The PEAK Developers' Center   Diff for "ShortIntroPeakSecurity" UserPreferences
 
HelpContents Search Diffs Info Edit Subscribe XML Print View
Differences between version dated 2003-12-05 21:28:01 and 2005-01-07 12:29:11 (spanning 24 versions)
Deletions are marked like this.
Additions are marked like this.

= Peak Security =
 
Here's a brief example of how to use peak security.
Here's a brief example of how to use peak security. (A more detailed explanation with multiple examples can be found on the SecurityRules page.)
 
== A short example ==
 
== Some sample code ==
 
Let's save this code as security_test.py
 
{{{
#!python
 
from peak.api import *
 
class Owner(security.Permission):
    pass
 
class User(object):
    pass
 
class Building(object):
 
    security.allow(
        burnBuilding = Owner
    binding.metadata(
        burnBuilding = Owner # permission needed for the method
        )
 
    def burnBuilding(self):
            print "Burn baby burn"
 
class buildingRules(security.RuleSet):
 
    rules = Items(
          checkCanBurn = [Owner.of(Building)]
                  )
class BuildingRules(security.Context):
 
    def checkCanBurn(self, attempt):
        if attempt.user is attempt.subject.owner:
            return 1
        else:
            return security.Denial(
    [security.hasPermission.when("perm==Owner and isinstance(subject,Building)")]
    def checkCanBurn(self, user, perm, subject):
        return user is subject.owner or security.Denial(
                 "You are not allowed to burn that building"
                                   )
 
BuildingRules.declareRulesFor(security.IPermissionChecker)
}}}
 
== How do we use this class ==
 
Let's save this code segment as security_test_runner.py
 
{{{
#!python
from peak.api import *
from security_test import *
 
myHouse = Building()
Joe = User()
myHouse.owner = Joe
theContext = BuildingRules()
 
permissionNeeded = theContext.permissionFor(myHouse,"burnBuilding")
allowed = theContext.hasPermission(Joe, permissionNeeded, myHouse)
 
print "Joe is an owner he should be allowed to burn his own house:"
if allowed:
    myHouse.burnBuilding()
else:
    print allowed.message
 
print "Now we 'remove' ownership from Joe and try to burn it again"
 
myHouse.owner = None
allowed = theContext.hasPermission(Joe, permissionNeeded, myHouse )
if allowed:
    myHouse.burnBuilding()
else:
    print allowed.message
 
}}}
 
 
== Now let's run this sample code ==
 
{{{
$ python security_test_runner.py
Joe is an owner he should be allowed to burn his own house:
Burn baby burn
Now we 'remove' ownership from Joe and try to burn it again
You are not allowed to burn that building
}}}
 
 
== A brief explanation ==
 
... to be continued
 
A detailed explanation of the concepts can be found here (but they describe an older implementation of peak.security; please see SecurityRules for up-to-date documentation):
 
[http://www.eby-sarna.com/pipermail/peak/2003-December/000970.html]
 
[http://www.eby-sarna.com/pipermail/peak/2003-October/000842.html]
 

PythonPowered
ShowText of this page
EditText of this page
FindPage by browsing, title search , text search or an index
Or try one of these actions: AttachFile, DeletePage, LikePages, LocalSiteMap, SpellCheck