Launchpad itself

Merge ~cjwatson/launchpad:expand-security-docs into launchpad:master

  1. Git
  2. lp:~cjwatson/launchpad
  3. expand-security-docs
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 73abc7eb4008c7f01c49df169123584ecaeb373f
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:expand-security-docs
Merge into: launchpad:master
Diff against target: 39 lines (+31/-0)
1 file modified
doc/security.rst (+31/-0)
Reviewer Review Type Date Requested Status
Ioana Lasc (community) Approve
Guruprasad Approve
Review via email: mp+414409@code.launchpad.net

Commit message

Explain the various ZCML permission directives

Description of the change

`zope.security`'s documentation doesn't do a great job here, so explain the bits that we use heavily.

To post a comment you must log in.
Revision history for this message
Guruprasad (lgp171188) wrote :

LGTM 👍

review: Approve
Revision history for this message
Ioana Lasc (ilasc) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/doc/security.rst b/doc/security.rst
2index c80dba8..f4309af 100644
3--- a/doc/security.rst
4+++ b/doc/security.rst
5@@ -80,3 +80,34 @@ In this example, the ``EditByOwner`` adapter's ``checkAuthenticated`` method
6 will be called to determine if the currently authenticated user is
7 authorized to access whatever is protected by ``launchpad.Edit`` on an
8 ``IProduct``.
9+
10+The available permission directives are not well-documented by
11+``zope.security``, so here's a summary:
12+
13+``<allow interface="..."/>``
14+ The attributes and methods of this class that appear in the listed
15+ interface may be publicly accessed.
16+
17+``<allow attributes="..."/>``
18+ The named attributes and methods of this class may be publicly accessed.
19+
20+``<require permission="..." interface="..."/>``
21+ The attributes and methods of this class that appear in the listed
22+ interface may be accessed by users with the given permission.
23+
24+``<require permission="..." attributes="..."/>``
25+ The named attributes and methods of this class may be accessed by users
26+ with the given permission.
27+
28+``<require permission="..." set_schema="..."/>``
29+ The attributes of this class that appear in the listed interface may be
30+ modified by users with the given permission.
31+
32+``<require permission="..." set_attributes="..."/>``
33+ The named attributes of this class may be modified by users with the
34+ given permission.
35+
36+Note that "accessed" means ``getattr()``, while "modified" means
37+``setattr()``. The process of calling a method starts by using ``getattr()``
38+to fetch the method from the object, so methods should be declared in
39+``interface`` or ``attributes`` even if they modify the object.

Subscribers

People subscribed via source and target branches

to status/vote changes: