Merge pull request #53 from plone/update-security-config

move security zcml to configure syntax

src/plone.server/plone/server/configure.py

@@ -11,10 +11,12 @@
 from zope.component.zcml import utility
 from zope.interface import classImplements
 from zope.interface import Interface
+from zope.configuration import xmlconfig
+
+import plone.behavior.metaconfigure
 import zope.security.zcml
 import zope.securitypolicy.metaconfigure
 
-import plone.behavior.metaconfigure
 
 _registered_configurations = []
 # stored as tuple of (type, configuration) so we get keep it in the order
@@ -191,6 +193,15 @@ def load_grant_all(_context, grant_all):
 register_configuration_handler('grant_all', load_grant_all)
 
 
+def load_include(_context, _include):
+    config = _include['config']
+    if 'package' in config:
+        config['package'] = resolve_or_get(
+            resolve_module_path(config['package']))
+    xmlconfig.include(_context, **config)
+register_configuration_handler('include', load_include)
+
+
 class _base_decorator(object):
     configuration_type = ''
 
@@ -296,6 +307,17 @@ def grant_all(principal=None, role=None):
         'grant_all')
 
 
+def include(package, file=None):
+    """
+    include is different from scan. Include is for including a regular zcml
+    include
+    """
+    register_configuration(
+        caller_module(),
+        dict(package=package, file=file),
+        'include')
+
+
 def scan(path):
     """
     pyramid's version of scan has a much more advanced resolver that we

src/plone.server/plone/server/configure.zcml

@@ -20,7 +20,6 @@
   <adapter factory=".browser.Absolute_URL_ObtainRequest" />
 
   <include file="meta.zcml" />
-  <include file="security.zcml" />
 
   <include package=".json" />
   <include package=".auth" />

src/plone.server/plone/server/content.py

@@ -15,6 +15,7 @@
 from plone.server import SCHEMA_CACHE
 from plone.server.auth.users import ANONYMOUS_USER_ID
 from plone.server.auth.users import ROOT_USER_ID
+from zope.securitypolicy.interfaces import IPrincipalPermissionManager
 from plone.server.browser import get_physical_path
 from plone.server.exceptions import ConflictIdOnContainer
 from plone.server.exceptions import NoPermissionToAdd
@@ -469,6 +470,8 @@ def __init__(self, file_path):
                 self._items[x.name] = StaticFile(str(x.absolute()))
 
 
+@configure.adapter(for_=IStaticFile, provides=IPrincipalPermissionManager, trusted=True)
+@configure.adapter(for_=IStaticDirectory, provides=IPrincipalPermissionManager, trusted=True)
 class StaticFileSpecialPermissions(PrincipalPermissionManager):
     def __init__(self, db):
         super(StaticFileSpecialPermissions, self).__init__()

src/plone.server/plone/server/factory.py

@@ -36,6 +36,7 @@
 from zope.configuration.xmlconfig import registerCommonDirectives
 from zope.interface import alsoProvides
 from zope.interface import implementer
+from zope.securitypolicy.interfaces import IPrincipalPermissionManager
 from zope.securitypolicy.principalpermission import PrincipalPermissionManager
 
 import asyncio
@@ -173,6 +174,8 @@ def __call__(self):
         return result
 
 
+@configure.adapter(for_=IDatabase, provides=IPrincipalPermissionManager, trusted=True)
+@configure.adapter(for_=IApplication, provides=IPrincipalPermissionManager, trusted=True)
 class RootSpecialPermissions(PrincipalPermissionManager):
     """No Role Map on Application and DB so permissions set to users.
 
@@ -346,6 +349,7 @@ def make_app(config_file=None, settings=None):
     import plone.server
     configure.scan('..api')
     configure.scan('..content')
+    configure.scan('..security')
     configure.scan('..behaviors')
     configure.scan('..languages')
     configure.scan('..permissions')

src/plone.server/plone/server/security.py

@@ -1,4 +1,5 @@
 # -*- coding: utf-8 -*-
+from plone.server import configure
 from plone.server.content import iter_schemata
 from plone.server.directives import merged_tagged_value_dict
 from plone.server.directives import read_permission
@@ -32,6 +33,10 @@
 from zope.securitypolicy.zopepolicy import ZopeSecurityPolicy
 
 
+# load zcml from here...
+configure.include('zope.securitypolicy')
+
+
 globalRolesForPrincipal = principalRoleManager.getRolesForPrincipal
 
 SettingAsBoolean = {
@@ -171,8 +176,9 @@ def proxy(self, obj):
         return Proxy(obj, self)
 
 
-@adapter(IRequest)
-@implementer(IInteraction)
+@configure.adapter(
+    for_=IRequest,
+    provides=IInteraction)
 def get_current_interaction(request):
     interaction = getattr(request, 'security', None)
     if IInteraction.providedBy(interaction):

src/plone.server/plone/server/tests/test_adapters.py

@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+from plone.server.security import Interaction
+from plone.server.testing import PloneFunctionalTestCase
+from zope.component import getAdapter
+from plone.server.factory import RootSpecialPermissions
+from zope.securitypolicy.interfaces import IPrincipalPermissionManager
+from zope.security.interfaces import IInteraction
+
+
+class TestAdapters(PloneFunctionalTestCase):
+    """
+    mostly to test adapter registrations
+    """
+
+    def test_get_current_interaction(self):
+        adapter = getAdapter(self.request, interface=IInteraction)
+        self.assertTrue(isinstance(adapter, Interaction))
+
+    def test_RootSpecialPermissions_IDatabase(self):
+        root = self.layer.new_root()
+        adapter = getAdapter(root, interface=IPrincipalPermissionManager)
+        self.assertTrue(isinstance(adapter, RootSpecialPermissions))
+
+    def test_RootSpecialPermissions_IApplication(self):
+        adapter = getAdapter(self.layer.app, interface=IPrincipalPermissionManager)
+        self.assertTrue(isinstance(adapter, RootSpecialPermissions))