactory from repoze.bfg.interfaces import IRouteRequest from repoze.bfg.interfaces import IView @@ -852,6 +853,18 @@ def utility(_context, provides=None, component=None, factory=None, name=''): kw = kw, ) +class IDefaultPermissionDirective(Interface): + name = TextLine(title=u'name', required=True) + +def default_permission(_context, name): + """ Register a default permission name """ + # the default permission must be registered eagerly so it can + # be found by the view registration machinery + reg = get_current_registry() + config = Configurator(reg, package=_context.package) + config.set_default_permission(name) + _context.action(discriminator=IDefaultPermission) + def path_spec(context, path): # we prefer registering resource specifications over absolute # paths because these can be overridden by the resource directive. -- cgit v1.2.3