Utilities to define security checkers¶
LAZR provides utility functions to make it easy to define security checkers for content class.
protect_schema()¶
The protect_schema() function will define a checker for a class based on the schema passed in as parameter.
>>> from lazr.restful.security import protect_schema
>>> from zope.interface import Attribute, Interface, implementer
>>> from zope.schema import TextLine
>>> class MySchema(Interface):
... an_attr = Attribute('An attribute.')
...
... a_field = TextLine(title='A property that can be set.')
...
... a_read_only_field = TextLine(
... title='A read only property', readonly=True)
...
... def aMethod():
... "A simple method."
>>> @implementer(MySchema)
... class MyContent:
... def __init__(self, an_attr, a_field, a_read_only_field):
... self.an_attr = an_attr
... self.a_field = a_field
... self.a_read_only_field = a_read_only_field
...
... def aMethod(self):
... pass
...
>>> protect_schema(MyContent, MySchema)
By default, the defined checker will grant public access to all attributes defined in the schema.
>>> from lazr.restful.debug import debug_proxy
>>> from zope.security.checker import undefineChecker, ProxyFactory
>>> content = MyContent(1, 'Mutable Field', 'RO Field')
ProxyFactory wraps the content using the defined checker.
>>> print(debug_proxy(ProxyFactory(content)))
zope.security._proxy._Proxy (using zope.security.checker.Checker)
public: aMethod, a_field, a_read_only_field, an_attr
The permission required can be specified using the read_permission parameter:
>>> undefineChecker(MyContent)
>>> protect_schema(MyContent, MySchema, read_permission='lazr.View')
>>> print(debug_proxy(ProxyFactory(content)))
zope.security._proxy._Proxy (using zope.security.checker.Checker)
lazr.View: aMethod, a_field, a_read_only_field, an_attr
If you specify a write_permission parameter, set permission will be granted for Attribute and non-readonly fields defined in the schema.
>>> undefineChecker(MyContent)
>>> protect_schema(MyContent, MySchema, write_permission='lazr.Edit')
>>> print(debug_proxy(ProxyFactory(content)))
zope.security._proxy._Proxy (using zope.security.checker.Checker)
lazr.Edit (set): a_field, an_attr
public: aMethod, a_field, a_read_only_field, an_attr