Differences between version dated 2003-12-05 21:52:36 and 2005-01-07 12:29:11
(spanning 8 versions)
Deletions are marked like this.
Additions are marked like this.
= Peak Security =
Here's a brief example of how to use peak security.
Here's a brief example of how to use peak security. (A more detailed explanation with multiple examples can be found on the SecurityRules page.)
== Some sample code ==
{{{
#!python
from peak.api import *
class Owner(security.Permission):
class Building(object):
security.allow(
burnBuilding = Owner
binding.metadata(
burnBuilding = Owner # permission needed for the method
)
def burnBuilding(self):
print "Burn baby burn"
class buildingRules(security.RuleSet):
rules = Items(
checkCanBurn = [Owner.of(Building)]
)
class BuildingRules(security.Context):
def checkCanBurn(self, attempt):
if attempt.user is attempt.subject.owner:
return 1
else:
return security.Denial(
[security.hasPermission.when("perm==Owner and isinstance(subject,Building)")]
def checkCanBurn(self, user, perm, subject):
return user is subject.owner or security.Denial(
"You are not allowed to burn that building"
)
BuildingRules.declareRulesFor(security.IPermissionChecker)
}}}
== How do we use this class ==
Let's save this code segment as security_test.py
Let's save this code segment as security_test_runner.py
{{{
#!python
from peak.api import *
from security_test import *
myHouse = Building()
Joe = User()
myHouse.owner = Joe
theInteraction = security.Interaction(user=Joe)
theContext = BuildingRules()
allowed = theInteraction.allows(myHouse,"burnBuilding")
permissionNeeded = theContext.permissionFor(myHouse,"burnBuilding")
allowed = theContext.hasPermission(Joe, permissionNeeded, myHouse)
print "Joe is an owner he should be allowed to burn his own house:"
if allowed:
myHouse.burnBuilding()
else:
print allowed.message
print "Now we 'remove' ownership from Joe and try to burn it again"
myHouse.owner = None
allowed = theContext.hasPermission(Joe, permissionNeeded, myHouse )
if allowed:
myHouse.burnBuilding()
else:
== Now let's run this sample code ==
{{{
$ python security_test.py
$ python security_test_runner.py
Joe is an owner he should be allowed to burn his own house:
Burn baby burn
Now we 'remove' ownership from Joe and try to burn it again
You are not allowed to burn that building
}}}
... to be continued
A detailed explanation of the concepts can be found here:
A detailed explanation of the concepts can be found here (but they describe an older implementation of peak.security; please see SecurityRules for up-to-date documentation):
[http://www.eby-sarna.com/pipermail/peak/2003-December/000970.html]
[http://www.eby-sarna.com/pipermail/peak/2003-October/000842.html]